Solved Help with BSOD, sirefef and win64/patched.a

[Blade Runner]

Hi, I've been reading many posts around, trying to fix this on my own so as not to bother anyone else, but have reached a dead end

I'm running Windows 7 Professional 64x (up to date). At first I got infected with luhe.sirefef but AVG ended up detecting both sirefef, and win64/patched.a (in services.exe).

In trying to fix this, I went to safe mode and installed Malware Bytes Anti Malware, ran a scan (curing infections), and aswMBR which also found the infection, but when I reboot I get a blue screen which won't let me start Windows in any mode.

So far I have been able to get into te command prompt and ran a scan with Farbar Recovery Scan Tool 64x and I can paste it here right now.

Million thanks to whoever in advance!
-----------------------------------------------------------------------------------------
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-11-2012
Ran by SYSTEM at 06-11-2012 21:19:17
Running from G:\
Windows 7 Professional (X64) OS Language: Spanish Modern Sort
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized [6900024 2012-07-24] (Logitech Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3116152 2012-10-10] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [WTClient] WTClient.exe [x]
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\MARIANO\...\Run: [Google Update] "C:\Users\MARIANO\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-09-26] (Google Inc.)
HKU\MARIANO\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671904 2012-08-28] (DT Soft Ltd)
HKU\UpdatusUser\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1089608 2012-09-29] (Malwarebytes Corporation)
HKLM-x32\...\Runonce: [FixZeroAccess] cmd /c start /D "C:\Users\MARIANO\Downloads" /B FixZeroAccess.exe -postboot [x]
Tcpip\Parameters: [DhcpNameServer] 200.49.130.44 200.42.4.207

==================== Services (Whitelisted) ===================

2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [5783672 2012-10-02] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [193568 2012-10-02] (AVG Technologies CZ, s.r.o.)
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-09-26] ()
3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [743320 2012-10-03] (Tunngle.net GmbH)
3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe -service [x]

==================== Drivers (Whitelisted) =====================

1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [151904 2012-09-13] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [61792 2012-09-21] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [185696 2012-10-02] (AVG Technologies CZ, s.r.o.)
0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [225120 2012-09-21] (AVG Technologies CZ, s.r.o.)
0 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [111456 2012-10-05] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [40800 2012-09-14] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [200032 2012-09-21] (AVG Technologies CZ, s.r.o.)
0 FixZeroAccess; C:\Windows\System32\Drivers\FixZeroAccess.sys [27256 2012-11-05] (Symantec Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-29] (Malwarebytes Corporation)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation )
0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-09-26] (Duplex Secure Ltd.)
3 tap0901t; C:\Windows\System32\Drivers\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-11-06 21:19 - 2012-11-06 21:19 - 00000000 ____D C:\FRST
2012-11-05 03:11 - 2012-11-05 03:11 - 00006144 ____N C:\bootex.log
2012-11-05 03:11 - 2012-11-05 03:11 - 00003224 ____N C:\bootsqm.dat
2012-11-05 01:59 - 2012-11-05 02:00 - 04731392 ____A (AVAST Software) C:\Users\MARIANO\Downloads\aswMBR.exe
2012-11-05 01:54 - 2012-11-05 02:52 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2012-11-05 01:51 - 2012-11-05 01:51 - 01805736 ____A (Symantec Corporation) C:\Users\MARIANO\Downloads\FixZeroAccess.exe
2012-11-04 23:40 - 2012-11-04 23:40 - 00000000 ____D C:\Users\MARIANO\AppData\Roaming\Malwarebytes
2012-11-04 23:39 - 2012-11-04 23:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-04 23:39 - 2012-11-04 23:39 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\MARIANO\Downloads\mbam-setup-1.62.0.1300.exe
2012-11-04 23:39 - 2012-11-04 23:39 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-11-04 23:39 - 2012-09-29 23:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-11-03 17:07 - 2012-11-03 17:07 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-11-03 07:04 - 2012-11-03 07:04 - 00019599 ____A C:\Users\MARIANO\Downloads\[isoHunt] Cognition Episode 1 The Hangman-FLT.torrent
2012-11-02 19:37 - 2012-11-02 19:37 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-11-01 14:48 - 2012-11-01 14:48 - 00000000 ___AH C:\Users\MARIANO\Documents\Default.rdp
2012-11-01 14:29 - 2012-11-01 14:29 - 00000000 ____D C:\Windows\pss
2012-10-31 20:54 - 2012-10-31 21:00 - 00000000 ____D C:\Users\MARIANO\AppData\Roaming\Natural Selection 2
2012-10-31 19:10 - 2012-10-31 19:10 - 00000199 ____A C:\Users\MARIANO\Desktop\Dota 2.url
2012-10-31 19:06 - 2012-10-31 19:06 - 00000179 ____A C:\Users\MARIANO\Desktop\Natural Selection 2.url
2012-10-30 19:59 - 2012-10-30 19:59 - 03782704 ____A C:\Users\MARIANO\Downloads\battlelog-web-plugins-1.138.0-retail-prod.exe
2012-10-30 19:59 - 2012-10-30 19:59 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2012-10-29 08:30 - 2012-10-29 08:30 - 04327526 ____A C:\Users\MARIANO\Downloads\FarmingSimulator2011FreeDLC1.exe
2012-10-29 08:25 - 2012-10-29 08:26 - 37563120 ____A (GIANTS Software ) C:\Users\MARIANO\Downloads\FarmingSimulator2013Patch1.3INT.exe
2012-10-28 19:21 - 2012-10-28 19:21 - 00000867 ____A C:\Users\MARIANO\Desktop\Farming Simulator 2013 .lnk
2012-10-28 17:51 - 2012-10-28 17:51 - 00031661 ____A C:\Users\MARIANO\Downloads\[isoHunt] Farming.Simulator.2013-RELOADED..torrent
2012-10-27 04:00 - 2012-10-27 04:00 - 00000000 ____A C:\Windows\SysWOW64\Access.dat
2012-10-27 03:53 - 2012-11-03 05:46 - 00000000 ____D C:\Users\All Users\Tunngle
2012-10-27 03:53 - 2012-10-29 02:00 - 00000000 ____D C:\Users\MARIANO\AppData\Roaming\Tunngle
2012-10-27 03:53 - 2012-10-27 03:54 - 00000000 ____D C:\Program Files (x86)\Tunngle
2012-10-27 03:53 - 2012-10-27 03:53 - 00000000 ____D C:\Users\MARIANO\Documents\Tunngle
2012-10-27 03:53 - 2009-09-16 12:02 - 00031232 ____A (Tunngle.net) C:\Windows\System32\Drivers\tap0901t.sys
2012-10-27 03:49 - 2012-10-27 03:49 - 03862224 ____A (Tunngle.net GmbH ) C:\Users\MARIANO\Downloads\Tunngle_Setup_v4.4.1.5.exe
2012-10-27 03:18 - 2012-10-27 03:18 - 03881472 ____A C:\Users\MARIANO\Downloads\hamachi.msi
2012-10-26 22:18 - 2012-10-26 22:18 - 00000000 ____D C:\Users\MARIANO\AppData\Local\MPlayer
2012-10-26 22:15 - 2012-10-26 22:18 - 00000000 ____D C:\Users\All Users\PMS
2012-10-26 22:15 - 2012-10-26 22:16 - 00000000 ____D C:\Program Files (x86)\PS3 Media Server
2012-10-26 22:08 - 2012-10-26 22:08 - 31532704 ____A C:\Users\MARIANO\Downloads\pms-setup-windows-1.70.1.exe
2012-10-25 16:06 - 2012-10-25 16:11 - 205665392 ____A (Macrovision Corporation) C:\Users\MARIANO\Downloads\gridpatch_1_3.exe
2012-10-24 21:51 - 2012-10-24 21:51 - 00000000 ____D C:\Users\MARIANO\AppData\Roaming\Frogwares
2012-10-24 19:29 - 2012-10-24 19:29 - 00001031 ____A C:\Users\Public\Desktop\Jugar a El testamento de Sherlock Holmes.lnk
2012-10-24 16:11 - 2012-11-05 04:52 - 263866213 ____A C:\Windows\MEMORY.DMP
2012-10-24 16:11 - 2012-10-24 16:11 - 00284648 ____A C:\Windows\Minidump\102412-33883-01.dmp
2012-10-24 16:11 - 2012-10-24 16:11 - 00000000 ____D C:\Windows\Minidump
2012-10-22 20:07 - 2012-10-22 20:07 - 00000000 ____D C:\Users\MARIANO\Documents\Codemasters
2012-10-22 20:02 - 2012-10-22 20:02 - 00000886 ____A C:\Users\MARIANO\Desktop\Race Driver GRID.lnk
2012-10-22 20:02 - 2012-10-22 20:02 - 00000000 ____D C:\Users\MARIANO\AppData\Roaming\Race Driver GRID
2012-10-22 17:46 - 2012-10-22 17:46 - 00034161 ____A C:\Users\MARIANO\Downloads\[isoHunt] The.Testament.of.Sherlock.Holmes-SKIDROW.torrent
2012-10-22 17:38 - 2012-10-22 17:38 - 00016075 ____A C:\Users\MARIANO\Downloads\[isoHunt] Race Driver GRID 2008 PC RePack ?? R.G. ????????.torrent
2012-10-22 17:35 - 2012-10-22 17:35 - 00070968 ____A C:\Users\MARIANO\Downloads\[isoHunt] Race.Driver.GRID.Multi-5.Full-Rip.Skullptura.torrent
2012-10-21 02:49 - 2012-10-21 02:49 - 00000000 ____D C:\Users\MARIANO\AppData\Roaming\Publish Providers
2012-10-21 02:43 - 2012-10-21 02:43 - 00000000 ____D C:\Users\All Users\Sony
2012-10-21 02:43 - 2012-10-21 02:43 - 00000000 ____D C:\Program Files (x86)\Sony
2012-10-21 02:34 - 2012-10-21 02:34 - 00013447 ____A C:\Users\MARIANO\Downloads\[isoHunt] 52bb2986092d529f71a2c612bf01d5ffcc2c47b6.torrent
2012-10-21 02:21 - 2012-10-21 02:49 - 00000000 ____D C:\Users\MARIANO\AppData\Roaming\Sony
2012-10-21 02:21 - 2012-10-21 02:44 - 00000000 ____D C:\Users\MARIANO\AppData\Local\Sony
2012-10-20 06:48 - 2012-10-20 06:48 - 00000000 ____D C:\Users\MARIANO\Documents\Lucius
2012-10-20 06:43 - 2012-10-20 06:43 - 00000695 ____A C:\Users\Public\Desktop\Lucius.lnk
2012-10-20 02:18 - 2012-10-20 02:19 - 00022263 ____A C:\Users\MARIANO\Downloads\[isoHunt] Lucius-SKIDROW.torrent
2012-10-17 19:31 - 2012-10-17 19:31 - 00004088 ____A C:\Windows\SysWOW64\jupdate-1.7.0_09-b05.log
2012-10-17 19:31 - 2012-09-25 03:16 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-10-17 19:31 - 2012-09-25 03:08 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-10-17 19:31 - 2012-09-25 03:07 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-10-14 21:42 - 2012-10-14 21:42 - 00000000 ____D C:\Users\All Users\RELOADED
2012-10-14 20:11 - 2012-10-14 20:11 - 00000567 ____A C:\Users\Public\Desktop\Torchlight II.lnk
2012-10-14 18:56 - 2012-10-14 18:56 - 00001413 ____A C:\Users\MARIANO\Desktop\Dishonored.lnk
2012-10-13 01:11 - 2012-10-13 01:11 - 00017705 ____A C:\Users\MARIANO\Downloads\[isoHunt] 3741597.torrent
2012-10-12 17:45 - 2012-10-12 17:45 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2012-10-12 17:45 - 2012-10-12 17:45 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2012-10-12 10:52 - 2012-10-12 10:52 - 00000202 ____A C:\Users\MARIANO\Desktop\XCOM Enemy Unknown.url
2012-10-12 00:18 - 2012-11-03 03:04 - 00000000 ____D C:\Users\MARIANO\Documents\ArtRage Paintings
2012-10-11 22:32 - 2012-10-11 22:32 - 00002499 ____A C:\Windows\Tablet12000x9000.ini
2012-10-11 22:26 - 2012-10-11 22:27 - 00000000 ____D C:\Program Files (x86)\TABLET
2012-10-11 22:26 - 2012-10-11 22:26 - 00000000 ____D C:\Windows\SysWOW64\TabletPmt
2012-10-11 22:26 - 2012-10-11 22:26 - 00000000 ____D C:\Driver 5.02 R20101101_D20101008
2012-10-11 22:26 - 2010-10-29 21:57 - 00048062 ____A C:\Windows\System32\Tablet2k_x64.cat
2012-10-11 22:26 - 2010-10-25 14:37 - 00401408 ____A (Pen Tablet) C:\Windows\SysWOW64\tabcfg.exe
2012-10-11 22:26 - 2010-10-25 14:37 - 00401408 ____A (Pen Tablet) C:\Windows\System32\tabcfg.exe
2012-10-11 22:26 - 2010-09-28 15:00 - 00285696 ____A C:\Windows\System32\WinTab32.dll
2012-10-11 22:26 - 2010-09-28 15:00 - 00217088 ____A C:\Windows\SysWOW64\WinTab32.dll
2012-10-11 22:26 - 2010-07-08 16:03 - 00335872 ____A () C:\Windows\SetupX32.EXE
2012-10-11 22:26 - 2010-06-01 15:46 - 00073728 ____A (Tablet Driver) C:\Windows\System32\Drivers\WTSrv.exe
2012-10-11 22:26 - 2010-05-13 19:03 - 00232960 ____A C:\Windows\SysWOW64\MyDrawLineWindowDll.dll
2012-10-11 22:26 - 2010-05-10 16:27 - 00431616 ____A (TODO: <????>) C:\Windows\SysWOW64\DoExec.exe
2012-10-11 22:26 - 2010-02-01 21:47 - 00050176 ____A (Pen Tablet) C:\Windows\System32\pcpanel.cpl
2012-10-11 22:26 - 2009-12-08 18:28 - 00053248 ____A (Pen Tablet) C:\Windows\SysWOW64\pcpanel.cpl
2012-10-11 22:26 - 2009-10-30 14:19 - 00032768 ____A (Tablet Driver) C:\Windows\SysWOW64\WTClient.exe
2012-10-11 22:26 - 2009-10-30 14:19 - 00032768 ____A (Tablet Driver) C:\Windows\System32\WTClient.exe
2012-10-11 22:26 - 2009-08-22 17:51 - 00067072 ____A () C:\Windows\System32\UCMfg.exe
2012-10-11 22:26 - 2009-07-15 19:21 - 00007529 ____A C:\Windows\System32\PTSimHid_x64.cat
2012-10-11 22:26 - 2009-07-14 15:22 - 00007458 ____A C:\Windows\System32\PTSimBus_x64.cat
2012-10-11 22:26 - 2009-06-18 15:42 - 00027304 ____A (Tablet Driver) C:\Windows\System32\Drivers\TClass2k.sys
2012-10-11 22:26 - 2009-06-18 15:42 - 00022696 ____A (Tablet Driver) C:\Windows\System32\Drivers\UCTblHid.sys
2012-10-11 22:26 - 2009-06-18 15:41 - 00027304 ____A (PenTablet Driver) C:\Windows\System32\Drivers\PTSimBus.sys
2012-10-11 22:26 - 2009-06-18 15:41 - 00017064 ____A (PenTablet Driver) C:\Windows\System32\Drivers\PTSimHid.sys
2012-10-11 22:26 - 2007-04-24 23:31 - 00013824 ____A C:\Windows\System32\ucinst32.dll
2012-10-11 22:26 - 2004-05-10 19:33 - 00036864 ____A C:\Windows\SysWOW64\lhtool.exe
2012-10-11 22:26 - 2002-04-25 13:25 - 00000056 ____A C:\Windows\SysWOW64\Desk.scf
2012-10-11 22:23 - 2012-10-11 22:25 - 05930212 ____A C:\Users\MARIANO\Downloads\Driver 5.02 Dual.zip
2012-10-11 22:01 - 2012-10-11 22:01 - 00000000 ____D C:\Program Files (x86)\Ambient Design
2012-10-11 22:00 - 2012-10-11 22:01 - 00000000 ____D C:\Users\MARIANO\AppData\Roaming\Ambient Design
2012-10-11 21:47 - 2012-10-11 21:48 - 00012984 ____A C:\Users\MARIANO\Downloads\[isoHunt] 3f0229ff271936546bc0b7d0fd1c8f72369d1c61.torrent
2012-10-10 21:31 - 2012-10-10 21:31 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2012-10-10 21:31 - 2012-10-10 21:31 - 00000000 __SHD C:\Users\UpdatusUser\Reciente
2012-10-10 21:31 - 2012-10-10 21:31 - 00000000 __SHD C:\Users\UpdatusUser\Plantillas
2012-10-10 21:31 - 2012-10-10 21:31 - 00000000 __SHD C:\Users\UpdatusUser\Mis documentos
2012-10-10 21:31 - 2012-10-10 21:31 - 00000000 __SHD C:\Users\UpdatusUser\Menú Inicio
2012-10-10 21:31 - 2012-10-10 21:31 - 00000000 __SHD C:\Users\UpdatusUser\Impresoras
2012-10-10 21:31 - 2012-10-10 21:31 - 00000000 __SHD C:\Users\UpdatusUser\Entorno de red
2012-10-10 21:31 - 2012-10-10 21:31 - 00000000 __SHD C:\Users\UpdatusUser\Documents\Mis vídeos
2012-10-10 21:31 - 2012-10-10 21:31 - 00000000 __SHD C:\Users\UpdatusUser\Documents\Mis imágenes
2012-10-10 21:31 - 2012-10-10 21:31 - 00000000 __SHD C:\Users\UpdatusUser\Documents\Mi música
2012-10-10 21:31 - 2012-10-10 21:31 - 00000000 __SHD C:\Users\UpdatusUser\Datos de programa
2012-10-10 21:31 - 2012-10-10 21:31 - 00000000 __SHD C:\Users\UpdatusUser\AppData\Local\Historial
2012-10-10 21:31 - 2012-10-10 21:31 - 00000000 __SHD C:\Users\UpdatusUser\AppData\Local\Datos de programa
2012-10-10 21:31 - 2012-10-10 21:31 - 00000000 __SHD C:\Users\UpdatusUser\AppData\Local\Archivos temporales de Internet
2012-10-10 21:31 - 2012-09-26 02:10 - 00000000 ____D C:\Users\UpdatusUser\AppData\LocalGoogle
2012-10-10 21:31 - 2012-09-26 02:10 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Google
2012-10-10 21:30 - 2012-10-02 20:51 - 06200680 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-10-10 21:30 - 2012-10-02 20:51 - 03536817 ____A C:\Windows\System32\nvcoproc.bin
2012-10-10 21:30 - 2012-10-02 20:51 - 03293544 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2012-10-10 21:30 - 2012-10-02 20:50 - 02557800 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2012-10-10 21:30 - 2012-10-02 20:50 - 00891240 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-10-10 21:30 - 2012-10-02 20:50 - 00118120 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-10-10 21:30 - 2012-10-02 20:50 - 00063336 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-10-10 21:28 - 2012-10-02 23:21 - 26331496 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-10-10 21:28 - 2012-10-02 23:21 - 25256296 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-10-10 21:28 - 2012-10-02 23:21 - 19906920 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-10-10 21:28 - 2012-10-02 23:21 - 18252136 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-10-10 21:28 - 2012-10-02 23:21 - 17559912 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-10-10 21:28 - 2012-10-02 23:21 - 15309160 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-10-10 21:28 - 2012-10-02 23:21 - 14922600 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-10-10 21:28 - 2012-10-02 23:21 - 13443944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-10-10 21:28 - 2012-10-02 23:21 - 12501352 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-10-10 21:28 - 2012-10-02 23:21 - 09146728 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-10-10 21:28 - 2012-10-02 23:21 - 07697768 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-10-10 21:28 - 2012-10-02 23:21 - 07414632 ____A (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2012-10-10 21:28 - 2012-10-02 23:21 - 06127464 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2012-10-10 21:28 - 2012-10-02 23:21 - 02747240 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-10-10 21:28 - 2012-10-02 23:21 - 02731880 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2012-10-10 21:28 - 2012-10-02 23:21 - 02574696 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-10-10 21:28 - 2012-10-02 23:21 - 02428776 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-10-10 21:28 - 2012-10-02 23:21 - 02218344 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-10-10 21:28 - 2012-10-02 23:21 - 01867112 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-10-10 21:28 - 2012-10-02 23:21 - 01760104 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2012-10-10 21:28 - 2012-10-02 23:21 - 01482600 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispgenco64.dll
2012-10-10 21:28 - 2012-10-02 23:21 - 00973672 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
2012-10-10 21:28 - 2012-10-02 23:21 - 00831848 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2012-10-10 21:28 - 2012-10-02 23:21 - 00247144 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2012-10-10 21:28 - 2012-10-02 23:21 - 00202600 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2012-10-10 21:28 - 2012-10-02 23:21 - 00016127 ____A C:\Windows\System32\nvinfo.pb
2012-10-10 21:28 - 2012-07-03 16:25 - 00189288 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2012-10-10 21:28 - 2012-07-03 16:25 - 00031080 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2012-10-10 21:28 - 2012-07-03 08:37 - 01472360 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdagenco6420103.dll
2012-10-10 21:20 - 2012-10-10 21:25 - 227947968 ____A (NVIDIA Corporation) C:\Users\MARIANO\Downloads\306.97-desktop-win8-win7-winvista-64bit-international-whql.exe
2012-10-09 20:21 - 2012-10-09 20:21 - 00000000 ____D C:\Program Files (x86)\AMD
2012-10-09 20:20 - 2012-10-09 20:20 - 00000000 ____D C:\Users\MARIANO\AppData\Local\Downloaded Installations
2012-10-09 18:55 - 2012-08-20 19:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-10-09 18:55 - 2012-08-20 19:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-10-09 18:55 - 2012-08-20 19:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-10-09 18:55 - 2012-08-20 19:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-10-09 18:55 - 2012-08-20 19:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-10-09 18:55 - 2012-08-20 19:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-10-09 18:55 - 2012-08-20 19:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-10-09 18:55 - 2012-08-20 19:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-10-09 18:55 - 2012-08-20 19:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 19:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 19:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 19:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 19:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 19:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 19:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 19:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 19:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 19:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 19:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 19:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 19:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 19:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 19:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 19:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 18:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-10-09 18:55 - 2012-08-20 18:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-10-09 18:55 - 2012-08-20 18:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-10-09 18:55 - 2012-08-20 18:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-10-09 18:55 - 2012-08-20 18:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-10-09 18:55 - 2012-08-20 18:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 18:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 18:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 18:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 18:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 18:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 18:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 18:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 18:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 18:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 18:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 18:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 18:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 18:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 16:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-10-09 18:55 - 2012-08-20 16:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-10-09 18:55 - 2012-08-20 16:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 16:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 16:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-09 18:55 - 2012-08-20 16:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-10-09 18:55 - 2012-06-02 06:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-10-09 18:55 - 2012-06-02 06:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-10-09 18:55 - 2012-06-02 06:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-10-09 18:55 - 2012-06-02 05:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-10-09 18:55 - 2012-06-02 05:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-10-09 18:55 - 2012-06-02 05:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-10-09 18:54 - 2012-09-14 20:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-10-09 18:54 - 2012-09-14 19:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-10-09 18:54 - 2012-08-31 19:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-10-09 18:54 - 2012-08-30 19:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-10-09 18:54 - 2012-08-30 18:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-10-09 18:54 - 2012-08-30 18:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-10-09 18:54 - 2012-08-24 19:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-10-09 18:54 - 2012-08-24 17:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-10-09 18:54 - 2012-08-11 01:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-10-09 18:54 - 2012-08-11 00:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-10-09 18:54 - 2012-05-04 12:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-10-09 18:54 - 2012-05-04 10:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-10-09 00:59 - 2012-10-09 00:59 - 00000199 ____A C:\Users\MARIANO\Desktop\Alien Swarm.url
2012-10-09 00:18 - 2012-10-09 00:18 - 00000199 ____A C:\Users\MARIANO\Desktop\Left 4 Dead 2.url
2012-10-08 00:06 - 2012-10-08 00:10 - 00151552 ____A C:\Windows\SysWOW64\nvRegDev.dll
2012-10-08 00:03 - 2012-10-08 00:05 - 60417009 ____A (InstallShield Software Corporation) C:\Users\MARIANO\Downloads\nvidia-hair-demo-installer.exe
2012-10-08 00:02 - 2012-10-08 00:05 - 76497769 ____A (InstallShield Software Corporation) C:\Users\MARIANO\Downloads\nvidia-island-demo-installer.exe
2012-10-07 23:46 - 2012-10-07 23:46 - 00000000 ____D C:\Windows\Sun

==================== 3 Months Modified Files ==================

2012-11-05 04:52 - 2012-10-24 16:11 - 263866213 ____A C:\Windows\MEMORY.DMP
2012-11-05 03:29 - 2012-09-26 12:43 - 00011002 ____A C:\Windows\PFRO.log
2012-11-05 03:11 - 2012-11-05 03:11 - 00006144 ____N C:\bootex.log
2012-11-05 03:11 - 2012-11-05 03:11 - 00003224 ____N C:\bootsqm.dat
2012-11-05 02:52 - 2012-11-05 01:54 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys
2012-11-05 02:04 - 2009-07-14 05:45 - 00014592 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-05 02:04 - 2009-07-14 05:45 - 00014592 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-05 02:00 - 2012-11-05 01:59 - 04731392 ____A (AVAST Software) C:\Users\MARIANO\Downloads\aswMBR.exe
2012-11-05 01:56 - 2012-09-26 01:47 - 00001034 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-05 01:56 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-05 01:56 - 2009-07-14 05:51 - 00023372 ____A C:\Windows\setupact.log
2012-11-05 01:51 - 2012-11-05 01:51 - 01805736 ____A (Symantec Corporation) C:\Users\MARIANO\Downloads\FixZeroAccess.exe
2012-11-04 23:39 - 2012-11-04 23:39 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\MARIANO\Downloads\mbam-setup-1.62.0.1300.exe
2012-11-03 16:59 - 2012-09-26 00:23 - 01509989 ____A C:\Windows\WindowsUpdate.log
2012-11-03 16:21 - 2012-09-26 01:44 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-11-03 16:21 - 2012-09-26 01:44 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-11-03 16:12 - 2012-09-26 01:43 - 00001054 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1598006888-3347211580-3609776695-1000UA.job
2012-11-03 16:10 - 2012-09-26 01:47 - 00001038 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-03 07:04 - 2012-11-03 07:04 - 00019599 ____A C:\Users\MARIANO\Downloads\[isoHunt] Cognition Episode 1 The Hangman-FLT.torrent
2012-11-03 02:12 - 2012-09-26 01:43 - 00001002 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1598006888-3347211580-3609776695-1000Core.job
2012-11-02 19:38 - 2009-07-14 10:31 - 00703602 ____A C:\Windows\System32\perfh00A.dat
2012-11-02 19:38 - 2009-07-14 10:31 - 00137600 ____A C:\Windows\System32\perfc00A.dat
2012-11-02 19:38 - 2009-07-14 06:13 - 01555646 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-02 19:37 - 2012-11-02 19:37 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-11-02 16:28 - 2009-07-14 05:45 - 02198536 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-02 00:31 - 2012-09-26 00:57 - 00058592 ____A C:\Users\MARIANO\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-01 17:31 - 2012-09-26 16:25 - 00298032 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-11-01 17:31 - 2012-09-26 16:13 - 00298032 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-11-01 17:16 - 2012-09-26 13:57 - 00152449 ____A C:\Windows\DirectX.log
2012-11-01 14:48 - 2012-11-01 14:48 - 00000000 ___AH C:\Users\MARIANO\Documents\Default.rdp
2012-10-31 19:10 - 2012-10-31 19:10 - 00000199 ____A C:\Users\MARIANO\Desktop\Dota 2.url
2012-10-31 19:06 - 2012-10-31 19:06 - 00000179 ____A C:\Users\MARIANO\Desktop\Natural Selection 2.url
2012-10-30 19:59 - 2012-10-30 19:59 - 03782704 ____A C:\Users\MARIANO\Downloads\battlelog-web-plugins-1.138.0-retail-prod.exe
2012-10-29 08:30 - 2012-10-29 08:30 - 04327526 ____A C:\Users\MARIANO\Downloads\FarmingSimulator2011FreeDLC1.exe
2012-10-29 08:26 - 2012-10-29 08:25 - 37563120 ____A (GIANTS Software ) C:\Users\MARIANO\Downloads\FarmingSimulator2013Patch1.3INT.exe
2012-10-28 19:21 - 2012-10-28 19:21 - 00000867 ____A C:\Users\MARIANO\Desktop\Farming Simulator 2013 .lnk
2012-10-28 17:51 - 2012-10-28 17:51 - 00031661 ____A C:\Users\MARIANO\Downloads\[isoHunt] Farming.Simulator.2013-RELOADED..torrent
2012-10-27 04:00 - 2012-10-27 04:00 - 00000000 ____A C:\Windows\SysWOW64\Access.dat
2012-10-27 03:49 - 2012-10-27 03:49 - 03862224 ____A (Tunngle.net GmbH ) C:\Users\MARIANO\Downloads\Tunngle_Setup_v4.4.1.5.exe
2012-10-27 03:18 - 2012-10-27 03:18 - 03881472 ____A C:\Users\MARIANO\Downloads\hamachi.msi
2012-10-26 22:08 - 2012-10-26 22:08 - 31532704 ____A C:\Users\MARIANO\Downloads\pms-setup-windows-1.70.1.exe
2012-10-25 18:24 - 2012-09-26 16:13 - 00298032 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-10-25 16:11 - 2012-10-25 16:06 - 205665392 ____A (Macrovision Corporation) C:\Users\MARIANO\Downloads\gridpatch_1_3.exe
2012-10-24 19:29 - 2012-10-24 19:29 - 00001031 ____A C:\Users\Public\Desktop\Jugar a El testamento de Sherlock Holmes.lnk
2012-10-24 16:11 - 2012-10-24 16:11 - 00284648 ____A C:\Windows\Minidump\102412-33883-01.dmp
2012-10-22 20:02 - 2012-10-22 20:02 - 00000886 ____A C:\Users\MARIANO\Desktop\Race Driver GRID.lnk
2012-10-22 17:46 - 2012-10-22 17:46 - 00034161 ____A C:\Users\MARIANO\Downloads\[isoHunt] The.Testament.of.Sherlock.Holmes-SKIDROW.torrent
2012-10-22 17:38 - 2012-10-22 17:38 - 00016075 ____A C:\Users\MARIANO\Downloads\[isoHunt] Race Driver GRID 2008 PC RePack ?? R.G. ????????.torrent
2012-10-22 17:35 - 2012-10-22 17:35 - 00070968 ____A C:\Users\MARIANO\Downloads\[isoHunt] Race.Driver.GRID.Multi-5.Full-Rip.Skullptura.torrent
2012-10-21 02:34 - 2012-10-21 02:34 - 00013447 ____A C:\Users\MARIANO\Downloads\[isoHunt] 52bb2986092d529f71a2c612bf01d5ffcc2c47b6.torrent
2012-10-20 06:43 - 2012-10-20 06:43 - 00000695 ____A C:\Users\Public\Desktop\Lucius.lnk
2012-10-20 02:19 - 2012-10-20 02:18 - 00022263 ____A C:\Users\MARIANO\Downloads\[isoHunt] Lucius-SKIDROW.torrent
2012-10-17 19:31 - 2012-10-17 19:31 - 00004088 ____A C:\Windows\SysWOW64\jupdate-1.7.0_09-b05.log
2012-10-14 20:11 - 2012-10-14 20:11 - 00000567 ____A C:\Users\Public\Desktop\Torchlight II.lnk
2012-10-14 18:56 - 2012-10-14 18:56 - 00001413 ____A C:\Users\MARIANO\Desktop\Dishonored.lnk
2012-10-13 01:11 - 2012-10-13 01:11 - 00017705 ____A C:\Users\MARIANO\Downloads\[isoHunt] 3741597.torrent
2012-10-12 10:52 - 2012-10-12 10:52 - 00000202 ____A C:\Users\MARIANO\Desktop\XCOM Enemy Unknown.url
2012-10-11 22:32 - 2012-10-11 22:32 - 00002499 ____A C:\Windows\Tablet12000x9000.ini
2012-10-11 22:25 - 2012-10-11 22:23 - 05930212 ____A C:\Users\MARIANO\Downloads\Driver 5.02 Dual.zip
2012-10-11 21:48 - 2012-10-11 21:47 - 00012984 ____A C:\Users\MARIANO\Downloads\[isoHunt] 3f0229ff271936546bc0b7d0fd1c8f72369d1c61.torrent
2012-10-10 21:31 - 2012-10-10 21:31 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2012-10-10 21:25 - 2012-10-10 21:20 - 227947968 ____A (NVIDIA Corporation) C:\Users\MARIANO\Downloads\306.97-desktop-win8-win7-winvista-64bit-international-whql.exe
2012-10-09 18:58 - 2012-09-26 01:22 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-10-09 00:59 - 2012-10-09 00:59 - 00000199 ____A C:\Users\MARIANO\Desktop\Alien Swarm.url
2012-10-09 00:18 - 2012-10-09 00:18 - 00000199 ____A C:\Users\MARIANO\Desktop\Left 4 Dead 2.url
2012-10-08 00:10 - 2012-10-08 00:06 - 00151552 ____A C:\Windows\SysWOW64\nvRegDev.dll
2012-10-08 00:05 - 2012-10-08 00:03 - 60417009 ____A (InstallShield Software Corporation) C:\Users\MARIANO\Downloads\nvidia-hair-demo-installer.exe
2012-10-08 00:05 - 2012-10-08 00:02 - 76497769 ____A (InstallShield Software Corporation) C:\Users\MARIANO\Downloads\nvidia-island-demo-installer.exe
2012-10-05 08:16 - 2012-10-05 08:16 - 00000999 ____A C:\Users\Public\Desktop\Legend of Grimrock.lnk
2012-10-05 07:39 - 2012-10-05 07:39 - 00018297 ____A C:\Users\MARIANO\Downloads\[isoHunt] C085208DC363A00A3637909F74936934C7B018A4.torrent
2012-10-05 07:26 - 2012-10-05 07:26 - 00111456 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgmfx64.sys
2012-10-02 23:21 - 2012-10-10 21:28 - 26331496 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-10-02 23:21 - 2012-10-10 21:28 - 25256296 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-10-02 23:21 - 2012-10-10 21:28 - 19906920 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-10-02 23:21 - 2012-10-10 21:28 - 18252136 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-10-02 23:21 - 2012-10-10 21:28 - 17559912 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-10-02 23:21 - 2012-10-10 21:28 - 15309160 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-10-02 23:21 - 2012-10-10 21:28 - 14922600 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-10-02 23:21 - 2012-10-10 21:28 - 13443944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-10-02 23:21 - 2012-10-10 21:28 - 12501352 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-10-02 23:21 - 2012-10-10 21:28 - 09146728 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-10-02 23:21 - 2012-10-10 21:28 - 07697768 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-10-02 23:21 - 2012-10-10 21:28 - 07414632 ____A (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2012-10-02 23:21 - 2012-10-10 21:28 - 06127464 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2012-10-02 23:21 - 2012-10-10 21:28 - 02747240 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-10-02 23:21 - 2012-10-10 21:28 - 02731880 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2012-10-02 23:21 - 2012-10-10 21:28 - 02574696 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-10-02 23:21 - 2012-10-10 21:28 - 02428776 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-10-02 23:21 - 2012-10-10 21:28 - 02218344 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-10-02 23:21 - 2012-10-10 21:28 - 01867112 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-10-02 23:21 - 2012-10-10 21:28 - 01760104 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2012-10-02 23:21 - 2012-10-10 21:28 - 01482600 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispgenco64.dll
2012-10-02 23:21 - 2012-10-10 21:28 - 00973672 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll
2012-10-02 23:21 - 2012-10-10 21:28 - 00831848 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2012-10-02 23:21 - 2012-10-10 21:28 - 00247144 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll
2012-10-02 23:21 - 2012-10-10 21:28 - 00202600 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2012-10-02 23:21 - 2012-10-10 21:28 - 00016127 ____A C:\Windows\System32\nvinfo.pb
2012-10-02 20:51 - 2012-10-10 21:30 - 06200680 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-10-02 20:51 - 2012-10-10 21:30 - 03536817 ____A C:\Windows\System32\nvcoproc.bin
2012-10-02 20:51 - 2012-10-10 21:30 - 03293544 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2012-10-02 20:50 - 2012-10-10 21:30 - 02557800 ____A (NVIDIA Corporation)

 

[Blade Runner]

C:\Windows\System32\nvsvcr.dll
2012-10-02 20:50 - 2012-10-10 21:30 - 00891240 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-10-02 20:50 - 2012-10-10 21:30 - 00118120 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-10-02 20:50 - 2012-10-10 21:30 - 00063336 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-10-02 20:44 - 2012-10-02 20:43 - 00013308 ____A C:\Users\MARIANO\Documents\cc_20121002_164350.reg
2012-10-02 17:15 - 2012-10-02 17:15 - 00430952 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2012-10-02 16:25 - 2012-10-02 16:24 - 03941312 ____A (Piriform Ltd) C:\Users\MARIANO\Downloads\ccsetup323.exe
2012-10-02 07:30 - 2012-10-02 07:30 - 00185696 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys
2012-10-01 21:40 - 2012-10-01 21:40 - 00001195 ____A C:\Users\Public\Desktop\The Dark Eye - Chains of Satinav.lnk
2012-10-01 17:01 - 2012-09-30 04:35 - 00466456 ____A (Creative Labs) C:\Windows\System32\wrap_oal.dll
2012-10-01 17:01 - 2012-09-30 04:35 - 00444952 ____A (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2012-10-01 17:01 - 2012-09-30 04:35 - 00122904 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\System32\OpenAL32.dll
2012-10-01 17:01 - 2012-09-30 04:35 - 00109080 ____A (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2012-10-01 16:53 - 2012-10-01 16:53 - 00000863 ____A C:\Users\Public\Desktop\Play Yesterday.lnk
2012-10-01 06:47 - 2012-09-26 12:03 - 00007598 ____A C:\Users\MARIANO\AppData\Local\Resmon.ResmonCfg
2012-10-01 06:35 - 2012-10-01 06:30 - 17245060 ____A (E-One Studio ) C:\Users\MARIANO\Downloads\setup.exe
2012-10-01 04:06 - 2012-10-01 04:05 - 00026629 ____A C:\Users\MARIANO\Downloads\[isoHunt] The.Dark.Eye.Chains.of.Satinav-SKIDROW [PublicHD].torrent
2012-09-30 21:11 - 2012-09-30 21:11 - 00030176 ____A C:\Users\MARIANO\Downloads\AWDFLASH131.zip
2012-09-30 21:06 - 2012-09-30 21:06 - 00000849 ____A C:\Users\Public\Desktop\1953 - KGB Unleashed.lnk
2012-09-30 21:02 - 2012-09-30 21:02 - 00030406 ____A C:\Users\MARIANO\Downloads\AWDFLASH132.zip
2012-09-30 21:01 - 2012-09-30 21:01 - 00419460 ____A C:\Users\MARIANO\Downloads\1401.zip
2012-09-30 20:51 - 2012-09-30 20:51 - 00000869 ____A C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2012-09-30 20:47 - 2012-09-30 20:45 - 04953032 ____A ( ) C:\Users\MARIANO\Downloads\cpu-z_1.61-setup-en.exe
2012-09-30 17:23 - 2012-09-30 17:23 - 00030200 ____A C:\Users\MARIANO\Downloads\[isoHunt] 1953 KGB Unleashed-TiNYiSO[EtGamez].torrent
2012-09-30 17:21 - 2012-09-30 17:21 - 00017996 ____A C:\Users\MARIANO\Downloads\[isoHunt] Yesterday-SKIDROW.torrent
2012-09-30 17:19 - 2012-09-30 17:19 - 00021959 ____A C:\Users\MARIANO\Downloads\[isoHunt] The Dark Eye Chains of Satinav 2012 PC Lossless Repack.torrent
2012-09-30 17:18 - 2012-09-30 17:18 - 00014193 ____A C:\Users\MARIANO\Downloads\[isoHunt] Hoodwink [MULTI5][PCDVD][SKIDROW][WwW.GamesTorrents.CoM].torrent
2012-09-30 17:12 - 2012-09-30 17:12 - 00025826 ____A C:\Users\MARIANO\Downloads\[isoHunt] 2712788.torrent
2012-09-30 05:21 - 2012-09-30 05:21 - 00001062 ____A C:\Users\Public\Desktop\Jurassic Park The Game.lnk
2012-09-30 05:06 - 2012-09-30 05:06 - 00001189 ____A C:\Users\MARIANO\Desktop\Dirt Showdown.lnk
2012-09-29 23:54 - 2012-11-04 23:39 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-29 23:29 - 2012-09-29 23:29 - 00000199 ____A C:\Users\MARIANO\Desktop\Counter-Strike Global Offensive.url
2012-09-29 21:45 - 2012-09-29 21:45 - 00001921 ____A C:\Users\MARIANO\Desktop\Spec Ops The Line.lnk
2012-09-29 19:36 - 2012-09-29 19:35 - 10894664 ____A C:\Users\MARIANO\Downloads\BitComet_1.34_x64_setup.exe
2012-09-27 02:20 - 2012-09-27 02:20 - 00406528 ____A (Propellerhead Software AB) C:\Windows\SysWOW64\ReWire.dll
2012-09-27 02:20 - 2012-09-27 02:20 - 00338432 ____A (Propellerhead Software AB) C:\Windows\SysWOW64\REX Shared Library.dll
2012-09-27 01:36 - 2012-09-27 01:36 - 00001061 ____A C:\Users\Public\Desktop\Reason.lnk
2012-09-27 00:21 - 2009-07-14 03:36 - 00175616 ____A (Microsoft Corporation) C:\Windows\System32\msclmd.dll
2012-09-27 00:21 - 2009-07-14 03:36 - 00152576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2012-09-26 23:49 - 2012-09-26 23:49 - 00560184 ____A (Duplex Secure Ltd.) C:\Windows\System32\Drivers\sptd.sys
2012-09-26 23:46 - 2012-09-26 23:44 - 14294360 ____A (DT Soft Ltd) C:\Users\MARIANO\Downloads\DTLite4454-0316.exe
2012-09-26 22:33 - 2012-09-26 22:33 - 00021464 ____A C:\Users\MARIANO\Downloads\4gb_patch.zip
2012-09-26 16:13 - 2012-09-26 16:13 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2012-09-26 15:15 - 2012-09-26 15:15 - 00001238 ____A C:\Users\MARIANO\Desktop\Supersonic Sled Replays.lnk
2012-09-26 15:11 - 2012-09-26 15:05 - 232523685 ____A C:\Users\MARIANO\Downloads\SetupSupersonicSled.exe
2012-09-26 15:07 - 2012-09-26 15:03 - 54685456 ____A (Logitech Inc.) C:\Users\MARIANO\Downloads\lgs835_x64.exe
2012-09-26 14:24 - 2012-09-26 14:24 - 00000202 ____A C:\Users\MARIANO\Desktop\Tom Clancy's Ghost Recon Future Soldier.url
2012-09-26 14:19 - 2012-09-26 14:15 - 183759160 ____A (NVIDIA Corporation) C:\Users\MARIANO\Downloads\306.23-desktop-win8-win7-winvista-64bit-english-whql.exe
2012-09-26 13:49 - 2012-09-26 13:49 - 00000200 ____A C:\Users\MARIANO\Desktop\Sid Meier's Civilization V.url
2012-09-26 13:37 - 2012-09-26 13:37 - 00000541 ____A C:\Users\Public\Desktop\Steam.lnk
2012-09-26 13:19 - 2012-09-26 13:19 - 08529408 ____A C:\Users\MARIANO\Downloads\SteamInstall_Spanish.msi
2012-09-26 01:47 - 2012-09-26 01:47 - 03993600 ____A C:\Program Files (x86)\GUT6FD3.tmp
2012-09-26 01:45 - 2012-09-26 01:45 - 01034216 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-09-26 01:45 - 2012-09-26 01:45 - 00916456 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-09-26 01:45 - 2012-09-26 01:45 - 00289768 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-09-26 01:45 - 2012-09-26 01:45 - 00189416 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-09-26 01:45 - 2012-09-26 01:45 - 00188904 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-09-26 01:45 - 2012-09-26 01:45 - 00108008 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2012-09-26 01:44 - 2012-09-26 01:44 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-09-26 01:44 - 2012-09-26 01:44 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-09-26 01:29 - 2012-09-26 01:25 - 00004750 ____A C:\Windows\IE9_main.log
2012-09-26 01:28 - 2012-09-26 01:28 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-09-26 01:28 - 2012-09-26 01:28 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-09-26 01:28 - 2012-09-26 01:28 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-09-26 01:28 - 2012-09-26 01:28 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-26 01:28 - 2012-09-26 01:28 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-09-26 01:28 - 2012-09-26 01:28 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-09-26 01:28 - 2012-09-26 01:28 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-09-26 01:28 - 2012-09-26 01:28 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-09-26 01:28 - 2012-09-26 01:28 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-09-26 01:28 - 2012-09-26 01:28 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-09-26 01:28 - 2012-09-26 01:28 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-09-26 01:28 - 2012-09-26 01:28 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-09-26 01:28 - 2012-09-26 01:28 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-09-26 01:28 - 2012-09-26 01:28 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-09-26 01:28 - 2012-09-26 01:28 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-09-26 01:28 - 2012-09-26 01:28 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-09-26 01:28 - 2012-09-26 01:28 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-09-26 01:28 - 2012-09-26 01:28 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-09-26 01:28 - 2012-09-26 01:28 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-09-26 01:28 - 2012-09-26 01:28 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-09-26 01:28 - 2012-09-26 01:28 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-09-26 01:28 - 2012-09-26 01:28 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-09-26 01:28 - 2012-09-26 01:28 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-09-26 01:28 - 2012-09-26 01:28 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-09-26 01:28 - 2012-09-26 01:28 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-09-26 01:14 - 2012-09-26 01:14 - 00254152 ____A (Secure By Design Inc.) C:\Users\MARIANO\Downloads\Ninite_7Zip_AVG_CCCP_Chrome_Dropbox_FileZilla_Installer.exe
2012-09-26 00:41 - 2012-09-26 00:41 - 00000020 ___SH C:\Users\MARIANO\ntuser.ini
2012-09-26 00:24 - 2012-09-26 00:24 - 00001313 ____A C:\Windows\TSSysprep.log
2012-09-26 00:24 - 2009-07-14 05:46 - 00001774 ____A C:\Windows\DtcInstall.log
2012-09-25 20:19 - 2009-07-14 06:38 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
2012-09-25 20:19 - 2009-07-14 06:32 - 00028672 ____A C:\Windows\System32\config\BCD-Template
2012-09-25 03:16 - 2012-10-17 19:31 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-09-25 03:08 - 2012-10-17 19:31 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-09-25 03:07 - 2012-10-17 19:31 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-09-24 07:08 - 2012-09-29 21:41 - 00000713 ____A C:\Users\MARIANO\Desktop\Freespace 2.lnk
2012-09-24 00:58 - 2012-09-30 01:49 - 00001005 ____A C:\Users\MARIANO\Desktop\Wing Commander 3.lnk
2012-09-21 07:46 - 2012-09-21 07:46 - 00225120 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgloga.sys
2012-09-21 07:46 - 2012-09-21 07:46 - 00200032 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
2012-09-21 07:45 - 2012-09-21 07:45 - 00061792 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsha.sys
2012-09-17 23:07 - 2012-09-26 16:13 - 03227136 ____A C:\Windows\SysWOW64\pbsvc_grfs.exe
2012-09-14 20:19 - 2012-10-09 18:54 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-09-14 19:28 - 2012-10-09 18:54 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-09-14 07:05 - 2012-09-14 07:05 - 00040800 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgrkx64.sys
2012-09-13 07:11 - 2012-09-13 07:11 - 00151904 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsdrivera.sys
2012-08-31 19:19 - 2012-10-09 18:54 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-08-30 19:03 - 2012-10-09 18:54 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-08-30 18:12 - 2012-10-09 18:54 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-08-30 18:12 - 2012-10-09 18:54 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-08-24 19:05 - 2012-10-09 18:54 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-24 17:57 - 2012-10-09 18:54 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-08-22 19:12 - 2012-09-28 16:37 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 19:12 - 2012-09-28 16:37 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 19:12 - 2012-09-28 16:37 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 19:12 - 2012-09-28 16:37 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-21 22:01 - 2012-09-28 16:37 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-08-20 19:48 - 2012-10-09 18:55 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-08-20 19:48 - 2012-10-09 18:55 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-08-20 19:48 - 2012-10-09 18:55 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-08-20 19:48 - 2012-10-09 18:55 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-08-20 19:48 - 2012-10-09 18:55 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-08-20 19:48 - 2012-10-09 18:55 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-08-20 19:48 - 2012-10-09 18:55 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-08-20 19:46 - 2012-10-09 18:55 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-08-20 19:38 - 2012-10-09 18:55 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 19:38 - 2012-10-09 18:55 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 19:38 - 2012-10-09 18:55 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 19:38 - 2012-10-09 18:55 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 19:38 - 2012-10-09 18:55 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 19:38 - 2012-10-09 18:55 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 19:38 - 2012-10-09 18:55 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 19:38 - 2012-10-09 18:55 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 19:38 - 2012-10-09 18:55 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 19:38 - 2012-10-09 18:55 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 19:38 - 2012-10-09 18:55 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 19:38 - 2012-10-09 18:55 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 19:38 - 2012-10-09 18:55 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 19:38 - 2012-10-09 18:55 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 19:38 - 2012-10-09 18:55 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 19:38 - 2012-10-09 18:55 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 19:38 - 2012-10-09 18:55 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 19:38 - 2012-10-09 18:55 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 19:38 - 2012-10-09 18:55 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 19:38 - 2012-10-09 18:55 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 19:38 - 2012-10-09 18:55 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 19:38 - 2012-10-09 18:55 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 19:38 - 2012-10-09 18:55 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 19:38 - 2012-10-09 18:55 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 19:38 - 2012-10-09 18:55 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 19:38 - 2012-10-09 18:55 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 19:38 - 2012-10-09 18:55 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 19:38 - 2012-10-09 18:55 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 18:40 - 2012-10-09 18:55 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-08-20 18:38 - 2012-10-09 18:55 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-08-20 18:37 - 2012-10-09 18:55 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-08-20 18:37 - 2012-10-09 18:55 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-08-20 18:37 - 2012-10-09 18:55 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-08-20 18:32 - 2012-10-09 18:55 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-08-20 18:32 - 2012-10-09 18:55 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 18:32 - 2012-10-09 18:55 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 18:32 - 2012-10-09 18:55 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 18:32 - 2012-10-09 18:55 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 18:32 - 2012-10-09 18:55 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 18:32 - 2012-10-09 18:55 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 18:32 - 2012-10-09 18:55 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 18:32 - 2012-10-09 18:55 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 18:32 - 2012-10-09 18:55 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 18:32 - 2012-10-09 18:55 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 18:32 - 2012-10-09 18:55 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 18:32 - 2012-10-09 18:55 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 18:32 - 2012-10-09 18:55 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-08-20 18:32 - 2012-10-09 18:55 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 18:32 - 2012-10-09 18:55 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 18:32 - 2012-10-09 18:55 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-08-20 18:32 - 2012-10-09 18:55 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 18:32 - 2012-10-09 18:55 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 18:32 - 2012-10-09 18:55 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 18:32 - 2012-10-09 18:55 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 18:32 - 2012-10-09 18:55 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 18:32 - 2012-10-09 18:55 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 18:32 - 2012-10-09 18:55 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-08-20 16:38 - 2012-10-09 18:55 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-08-20 16:38 - 2012-10-09 18:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-08-20 16:33 - 2012-10-09 18:55 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 16:33 - 2012-10-09 18:55 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 16:33 - 2012-10-09 18:55 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 16:33 - 2012-10-09 18:55 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-08-11 01:56 - 2012-10-09 18:54 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-08-11 00:56 - 2012-10-09 18:54 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

ZeroAccess:
C:\Windows\Installer\{9b1cd848-c34c-01c4-956c-32d0e801d896}
C:\Windows\Installer\{9b1cd848-c34c-01c4-956c-32d0e801d896}\@
C:\Windows\Installer\{9b1cd848-c34c-01c4-956c-32d0e801d896}\L
C:\Windows\Installer\{9b1cd848-c34c-01c4-956c-32d0e801d896}\U
C:\Windows\Installer\{9b1cd848-c34c-01c4-956c-32d0e801d896}\L\00000004.@
C:\Windows\Installer\{9b1cd848-c34c-01c4-956c-32d0e801d896}\L\201d3dde
C:\Windows\Installer\{9b1cd848-c34c-01c4-956c-32d0e801d896}\U\00000004.@
C:\Windows\Installer\{9b1cd848-c34c-01c4-956c-32d0e801d896}\U\00000008.@
C:\Windows\Installer\{9b1cd848-c34c-01c4-956c-32d0e801d896}\U\000000cb.@
C:\Windows\Installer\{9b1cd848-c34c-01c4-956c-32d0e801d896}\U\80000000.@
C:\Windows\Installer\{9b1cd848-c34c-01c4-956c-32d0e801d896}\U\80000032.@
C:\Windows\Installer\{9b1cd848-c34c-01c4-956c-32d0e801d896}\U\80000064.@

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-07-14 00:19] - [2009-07-14 02:39] - 0329216 ____A () 5DBFF3A855D910C2F3BA0EA4CE1CB7EA

C:\Windows\System32\services.exe IS INFECTED. <===== ATTENTION!

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 4094.55 MB
Available physical RAM: 3500.4 MB
Total Pagefile: 4092.7 MB
Available Pagefile: 3496.85 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

2 Drive c: () (Fixed) (Total:148.95 GB) (Free:71.9 GB) NTFS
3 Drive d: (1TB) (Fixed) (Total:931.51 GB) (Free:465.89 GB) NTFS
5 Drive g: (MARIANO 4GB) (Removable) (Total:3.66 GB) (Free:3.66 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

N£m Disco Estado Tama¤o Disp Din Gpt
---------- ---------- ------- ------- --- ---
Disco 0 En l¡nea 149 GB 0 B
Disco 1 En l¡nea 931 GB 0 B
Disco 2 En l¡nea 3764 MB 0 B

Partitions of Disk 0:
===============

N£m Partici¢n Tipo Tama¤o Desplazamiento
------------- ---------------- ------- ---------------
Partici¢n 1 Principal 100 MB 1024 KB
Partici¢n 2 Principal 148 GB 101 MB

==================================================================================

Disk: 0
Partici¢n 1
Tipo : 07
Oculta : No
Activa : S¡

N£m Volumen Ltr Etiqueta Fs Tipo Tama¤o Estado Info
----------- --- ----------- ----- ---------- ------- --------- --------
* Volumen 1 Y Reservado NTFS Partici¢n 100 MB Correcto

=========================================================

Disk: 0
Partici¢n 2
Tipo : 07
Oculta : No
Activa : No

N£m Volumen Ltr Etiqueta Fs Tipo Tama¤o Estado Info
----------- --- ----------- ----- ---------- ------- --------- --------
* Volumen 2 C NTFS Partici¢n 148 GB Correcto

=========================================================

Partitions of Disk 1:
===============

N£m Partici¢n Tipo Tama¤o Desplazamiento
------------- ---------------- ------- ---------------
Partici¢n 1 Principal 931 GB 31 KB

==================================================================================

Disk: 1
Partici¢n 1
Tipo : 07
Oculta : No
Activa : No

N£m Volumen Ltr Etiqueta Fs Tipo Tama¤o Estado Info
----------- --- ----------- ----- ---------- ------- --------- --------
* Volumen 3 D 1TB NTFS Partici¢n 931 GB Correcto

=========================================================

Partitions of Disk 2:
===============

N£m Partici¢n Tipo Tama¤o Desplazamiento
------------- ---------------- ------- ---------------
Partici¢n 1 Principal 3760 MB 4032 KB

==================================================================================

Disk: 2
Partici¢n 1
Tipo : 0B
Oculta : No
Activa : No

N£m Volumen Ltr Etiqueta Fs Tipo Tama¤o Estado Info
----------- --- ----------- ----- ---------- ------- --------- --------
* Volumen 4 G MARIANO 4G FAT32 Extra¡ble 3760 MB Correcto

=========================================================

Last Boot: 2012-10-27 02:20

==================== End Of Log =============================

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================

Re-run FRST again.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes in your reply.

 

[Blade Runner]

Farbar Recovery Scan Tool (x64) Version: 05-11-2012
Ran by SYSTEM at 2012-11-07 11:26:07
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-14 00:19] - [2009-07-14 02:39] - 0329216 ____A () 5DBFF3A855D910C2F3BA0EA4CE1CB7EA

====== End Of Search ======

 

[Broni]

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next....

Restart normally.

================================

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

===============================

• Download RogueKiller on the desktop
• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

=================================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
Alternate download: http://www.filehippo.com/download_malwarebytes_anti_malware/
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

[Blade Runner]

Thank you so much for your help so far!
The blue screen is gone and I can start windows normally! but I've only tried safe mode because I'm still a bit wary about going into full windows with internet access.
Is it alright to use safe mode with networking to download and use those applications you mentioned?

Also, MBAM and aswMBR is what I had been using prior to the blue screen issue. In fact rebooting after the aswMBR cure is the last thing I had done. Should I download and reinstall these apps again just to be sure?

Thanks again!

Here is the fixlog.txt
----------------------------------------------------------------------------------------------------

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-11-2012
Ran by SYSTEM at 2012-11-08 03:58:12 Run:1
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
C:\Windows\Installer\{9b1cd848-c34c-01c4-956c-32d0e801d896} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

 

[Broni]

You're infected with ZeroAccess rootkit and that's cured by now.
You're perfectly safe to restart in normal mode and perform tasks from my previous reply.

 

[Blade Runner]

TDSSKiller report (1/2):
------------------------------------------------------------------------------
06:31:00.0767 0412 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
06:31:01.0473 0412 ============================================================
06:31:01.0473 0412 Current date / time: 2012/11/08 06:31:01.0473
06:31:01.0473 0412 SystemInfo:
06:31:01.0473 0412
06:31:01.0473 0412 OS Version: 6.1.7601 ServicePack: 1.0
06:31:01.0473 0412 Product type: Workstation
06:31:01.0473 0412 ComputerName: MARIANO-PC
06:31:01.0473 0412 UserName: MARIANO
06:31:01.0473 0412 Windows directory: C:\Windows
06:31:01.0473 0412 System windows directory: C:\Windows
06:31:01.0474 0412 Running under WOW64
06:31:01.0474 0412 Processor architecture: Intel x64
06:31:01.0474 0412 Number of processors: 2
06:31:01.0474 0412 Page size: 0x1000
06:31:01.0474 0412 Boot type: Normal boot
06:31:01.0474 0412 ============================================================
06:31:06.0046 0412 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
06:31:06.0461 0412 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1D9265, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040
06:31:06.0466 0412 ============================================================
06:31:06.0466 0412 \Device\Harddisk0\DR0:
06:31:06.0466 0412 MBR partitions:
06:31:06.0467 0412 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
06:31:06.0467 0412 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129E6800
06:31:06.0467 0412 \Device\Harddisk1\DR1:
06:31:06.0467 0412 MBR partitions:
06:31:06.0467 0412 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x747061A1
06:31:06.0467 0412 ============================================================
06:31:06.0484 0412 C: <-> \Device\Harddisk0\DR0\Partition2
06:31:06.0533 0412 D: <-> \Device\Harddisk1\DR1\Partition1
06:31:06.0533 0412 ============================================================
06:31:06.0533 0412 Initialize success
06:31:06.0533 0412 ============================================================
06:31:14.0928 4672 ============================================================
06:31:14.0928 4672 Scan started
06:31:14.0928 4672 Mode: Manual;
06:31:14.0928 4672 ============================================================
06:31:21.0854 4672 ================ Scan system memory ========================
06:31:21.0854 4672 System memory - ok
06:31:21.0854 4672 ================ Scan services =============================
06:31:22.0317 4672 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
06:31:22.0341 4672 1394ohci - ok
06:31:22.0494 4672 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
06:31:22.0519 4672 ACPI - ok
06:31:22.0641 4672 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
06:31:22.0674 4672 AcpiPmi - ok
06:31:22.0845 4672 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
06:31:22.0847 4672 AdobeARMservice - ok
06:31:22.0887 4672 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
06:31:22.0975 4672 adp94xx - ok
06:31:23.0124 4672 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
06:31:23.0141 4672 adpahci - ok
06:31:23.0235 4672 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
06:31:23.0249 4672 adpu320 - ok
06:31:23.0279 4672 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
06:31:23.0281 4672 AeLookupSvc - ok
06:31:23.0521 4672 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
06:31:23.0591 4672 AFD - ok
06:31:23.0673 4672 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
06:31:23.0693 4672 agp440 - ok
06:31:23.0780 4672 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
06:31:23.0798 4672 ALG - ok
06:31:23.0906 4672 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
06:31:23.0922 4672 aliide - ok
06:31:23.0969 4672 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
06:31:23.0987 4672 amdide - ok
06:31:24.0152 4672 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
06:31:24.0153 4672 AmdK8 - ok
06:31:24.0242 4672 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
06:31:24.0254 4672 AmdPPM - ok
06:31:24.0370 4672 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
06:31:24.0387 4672 amdsata - ok
06:31:24.0550 4672 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
06:31:24.0675 4672 amdsbs - ok
06:31:24.0724 4672 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
06:31:24.0725 4672 amdxata - ok
06:31:24.0886 4672 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
06:31:24.0995 4672 AppID - ok
06:31:25.0048 4672 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
06:31:25.0060 4672 AppIDSvc - ok
06:31:25.0160 4672 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
06:31:25.0170 4672 Appinfo - ok
06:31:25.0220 4672 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
06:31:25.0229 4672 AppMgmt - ok
06:31:25.0261 4672 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
06:31:25.0265 4672 arc - ok
06:31:25.0300 4672 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
06:31:25.0314 4672 arcsas - ok
06:31:25.0361 4672 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
06:31:25.0365 4672 AsyncMac - ok
06:31:25.0403 4672 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
06:31:25.0404 4672 atapi - ok
06:31:25.0941 4672 [ EA0AF9B866DF07E8FE6C2342585788B0 ] athur C:\Windows\system32\DRIVERS\athurx.sys
06:31:26.0012 4672 athur - ok
06:31:26.0062 4672 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
06:31:26.0081 4672 AudioEndpointBuilder - ok
06:31:26.0101 4672 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
06:31:26.0107 4672 AudioSrv - ok
06:31:27.0078 4672 [ B41F0E54105801538D56623271A0AE49 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
06:31:27.0222 4672 AVGIDSAgent - ok
06:31:27.0254 4672 [ F1A99DA71E6549D7D944596E15142866 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
06:31:27.0262 4672 AVGIDSDriver - ok
06:31:27.0290 4672 [ E6CB84918C1ABE84AAAF749D2EA4E764 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
06:31:27.0292 4672 AVGIDSHA - ok
06:31:27.0324 4672 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
06:31:27.0333 4672 Avgldx64 - ok
06:31:27.0378 4672 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
06:31:27.0381 4672 Avgloga - ok
06:31:27.0403 4672 [ EAFF19168F26FA225EB679547B718051 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
06:31:27.0405 4672 Avgmfx64 - ok
06:31:27.0426 4672 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
06:31:27.0428 4672 Avgrkx64 - ok
06:31:27.0463 4672 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
06:31:27.0505 4672 Avgtdia - ok
06:31:27.0608 4672 [ 0D2EB149AFF89A307E5D82D0A2B78439 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
06:31:27.0616 4672 avgwd - ok
06:31:27.0724 4672 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
06:31:27.0736 4672 AxInstSV - ok
06:31:27.0809 4672 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
06:31:27.0843 4672 b06bdrv - ok
06:31:27.0900 4672 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
06:31:27.0917 4672 b57nd60a - ok
06:31:27.0947 4672 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
06:31:27.0959 4672 BDESVC - ok
06:31:28.0010 4672 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
06:31:28.0013 4672 Beep - ok
06:31:28.0369 4672 BITCOMET_HELPER_SERVICE - ok
06:31:28.0668 4672 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
06:31:30.0451 4672 blbdrive - ok
06:31:31.0353 4672 [ 73686FE0B2E0469F89FD2075BE724704 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
06:31:31.0656 4672 Bonjour Service - ok
06:31:31.0752 4672 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
06:31:31.0802 4672 bowser - ok
06:31:31.0947 4672 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
06:31:31.0981 4672 BrFiltLo - ok
06:31:32.0053 4672 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
06:31:32.0122 4672 BrFiltUp - ok
06:31:32.0331 4672 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
06:31:32.0492 4672 Browser - ok
06:31:32.0782 4672 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
06:31:32.0936 4672 Brserid - ok
06:31:33.0014 4672 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
06:31:33.0032 4672 BrSerWdm - ok
06:31:33.0166 4672 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
06:31:33.0182 4672 BrUsbMdm - ok
06:31:33.0254 4672 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
06:31:33.0290 4672 BrUsbSer - ok
06:31:33.0534 4672 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
06:31:33.0570 4672 BTHMODEM - ok
06:31:33.0675 4672 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
06:31:33.0682 4672 bthserv - ok
06:31:33.0751 4672 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
06:31:33.0764 4672 cdfs - ok
06:31:33.0813 4672 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
06:31:33.0821 4672 cdrom - ok
06:31:33.0965 4672 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
06:31:33.0981 4672 CertPropSvc - ok
06:31:34.0143 4672 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
06:31:34.0302 4672 circlass - ok
06:31:34.0588 4672 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
06:31:35.0087 4672 CLFS - ok
06:31:35.0261 4672 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:31:35.0420 4672 clr_optimization_v2.0.50727_32 - ok
06:31:35.0908 4672 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
06:31:35.0991 4672 clr_optimization_v2.0.50727_64 - ok
06:31:36.0077 4672 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
06:31:36.0337 4672 clr_optimization_v4.0.30319_32 - ok
06:31:36.0925 4672 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
06:31:36.0928 4672 clr_optimization_v4.0.30319_64 - ok
06:31:36.0961 4672 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
06:31:36.0963 4672 CmBatt - ok
06:31:37.0038 4672 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
06:31:37.0070 4672 cmdide - ok
06:31:37.0104 4672 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
06:31:37.0121 4672 CNG - ok
06:31:37.0173 4672 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
06:31:37.0175 4672 Compbatt - ok
06:31:37.0209 4672 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
06:31:37.0229 4672 CompositeBus - ok
06:31:37.0237 4672 COMSysApp - ok
06:31:37.0277 4672 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
06:31:37.0286 4672 crcdisk - ok
06:31:37.0361 4672 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
06:31:37.0370 4672 CryptSvc - ok
06:31:37.0422 4672 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
06:31:37.0448 4672 CSC - ok
06:31:37.0618 4672 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
06:31:37.0653 4672 CscService - ok
06:31:37.0764 4672 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
06:31:37.0773 4672 DcomLaunch - ok
06:31:37.0875 4672 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
06:31:37.0887 4672 defragsvc - ok
06:31:37.0922 4672 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
06:31:37.0925 4672 DfsC - ok
06:31:37.0998 4672 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
06:31:38.0021 4672 Dhcp - ok
06:31:38.0047 4672 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
06:31:38.0056 4672 discache - ok
06:31:38.0123 4672 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
06:31:38.0124 4672 Disk - ok
06:31:38.0385 4672 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
06:31:38.0451 4672 Dnscache - ok
06:31:38.0698 4672 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
06:31:38.0773 4672 dot3svc - ok
06:31:38.0822 4672 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
06:31:38.0824 4672 DPS - ok
06:31:38.0875 4672 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
06:31:38.0882 4672 drmkaud - ok
06:31:39.0020 4672 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
06:31:39.0052 4672 DXGKrnl - ok
06:31:39.0098 4672 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
06:31:39.0109 4672 EapHost - ok
06:31:39.0607 4672 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
06:31:39.0752 4672 ebdrv - ok
06:31:39.0796 4672 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
06:31:39.0799 4672 EFS - ok
06:31:40.0000 4672 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
06:31:40.0044 4672 ehRecvr - ok
06:31:40.0104 4672 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
06:31:40.0107 4672 ehSched - ok
06:31:40.0443 4672 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
06:31:40.0556 4672 elxstor - ok
06:31:40.0691 4672 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
06:31:40.0713 4672 ErrDev - ok
06:31:40.0811 4672 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
06:31:40.0815 4672 EventSystem - ok
06:31:40.0858 4672 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
06:31:40.0872 4672 exfat - ok
06:31:40.0915 4672 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
06:31:40.0920 4672 fastfat - ok
06:31:40.0979 4672 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
06:31:40.0987 4672 Fax - ok
06:31:41.0023 4672 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
06:31:41.0030 4672 fdc - ok
06:31:41.0051 4672 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
06:31:41.0063 4672 fdPHost - ok
06:31:41.0083 4672 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
06:31:41.0092 4672 FDResPub - ok
06:31:41.0128 4672 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
06:31:41.0130 4672 FileInfo - ok
06:31:41.0143 4672 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
06:31:41.0145 4672 Filetrace - ok
06:31:41.0184 4672 [ AC7E21145B9348BFC1B1DEC7BC238B3F ] FixZeroAccess C:\Windows\system32\drivers\FixZeroAccess.sys
06:31:41.0197 4672 FixZeroAccess - ok
06:31:41.0359 4672 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
06:31:41.0720 4672 FLEXnet Licensing Service - ok
06:31:41.0754 4672 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
06:31:41.0764 4672 flpydisk - ok
06:31:41.0824 4672 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
06:31:41.0835 4672 FltMgr - ok
06:31:42.0000 4672 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
06:31:42.0045 4672 FontCache - ok
06:31:42.0111 4672 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
06:31:42.0120 4672 FontCache3.0.0.0 - ok
06:31:42.0221 4672 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
06:31:42.0260 4672 FsDepends - ok
06:31:42.0428 4672 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
06:31:42.0430 4672 Fs_Rec - ok
06:31:42.0787 4672 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
06:31:42.0789 4672 fvevol - ok
06:31:42.0847 4672 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
06:31:42.0863 4672 gagp30kx - ok
06:31:43.0057 4672 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
06:31:43.0079 4672 gpsvc - ok
06:31:43.0147 4672 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
06:31:43.0149 4672 gupdate - ok
06:31:43.0155 4672 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
06:31:43.0157 4672 gupdatem - ok
06:31:43.0189 4672 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
06:31:43.0192 4672 hamachi - ok
06:31:43.0258 4672 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
06:31:43.0262 4672 hcw85cir - ok
06:31:43.0354 4672 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
06:31:43.0370 4672 HdAudAddService - ok
06:31:43.0391 4672 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
06:31:43.0398 4672 HDAudBus - ok
06:31:43.0447 4672 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
06:31:43.0458 4672 HidBatt - ok
06:31:43.0475 4672 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
06:31:43.0490 4672 HidBth - ok
06:31:43.0515 4672 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
06:31:43.0525 4672 HidIr - ok
06:31:43.0607 4672 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
06:31:43.0610 4672 hidserv - ok
06:31:43.0664 4672 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
06:31:43.0676 4672 HidUsb - ok
06:31:43.0718 4672 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
06:31:43.0730 4672 hkmsvc - ok
06:31:43.0797 4672 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
06:31:43.0806 4672 HomeGroupListener - ok
06:31:43.0845 4672 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
06:31:43.0870 4672 HomeGroupProvider - ok
06:31:43.0928 4672 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
06:31:43.0939 4672 HpSAMD - ok
06:31:44.0075 4672 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
06:31:44.0100 4672 HTTP - ok
06:31:44.0137 4672 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
06:31:44.0139 4672 hwpolicy - ok
06:31:44.0275 4672 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
06:31:44.0310 4672 i8042prt - ok
06:31:44.0581 4672 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
06:31:44.0586 4672 iaStorV - ok
06:31:44.0670 4672 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
06:31:44.0728 4672 idsvc - ok
06:31:44.0763 4672 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
06:31:44.0774 4672 iirsp - ok
06:31:44.0829 4672 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
06:31:44.0864 4672 IKEEXT - ok
06:31:44.0896 4672 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
06:31:44.0899 4672 intelide - ok
06:31:44.0947 4672 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
06:31:44.0962 4672 intelppm - ok
06:31:45.0027 4672 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
06:31:45.0039 4672 IPBusEnum - ok
06:31:45.0071 4672 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
06:31:45.0085 4672 IpFilterDriver - ok
06:31:45.0128 4672 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
06:31:45.0135 4672 IPMIDRV - ok
06:31:45.0183 4672 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
06:31:45.0198 4672 IPNAT - ok
06:31:45.0222 4672 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
06:31:45.0236 4672 IRENUM - ok
06:31:45.0270 4672 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
06:31:45.0272 4672 isapnp - ok
06:31:45.0347 4672 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
06:31:45.0380 4672 iScsiPrt - ok
06:31:45.0452 4672 [ BD5BF20EC242E003A2F570B8754A56D1 ] ivusb C:\Windows\system32\DRIVERS\ivusb.sys
06:31:45.0454 4672 ivusb - ok
06:31:45.0473 4672 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
06:31:45.0475 4672 kbdclass - ok
06:31:45.0526 4672 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
06:31:45.0573 4672 kbdhid - ok
06:31:45.0604 4672 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
06:31:45.0606 4672 KeyIso - ok
06:31:45.0644 4672 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
06:31:45.0646 4672 KSecDD - ok
06:31:45.0693 4672 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
06:31:45.0705 4672 KSecPkg - ok
06:31:45.0742 4672 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
06:31:45.0750 4672 ksthunk - ok
06:31:45.0828 4672 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
06:31:45.0863 4672 KtmRm - ok
06:31:45.0988 4672 [ CE4347E2D90DB2E5517B6F2BC720A862 ] LADF_CaptureOnly C:\Windows\system32\DRIVERS\ladfGSCamd64.sys
06:31:46.0080 4672 LADF_CaptureOnly - ok
06:31:46.0108 4672 [ 85A9D21D3AE2EA963E111CB150895877 ] LADF_RenderOnly C:\Windows\system32\DRIVERS\ladfGSRamd64.sys
06:31:46.0131 4672 LADF_RenderOnly - ok
06:31:46.0332 4672 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
06:31:46.0414 4672 LanmanServer - ok
06:31:46.0591 4672 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
06:31:46.0599 4672 LanmanWorkstation - ok
06:31:46.0646 4672 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
06:31:46.0652 4672 LGBusEnum - ok
06:31:46.0689 4672 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
06:31:46.0691 4672 LGVirHid - ok
06:31:46.0733 4672 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
06:31:46.0735 4672 lltdio - ok
06:31:46.0819 4672 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
06:31:46.0834 4672 lltdsvc - ok
06:31:46.0858 4672 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
06:31:46.0860 4672 lmhosts - ok
06:31:46.0911 4672 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
06:31:46.0922 4672 LSI_FC - ok
06:31:46.0964 4672 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
06:31:46.0973 4672 LSI_SAS - ok
06:31:47.0028 4672 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
06:31:47.0031 4672 LSI_SAS2 - ok
06:31:47.0084 4672 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
06:31:47.0089 4672 LSI_SCSI - ok
06:31:47.0108 4672 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
06:31:47.0116 4672 luafv - ok
06:31:47.0162 4672 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
06:31:47.0194 4672 MBAMProtector - ok
06:31:47.0348 4672 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
06:31:47.0396 4672 MBAMScheduler - ok
06:31:47.0533 4672 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
06:31:47.0586 4672 MBAMService - ok
06:31:47.0629 4672 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
06:31:47.0639 4672 Mcx2Svc - ok
06:31:47.0661 4672 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
06:31:47.0667 4672 megasas - ok
06:31:47.0721 4672 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
06:31:47.0732 4672 MegaSR - ok
06:31:47.0760 4672 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
06:31:47.0772 4672 MMCSS - ok
06:31:47.0799 4672 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
06:31:47.0812 4672 Modem - ok
06:31:47.0861 4672 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
06:31:47.0863 4672 monitor - ok
06:31:47.0895 4672 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
06:31:47.0908 4672 mouclass - ok
06:31:47.0949 4672 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
06:31:47.0957 4672 mouhid - ok
06:31:48.0001 4672 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
06:31:48.0010 4672 mountmgr - ok
06:31:48.0041 4672 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
06:31:48.0056 4672 mpio - ok
06:31:48.0088 4672 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
06:31:48.0093 4672 mpsdrv - ok
06:31:48.0123 4672 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
06:31:48.0148 4672 MRxDAV - ok
06:31:48.0372 4672 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
06:31:48.0530 4672 mrxsmb - ok
06:31:48.0694 4672 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:31:48.0733 4672 mrxsmb10 - ok
06:31:48.0800 4672 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:31:48.0803 4672 mrxsmb20 - ok
06:31:48.0825 4672 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
06:31:48.0829 4672 msahci - ok
06:31:48.0873 4672 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
06:31:48.0884 4672 msdsm - ok
06:31:48.0912 4672 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
06:31:48.0927 4672 MSDTC - ok
06:31:48.0969 4672 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
06:31:48.0971 4672 Msfs - ok
06:31:48.0987 4672 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
06:31:48.0992 4672 mshidkmdf - ok
06:31:49.0029 4672 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
06:31:49.0031 4672 msisadrv - ok
06:31:49.0087 4672 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
06:31:49.0111 4672 MSiSCSI - ok
06:31:49.0116 4672 msiserver - ok
06:31:49.0170 4672 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
06:31:49.0181 4672 MSKSSRV - ok
06:31:49.0214 4672 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
06:31:49.0221 4672 MSPCLOCK - ok
06:31:49.0241 4672 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
06:31:49.0249 4672 MSPQM - ok
06:31:49.0328 4672 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
06:31:49.0346 4672 MsRPC - ok
06:31:49.0401 4672 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
06:31:49.0402 4672 mssmbios - ok
06:31:49.0435 4672 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
06:31:49.0446 4672 MSTEE - ok
06:31:49.0468 4672 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
06:31:49.0482 4672 MTConfig - ok
06:31:49.0538 4672 [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
06:31:49.0572 4672 MTsensor - ok
06:31:49.0618 4672 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
06:31:49.0620 4672 Mup - ok
06:31:49.0697 4672 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
06:31:49.0762 4672 napagent - ok
06:31:49.0844 4672 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
06:31:49.0849 4672 NativeWifiP - ok
06:31:49.0951 4672 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
06:31:49.0975 4672 NDIS - ok
06:31:50.0020 4672 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
06:31:50.0033 4672 NdisCap - ok
06:31:50.0050 4672 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
06:31:50.0052 4672 NdisTapi - ok
06:31:50.0110 4672 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
06:31:50.0112 4672 Ndisuio - ok
06:31:50.0264 4672 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
06:31:50.0338 4672 NdisWan - ok
06:31:50.0413 4672 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
06:31:50.0424 4672 NDProxy - ok
06:31:50.0469 4672 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
06:31:50.0477 4672 NetBIOS - ok
06:31:50.0508 4672 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
06:31:50.0525 4672 NetBT - ok
06:31:50.0596 4672 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
06:31:50.0598 4672 Netlogon - ok
06:31:50.0693 4672 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
06:31:50.0713 4672 Netman - ok
06:31:50.0782 4672 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
06:31:50.0788 4672 netprofm - ok
06:31:50.0832 4672 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

 

[Blade Runner]

TDSSKiller report (2/2):
------------------------------------------------------------------------------
06:31:50.0857 4672 NetTcpPortSharing - ok
06:31:50.0907 4672 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
06:31:50.0917 4672 nfrd960 - ok
06:31:51.0004 4672 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
06:31:51.0076 4672 NlaSvc - ok
06:31:51.0095 4672 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
06:31:51.0102 4672 Npfs - ok
06:31:51.0139 4672 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
06:31:51.0145 4672 nsi - ok
06:31:51.0185 4672 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
06:31:51.0196 4672 nsiproxy - ok
06:31:51.0388 4672 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
06:31:51.0431 4672 Ntfs - ok
06:31:51.0465 4672 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
06:31:51.0471 4672 Null - ok
06:31:51.0616 4672 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
06:31:51.0808 4672 NVENETFD - ok
06:31:51.0905 4672 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
06:31:51.0947 4672 NVHDA - ok
06:31:53.0726 4672 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
06:31:54.0036 4672 nvlddmkm - ok
06:31:54.0095 4672 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
06:31:54.0122 4672 nvraid - ok
06:31:54.0262 4672 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
06:31:54.0328 4672 nvstor - ok
06:31:54.0488 4672 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
06:31:54.0534 4672 nvsvc - ok
06:31:54.0699 4672 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
06:31:54.0719 4672 nvUpdatusService - ok
06:31:54.0747 4672 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
06:31:54.0751 4672 nv_agp - ok
06:31:54.0786 4672 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
06:31:54.0798 4672 ohci1394 - ok
06:31:54.0844 4672 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
06:31:54.0894 4672 p2pimsvc - ok
06:31:54.0940 4672 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
06:31:54.0974 4672 p2psvc - ok
06:31:55.0013 4672 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
06:31:55.0016 4672 Parport - ok
06:31:55.0103 4672 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
06:31:55.0116 4672 partmgr - ok
06:31:55.0177 4672 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
06:31:55.0192 4672 PcaSvc - ok
06:31:55.0222 4672 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
06:31:55.0230 4672 pci - ok
06:31:55.0243 4672 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
06:31:55.0245 4672 pciide - ok
06:31:55.0299 4672 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
06:31:55.0315 4672 pcmcia - ok
06:31:55.0337 4672 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
06:31:55.0339 4672 pcw - ok
06:31:55.0370 4672 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
06:31:55.0393 4672 PEAUTH - ok
06:31:55.0488 4672 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
06:31:55.0565 4672 PeerDistSvc - ok
06:31:55.0906 4672 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
06:31:55.0927 4672 PerfHost - ok
06:31:56.0089 4672 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
06:31:56.0142 4672 pla - ok
06:31:56.0302 4672 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
06:31:56.0415 4672 PlugPlay - ok
06:31:56.0493 4672 PnkBstrA - ok
06:31:56.0541 4672 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
06:31:56.0608 4672 PNRPAutoReg - ok
06:31:56.0637 4672 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
06:31:56.0641 4672 PNRPsvc - ok
06:31:56.0741 4672 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
06:31:56.0798 4672 PolicyAgent - ok
06:31:56.0850 4672 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
06:31:56.0866 4672 Power - ok
06:31:56.0916 4672 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
06:31:56.0944 4672 PptpMiniport - ok
06:31:56.0967 4672 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
06:31:56.0971 4672 Processor - ok
06:31:57.0025 4672 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
06:31:57.0059 4672 ProfSvc - ok
06:31:57.0071 4672 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
06:31:57.0073 4672 ProtectedStorage - ok
06:31:57.0112 4672 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
06:31:57.0120 4672 Psched - ok
06:31:57.0155 4672 [ 225D3660F926FE761BC8CE10C512AA02 ] PTSimBus C:\Windows\system32\DRIVERS\PTSimBus.sys
06:31:57.0174 4672 PTSimBus - ok
06:31:57.0212 4672 [ BD2194786ABAF4860F41118C0C103E7B ] PTSimHid C:\Windows\system32\DRIVERS\PTSimHid.sys
06:31:57.0233 4672 PTSimHid - ok
06:31:57.0392 4672 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
06:31:57.0441 4672 ql2300 - ok
06:31:57.0492 4672 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
06:31:57.0500 4672 ql40xx - ok
06:31:57.0601 4672 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
06:31:57.0616 4672 QWAVE - ok
06:31:57.0634 4672 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
06:31:57.0642 4672 QWAVEdrv - ok
06:31:57.0682 4672 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
06:31:57.0697 4672 RasAcd - ok
06:31:57.0746 4672 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
06:31:57.0757 4672 RasAgileVpn - ok
06:31:57.0786 4672 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
06:31:57.0791 4672 RasAuto - ok
06:31:57.0862 4672 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
06:31:57.0871 4672 Rasl2tp - ok
06:31:57.0924 4672 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
06:31:57.0950 4672 RasMan - ok
06:31:57.0990 4672 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
06:31:57.0993 4672 RasPppoe - ok
06:31:58.0023 4672 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
06:31:58.0033 4672 RasSstp - ok
06:31:58.0092 4672 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
06:31:58.0117 4672 rdbss - ok
06:31:58.0142 4672 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
06:31:58.0152 4672 rdpbus - ok
06:31:58.0634 4672 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
06:31:58.0639 4672 RDPCDD - ok
06:31:58.0719 4672 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
06:31:58.0724 4672 RDPDR - ok
06:31:58.0765 4672 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
06:31:58.0777 4672 RDPENCDD - ok
06:31:58.0838 4672 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
06:31:58.0850 4672 RDPREFMP - ok
06:31:58.0878 4672 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
06:31:58.0945 4672 RDPWD - ok
06:31:58.0995 4672 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
06:31:58.0998 4672 rdyboost - ok
06:31:59.0045 4672 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
06:31:59.0051 4672 RemoteAccess - ok
06:31:59.0090 4672 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
06:31:59.0096 4672 RemoteRegistry - ok
06:31:59.0111 4672 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
06:31:59.0120 4672 RpcEptMapper - ok
06:31:59.0161 4672 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
06:31:59.0172 4672 RpcLocator - ok
06:31:59.0214 4672 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
06:31:59.0221 4672 RpcSs - ok
06:31:59.0259 4672 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
06:31:59.0271 4672 rspndr - ok
06:31:59.0312 4672 [ 68DD0457D18FCCEF7384AE84022F0C86 ] RTL8023x64 C:\Windows\system32\DRIVERS\Rtnic64.sys
06:31:59.0324 4672 RTL8023x64 - ok
06:31:59.0361 4672 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
06:31:59.0375 4672 s3cap - ok
06:31:59.0396 4672 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
06:31:59.0398 4672 SamSs - ok
06:31:59.0447 4672 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
06:31:59.0460 4672 sbp2port - ok
06:31:59.0513 4672 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
06:31:59.0523 4672 SCardSvr - ok
06:31:59.0602 4672 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
06:31:59.0615 4672 scfilter - ok
06:31:59.0815 4672 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
06:31:59.0870 4672 Schedule - ok
06:31:59.0906 4672 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
06:31:59.0908 4672 SCPolicySvc - ok
06:31:59.0965 4672 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
06:31:59.0981 4672 SDRSVC - ok
06:32:00.0024 4672 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
06:32:00.0026 4672 secdrv - ok
06:32:00.0055 4672 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
06:32:00.0066 4672 seclogon - ok
06:32:00.0107 4672 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
06:32:00.0114 4672 SENS - ok
06:32:00.0136 4672 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
06:32:00.0167 4672 SensrSvc - ok
06:32:00.0342 4672 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
06:32:00.0392 4672 Serenum - ok
06:32:00.0419 4672 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
06:32:00.0425 4672 Serial - ok
06:32:00.0464 4672 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
06:32:00.0475 4672 sermouse - ok
06:32:00.0610 4672 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
06:32:00.0620 4672 SessionEnv - ok
06:32:00.0662 4672 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
06:32:00.0673 4672 sffdisk - ok
06:32:00.0691 4672 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
06:32:00.0705 4672 sffp_mmc - ok
06:32:00.0721 4672 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
06:32:00.0730 4672 sffp_sd - ok
06:32:00.0771 4672 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
06:32:00.0786 4672 sfloppy - ok
06:32:00.0869 4672 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
06:32:00.0903 4672 ShellHWDetection - ok
06:32:00.0937 4672 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
06:32:00.0943 4672 SiSRaid2 - ok
06:32:00.0978 4672 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
06:32:00.0988 4672 SiSRaid4 - ok
06:32:01.0027 4672 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
06:32:01.0030 4672 Smb - ok
06:32:01.0092 4672 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
06:32:01.0105 4672 SNMPTRAP - ok
06:32:01.0144 4672 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
06:32:01.0148 4672 spldr - ok
06:32:01.0258 4672 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
06:32:01.0293 4672 Spooler - ok
06:32:01.0716 4672 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
06:32:01.0809 4672 sppsvc - ok
06:32:01.0861 4672 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
06:32:01.0873 4672 sppuinotify - ok
06:32:02.0025 4672 [ A15860E920B02C9A7CE8F3A6C2FF1E3A ] sptd C:\Windows\System32\Drivers\sptd.sys
06:32:02.0058 4672 sptd - ok
06:32:02.0120 4672 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
06:32:02.0145 4672 srv - ok
06:32:02.0325 4672 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
06:32:02.0347 4672 srv2 - ok
06:32:02.0393 4672 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
06:32:02.0402 4672 srvnet - ok
06:32:02.0465 4672 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
06:32:02.0477 4672 SSDPSRV - ok
06:32:02.0508 4672 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
06:32:02.0520 4672 SstpSvc - ok
06:32:02.0665 4672 Steam Client Service - ok
06:32:02.0817 4672 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
06:32:02.0837 4672 Stereo Service - ok
06:32:02.0863 4672 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
06:32:02.0871 4672 stexstor - ok
06:32:03.0005 4672 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
06:32:03.0031 4672 stisvc - ok
06:32:03.0055 4672 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
06:32:03.0057 4672 storflt - ok
06:32:03.0084 4672 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
06:32:03.0092 4672 StorSvc - ok
06:32:03.0134 4672 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
06:32:03.0156 4672 storvsc - ok
06:32:03.0254 4672 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
06:32:03.0288 4672 swenum - ok
06:32:03.0381 4672 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
06:32:03.0405 4672 swprv - ok
06:32:03.0760 4672 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
06:32:03.0775 4672 SysMain - ok
06:32:03.0795 4672 Tablet2k - ok
06:32:03.0832 4672 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
06:32:03.0843 4672 TabletInputService - ok
06:32:03.0887 4672 [ B08740047145B9BCE15BF75CA0F9718A ] tap0901t C:\Windows\system32\DRIVERS\tap0901t.sys
06:32:03.0900 4672 tap0901t - ok
06:32:03.0945 4672 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
06:32:03.0960 4672 TapiSrv - ok
06:32:04.0005 4672 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
06:32:04.0009 4672 TBS - ok
06:32:04.0068 4672 [ 530A7F0966493DD437E4342F12CCD63B ] TClass2k C:\Windows\system32\DRIVERS\TClass2k.sys
06:32:04.0095 4672 TClass2k - ok
06:32:04.0712 4672 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
06:32:04.0824 4672 Tcpip - ok
06:32:05.0072 4672 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
06:32:05.0086 4672 TCPIP6 - ok
06:32:05.0127 4672 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
06:32:05.0130 4672 tcpipreg - ok
06:32:05.0167 4672 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
06:32:05.0178 4672 TDPIPE - ok
06:32:05.0220 4672 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
06:32:05.0232 4672 TDTCP - ok
06:32:05.0265 4672 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
06:32:05.0273 4672 tdx - ok
06:32:05.0295 4672 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
06:32:05.0310 4672 TermDD - ok
06:32:05.0445 4672 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
06:32:05.0480 4672 TermService - ok
06:32:05.0604 4672 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
06:32:05.0614 4672 Themes - ok
06:32:05.0642 4672 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
06:32:05.0645 4672 THREADORDER - ok
06:32:05.0689 4672 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
06:32:05.0693 4672 TrkWks - ok
06:32:05.0785 4672 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
06:32:05.0818 4672 TrustedInstaller - ok
06:32:05.0868 4672 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
06:32:05.0876 4672 tssecsrv - ok
06:32:05.0995 4672 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
06:32:06.0005 4672 TsUsbFlt - ok
06:32:06.0077 4672 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
06:32:06.0090 4672 tunnel - ok
06:32:06.0410 4672 [ 1A5F1301C1EA3B49D1222E9CBB552EBB ] TunngleService C:\Program Files (x86)\Tunngle\TnglCtrl.exe
06:32:07.0086 4672 TunngleService - ok
06:32:07.0117 4672 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
06:32:07.0135 4672 uagp35 - ok
06:32:07.0153 4672 [ 01662B4865FDB282677B11CF416757CE ] UCTblHid C:\Windows\system32\DRIVERS\UCTblHid.sys
06:32:07.0167 4672 UCTblHid - ok
06:32:07.0250 4672 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
06:32:07.0333 4672 udfs - ok
06:32:07.0383 4672 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
06:32:07.0394 4672 UI0Detect - ok
06:32:07.0431 4672 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
06:32:07.0442 4672 uliagpkx - ok
06:32:07.0492 4672 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
06:32:07.0502 4672 umbus - ok
06:32:07.0532 4672 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
06:32:07.0632 4672 UmPass - ok
06:32:07.0682 4672 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
06:32:07.0691 4672 UmRdpService - ok
06:32:07.0775 4672 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
06:32:07.0806 4672 upnphost - ok
06:32:07.0875 4672 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
06:32:07.0893 4672 usbaudio - ok
06:32:07.0934 4672 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
06:32:07.0943 4672 usbccgp - ok
06:32:07.0992 4672 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
06:32:08.0019 4672 usbcir - ok
06:32:08.0065 4672 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
06:32:08.0078 4672 usbehci - ok
06:32:08.0177 4672 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
06:32:08.0272 4672 usbhub - ok
06:32:08.0344 4672 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
06:32:08.0377 4672 usbohci - ok
06:32:08.0485 4672 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
06:32:08.0636 4672 usbprint - ok
06:32:08.0681 4672 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
06:32:08.0713 4672 USBSTOR - ok
06:32:08.0733 4672 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
06:32:08.0744 4672 usbuhci - ok
06:32:08.0789 4672 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
06:32:08.0798 4672 UxSms - ok
06:32:08.0820 4672 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
06:32:08.0822 4672 VaultSvc - ok
06:32:08.0892 4672 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
06:32:08.0893 4672 vdrvroot - ok
06:32:09.0051 4672 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
06:32:09.0098 4672 vds - ok
06:32:09.0166 4672 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
06:32:09.0179 4672 vga - ok
06:32:09.0206 4672 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
06:32:09.0219 4672 VgaSave - ok
06:32:09.0291 4672 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
06:32:09.0306 4672 vhdmp - ok
06:32:09.0345 4672 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
06:32:09.0359 4672 viaide - ok
06:32:09.0420 4672 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
06:32:09.0437 4672 vmbus - ok
06:32:09.0455 4672 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
06:32:09.0468 4672 VMBusHID - ok
06:32:09.0483 4672 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
06:32:09.0496 4672 volmgr - ok
06:32:09.0626 4672 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
06:32:09.0649 4672 volmgrx - ok
06:32:09.0740 4672 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
06:32:09.0743 4672 volsnap - ok
06:32:09.0829 4672 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
06:32:09.0839 4672 vsmraid - ok
06:32:10.0144 4672 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
06:32:10.0255 4672 VSS - ok
06:32:10.0274 4672 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
06:32:10.0276 4672 vwifibus - ok
06:32:10.0325 4672 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
06:32:10.0340 4672 vwififlt - ok
06:32:10.0440 4672 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
06:32:10.0572 4672 W32Time - ok
06:32:10.0681 4672 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
06:32:10.0690 4672 WacomPen - ok
06:32:10.0775 4672 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
06:32:10.0785 4672 WANARP - ok
06:32:10.0832 4672 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
06:32:10.0834 4672 Wanarpv6 - ok
06:32:11.0147 4672 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
06:32:11.0182 4672 WatAdminSvc - ok
06:32:11.0447 4672 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
06:32:11.0498 4672 wbengine - ok
06:32:11.0619 4672 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
06:32:11.0643 4672 WbioSrvc - ok
06:32:11.0731 4672 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
06:32:11.0846 4672 wcncsvc - ok
06:32:11.0877 4672 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
06:32:11.0921 4672 WcsPlugInService - ok
06:32:11.0968 4672 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
06:32:11.0981 4672 Wd - ok
06:32:12.0104 4672 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
06:32:12.0126 4672 Wdf01000 - ok
06:32:12.0177 4672 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
06:32:12.0181 4672 WdiServiceHost - ok
06:32:12.0192 4672 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
06:32:12.0195 4672 WdiSystemHost - ok
06:32:12.0277 4672 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
06:32:12.0290 4672 WebClient - ok
06:32:12.0354 4672 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
06:32:12.0367 4672 Wecsvc - ok
06:32:12.0402 4672 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
06:32:12.0412 4672 wercplsupport - ok
06:32:12.0470 4672 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
06:32:12.0480 4672 WerSvc - ok
06:32:12.0522 4672 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
06:32:12.0606 4672 WfpLwf - ok
06:32:12.0640 4672 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
06:32:12.0650 4672 WIMMount - ok
06:32:12.0657 4672 WinHttpAutoProxySvc - ok
06:32:12.0782 4672 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
06:32:12.0785 4672 Winmgmt - ok
06:32:13.0219 4672 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
06:32:13.0288 4672 WinRM - ok
06:32:13.0406 4672 [ CB95270393DD2FCB370EFD24126F94BD ] WinTabService C:\Windows\System32\Drivers\WTSRV.EXE
06:32:13.0419 4672 WinTabService - ok
06:32:13.0667 4672 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
06:32:13.0700 4672 Wlansvc - ok
06:32:13.0741 4672 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
06:32:13.0754 4672 WmiAcpi - ok
06:32:13.0828 4672 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
06:32:13.0838 4672 wmiApSrv - ok
06:32:13.0906 4672 WMPNetworkSvc - ok
06:32:13.0958 4672 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
06:32:14.0000 4672 WPCSvc - ok
06:32:14.0027 4672 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
06:32:14.0031 4672 WPDBusEnum - ok
06:32:14.0071 4672 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
06:32:14.0087 4672 ws2ifsl - ok
06:32:14.0221 4672 WSearch - ok
06:32:14.0250 4672 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
06:32:14.0259 4672 WudfPf - ok
06:32:14.0360 4672 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
06:32:14.0369 4672 WUDFRd - ok
06:32:14.0398 4672 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
06:32:14.0409 4672 wudfsvc - ok
06:32:14.0466 4672 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
06:32:14.0476 4672 WwanSvc - ok
06:32:14.0603 4672 ================ Scan global ===============================
06:32:14.0642 4672 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
06:32:14.0722 4672 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
06:32:14.0743 4672 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
06:32:14.0774 4672 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
06:32:14.0881 4672 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
06:32:14.0896 4672 [Global] - ok
06:32:14.0897 4672 ================ Scan MBR ==================================
06:32:14.0910 4672 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
06:32:15.0949 4672 \Device\Harddisk0\DR0 - ok
06:32:15.0954 4672 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
06:32:15.0960 4672 \Device\Harddisk1\DR1 - ok
06:32:15.0961 4672 ================ Scan VBR ==================================
06:32:15.0982 4672 [ 501FE6E16FC8A66BC8ED2CE4398123E5 ] \Device\Harddisk0\DR0\Partition1
06:32:15.0984 4672 \Device\Harddisk0\DR0\Partition1 - ok
06:32:16.0005 4672 [ C988792D326A28BBAD667E4AFAF68C7B ] \Device\Harddisk0\DR0\Partition2
06:32:16.0015 4672 \Device\Harddisk0\DR0\Partition2 - ok
06:32:16.0020 4672 [ EC7C847C82C346E07FC96E504E25A060 ] \Device\Harddisk1\DR1\Partition1
06:32:16.0021 4672 \Device\Harddisk1\DR1\Partition1 - ok
06:32:16.0024 4672 ============================================================
06:32:16.0024 4672 Scan finished
06:32:16.0024 4672 ============================================================
06:32:16.0040 4748 Detected object count: 0
06:32:16.0040 4748 Actual detected object count: 0

 

[Blade Runner]

RogueKiller report (1/2):
------------------------------------------------------------------------------
RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : MARIANO [Admin rights]
Mode : Scan -- Date : 11/08/2012 06:38:54

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 15 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Google Update ("C:\Users\MARIANO\AppData\Local\Google\Update\GoogleUpdate.exe" /c) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1598006888-3347211580-3609776695-1000[...]\Run : Google Update ("C:\Users\MARIANO\AppData\Local\Google\Update\GoogleUpdate.exe" /c) -> FOUND
[TASK][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-1598006888-3347211580-3609776695-1000UA.job : C:\Users\MARIANO\AppData\Local\Google\Update\GoogleUpdate.exe -> FOUND
[TASK][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-1598006888-3347211580-3609776695-1000Core.job : C:\Users\MARIANO\AppData\Local\Google\Update\GoogleUpdate.exe -> FOUND
[TASK][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-1598006888-3347211580-3609776695-1000Core : C:\Users\MARIANO\AppData\Local\Google\Update\GoogleUpdate.exe /c -> FOUND
[TASK][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-1598006888-3347211580-3609776695-1000UA : C:\Users\MARIANO\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler -> FOUND
[TASK][SUSP PATH] {71F3BA4F-2B48-4F74-AC80-EAE28B8943F0} : C:\Users\MARIANO\AppData\Local\Google\Chrome\Application\chrome.exe -> FOUND
[TASK][SUSP PATH] {C2C877FD-6F17-4128-834F-8DEDCCF08BFE} : C:\Users\MARIANO\AppData\Local\Google\Chrome\Application\chrome.exe -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD16 00AABS-00PRA SCSI Disk Device +++++
--- User ---
[MBR] c22f8ee462e14c00c9495df4f6abafe5
[BSP] 04127d0d2667ad13ce667b25f43153f4 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 152525 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: WDC WD10 EARS-00Y5B1 SCSI Disk Device +++++
--- User ---
[MBR] e7bd5a8dda679c68f3af135099022423
[BSP] 59ccf41f249fd4376d510d29bf21c89d : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953868 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_11082012_02d0638.txt >>
RKreport[1]_S_11082012_02d0638.txt

 

[Blade Runner]

RogueKiller report (2/2):
------------------------------------------------------------------------------
RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : MARIANO [Admin rights]
Mode : Remove -- Date : 11/08/2012 06:39:21

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 12 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Google Update ("C:\Users\MARIANO\AppData\Local\Google\Update\GoogleUpdate.exe" /c) -> DELETED
[TASK][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-1598006888-3347211580-3609776695-1000UA.job : C:\Users\MARIANO\AppData\Local\Google\Update\GoogleUpdate.exe -> DELETED
[TASK][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-1598006888-3347211580-3609776695-1000Core.job : C:\Users\MARIANO\AppData\Local\Google\Update\GoogleUpdate.exe -> DELETED
[TASK][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-1598006888-3347211580-3609776695-1000Core : C:\Users\MARIANO\AppData\Local\Google\Update\GoogleUpdate.exe /c -> DELETED
[TASK][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-1598006888-3347211580-3609776695-1000UA : C:\Users\MARIANO\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler -> ERROR
[TASK][SUSP PATH] {71F3BA4F-2B48-4F74-AC80-EAE28B8943F0} : C:\Users\MARIANO\AppData\Local\Google\Chrome\Application\chrome.exe -> DELETED
[TASK][SUSP PATH] {C2C877FD-6F17-4128-834F-8DEDCCF08BFE} : C:\Users\MARIANO\AppData\Local\Google\Chrome\Application\chrome.exe -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD16 00AABS-00PRA SCSI Disk Device +++++
--- User ---
[MBR] c22f8ee462e14c00c9495df4f6abafe5
[BSP] 04127d0d2667ad13ce667b25f43153f4 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 152525 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: WDC WD10 EARS-00Y5B1 SCSI Disk Device +++++
--- User ---
[MBR] e7bd5a8dda679c68f3af135099022423
[BSP] 59ccf41f249fd4376d510d29bf21c89d : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953868 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_11082012_02d0639.txt >>
RKreport[1]_S_11082012_02d0638.txt ; RKreport[2]_D_11082012_02d0639.txt

 

[Blade Runner]

Malwarebytes Anti-Malware report:
(The scan completed successfully. No malicious items were detected )
------------------------------------------------------------
Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.08.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
MARIANO :: MARIANO-PC [administrator]

Protection: Enabled

08/11/2012 06:45:03 a.m.
mbam-log-2012-11-08 (06-45-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220509
Time elapsed: 2 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[Blade Runner]

aswMBR report:
(painted lines as seen on the aswMBR screen)
-------------------------------------------------------------
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-11-08 06:59:57
-----------------------------
06:59:57.545 OS Version: Windows x64 6.1.7601 Service Pack 1
06:59:57.545 Number of processors: 2 586 0x6B01
06:59:57.545 ComputerName: MARIANO-PC UserName: MARIANO
06:59:58.169 Initialize success
07:05:02.837 AVAST engine defs: 12110800
07:05:32.321 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006a
07:05:32.321 Disk 0 Vendor: WDC_WD16 05.0 Size: 152627MB BusType: 3
07:05:32.337 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006c
07:05:32.337 Disk 1 Vendor: WDC_WD10 80.0 Size: 953869MB BusType: 3
07:05:32.352 Disk 0 MBR read successfully
07:05:32.352 Disk 0 MBR scan
07:05:32.352 Disk 0 Windows 7 default MBR code
07:05:32.383 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
07:05:32.399 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152525 MB offset 206848
07:05:32.415 Disk 0 scanning C:\Windows\system32\drivers
07:05:43.069 Service scanning
07:06:05.502 Service Tablet2k C:\Windows\"%SystemRoot%\System32\Drivers\Tablet2k.sys" **LOCKED** 123
07:06:11.461 Modules scanning
07:06:11.461 Disk 0 trace - called modules:
07:06:11.477 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8003b272c0]<<sptd.sys storport.sys hal.dll nvstor.sys
07:06:11.477 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80049f6450]
07:06:11.493 3 CLASSPNP.SYS[fffff88001b3d43f] -> nt!IofCallDriver -> [0xfffffa800451d820]
07:06:11.493 5 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\0000006a[0xfffffa800451d060]
07:06:11.508 \Driver\nvstor[0xfffffa800451b5b0] -> IRP_MJ_CREATE -> 0xfffffa8003b272c0
07:06:12.085 AVAST engine scan C:\Windows
07:06:13.645 AVAST engine scan C:\Windows\system32
07:10:29.893 AVAST engine scan C:\Windows\system32\drivers
07:10:45.134 AVAST engine scan C:\Users\MARIANO
07:13:51.570 AVAST engine scan C:\ProgramData
07:14:12.989 Scan finished successfully
07:14:41.755 Disk 0 MBR has been saved successfully to "C:\Users\MARIANO\Desktop\MBR.dat"
07:14:41.755 The log file has been saved successfully to "C:\Users\MARIANO\Desktop\aswMBR.txt"

 

[Broni]

Create new restore point before proceeding with the next step....
How to:
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

================================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[Blade Runner]

ComboFix report:
-------------------------------------------------------
ComboFix 12-11-08.01 - MARIANO 08/11/2012 22:11:31.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.54.3082.18.4095.2962 [GMT -3:00]
Running from: c:\users\MARIANO\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\tmp4980.tmp
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-09 to 2012-11-09 )))))))))))))))))))))))))))))))
.
.
2012-11-06 20:19 . 2012-11-06 20:19--------d-----w-C:\FRST
2012-11-05 00:54 . 2012-11-05 01:5227256----a-w-c:\windows\system32\drivers\FixZeroAccess.sys
2012-11-04 22:40 . 2012-11-04 22:40--------d-----w-c:\users\MARIANO\AppData\Roaming\Malwarebytes
2012-11-04 22:39 . 2012-11-04 22:39--------d-----w-c:\programdata\Malwarebytes
2012-11-04 22:39 . 2012-11-04 22:41--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-04 22:39 . 2012-09-29 22:5425928----a-w-c:\windows\system32\drivers\mbam.sys
2012-11-03 16:07 . 2012-11-03 16:07--------d-sh--w-c:\windows\SysWow64\%APPDATA%
2012-11-03 15:10 . 2012-11-03 15:10--------d-----w-c:\users\MARIANO\AppData\Local\Programs
2012-10-31 19:54 . 2012-10-31 20:00--------d-----w-c:\users\MARIANO\AppData\Roaming\Natural Selection 2
2012-10-30 18:59 . 2012-10-30 18:59--------d-----w-c:\program files (x86)\Battlelog Web Plugins
2012-10-27 02:53 . 2012-11-03 04:46--------d-----w-c:\programdata\Tunngle
2012-10-27 02:53 . 2012-10-29 01:00--------d-----w-c:\users\MARIANO\AppData\Roaming\Tunngle
2012-10-27 02:53 . 2009-09-16 11:0231232----a-w-c:\windows\system32\drivers\tap0901t.sys
2012-10-27 02:53 . 2012-10-27 02:54--------d-----w-c:\program files (x86)\Tunngle
2012-10-26 21:18 . 2012-10-26 21:18--------d-----w-c:\users\MARIANO\AppData\Local\MPlayer
2012-10-26 21:15 . 2012-10-26 21:18--------d-----w-c:\programdata\PMS
2012-10-26 21:15 . 2012-10-26 21:16--------d-----w-c:\program files (x86)\PS3 Media Server
2012-10-24 20:51 . 2012-10-24 20:51--------d-----w-c:\users\MARIANO\AppData\Roaming\Frogwares
2012-10-22 19:02 . 2012-10-22 19:02--------d-----w-c:\users\MARIANO\AppData\Roaming\Race Driver GRID
2012-10-21 01:49 . 2012-10-21 01:49--------d-----w-c:\users\MARIANO\AppData\Roaming\Publish Providers
2012-10-21 01:43 . 2012-10-21 01:43--------d-----w-c:\programdata\Sony
2012-10-21 01:43 . 2012-10-21 01:43--------d-----w-c:\program files (x86)\Sony
2012-10-21 01:21 . 2012-10-21 01:49--------d-----w-c:\users\MARIANO\AppData\Roaming\Sony
2012-10-21 01:21 . 2012-10-21 01:44--------d-----w-c:\users\MARIANO\AppData\Local\Sony
2012-10-17 18:31 . 2012-09-25 02:1695208----a-w-c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-14 20:42 . 2012-10-14 20:42--------d-----w-c:\programdata\RELOADED
2012-10-12 16:45 . 2012-10-12 16:45--------d-----w-c:\users\Default\AppData\Roaming\TuneUp Software
2012-10-11 21:01 . 2012-10-11 21:01--------d-----w-c:\program files (x86)\Ambient Design
2012-10-11 21:00 . 2012-10-11 21:01--------d-----w-c:\users\MARIANO\AppData\Roaming\Ambient Design
2012-10-10 20:31 . 2012-10-11 21:31--------d-----w-c:\users\UpdatusUser
2012-10-10 20:30 . 2012-10-02 19:513536817----a-w-c:\windows\system32\nvcoproc.bin
2012-10-10 20:30 . 2012-10-02 19:513293544----a-w-c:\windows\system32\nvsvc64.dll
2012-10-10 20:30 . 2012-10-02 19:516200680----a-w-c:\windows\system32\nvcpl.dll
2012-10-10 20:30 . 2012-10-02 19:50891240----a-w-c:\windows\system32\nvvsvc.exe
2012-10-10 20:30 . 2012-10-02 19:5063336----a-w-c:\windows\system32\nvshext.dll
2012-10-10 20:30 . 2012-10-02 19:502557800----a-w-c:\windows\system32\nvsvcr.dll
2012-10-10 20:30 . 2012-10-02 19:50118120----a-w-c:\windows\system32\nvmctray.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-03 15:21 . 2012-09-26 00:4473656----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-03 15:21 . 2012-09-26 00:44696760----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-01 16:31 . 2012-09-26 15:25298032----a-w-c:\windows\SysWow64\PnkBstrB.xtr
2012-11-01 16:31 . 2012-09-26 15:13298032----a-w-c:\windows\SysWow64\PnkBstrB.exe
2012-10-25 17:24 . 2012-09-26 15:13298032----a-w-c:\windows\SysWow64\PnkBstrB.ex0
2012-10-09 17:58 . 2012-09-26 00:2265309168----a-w-c:\windows\system32\MRT.exe
2012-10-07 23:10 . 2012-10-07 23:06151552----a-w-c:\windows\SysWow64\nvRegDev.dll
2012-10-02 16:15 . 2012-10-02 16:15430952----a-w-c:\windows\SysWow64\nvStreaming.exe
2012-10-01 16:01 . 2012-09-30 03:35466456----a-w-c:\windows\system32\wrap_oal.dll
2012-10-01 16:01 . 2012-09-30 03:35444952----a-w-c:\windows\SysWow64\wrap_oal.dll
2012-10-01 16:01 . 2012-09-30 03:35122904----a-w-c:\windows\system32\OpenAL32.dll
2012-10-01 16:01 . 2012-09-30 03:35109080----a-w-c:\windows\SysWow64\OpenAL32.dll
2012-09-27 01:20 . 2012-09-27 01:20338432----a-w-c:\windows\SysWow64\REX Shared Library.dll
2012-09-27 01:20 . 2012-09-27 01:20406528----a-w-c:\windows\SysWow64\ReWire.dll
2012-09-26 23:21 . 2009-07-14 02:36152576----a-w-c:\windows\SysWow64\msclmd.dll
2012-09-26 23:21 . 2009-07-14 02:36175616----a-w-c:\windows\system32\msclmd.dll
2012-09-26 22:49 . 2012-09-26 22:49560184----a-w-c:\windows\system32\drivers\sptd.sys
2012-09-26 15:13 . 2012-09-26 15:1376888----a-w-c:\windows\SysWow64\PnkBstrA.exe
2012-09-26 00:47 . 2012-09-26 00:473993600----a-w-c:\program files (x86)\GUT6FD3.tmp
2012-09-26 00:45 . 2012-09-26 00:45916456----a-w-c:\windows\system32\deployJava1.dll
2012-09-26 00:45 . 2012-09-26 00:45289768----a-w-c:\windows\system32\javaws.exe
2012-09-26 00:45 . 2012-09-26 00:451034216----a-w-c:\windows\system32\npDeployJava1.dll
2012-09-26 00:45 . 2012-09-26 00:45189416----a-w-c:\windows\system32\javaw.exe
2012-09-26 00:45 . 2012-09-26 00:45188904----a-w-c:\windows\system32\java.exe
2012-09-26 00:45 . 2012-09-26 00:45108008----a-w-c:\windows\system32\WindowsAccessBridge-64.dll
2012-09-26 00:44 . 2012-09-26 00:44821736----a-w-c:\windows\SysWow64\npDeployJava1.dll
2012-09-26 00:44 . 2012-09-26 00:44746984----a-w-c:\windows\SysWow64\deployJava1.dll
2012-09-26 00:28 . 2012-09-26 00:2896768----a-w-c:\windows\system32\mshtmled.dll
2012-09-26 00:28 . 2012-09-26 00:2891648----a-w-c:\windows\system32\SetIEInstalledDate.exe
2012-09-26 00:28 . 2012-09-26 00:2889088----a-w-c:\windows\system32\ie4uinit.exe
2012-09-26 00:28 . 2012-09-26 00:2886528----a-w-c:\windows\SysWow64\iesysprep.dll
2012-09-26 00:28 . 2012-09-26 00:2885504----a-w-c:\windows\system32\jsproxy.dll
2012-09-26 00:28 . 2012-09-26 00:2885504----a-w-c:\windows\system32\iesetup.dll
2012-09-26 00:28 . 2012-09-26 00:2882432----a-w-c:\windows\system32\icardie.dll
2012-09-26 00:28 . 2012-09-26 00:28816640----a-w-c:\windows\system32\jscript.dll
2012-09-26 00:28 . 2012-09-26 00:2876800----a-w-c:\windows\SysWow64\SetIEInstalledDate.exe
2012-09-26 00:28 . 2012-09-26 00:2876800----a-w-c:\windows\system32\tdc.ocx
2012-09-26 00:28 . 2012-09-26 00:2874752----a-w-c:\windows\SysWow64\iesetup.dll
2012-09-26 00:28 . 2012-09-26 00:28729088----a-w-c:\windows\system32\msfeeds.dll
2012-09-26 00:28 . 2012-09-26 00:2865024----a-w-c:\windows\system32\pngfilt.dll
2012-09-26 00:28 . 2012-09-26 00:2863488----a-w-c:\windows\SysWow64\tdc.ocx
2012-09-26 00:28 . 2012-09-26 00:28599040----a-w-c:\windows\system32\vbscript.dll
2012-09-26 00:28 . 2012-09-26 00:2855296----a-w-c:\windows\system32\msfeedsbs.dll
2012-09-26 00:28 . 2012-09-26 00:28534528----a-w-c:\windows\system32\ieapfltr.dll
2012-09-26 00:28 . 2012-09-26 00:2849664----a-w-c:\windows\system32\imgutil.dll
2012-09-26 00:28 . 2012-09-26 00:2848640----a-w-c:\windows\SysWow64\mshtmler.dll
2012-09-26 00:28 . 2012-09-26 00:2848640----a-w-c:\windows\system32\mshtmler.dll
2012-09-26 00:28 . 2012-09-26 00:28452608----a-w-c:\windows\system32\dxtmsft.dll
2012-09-26 00:28 . 2012-09-26 00:28448512----a-w-c:\windows\system32\html.iec
2012-09-26 00:28 . 2012-09-26 00:28420864----a-w-c:\windows\SysWow64\vbscript.dll
2012-09-26 00:28 . 2012-09-26 00:28403248----a-w-c:\windows\system32\iedkcs32.dll
2012-09-26 00:28 . 2012-09-26 00:2839936----a-w-c:\windows\system32\iernonce.dll
2012-09-26 00:28 . 2012-09-26 00:283695416----a-w-c:\windows\system32\ieapfltr.dat
2012-09-26 00:28 . 2012-09-26 00:28367104----a-w-c:\windows\SysWow64\html.iec
2012-09-26 00:28 . 2012-09-26 00:2835840----a-w-c:\windows\SysWow64\imgutil.dll
2012-09-26 00:28 . 2012-09-26 00:2830720----a-w-c:\windows\system32\licmgr10.dll
2012-09-26 00:28 . 2012-09-26 00:28282112----a-w-c:\windows\system32\dxtrans.dll
2012-09-26 00:28 . 2012-09-26 00:28267776----a-w-c:\windows\system32\ieaksie.dll
2012-09-26 00:28 . 2012-09-26 00:28249344----a-w-c:\windows\system32\webcheck.dll
2012-09-26 00:28 . 2012-09-26 00:28248320----a-w-c:\windows\system32\ieui.dll
2012-09-26 00:28 . 2012-09-26 00:282382848----a-w-c:\windows\SysWow64\mshtml.tlb
2012-09-26 00:28 . 2012-09-26 00:282382848----a-w-c:\windows\system32\mshtml.tlb
2012-09-26 00:28 . 2012-09-26 00:28237056----a-w-c:\windows\system32\url.dll
2012-09-26 00:28 . 2012-09-26 00:2823552----a-w-c:\windows\SysWow64\licmgr10.dll
2012-09-26 00:28 . 2012-09-26 00:282312704----a-w-c:\windows\system32\jscript9.dll
2012-09-26 00:28 . 2012-09-26 00:28222208----a-w-c:\windows\system32\msls31.dll
2012-09-26 00:28 . 2012-09-26 00:282144768----a-w-c:\windows\system32\iertutil.dll
2012-09-26 00:28 . 2012-09-26 00:28197120----a-w-c:\windows\system32\msrating.dll
2012-09-26 00:28 . 2012-09-26 00:281800704----a-w-c:\windows\SysWow64\jscript9.dll
2012-09-26 00:28 . 2012-09-26 00:2817810944----a-w-c:\windows\system32\mshtml.dll
2012-09-26 00:28 . 2012-09-26 00:28173056----a-w-c:\windows\system32\ieUnatt.exe
2012-09-26 00:28 . 2012-09-26 00:28165888----a-w-c:\windows\system32\iexpress.exe
2012-09-26 00:28 . 2012-09-26 00:28163840----a-w-c:\windows\system32\ieakui.dll
2012-09-26 00:28 . 2012-09-26 00:28161792----a-w-c:\windows\SysWow64\msls31.dll
2012-09-26 00:28 . 2012-09-26 00:28160256----a-w-c:\windows\system32\wextract.exe
2012-09-26 00:28 . 2012-09-26 00:28160256----a-w-c:\windows\system32\ieakeng.dll
2012-09-26 00:28 . 2012-09-26 00:28152064----a-w-c:\windows\SysWow64\wextract.exe
2012-09-26 00:28 . 2012-09-26 00:28150528----a-w-c:\windows\SysWow64\iexpress.exe
2012-09-26 00:28 . 2012-09-26 00:28149504----a-w-c:\windows\system32\occache.dll
2012-09-26 00:28 . 2012-09-26 00:281494528----a-w-c:\windows\system32\inetcpl.cpl
2012-09-26 00:28 . 2012-09-26 00:28145920----a-w-c:\windows\system32\iepeers.dll
2012-09-26 00:28 . 2012-09-26 00:28142848----a-w-c:\windows\SysWow64\ieUnatt.exe
2012-09-26 00:28 . 2012-09-26 00:281427968----a-w-c:\windows\SysWow64\inetcpl.cpl
2012-09-26 00:28 . 2012-09-26 00:281392128----a-w-c:\windows\system32\wininet.dll
2012-09-26 00:28 . 2012-09-26 00:28135168----a-w-c:\windows\system32\IEAdvpack.dll
2012-09-26 00:28 . 2012-09-26 00:281346048----a-w-c:\windows\system32\urlmon.dll
2012-09-26 00:28 . 2012-09-26 00:2812288----a-w-c:\windows\system32\mshta.exe
2012-09-26 00:28 . 2012-09-26 00:2811776----a-w-c:\windows\SysWow64\mshta.exe
2012-09-26 00:28 . 2012-09-26 00:28114176----a-w-c:\windows\system32\admparse.dll
2012-09-26 00:28 . 2012-09-26 00:281129472----a-w-c:\windows\SysWow64\wininet.dll
2012-09-26 00:28 . 2012-09-26 00:28111616----a-w-c:\windows\system32\iesysprep.dll
2012-09-26 00:28 . 2012-09-26 00:28110592----a-w-c:\windows\SysWow64\IEAdvpack.dll
2012-09-26 00:28 . 2012-09-26 00:2810925568----a-w-c:\windows\system32\ieframe.dll
2012-09-26 00:28 . 2012-09-26 00:2810752----a-w-c:\windows\system32\msfeedssync.exe
2012-09-26 00:28 . 2012-09-26 00:28103936----a-w-c:\windows\system32\inseng.dll
2012-09-26 00:28 . 2012-09-26 00:28101888----a-w-c:\windows\SysWow64\admparse.dll
2012-09-19 03:58 . 2012-09-26 00:249308616------w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{EC00EE91-2F63-4E20-8B35-CE303C6C3C0C}\mpengine.dll
2012-09-17 22:07 . 2012-09-26 15:133227136----a-w-c:\windows\SysWow64\pbsvc_grfs.exe
2012-09-14 19:19 . 2012-10-09 17:542048----a-w-c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-09 17:542048----a-w-c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:1994208----a-w-c:\users\MARIANO\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:1994208----a-w-c:\users\MARIANO\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:1994208----a-w-c:\users\MARIANO\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:1994208----a-w-c:\users\MARIANO\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-08-28 3671904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"WTClient"="WTClient.exe" [2009-10-30 32768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;d:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys [2011-04-11 410184]
R3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys [2011-04-11 341832]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys [2009-06-18 17064]
R3 RTL8023x64;Controlador x64 NDIS de la familia Realtek 10/100 NIC;c:\windows\system32\DRIVERS\Rtnic64.sys [2009-06-10 51712]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-10-03 743320]
R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-26 1255736]
S0 FixZeroAccess;Zero Access Fixtool driver;c:\windows\system32\drivers\FixZeroAccess.sys [2012-11-05 27256]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2011-04-20 1930240]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys [2009-06-18 27304]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-26 00:47]
.
2012-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-26 00:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:1997792----a-w-c:\users\MARIANO\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:1997792----a-w-c:\users\MARIANO\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:1997792----a-w-c:\users\MARIANO\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:1997792----a-w-c:\users\MARIANO\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-10-25 18:45755224----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-10-25 18:45755224----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-10-25 18:45755224----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-10-25 18:45755224----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-07-24 6900024]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 200.49.130.44 200.42.4.207
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_grfs.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\System32\Drivers\WTSRV.EXE
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2012-11-08 22:23:15 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-09 01:23
.
Pre-Run: 75.527.954.432 bytes libres
Post-Run: 75.818.045.440 bytes libres
.
- - End Of File - - FF579186E946C17779BBC5FE50483065

 

[Broni]

Looks good

Any current issues?

You can reinstall AVG now.

===============================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Blade Runner]

Everything seems to be in working order!
(I just donated $10 to you )

OTL.txt:
-------------------------------------------------
OTL logfile created on: 08/11/2012 11:17:02 p.m. - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MARIANO\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00002c0a | Country: Argentina | Language: ESS | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 2,83 Gb Available Physical Memory | 70,85% Memory free
8,00 Gb Paging File | 6,60 Gb Available in Paging File | 82,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148,95 Gb Total Space | 70,14 Gb Free Space | 47,09% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 465,89 Gb Free Space | 50,01% Space Free | Partition Type: NTFS
Drive G: | 5,12 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: MARIANO-PC | User Name: MARIANO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012/11/08 23:11:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MARIANO\Desktop\OTL.exe
PRC - [2012/11/06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/22 13:04:06 | 000,329,848 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
PRC - [2012/10/02 19:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/26 12:13:03 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/07/27 17:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/10/30 10:19:20 | 000,032,768 | ---- | M] (Tablet Driver) -- C:\Windows\SysWOW64\WTClient.exe


========== Modules (No Company Name) ==========

MOD - [2010/09/28 11:00:54 | 000,217,088 | ---- | M] () -- C:\Windows\SysWOW64\WinTab32.dll
MOD - [2010/05/13 15:03:40 | 000,232,960 | ---- | M] () -- C:\Windows\SysWOW64\MyDrawLineWindowDll.dll


========== Services (SafeList) ==========

SRV:64bit: - [2010/06/01 11:46:24 | 000,073,728 | ---- | M] (Tablet Driver) [Auto | Running] -- C:\Windows\SysNative\drivers\WTSrv.exe -- (WinTabService)
SRV:64bit: - [2009/07/13 22:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/24 14:56:16 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/10/02 21:19:04 | 000,743,320 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012/10/02 19:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/29 16:36:27 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/09/26 12:13:03 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/07/27 17:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/12/28 05:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- D:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/04 22:52:08 | 000,027,256 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\FixZeroAccess.sys -- (FixZeroAccess)
DRV:64bit: - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/10/05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/09/26 19:49:12 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/07/03 12:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/01 03:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/04/20 03:07:48 | 001,930,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2011/04/11 16:01:00 | 000,341,832 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys -- (LADF_RenderOnly)
DRV:64bit: - [2011/04/11 16:00:18 | 000,410,184 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys -- (LADF_CaptureOnly)
DRV:64bit: - [2011/03/11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 10:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 08:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2009/11/23 21:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 21:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/09/16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/18 11:42:34 | 000,022,696 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UCTblHid.sys -- (UCTblHid)
DRV:64bit: - [2009/06/18 11:42:16 | 000,027,304 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TClass2k.sys -- (TClass2k)
DRV:64bit: - [2009/06/18 11:41:58 | 000,017,064 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTSimHid.sys -- (PTSimHid)
DRV:64bit: - [2009/06/18 11:41:46 | 000,027,304 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PTSimBus.sys -- (PTSimBus)
DRV:64bit: - [2009/06/10 17:35:53 | 000,051,712 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2009/06/10 17:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1598006888-3347211580-3609776695-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-ar
IE - HKU\S-1-5-21-1598006888-3347211580-3609776695-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 B2 BF 78 7B 9B CD 01 [binary data]
IE - HKU\S-1-5-21-1598006888-3347211580-3609776695-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1598006888-3347211580-3609776695-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1598006888-3347211580-3609776695-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1598006888-3347211580-3609776695-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\MARIANO\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\MARIANO\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)



========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\MARIANO\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\MARIANO\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\MARIANO\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\MARIANO\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Google Drive = C:\Users\MARIANO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\MARIANO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: B\u00FAsqueda de Google = C:\Users\MARIANO\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Bloody Asteroids = C:\Users\MARIANO\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkebcidnaiaompnkbjikfahcibikehoh\1.5_0\
CHR - Extension: Hover Zoom = C:\Users\MARIANO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\4.7_0\
CHR - Extension: Gmail = C:\Users\MARIANO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/11/08 22:18:39 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Archivos de programa\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [WTClient] C:\Windows\SysWow64\WTClient.exe (Tablet Driver)
O4 - HKU\S-1-5-21-1598006888-3347211580-3609776695-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1598006888-3347211580-3609776695-1007..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-21-1598006888-3347211580-3609776695-1007..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1598006888-3347211580-3609776695-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1598006888-3347211580-3609776695-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1598006888-3347211580-3609776695-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.49.130.44 200.42.4.207
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75AB0C91-9288-4E16-828D-FB8DB0965785}: DhcpNameServer = 200.49.130.44 200.42.4.207
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E57B4A30-BF48-42CF-B3A5-F9B3D2887FD5}: DhcpNameServer = 7.254.254.254
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/06/07 08:11:02 | 000,000,080 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/08 23:11:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\MARIANO\Desktop\OTL.exe
[2012/11/08 23:08:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/11/08 23:06:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/11/08 22:23:17 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/11/08 22:18:47 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/11/08 22:08:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/08 22:08:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/08 22:08:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/08 21:54:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/08 21:53:54 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/08 12:38:09 | 004,998,107 | R--- | C] (Swearware) -- C:\Users\MARIANO\Desktop\ComboFix.exe
[2012/11/08 06:37:50 | 000,000,000 | ---D | C] -- C:\Users\MARIANO\Desktop\RK_Quarantine
[2012/11/08 06:30:45 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\MARIANO\Desktop\TDSSKiller.exe
[2012/11/06 17:19:07 | 000,000,000 | ---D | C] -- C:\FRST
[2012/11/04 21:59:42 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\MARIANO\Desktop\aswMBR.exe
[2012/11/04 21:54:56 | 000,027,256 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys
[2012/11/04 19:40:11 | 000,000,000 | ---D | C] -- C:\Users\MARIANO\AppData\Roaming\Malwarebytes
[2012/11/04 19:39:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/04 19:39:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/04 19:39:42 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/11/04 19:39:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/11/03 13:07:08 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/11/03 12:10:34 | 000,000,000 | ---D | C] -- C:\Users\MARIANO\AppData\Local\Programs
[2012/11/01 10:29:39 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/10/31 16:54:23 | 000,000,000 | ---D | C] -- C:\Users\MARIANO\AppData\Roaming\Natural Selection 2
[2012/10/30 15:59:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins
[2012/10/28 15:21:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farming Simulator 2013
[2012/10/26 23:53:39 | 000,031,232 | ---- | C] (Tunngle.net) -- C:\Windows\SysNative\drivers\tap0901t.sys
[2012/10/26 23:53:39 | 000,000,000 | ---D | C] -- C:\Users\MARIANO\Documents\Tunngle
[2012/10/26 23:53:39 | 000,000,000 | ---D | C] -- C:\Users\MARIANO\AppData\Roaming\Tunngle
[2012/10/26 23:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Tunngle
[2012/10/26 23:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
[2012/10/26 23:53:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tunngle
[2012/10/26 18:18:31 | 000,000,000 | ---D | C] -- C:\Users\MARIANO\AppData\Local\MPlayer
[2012/10/26 18:15:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PS3 Media Server
[2012/10/26 18:15:45 | 000,000,000 | ---D | C] -- C:\ProgramData\PMS
[2012/10/26 18:15:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PS3 Media Server
[2012/10/24 17:51:23 | 000,000,000 | ---D | C] -- C:\Users\MARIANO\AppData\Roaming\Frogwares
[2012/10/24 15:29:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Focus Home Interactive
[2012/10/24 12:11:44 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/10/22 16:07:24 | 000,000,000 | ---D | C] -- C:\Users\MARIANO\Documents\Codemasters
[2012/10/22 16:02:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Race Driver GRID
[2012/10/22 16:02:45 | 000,000,000 | ---D | C] -- C:\Users\MARIANO\AppData\Roaming\Race Driver GRID
[2012/10/22 13:02:44 | 000,154,464 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
[2012/10/20 22:49:17 | 000,000,000 | ---D | C] -- C:\Users\MARIANO\AppData\Roaming\Publish Providers
[2012/10/20 22:43:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2012/10/20 22:43:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2012/10/20 22:43:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2012/10/20 22:21:10 | 000,000,000 | ---D | C] -- C:\Users\MARIANO\AppData\Roaming\Sony
[2012/10/20 22:21:10 | 000,000,000 | ---D | C] -- C:\Users\MARIANO\AppData\Local\Sony
[2012/10/20 02:48:44 | 000,000,000 | ---D | C] -- C:\Users\MARIANO\Documents\Lucius
[2012/10/20 02:43:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lace Mamba Global
[2012/10/15 03:48:50 | 000,063,328 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2012/10/14 17:42:46 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2012/10/11 20:18:26 | 000,000,000 | ---D | C] -- C:\Users\MARIANO\Documents\ArtRage Paintings
[2012/10/11 18:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet
[2012/10/11 18:26:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\TabletPmt
[2012/10/11 18:26:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TABLET
[2012/10/11 18:26:09 | 000,073,728 | ---- | C] (Tablet Driver) -- C:\Windows\SysNative\drivers\WTSrv.exe
[2012/10/11 18:26:09 | 000,027,304 | ---- | C] (Tablet Driver) -- C:\Windows\SysNative\drivers\TClass2k.sys
[2012/10/11 18:26:09 | 000,027,304 | ---- | C] (PenTablet Driver) -- C:\Windows\SysNative\drivers\PTSimBus.sys
[2012/10/11 18:26:09 | 000,022,696 | ---- | C] (Tablet Driver) -- C:\Windows\SysNative\drivers\UCTblHid.sys
[2012/10/11 18:26:09 | 000,017,064 | ---- | C] (PenTablet Driver) -- C:\Windows\SysNative\drivers\PTSimHid.sys
[2012/10/11 18:26:08 | 000,431,616 | ---- | C] (TODO: <公司名稱>) -- C:\Windows\SysWow64\DoExec.exe
[2012/10/11 18:26:08 | 000,401,408 | ---- | C] (Pen Tablet) -- C:\Windows\SysWow64\tabcfg.exe
[2012/10/11 18:26:08 | 000,401,408 | ---- | C] (Pen Tablet) -- C:\Windows\SysNative\tabcfg.exe
[2012/10/11 18:26:08 | 000,053,248 | ---- | C] (Pen Tablet) -- C:\Windows\SysWow64\pcpanel.cpl
[2012/10/11 18:26:08 | 000,050,176 | ---- | C] (Pen Tablet) -- C:\Windows\SysNative\pcpanel.cpl
[2012/10/11 18:26:08 | 000,032,768 | ---- | C] (Tablet Driver) -- C:\Windows\SysWow64\WTClient.exe
[2012/10/11 18:26:08 | 000,032,768 | ---- | C] (Tablet Driver) -- C:\Windows\SysNative\WTClient.exe
[2012/10/11 18:26:03 | 000,000,000 | ---D | C] -- C:\Driver 5.02 R20101101_D20101008
[2012/10/11 18:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArtRage Studio Pro
[2012/10/11 18:01:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ambient Design
[2012/10/11 18:00:22 | 000,000,000 | ---D | C] -- C:\Users\MARIANO\AppData\Roaming\Ambient Design
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/08 23:11:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MARIANO\Desktop\OTL.exe
[2012/11/08 23:10:05 | 000,001,038 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/08 23:08:07 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/11/08 22:40:14 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/08 22:40:14 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/08 22:37:13 | 001,555,472 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/08 22:37:13 | 000,703,602 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2012/11/08 22:37:13 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/08 22:37:13 | 000,137,600 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2012/11/08 22:37:13 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/08 22:33:19 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/08 22:32:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/08 22:32:46 | 3220,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/08 22:18:39 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/11/08 12:38:43 | 004,998,107 | R--- | M] (Swearware) -- C:\Users\MARIANO\Desktop\ComboFix.exe
[2012/11/08 07:14:41 | 000,000,512 | ---- | M] () -- C:\Users\MARIANO\Desktop\MBR.dat
[2012/11/08 06:37:17 | 000,662,016 | ---- | M] () -- C:\Users\MARIANO\Desktop\RogueKiller.exe
[2012/11/08 06:29:02 | 002,195,061 | ---- | M] () -- C:\Users\MARIANO\Desktop\tdsskiller.zip
[2012/11/08 04:02:40 | 248,043,365 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/11/04 23:11:15 | 000,003,224 | ---- | M] () -- C:\bootsqm.dat
[2012/11/04 22:52:08 | 000,027,256 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\FixZeroAccess.sys
[2012/11/04 22:00:56 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\MARIANO\Desktop\aswMBR.exe
[2012/11/02 15:37:51 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/11/02 12:28:20 | 002,198,536 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/01 13:31:29 | 000,298,032 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/11/01 13:31:29 | 000,298,032 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/11/01 10:48:38 | 000,000,000 | -H-- | M] () -- C:\Users\MARIANO\Documents\Default.rdp
[2012/10/31 21:49:22 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\MARIANO\Desktop\TDSSKiller.exe
[2012/10/31 15:10:40 | 000,000,199 | ---- | M] () -- C:\Users\MARIANO\Desktop\Dota 2.url
[2012/10/31 15:06:56 | 000,000,179 | ---- | M] () -- C:\Users\MARIANO\Desktop\Natural Selection 2.url
[2012/10/28 15:21:23 | 000,000,867 | ---- | M] () -- C:\Users\MARIANO\Desktop\Farming Simulator 2013 .lnk
[2012/10/27 00:00:14 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2012/10/25 14:24:26 | 000,298,032 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/10/24 15:29:34 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Jugar a El testamento de Sherlock Holmes.lnk
[2012/10/22 16:02:51 | 000,000,886 | ---- | M] () -- C:\Users\MARIANO\Desktop\Race Driver GRID.lnk
[2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
[2012/10/20 02:43:18 | 000,000,695 | ---- | M] () -- C:\Users\Public\Desktop\Lucius.lnk
[2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2012/10/14 16:11:35 | 000,000,567 | ---- | M] () -- C:\Users\Public\Desktop\Torchlight II.lnk
[2012/10/14 14:56:20 | 000,001,413 | ---- | M] () -- C:\Users\MARIANO\Desktop\Dishonored.lnk
[2012/10/12 06:52:24 | 000,000,202 | ---- | M] () -- C:\Users\MARIANO\Desktop\XCOM Enemy Unknown.url
[2012/10/11 18:32:41 | 000,002,499 | ---- | M] () -- C:\Windows\Tablet12000x9000.ini
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/08 23:08:07 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/11/08 22:08:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/08 22:08:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/08 22:08:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/08 22:08:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/08 22:08:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/08 07:14:41 | 000,000,512 | ---- | C] () -- C:\Users\MARIANO\Desktop\MBR.dat
[2012/11/08 06:37:11 | 000,662,016 | ---- | C] () -- C:\Users\MARIANO\Desktop\RogueKiller.exe
[2012/11/08 06:28:27 | 002,195,061 | ---- | C] () -- C:\Users\MARIANO\Desktop\tdsskiller.zip
[2012/11/04 23:11:15 | 000,003,224 | ---- | C] () -- C:\bootsqm.dat
[2012/11/02 15:37:51 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/11/01 10:48:38 | 000,000,000 | -H-- | C] () -- C:\Users\MARIANO\Documents\Default.rdp
[2012/10/31 15:10:40 | 000,000,199 | ---- | C] () -- C:\Users\MARIANO\Desktop\Dota 2.url
[2012/10/31 15:06:56 | 000,000,179 | ---- | C] () -- C:\Users\MARIANO\Desktop\Natural Selection 2.url
[2012/10/28 15:21:23 | 000,000,867 | ---- | C] () -- C:\Users\MARIANO\Desktop\Farming Simulator 2013 .lnk
[2012/10/27 00:00:14 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012/10/24 15:29:34 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Jugar a El testamento de Sherlock Holmes.lnk
[2012/10/24 12:11:39 | 248,043,365 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/10/22 16:02:51 | 000,000,886 | ---- | C] () -- C:\Users\MARIANO\Desktop\Race Driver GRID.lnk
[2012/10/20 02:43:18 | 000,000,695 | ---- | C] () -- C:\Users\Public\Desktop\Lucius.lnk
[2012/10/14 16:11:35 | 000,000,567 | ---- | C] () -- C:\Users\Public\Desktop\Torchlight II.lnk
[2012/10/14 16:11:35 | 000,000,567 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Torchlight II.lnk
[2012/10/14 14:56:20 | 000,001,413 | ---- | C] () -- C:\Users\MARIANO\Desktop\Dishonored.lnk
[2012/10/12 06:52:24 | 000,000,202 | ---- | C] () -- C:\Users\MARIANO\Desktop\XCOM Enemy Unknown.url
[2012/10/11 18:32:41 | 000,002,499 | ---- | C] () -- C:\Windows\Tablet12000x9000.ini
[2012/10/11 18:26:08 | 000,285,696 | ---- | C] () -- C:\Windows\SysNative\WinTab32.dll
[2012/10/11 18:26:08 | 000,232,960 | ---- | C] () -- C:\Windows\SysWow64\MyDrawLineWindowDll.dll
[2012/10/11 18:26:08 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\WinTab32.dll
[2012/10/11 18:26:08 | 000,067,072 | ---- | C] () -- C:\Windows\SysNative\UCMfg.exe
[2012/10/11 18:26:08 | 000,048,062 | ---- | C] () -- C:\Windows\SysNative\Tablet2k_x64.cat
[2012/10/11 18:26:08 | 000,039,798 | ---- | C] () -- C:\Windows\SysNative\Tablet2k.inf
[2012/10/11 18:26:08 | 000,013,824 | ---- | C] () -- C:\Windows\SysNative\ucinst32.dll
[2012/10/11 18:26:08 | 000,007,529 | ---- | C] () -- C:\Windows\SysNative\PTSimHid_x64.cat
[2012/10/11 18:26:08 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\PTSimBus_x64.cat
[2012/10/11 18:26:08 | 000,002,505 | ---- | C] () -- C:\Windows\SysNative\PTSimHid.inf
[2012/10/11 18:26:08 | 000,001,566 | ---- | C] () -- C:\Windows\SysNative\PTSimBus.inf
[2012/10/11 18:26:04 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lhtool.exe
[2012/10/11 18:26:03 | 000,335,872 | ---- | C] () -- C:\Windows\SetupX32.EXE
[2012/10/11 18:26:03 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\Desk.scf
[2012/10/10 17:30:24 | 003,536,817 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012/10/10 17:28:17 | 000,016,127 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012/10/07 20:06:11 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\nvRegDev.dll
[2012/09/26 12:13:05 | 000,298,032 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/09/26 12:13:03 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/09/26 12:13:02 | 003,227,136 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_grfs.exe
[2012/09/26 08:03:41 | 000,007,598 | ---- | C] () -- C:\Users\MARIANO\AppData\Local\Resmon.ResmonCfg

========== ZeroAccess Check ==========

[2009/07/14 01:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 02:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 01:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 22:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 09:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 22:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/10/12 13:45:22 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012/10/12 13:45:22 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2012/10/11 18:01:31 | 000,000,000 | ---D | M] -- C:\Users\MARIANO\AppData\Roaming\Ambient Design
[2012/09/25 21:58:42 | 000,000,000 | ---D | M] -- C:\Users\MARIANO\AppData\Roaming\AVG2013
[2012/09/30 17:21:33 | 000,000,000 | ---D | M] -- C:\Users\MARIANO\AppData\Roaming\BitComet
[2012/09/26 21:34:42 | 000,000,000 | ---D | M] -- C:\Users\MARIANO\AppData\Roaming\DAEMON Tools Lite
[2012/11/02 23:50:26 | 000,000,000 | ---D | M] -- C:\Users\MARIANO\AppData\Roaming\Dropbox
[2012/10/24 17:51:23 | 000,000,000 | ---D | M] -- C:\Users\MARIANO\AppData\Roaming\Frogwares
[2012/09/26 11:10:16 | 000,000,000 | ---D | M] -- C:\Users\MARIANO\AppData\Roaming\Leadertech
[2012/10/31 17:00:40 | 000,000,000 | ---D | M] -- C:\Users\MARIANO\AppData\Roaming\Natural Selection 2
[2012/09/26 22:20:57 | 000,000,000 | ---D | M] -- C:\Users\MARIANO\AppData\Roaming\Propellerhead Software
[2012/10/20 22:49:17 | 000,000,000 | ---D | M] -- C:\Users\MARIANO\AppData\Roaming\Publish Providers
[2012/10/22 16:02:45 | 000,000,000 | ---D | M] -- C:\Users\MARIANO\AppData\Roaming\Race Driver GRID
[2012/10/20 22:49:23 | 000,000,000 | ---D | M] -- C:\Users\MARIANO\AppData\Roaming\Sony
[2012/09/29 17:45:42 | 000,000,000 | ---D | M] -- C:\Users\MARIANO\AppData\Roaming\Spec Ops The Line
[2012/09/25 21:57:54 | 000,000,000 | ---D | M] -- C:\Users\MARIANO\AppData\Roaming\TuneUp Software
[2012/10/28 22:00:22 | 000,000,000 | ---D | M] -- C:\Users\MARIANO\AppData\Roaming\Tunngle
[2012/09/26 12:25:23 | 000,000,000 | ---D | M] -- C:\Users\MARIANO\AppData\Roaming\Ubisoft

========== Purity Check ==========



< End of report >

 

[Blade Runner]

Extras.txt:
-------------------------------------------------
OTL Extras logfile created on: 08/11/2012 11:17:02 p.m. - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MARIANO\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00002c0a | Country: Argentina | Language: ESS | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 2,83 Gb Available Physical Memory | 70,85% Memory free
8,00 Gb Paging File | 6,60 Gb Available in Paging File | 82,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148,95 Gb Total Space | 70,14 Gb Free Space | 47,09% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 465,89 Gb Free Space | 50,01% Space Free | Partition Type: NTFS
Drive G: | 5,12 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: MARIANO-PC | User Name: MARIANO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1

[HKEY_USERS\S-1-5-21-1598006888-3347211580-3609776695-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.T3ZUGRYMTJE4UNFZY3RHT2CDKI] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1DF37C84-C92F-488A-BDF2-F8B7406C4BC4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{30F4F254-1735-44E5-8B59-D3569D294496}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{3C91114C-EC44-4823-A785-AB4B63B78A40}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7F0E9A28-785A-4965-A579-844CA11823D3}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9DD59A65-E6E5-455F-BCA8-9D4971DB8D64}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B4F06F84-D014-4724-888D-E2045728E220}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{C93E615A-57B2-4966-969F-600504238C05}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CE6B1E68-EF2D-4F86-958B-3BDC8F841EED}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{687837C0-B56B-441F-8E84-1CAB98EDA0C4}" = AVG 2013
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9B305FB9-297D-4F86-BC8B-740E7A1EF200}" = AVG 2013
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Controlador de 3D Vision 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel de control de NVIDIA 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Controlador de gráficos 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Controlador de la controladora 3D Vision 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Actualización de NVIDIA 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Controlador de audio HD 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C3C912BB-BF4B-3788-8A19-DA5B999CE0C6}" = Microsoft .NET Framework 4 Client Profile ESN Language Pack
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.61.5
"Logitech Gaming Software" = Logitech Gaming Software 8.35
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile ESN Language Pack" = Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 5.10
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{38A1E3ED-D913-41D2-9953-A93D5ACE3ADF}" = TL-WN721N/TL-WN722N Driver
"{38A96559-FF39-4089-A609-BFD76C4A6C07}_is1" = El testamento de Sherlock Holmes
"{3F9170C9-A7C2-408F-A4D8-EC77250040BF}" = Sound Forge Pro 10.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84F3F00F-CCA9-43B3-A493-1E2757649848}_is1" = Lucius 1.01.3173
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9CFE6E31-14FC-41F6-AEB9-202FA619D390}_is1" = Hoodwink Game Patch version 4.0
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1034-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Español
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BF2D55FB-975E-4B59-9C10-439A975701FF}" = NVIDIA Hair Demo
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.11 Game
"{D422FDA2-EE96-4556-8F56-6713F92F4D1C}" = NVIDIA Island Demo
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EF67AE1A-6B31-4C98-91A9-F195D8702150}" = Google Drive
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0CA4D21-47BB-47E0-AC90-763D3BB9B7E0}_is1" = 1953 - KGB Unleashed
"{FFEFA415-4970-4575-A87B-41123B08B680}" = ArtRage Studio Pro
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"Battlelog Web Plugins" = Battlelog Web Plugins
"BitComet_x64" = BitComet 1.34 64-bit
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"DAEMON Tools Lite" = DAEMON Tools Lite
"ESN Sonar-0.70.4" = ESN Sonar
"FarmingSimulator2013INT_is1" = Farming Simulator 2013
"FileZilla Client" = FileZilla Client 3.5.3
"Jurassic Park The Game" = Jurassic Park The Game
"Legend of Grimrock_is1" = Legend of Grimrock
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PS3 Media Server" = PS3 Media Server
"PunkBusterSvc" = PunkBuster Services
"Race Driver GRID_is1" = Race Driver GRID
"Reason5_is1" = Reason 5.0
"Satinav" = The Dark Eye - Chains of Satinav
"Spec Ops The Line_R.G. Mechanics_is1" = Spec Ops The Line
"Steam App 212630" = Tom Clancy's Ghost Recon Future Soldier
"Steam App 216690" = XCOM: Enemy Unknown Demo
"Steam App 4920" = Natural Selection 2
"Steam App 550" = Left 4 Dead 2
"Steam App 570" = Dota 2
"Steam App 630" = Alien Swarm
"Steam App 730" = Counter-Strike: Global Offensive
"Steam App 8930" = Sid Meier's Civilization V
"Supersonic Sled" = NVIDIA Supersonic Sled demo
"TabletDriver" = Tablet Driver V5.02
"Torchlight II (c) Runic Games_is1" = Torchlight II (c) Runic Games version 1
"Tunngle beta_is1" = Tunngle beta
"Yesterday (en)" = Yesterday (English)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1598006888-3347211580-3609776695-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 03/11/2012 11:57:23 a.m. | Computer Name = MARIANO-PC | Source = Application Error | ID = 1000
Description = Nombre de la aplicación con errores: svchost.exe, versión: 6.1.7600.16385,
marca de tiempo: 0x4a5bc100 Nombre del módulo con errores: unknown, versión: 0.0.0.0,
marca de tiempo: 0x00000000 Código de excepción: 0xc0000005 Desplazamiento de errores:
0x7488c9f1 Id. del proceso con errores: 0x1c0 Hora de inicio de la aplicación con
errores: 0x01cdb9dbe9ba8968 Ruta de acceso de la aplicación con errores: C:\Windows\SysWOW64\svchost.exe
Ruta
de acceso del módulo con errores: unknown Id. del informe: 27a935f8-25cf-11e2-bc83-da090304f7e6

Error - 03/11/2012 11:58:26 a.m. | Computer Name = MARIANO-PC | Source = Application Error | ID = 1000
Description = Nombre de la aplicación con errores: svchost.exe, versión: 6.1.7600.16385,
marca de tiempo: 0x4a5bc100 Nombre del módulo con errores: unknown, versión: 0.0.0.0,
marca de tiempo: 0x00000000 Código de excepción: 0xc0000005 Desplazamiento de errores:
0x7488c9f1 Id. del proceso con errores: 0x1030 Hora de inicio de la aplicación con
errores: 0x01cdb9dc0ef15c98 Ruta de acceso de la aplicación con errores: C:\Windows\SysWOW64\svchost.exe
Ruta
de acceso del módulo con errores: unknown Id. del informe: 4cedebd8-25cf-11e2-bc83-da090304f7e6

Error - 03/11/2012 11:59:27 a.m. | Computer Name = MARIANO-PC | Source = Application Error | ID = 1000
Description = Nombre de la aplicación con errores: svchost.exe, versión: 6.1.7600.16385,
marca de tiempo: 0x4a5bc100 Nombre del módulo con errores: unknown, versión: 0.0.0.0,
marca de tiempo: 0x00000000 Código de excepción: 0xc0000005 Desplazamiento de errores:
0x7488c9f1 Id. del proceso con errores: 0x3e4 Hora de inicio de la aplicación con
errores: 0x01cdb9dc33bd11e8 Ruta de acceso de la aplicación con errores: C:\Windows\SysWOW64\svchost.exe
Ruta
de acceso del módulo con errores: unknown Id. del informe: 719dfb08-25cf-11e2-bc83-da090304f7e6

Error - 04/11/2012 09:01:50 p.m. | Computer Name = MARIANO-PC | Source = Application Error | ID = 1000
Description = Nombre de la aplicación con errores: svchost.exe, versión: 6.1.7600.16385,
marca de tiempo: 0x4a5bc100 Nombre del módulo con errores: 80000032.@_unloaded,
versión: 0.0.0.0, marca de tiempo: 0x50678515 Código de excepción: 0xc0000005 Desplazamiento
de errores: 0x013dac10 Id. del proceso con errores: 0xcc4 Hora de inicio de la aplicación
con errores: 0x01cdbaf120902a40 Ruta de acceso de la aplicación con errores: C:\Windows\SysWOW64\svchost.exe
Ruta
de acceso del módulo con errores: 80000032.@ Id. del informe: 60cae9b0-26e4-11e2-967a-8321e4d12fcb

Error - 04/11/2012 09:02:50 p.m. | Computer Name = MARIANO-PC | Source = Application Error | ID = 1000
Description = Nombre de la aplicación con errores: svchost.exe, versión: 6.1.7600.16385,
marca de tiempo: 0x4a5bc100 Nombre del módulo con errores: unknown, versión: 0.0.0.0,
marca de tiempo: 0x00000000 Código de excepción: 0xc0000005 Desplazamiento de errores:
0x7502c9f1 Id. del proceso con errores: 0x13e0 Hora de inicio de la aplicación con
errores: 0x01cdbaf147444ea0 Ruta de acceso de la aplicación con errores: C:\Windows\SysWOW64\svchost.exe
Ruta
de acceso del módulo con errores: unknown Id. del informe: 84f8b150-26e4-11e2-967a-8321e4d12fcb

Error - 04/11/2012 09:03:51 p.m. | Computer Name = MARIANO-PC | Source = Application Error | ID = 1000
Description = Nombre de la aplicación con errores: svchost.exe, versión: 6.1.7600.16385,
marca de tiempo: 0x4a5bc100 Nombre del módulo con errores: unknown, versión: 0.0.0.0,
marca de tiempo: 0x00000000 Código de excepción: 0xc0000005 Desplazamiento de errores:
0x7502c9f1 Id. del proceso con errores: 0x65c Hora de inicio de la aplicación con
errores: 0x01cdbaf16b3b00b0 Ruta de acceso de la aplicación con errores: C:\Windows\SysWOW64\svchost.exe
Ruta
de acceso del módulo con errores: unknown Id. del informe: a90890b0-26e4-11e2-967a-8321e4d12fcb

Error - 04/11/2012 09:04:46 p.m. | Computer Name = MARIANO-PC | Source = Application Error | ID = 1000
Description = Nombre de la aplicación con errores: svchost.exe, versión: 6.1.7600.16385,
marca de tiempo: 0x4a5bc100 Nombre del módulo con errores: unknown, versión: 0.0.0.0,
marca de tiempo: 0x00000000 Código de excepción: 0xc0000005 Desplazamiento de errores:
0x7502c9f1 Id. del proceso con errores: 0x13cc Hora de inicio de la aplicación con
errores: 0x01cdbaf18c2df840 Ruta de acceso de la aplicación con errores: C:\Windows\SysWOW64\svchost.exe
Ruta
de acceso del módulo con errores: unknown Id. del informe: c9e73cf0-26e4-11e2-967a-8321e4d12fcb

Error - 04/11/2012 09:05:46 p.m. | Computer Name = MARIANO-PC | Source = Application Error | ID = 1000
Description = Nombre de la aplicación con errores: svchost.exe, versión: 6.1.7600.16385,
marca de tiempo: 0x4a5bc100 Nombre del módulo con errores: 80000032.@_unloaded,
versión: 0.0.0.0, marca de tiempo: 0x50678515 Código de excepción: 0xc0000005 Desplazamiento
de errores: 0x013dac10 Id. del proceso con errores: 0xb50 Hora de inicio de la aplicación
con errores: 0x01cdbaf1b0267f10 Ruta de acceso de la aplicación con errores: C:\Windows\SysWOW64\svchost.exe
Ruta
de acceso del módulo con errores: 80000032.@ Id. del informe: eddc1a40-26e4-11e2-967a-8321e4d12fcb

Error - 04/11/2012 09:06:47 p.m. | Computer Name = MARIANO-PC | Source = Application Error | ID = 1000
Description = Nombre de la aplicación con errores: svchost.exe, versión: 6.1.7600.16385,
marca de tiempo: 0x4a5bc100 Nombre del módulo con errores: 80000032.@_unloaded,
versión: 0.0.0.0, marca de tiempo: 0x50678515 Código de excepción: 0xc0000005 Desplazamiento
de errores: 0x013dac10 Id. del proceso con errores: 0x1e4 Hora de inicio de la aplicación
con errores: 0x01cdbaf1d41bf8a0 Ruta de acceso de la aplicación con errores: C:\Windows\SysWOW64\svchost.exe
Ruta
de acceso del módulo con errores: 80000032.@ Id. del informe: 11e012c0-26e5-11e2-967a-8321e4d12fcb

Error - 04/11/2012 09:07:47 p.m. | Computer Name = MARIANO-PC | Source = Application Error | ID = 1000
Description = Nombre de la aplicación con errores: svchost.exe, versión: 6.1.7600.16385,
marca de tiempo: 0x4a5bc100 Nombre del módulo con errores: unknown, versión: 0.0.0.0,
marca de tiempo: 0x00000000 Código de excepción: 0xc0000005 Desplazamiento de errores:
0x7502c9f1 Id. del proceso con errores: 0x11f4 Hora de inicio de la aplicación con
errores: 0x01cdbaf1f81fca10 Ruta de acceso de la aplicación con errores: C:\Windows\SysWOW64\svchost.exe
Ruta
de acceso del módulo con errores: unknown Id. del informe: 35d31b50-26e5-11e2-967a-8321e4d12fcb

[ System Events ]
Error - 08/11/2012 11:25:29 a.m. | Computer Name = MARIANO-PC | Source = Service Control Manager | ID = 7001
Description = El servicio Proveedor de Grupo Hogar depende del servicio Publicación
de recurso de detección de función, el cual no pudo iniciarse debido al siguiente
error: %%-2147024891

Error - 08/11/2012 11:25:29 a.m. | Computer Name = MARIANO-PC | Source = Service Control Manager | ID = 7023
Description = El servicio Publicación de recurso de detección de función se cerró
con el siguiente error: %%-2147024891

Error - 08/11/2012 11:33:23 a.m. | Computer Name = MARIANO-PC | Source = VDS Basic Provider | ID = 33554433
Description =

Error - 08/11/2012 09:05:12 p.m. | Computer Name = MARIANO-PC | Source = Service Control Manager | ID = 7023
Description = El servicio Examinador de equipos se cerró con el siguiente error:
%%1060

Error - 08/11/2012 09:05:22 p.m. | Computer Name = MARIANO-PC | Source = Service Control Manager | ID = 7023
Description = El servicio Examinador de equipos se cerró con el siguiente error:
%%1060

Error - 08/11/2012 09:06:25 p.m. | Computer Name = MARIANO-PC | Source = Service Control Manager | ID = 7001
Description = El servicio Proveedor de Grupo Hogar depende del servicio Publicación
de recurso de detección de función, el cual no pudo iniciarse debido al siguiente
error: %%-2147024891

Error - 08/11/2012 09:06:25 p.m. | Computer Name = MARIANO-PC | Source = Service Control Manager | ID = 7023
Description = El servicio Publicación de recurso de detección de función se cerró
con el siguiente error: %%-2147024891

Error - 08/11/2012 09:13:59 p.m. | Computer Name = MARIANO-PC | Source = Service Control Manager | ID = 7030
Description = El servicio PEVSystemStart ha sido marcado como servicio interactivo.
Sin embargo, el sistema está configurado para no permitir servicios interactivos.
Este servicio puede tener un funcionamiento incorrecto.

Error - 08/11/2012 09:16:24 p.m. | Computer Name = MARIANO-PC | Source = Application Popup | ID = 1060
Description = Se bloqueó la carga de \??\C:\ComboFix\catchme.sys por una incompatibilidad
con este sistema. Póngase en contacto con el fabricante del software para obtener
una versión compatible del controlador.

Error - 08/11/2012 09:17:06 p.m. | Computer Name = MARIANO-PC | Source = Service Control Manager | ID = 7030
Description = El servicio PEVSystemStart ha sido marcado como servicio interactivo.
Sin embargo, el sistema está configurado para no permitir servicios interactivos.
Este servicio puede tener un funcionamiento incorrecto.


< End of report >

 

[Broni]

Good news

...and thank you

===========================

OTL logs are clean.

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

• Double click on adwcleaner.exe to run the tool.
• Click on Uninstall.
• Confirm with yes.

4. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

5. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[Blade Runner]

Great! Let me know if I can dispose of any of the apps I've used so far, when the whole scanning has been completed, and if everything turns out fine.

Security Check report:
---------------------------------------------------
Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
AVG Anti-Virus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java 7 Update 9
Adobe Flash Player 11.4.402.287
Adobe Reader X (10.1.4)
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

[Blade Runner]

Farbar Service Scanner report:
------------------------------------------------------------
Farbar Service Scanner Version: 07-11-2012
Ran by MARIANO (administrator) on 09-11-2012 at 01:01:29
Running from "C:\Users\MARIANO\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

 

[Blade Runner]

(Results came out in spanish which is the language of the OS. I'm posting both the original report and the one translated by google translator).
(AVG detected it as a suspicious process when it tried to reboot, but I told it to allow it).

AdwCleaner report (spanish):
----------------------------------------------------------------------------------------------------------------
# AdwCleaner v2.007 - Fichero creado el 09/11/2012 a 01:06:54
# Actualizado el 06/11/2012 por Xplode
# Sistema operativo : Windows 7 Professional Service Pack 1 (64 bits)
# Usuario : MARIANO - MARIANO-PC
# Modo de inicio : Normal
# Ejecutado desde : C:\Users\MARIANO\Desktop\adwcleaner.exe
# Opción [Supresión]


***** [Servicios] *****


***** [Ficheros / Carpetas] *****


***** [Registro] *****


***** [Navegadores] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] El registro no contiene ninguna entrada ilegítima.

-\\ Google Chrome v22.0.1229.94

Fichero : C:\Users\MARIANO\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] El fichero no contiene ninguna entrada ilegítima.

*************************

AdwCleaner[S1].txt - [757 octets] - [09/11/2012 01:06:54]

########## EOF - C:\AdwCleaner[S1].txt - [816 octets] ##########
-----------------------------------------------------------------------------------------
AdwCleaner report (translated english):
-----------------------------------------------------------------------------------------
# AdwCleaner v2.007 - File created on 09/11/2012 at 1:06:54
# Updated 06/11/2012 by Xplode
# Operating System: Windows 7 Professional Service Pack 1 (64-bit)
# User: MARIANO - MARIANO-PC
# Start Mode: Normal
# Run from: C: \ Users \ Mariano \ Desktop \ adwcleaner.exe
# Option [Deletion]
***** [Services] *****
***** [Files / Folders] *****
***** [Register] *****
***** [Users] *****
- \ \ Internet Explorer v9.0.8112.16421
[OK] The record contains no unlawful entry.
- \ \ Google Chrome v22.0.1229.94
File: C: \ Users \ Mariano \ AppData \ Local \ Google \ Chrome \ User Data \ Default \ Preferences
[OK] The file does not contain any unlawful entry.
*************************
AdwCleaner [S1]. Txt - [757 octets] - [11/9/2012 1:06:54]
# # # # # # # # # # EOF - C: \ AdwCleaner [S1]. Txt - [816 octets] # # # # # # # # # #

 

[Blade Runner]

Ran TFC successfully and had to reboot.

Now scanning with ESET...
-will edit when finished-

 

[Broni]

Post new reply.
I don't get any email notifications about edits.

 

[Blade Runner]

Ok, took 5 hours.
ESET report:
(some of the items were old 'false positives' allowed by AVG)
--------------------------------------------------------
C:\Downloads\Hdwk\patch399.exe a variant of Win32/Packed.MoleboxUltra.A applicationdeleted - quarantined
C:\FRST\Quarantine\{9b1cd848-c34c-01c4-956c-32d0e801d896}\U\00000004.@Win64/Conedex.C trojancleaned by deleting - quarantined
C:\FRST\Quarantine\{9b1cd848-c34c-01c4-956c-32d0e801d896}\U\00000008.@Win64/Agent.BA trojancleaned by deleting - quarantined
C:\FRST\Quarantine\{9b1cd848-c34c-01c4-956c-32d0e801d896}\U\000000cb.@Win64/Conedex.B trojancleaned by deleting - quarantined
C:\FRST\Quarantine\{9b1cd848-c34c-01c4-956c-32d0e801d896}\U\80000000.@Win64/Sirefef.AW trojancleaned by deleting - quarantined
C:\FRST\Quarantine\{9b1cd848-c34c-01c4-956c-32d0e801d896}\U\80000032.@probably a variant of Win32/Sirefef.FD trojancleaned by deleting - quarantined
C:\FRST\Quarantine\{9b1cd848-c34c-01c4-956c-32d0e801d896}\U\80000064.@a variant of Win64/Sirefef.AN trojancleaned by deleting - quarantined
C:\Users\MARIANO\Downloads\setup.exea variant of Win32/Packed.MoleboxUltra.A applicationcleaned by deleting - quarantined
D:\BACKUP 24-9-12\Archivos de programa\UBISOFT\The Settlers 7 - Paths to a Kingdom\Data\Base\_Dbg\Bin\Release\bin.dlla variant of Win32/Packed.VMProtect.AAA trojancleaned by deleting - quarantined
D:\BACKUP 24-9-12\Documents and Settings\Mariano\Escritorio\FSX\metalcourtin\metalcourtin.exeprobably a variant of Win32/Spy.Agent.JGWBBCQ trojancleaned by deleting - quarantined
D:\Program Files (x86)\Hdwk\GAME.exea variant of Win32/Packed.MoleboxUltra.A applicationcleaned by deleting - quarantined