TechSpot

Sirefef.r & sirefef.ah infected. FRST log

By Iván Campos
Oct 14, 2012
  1. Hi there! Let me introduce myself with a help claim. My win7 has infected by sirefef.r & sirefef.ah, and I can't clean because the file services.exe seems to be the one has been infected.
    Like I could read in other posts, ran the FRST.exe downloaded with a clean pc in restore mode. This is the log:

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-10-2012
    Ran by SYSTEM at 14-10-2012 17:07:07
    Running from H:\
    Windows 7 Professional Service Pack 1 (X86) OS Language: Spanish Modern Sort
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [M-Audio Taskbar Icon] C:\Windows\system32\DeltaIITray.exe [237872 2012-01-25] ()
    HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [61440 2010-02-10] (Advanced Micro Devices, Inc.)
    HKLM\...\Run: [] [x]
    HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
    HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
    HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
    HKLM\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36800 2012-07-27] (Adobe Systems Incorporated)
    HKLM\...\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [823224 2012-07-27] (Adobe Systems Inc.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [444904 2012-09-20] (Adobe Systems Incorporated)
    HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947176 2012-09-12] (Microsoft Corporation)
    HKU\Pikis\...\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount [75624 2012-01-05] (Alcohol Soft Development Team)
    HKU\Pikis\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [x]
    HKU\Pikis\...\Run: [Google Update] "C:\Users\Pikis\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-07-20] (Google Inc.)
    Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254

    ==================== Services (Whitelisted) ===================

    2 AxAutoMntSrv; C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [20472 2012-09-12] (Microsoft Corporation)
    4 msvsmon90; "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon90 [3201024 2008-07-29] (Microsoft Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [287824 2012-09-12] (Microsoft Corporation)
    2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software)

    ==================== Drivers (Whitelisted) ====================

    3 DELTAII; C:\Windows\System32\DRIVERS\MAudioDelta.sys [306096 2012-01-25] (Avid Technology, Inc.)
    0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [193552 2012-08-30] (Microsoft Corporation)
    0 sptd; C:\Windows\System32\Drivers\sptd.sys [477240 2012-07-22] (Duplex Secure Ltd.)
    3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========


    2012-10-14 17:06 - 2012-10-14 17:06 - 00000000 ____D C:\FRST
    2012-10-14 15:50 - 2012-10-14 15:50 - 00000000 ____D C:\Users\Pikis\AppData\Roaming\QuickScan
    2012-10-14 10:35 - 2012-10-14 10:35 - 16985648 ____A (Microsoft Corporation) C:\Users\Pikis\Downloads\Windows-KB890830-V4.13.exe
    2012-10-14 10:16 - 2012-10-14 10:16 - 00347424 ____A (Microsoft Corporation) C:\Users\Pikis\Downloads\MicrosoftFixit.wu.RNP.2227363698113788.1.1.Run.exe
    2012-10-14 09:53 - 2012-10-14 09:53 - 11101672 ____A (Microsoft Corporation) C:\Users\Pikis\Downloads\mseinstall.exe
    2012-10-07 19:13 - 2012-10-07 19:14 - 00000200 ____A C:\Users\Pikis\.pilar
    2012-10-07 19:13 - 2012-10-07 19:13 - 00000000 ____D C:\Program Files\PILAR_5.2
    2012-09-28 11:06 - 2012-09-28 11:52 - 00001543 ____A C:\Users\Pikis\Desktop\SP Panel de Gestión.lnk
    2012-09-28 11:05 - 2012-09-28 11:51 - 00000000 ____D C:\GrupoSP
    2012-09-28 09:24 - 2012-09-28 09:24 - 00000000 ____N C:\Users\Pikis\AppData\Local\slc3A0C.tmp
    2012-09-28 09:03 - 2012-09-28 09:03 - 00000103 ____A C:\Users\Public\sdelevURL.tmp
    2012-09-28 08:58 - 2012-09-28 08:58 - 00000000 ____N C:\Users\Pikis\AppData\Local\slc1C52.tmp
    2012-09-28 08:53 - 2012-09-28 08:53 - 00000000 ____N C:\Users\Pikis\AppData\Local\slcEFAD.tmp
    2012-09-28 08:49 - 2012-09-28 08:49 - 00000000 ____D C:\Users\All Users\Sage
    2012-09-28 08:45 - 2012-09-28 08:45 - 00000000 ____N C:\Users\Pikis\AppData\Local\slc43EA.tmp
    2012-09-28 08:33 - 2012-09-28 08:33 - 00000000 ____N C:\Users\Pikis\AppData\Local\slc6A7.tmp
    2012-09-27 16:45 - 2012-09-27 16:45 - 00000000 ____N C:\Users\Pikis\AppData\Local\slcB31A.tmp
    2012-09-27 16:14 - 2012-09-27 16:14 - 00000000 ____N C:\Users\Pikis\AppData\Local\slc5A24.tmp
    2012-09-27 16:02 - 2012-09-27 16:02 - 00000000 ____N C:\Users\Pikis\AppData\Local\slc5EAE.tmp
    2012-09-27 15:56 - 2012-09-27 15:56 - 00000000 ____N C:\Users\Pikis\AppData\Local\slc566E.tmp
    2012-09-27 10:31 - 2012-10-10 19:50 - 00000000 ____D C:\Ejercicios Facturaplus
    2012-09-27 10:05 - 2012-09-27 10:05 - 00000000 ____N C:\Users\Pikis\AppData\Local\slc8FF6.tmp
    2012-09-26 09:17 - 2012-09-26 09:17 - 00001409 ____A C:\Windows\Upca.fot
    2012-09-26 09:17 - 2012-09-26 09:17 - 00001409 ____A C:\Windows\Code39.fot
    2012-09-26 09:17 - 2012-09-26 09:17 - 00001409 ____A C:\Windows\c128btt.fot
    2012-09-26 09:15 - 2012-09-26 09:15 - 00000000 ____D C:\Program Files\MSXML 4.0
    2012-09-26 09:14 - 2012-09-26 09:14 - 00000000 ____N C:\Users\Pikis\AppData\Local\slc53DE.tmp
    2012-09-26 09:14 - 2011-10-06 12:51 - 04833792 ____A (Amyuni Technologies
    2012-09-26 09:12 - 2011-10-06 12:50 - 00024496 ____A C:\Windows\c128btt.ttf
    2012-09-26 09:12 - 2011-10-06 12:50 - 00017056 ____A C:\Windows\Upca.ttf
    2012-09-26 09:12 - 2011-10-06 12:50 - 00007280 ____A C:\Windows\Code39.ttf
    2012-09-23 08:13 - 2012-09-23 08:13 - 00000693 ____A C:\Users\Pikis\Desktop\Reorganizar - Acceso directo.lnk
    2012-09-16 19:54 - 2012-09-16 19:54 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_netaapl_01009.Wdf

    ==================== 3 Months Modified Files ==================

    2012-10-14 15:57 - 2012-09-09 20:23 - 00003641 ____A C:\Windows\setupact.log
    2012-10-14 15:57 - 2012-04-06 22:33 - 00001082 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-10-14 15:57 - 2009-07-14 05:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-10-14 15:52 - 2012-08-20 09:42 - 00001110 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2186753102-28003779-2570860475-1000UA.job
    2012-10-14 15:48 - 2012-04-06 22:33 - 00001086 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-10-14 15:45 - 2012-09-09 20:35 - 00760551 ____A C:\Windows\WindowsUpdate.log
    2012-10-14 15:45 - 2012-04-06 22:08 - 00000838 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-10-14 10:38 - 2009-07-14 05:34 - 00022032 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-10-14 10:38 - 2009-07-14 05:34 - 00022032 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-10-14 10:35 - 2012-10-14 10:35 - 16985648 ____A (Microsoft Corporation) C:\Users\Pikis\Downloads\Windows-KB890830-V4.13.exe
    2012-10-14 10:16 - 2012-10-14 10:16 - 00347424 ____A (Microsoft Corporation) C:\Users\Pikis\Downloads\MicrosoftFixit.wu.RNP.2227363698113788.1.1.Run.exe
    2012-10-14 09:55 - 2012-03-21 23:03 - 00001912 ____A C:\Windows\epplauncher.mif
    2012-10-14 09:53 - 2012-10-14 09:53 - 11101672 ____A (Microsoft Corporation) C:\Users\Pikis\Downloads\mseinstall.exe
    2012-10-10 20:45 - 2012-04-06 22:08 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
    2012-10-10 20:45 - 2012-03-21 23:40 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
    2012-10-10 19:52 - 2012-08-20 09:42 - 00001058 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2186753102-28003779-2570860475-1000Core.job
    2012-10-07 19:14 - 2012-10-07 19:13 - 00000200 ____A C:\Users\Pikis\.pilar
    2012-09-28 11:52 - 2012-09-28 11:06 - 00001543 ____A C:\Users\Pikis\Desktop\SP Panel de Gestión.lnk
    2012-09-28 09:24 - 2012-09-28 09:24 - 00000000 ____N C:\Users\Pikis\AppData\Local\slc3A0C.tmp
    2012-09-28 09:03 - 2012-09-28 09:03 - 00000103 ____A C:\Users\Public\sdelevURL.tmp
    2012-09-28 08:58 - 2012-09-28 08:58 - 00000000 ____N C:\Users\Pikis\AppData\Local\slc1C52.tmp
    2012-09-28 08:53 - 2012-09-28 08:53 - 00000000 ____N C:\Users\Pikis\AppData\Local\slcEFAD.tmp
    2012-09-28 08:45 - 2012-09-28 08:45 - 00000000 ____N C:\Users\Pikis\AppData\Local\slc43EA.tmp
    2012-09-28 08:33 - 2012-09-28 08:33 - 00000000 ____N C:\Users\Pikis\AppData\Local\slc6A7.tmp
    2012-09-27 23:32 - 2012-03-22 00:29 - 62968832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-09-27 16:45 - 2012-09-27 16:45 - 00000000 ____N C:\Users\Pikis\AppData\Local\slcB31A.tmp
    2012-09-27 16:14 - 2012-09-27 16:14 - 00000000 ____N C:\Users\Pikis\AppData\Local\slc5A24.tmp
    2012-09-27 16:02 - 2012-09-27 16:02 - 00000000 ____N C:\Users\Pikis\AppData\Local\slc5EAE.tmp
    2012-09-27 15:56 - 2012-09-27 15:56 - 00000000 ____N C:\Users\Pikis\AppData\Local\slc566E.tmp
    2012-09-27 10:05 - 2012-09-27 10:05 - 00000000 ____N C:\Users\Pikis\AppData\Local\slc8FF6.tmp
    2012-09-26 09:17 - 2012-09-26 09:17 - 00001409 ____A C:\Windows\Upca.fot
    2012-09-26 09:17 - 2012-09-26 09:17 - 00001409 ____A C:\Windows\Code39.fot
    2012-09-26 09:17 - 2012-09-26 09:17 - 00001409 ____A C:\Windows\c128btt.fot
    2012-09-26 09:14 - 2012-09-26 09:14 - 00000000 ____N C:\Users\Pikis\AppData\Local\slc53DE.tmp
    2012-09-24 08:27 - 2010-11-20 22:01 - 00005244 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-09-23 08:13 - 2012-09-23 08:13 - 00000693 ____A C:\Users\Pikis\Desktop\Reorganizar - Acceso directo.lnk
    2012-09-16 19:54 - 2012-09-16 19:54 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_netaapl_01009.Wdf
    2012-09-11 17:45 - 2012-09-11 17:45 - 00000602 ____A C:\Windows\PFRO.log
    2012-09-09 20:36 - 2012-09-09 20:36 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    2012-09-09 20:23 - 2012-09-09 20:23 - 00000000 ____A C:\Windows\setuperr.log
    2012-09-05 20:52 - 2012-09-05 20:52 - 00007602 ____A C:\Users\Pikis\AppData\Local\Resmon.ResmonCfg
    2012-09-03 19:23 - 2009-07-14 05:53 - 00032518 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-08-30 21:03 - 2012-08-30 21:03 - 00193552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
    2012-08-30 21:03 - 2011-04-27 15:25 - 00099272 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
    2012-08-21 12:01 - 2012-09-13 22:07 - 00026840 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
    2012-08-21 12:01 - 2012-03-24 13:03 - 00106928 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi.dll
    2012-08-06 14:32 - 2012-08-06 14:32 - 00000000 ___AH C:\Users\Pikis\Documents\Default.rdp
    2012-07-22 18:29 - 2012-07-22 18:29 - 00406528 ____A (Propellerhead Software AB) C:\Windows\System32\ReWire.dll
    2012-07-22 18:29 - 2012-07-22 18:29 - 00338432 ____A (Propellerhead Software AB) C:\Windows\System32\REX Shared Library.dll
    2012-07-22 18:18 - 2012-07-22 18:18 - 00000322 ____A C:\Users\Pikis\Documents\ax_files.xml
    2012-07-22 18:13 - 2012-07-22 09:26 - 00477240 ____A (Duplex Secure Ltd.) C:\Windows\System32\Drivers\sptd.sys

    ZeroAccess:
    C:\Windows\Installer\{9d1431b4-0fd4-78b1-095e-f2e3b8f6f85a}
    C:\Windows\Installer\{9d1431b4-0fd4-78b1-095e-f2e3b8f6f85a}\L
    C:\Windows\Installer\{9d1431b4-0fd4-78b1-095e-f2e3b8f6f85a}\U

    ZeroAccess:
    C:\Users\Pikis\AppData\Local\{9d1431b4-0fd4-78b1-095e-f2e3b8f6f85a}
    C:\Users\Pikis\AppData\Local\{9d1431b4-0fd4-78b1-095e-f2e3b8f6f85a}\@
    C:\Users\Pikis\AppData\Local\{9d1431b4-0fd4-78b1-095e-f2e3b8f6f85a}\L
    C:\Users\Pikis\AppData\Local\{9d1431b4-0fd4-78b1-095e-f2e3b8f6f85a}\U

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================


    ==================== Memory info ===========================

    Percentage of memory in use: 16%
    Total physical RAM: 2942.3 MB
    Available physical RAM: 2467.1 MB
    Total Pagefile: 2938.54 MB
    Available Pagefile: 2468.25 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1970.28 MB

    ==================== Partitions =============================

    2 Drive c: (Win7) (Fixed) (Total:39.06 GB) (Free:1.07 GB) NTFS
    3 Drive e: (Datos) (Fixed) (Total:107.81 GB) (Free:32.79 GB) NTFS
    6 Drive h: (VIDEOS) (Removable) (Total:7.84 GB) (Free:1.95 GB) FAT32
    7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    8 Drive y: (WinXP) (Fixed) (Total:19.53 GB) (Free:7.33 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    N£m Disco Estado Tama¤o Disp Din Gpt
    ---------- ---------- ------- ------- --- ---
    Disco 0 En l¡nea 186 GB 19 GB
    Disco 1 En l¡nea 8044 MB 0 B

    Partitions of Disk 0:
    ===============

    N£m Partici¢n Tipo Tama¤o Desplazamiento
    ------------- ---------------- ------- ---------------
    Partici¢n 1 Principal 19 GB 31 KB
    Partici¢n 2 Principal 39 GB 19 GB
    Partici¢n 3 Principal 107 GB 58 GB

    =========================================================

    Disk: 0
    Partici¢n 1
    Tipo : 07
    Oculta : No
    Activa : S¡

    N£m Volumen Ltr Etiqueta Fs Tipo Tama¤o Estado Info
    ----------- --- ----------- ----- ---------- ------- --------- --------
    * Volumen 2 Y WinXP NTFS Partici¢n 19 GB Correcto

    =========================================================

    Disk: 0
    Partici¢n 2
    Tipo : 07
    Oculta : No
    Activa : No

    N£m Volumen Ltr Etiqueta Fs Tipo Tama¤o Estado Info
    ----------- --- ----------- ----- ---------- ------- --------- --------
    * Volumen 3 C Win7 NTFS Partici¢n 39 GB Correcto

    =========================================================

    Disk: 0
    Partici¢n 3
    Tipo : 07
    Oculta : No
    Activa : No

    N£m Volumen Ltr Etiqueta Fs Tipo Tama¤o Estado Info
    ----------- --- ----------- ----- ---------- ------- --------- --------
    * Volumen 4 E Datos NTFS Partici¢n 107 GB Correcto

    =========================================================

    Partitions of Disk 1:
    ===============

    N£m Partici¢n Tipo Tama¤o Desplazamiento
    ------------- ---------------- ------- ---------------
    Partici¢n 1 Principal 8043 MB 31 KB

    =========================================================

    Disk: 1
    Partici¢n 1
    Tipo : 0C
    Oculta : No
    Activa : S¡

    N£m Volumen Ltr Etiqueta Fs Tipo Tama¤o Estado Info
    ----------- --- ----------- ----- ---------- ------- --------- --------
    * Volumen 5 H VIDEOS FAT32 Extra¡ble 8043 MB Correcto

    =========================================================

    Last Boot: 2012-10-07 09:42

    ==================== End Of Log ============================

    At this point, I wish some of you can help me.

    Thanks for all indeed!
     
  2. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
     
  3. Iván Campos

    Iván Campos TS Rookie Topic Starter Posts: 23

    Hi, Broni.

    There are the two files.

    Thanks a lot 4 your help!
     

    Attached Files:

  4. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Please observe forum rules.
    All logs have to be pasted not attached.
     
  5. Iván Campos

    Iván Campos TS Rookie Topic Starter Posts: 23

    Please excuse me.

    FRST.txt

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-10-2012
    Ran by SYSTEM at 14-10-2012 17:07:07
    Running from H:\
    Windows 7 Professional Service Pack 1 (X86) OS Language: Spanish Modern Sort
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [M-Audio Taskbar Icon] C:\Windows\system32\DeltaIITray.exe [237872 2012-01-25] ()
    HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [61440 2010-02-10] (Advanced Micro Devices, Inc.)
    HKLM\...\Run: [] [x]
    HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
    HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
    HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
    HKLM\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36800 2012-07-27] (Adobe Systems Incorporated)
    HKLM\...\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [823224 2012-07-27] (Adobe Systems Inc.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [444904 2012-09-20] (Adobe Systems Incorporated)
    HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947176 2012-09-12] (Microsoft Corporation)
    HKU\Pikis\...\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount [75624 2012-01-05] (Alcohol Soft Development Team)
    HKU\Pikis\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [x]
    HKU\Pikis\...\Run: [Google Update] "C:\Users\Pikis\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-07-20] (Google Inc.)
    Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254

    ==================== Services (Whitelisted) ===================

    2 AxAutoMntSrv; C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [20472 2012-09-12] (Microsoft Corporation)
    4 msvsmon90; "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon90 [3201024 2008-07-29] (Microsoft Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [287824 2012-09-12] (Microsoft Corporation)
    2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software)

    ==================== Drivers (Whitelisted) ====================

    3 DELTAII; C:\Windows\System32\DRIVERS\MAudioDelta.sys [306096 2012-01-25] (Avid Technology, Inc.)
    0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [193552 2012-08-30] (Microsoft Corporation)
    0 sptd; C:\Windows\System32\Drivers\sptd.sys [477240 2012-07-22] (Duplex Secure Ltd.)
    3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========


    2012-10-14 17:06 - 2012-10-14 17:06 - 00000000 ____D C:\FRST
    2012-10-14 15:50 - 2012-10-14 15:50 - 00000000 ____D C:\Users\Pikis\AppData\Roaming\QuickScan
    2012-10-14 10:35 - 2012-10-14 10:35 - 16985648 ____A (Microsoft Corporation) C:\Users\Pikis\Downloads\Windows-KB890830-V4.13.exe
    2012-10-14 10:16 - 2012-10-14 10:16 - 00347424 ____A (Microsoft Corporation) C:\Users\Pikis\Downloads\MicrosoftFixit.wu.RNP.2227363698113788.1.1.Run.exe
    2012-10-14 09:53 - 2012-10-14 09:53 - 11101672 ____A (Microsoft Corporation) C:\Users\Pikis\Downloads\mseinstall.exe
    2012-10-07 19:13 - 2012-10-07 19:14 - 00000200 ____A C:\Users\Pikis\.pilar
    2012-10-07 19:13 - 2012-10-07 19:13 - 00000000 ____D C:\Program Files\PILAR_5.2
    2012-09-28 11:06 - 2012-09-28 11:52 - 00001543 ____A C:\Users\Pikis\Desktop\SP Panel de Gestión.lnk
    2012-09-28 11:05 - 2012-09-28 11:51 - 00000000 ____D C:\GrupoSP
    2012-09-28 09:24 - 2012-09-28 09:24 - 00000000 ____N C:\Users\Pikis\AppData\Local\slc3A0C.tmp
    2012-09-28 09:03 - 2012-09-28 09:03 - 00000103 ____A C:\Users\Public\sdelevURL.tmp
    2012-09-28 08:58 - 2012-09-28 08:58 - 00000000 ____N C:\Users\Pikis\AppData\Local\slc1C52.tmp
    2012-09-28 08:53 - 2012-09-28 08:53 - 00000000 ____N C:\Users\Pikis\AppData\Local\slcEFAD.tmp
    2012-09-28 08:49 - 2012-09-28 08:49 - 00000000 ____D C:\Users\All Users\Sage
    2012-09-28 08:45 - 2012-09-28 08:45 - 00000000 ____N C:\Users\Pikis\AppData\Local\slc43EA.tmp
    2012-09-28 08:33 - 2012-09-28 08:33 - 00000000 ____N C:\Users\Pikis\AppData\Local\slc6A7.tmp
    2012-09-27 16:45 - 2012-09-27 16:45 - 00000000 ____N C:\Users\Pikis\AppData\Local\slcB31A.tmp
    2012-09-27 16:14 - 2012-09-27 16:14 - 00000000 ____N C:\Users\Pikis\AppData\Local\slc5A24.tmp
    2012-09-27 16:02 - 2012-09-27 16:02 - 00000000 ____N C:\Users\Pikis\AppData\Local\slc5EAE.tmp
    2012-09-27 15:56 - 2012-09-27 15:56 - 00000000 ____N C:\Users\Pikis\AppData\Local\slc566E.tmp
    2012-09-27 10:31 - 2012-10-10 19:50 - 00000000 ____D C:\Ejercicios Facturaplus
    2012-09-27 10:05 - 2012-09-27 10:05 - 00000000 ____N C:\Users\Pikis\AppData\Local\slc8FF6.tmp
    2012-09-26 09:17 - 2012-09-26 09:17 - 00001409 ____A C:\Windows\Upca.fot
    2012-09-26 09:17 - 2012-09-26 09:17 - 00001409 ____A C:\Windows\Code39.fot
    2012-09-26 09:17 - 2012-09-26 09:17 - 00001409 ____A C:\Windows\c128btt.fot
    2012-09-26 09:15 - 2012-09-26 09:15 - 00000000 ____D C:\Program Files\MSXML 4.0
    2012-09-26 09:14 - 2012-09-26 09:14 - 00000000 ____N C:\Users\Pikis\AppData\Local\slc53DE.tmp
    2012-09-26 09:14 - 2011-10-06 12:51 - 04833792 ____A (Amyuni Technologies
    2012-09-26 09:12 - 2011-10-06 12:50 - 00024496 ____A C:\Windows\c128btt.ttf
    2012-09-26 09:12 - 2011-10-06 12:50 - 00017056 ____A C:\Windows\Upca.ttf
    2012-09-26 09:12 - 2011-10-06 12:50 - 00007280 ____A C:\Windows\Code39.ttf
    2012-09-23 08:13 - 2012-09-23 08:13 - 00000693 ____A C:\Users\Pikis\Desktop\Reorganizar - Acceso directo.lnk
    2012-09-16 19:54 - 2012-09-16 19:54 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_netaapl_01009.Wdf

    ==================== 3 Months Modified Files ==================

    2012-10-14 15:57 - 2012-09-09 20:23 - 00003641 ____A C:\Windows\setupact.log
    2012-10-14 15:57 - 2012-04-06 22:33 - 00001082 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-10-14 15:57 - 2009-07-14 05:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-10-14 15:52 - 2012-08-20 09:42 - 00001110 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2186753102-28003779-2570860475-1000UA.job
    2012-10-14 15:48 - 2012-04-06 22:33 - 00001086 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-10-14 15:45 - 2012-09-09 20:35 - 00760551 ____A C:\Windows\WindowsUpdate.log
    2012-10-14 15:45 - 2012-04-06 22:08 - 00000838 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-10-14 10:38 - 2009-07-14 05:34 - 00022032 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-10-14 10:38 - 2009-07-14 05:34 - 00022032 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-10-14 10:35 - 2012-10-14 10:35 - 16985648 ____A (Microsoft Corporation) C:\Users\Pikis\Downloads\Windows-KB890830-V4.13.exe
    2012-10-14 10:16 - 2012-10-14 10:16 - 00347424 ____A (Microsoft Corporation) C:\Users\Pikis\Downloads\MicrosoftFixit.wu.RNP.2227363698113788.1.1.Run.exe
    2012-10-14 09:55 - 2012-03-21 23:03 - 00001912 ____A C:\Windows\epplauncher.mif
    2012-10-14 09:53 - 2012-10-14 09:53 - 11101672 ____A (Microsoft Corporation) C:\Users\Pikis\Downloads\mseinstall.exe
    2012-10-10 20:45 - 2012-04-06 22:08 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
    2012-10-10 20:45 - 2012-03-21 23:40 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
    2012-10-10 19:52 - 2012-08-20 09:42 - 00001058 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2186753102-28003779-2570860475-1000Core.job
    2012-10-07 19:14 - 2012-10-07 19:13 - 00000200 ____A C:\Users\Pikis\.pilar
    2012-09-28 11:52 - 2012-09-28 11:06 - 00001543 ____A C:\Users\Pikis\Desktop\SP Panel de Gestión.lnk
    2012-09-28 09:24 - 2012-09-28 09:24 - 00000000 ____N C:\Users\Pikis\AppData\Local\slc3A0C.tmp
    2012-09-28 09:03 - 2012-09-28 09:03 - 00000103 ____A C:\Users\Public\sdelevURL.tmp
    2012-09-28 08:58 - 2012-09-28 08:58 - 00000000 ____N C:\Users\Pikis\AppData\Local\slc1C52.tmp
    2012-09-28 08:53 - 2012-09-28 08:53 - 00000000 ____N C:\Users\Pikis\AppData\Local\slcEFAD.tmp
    2012-09-28 08:45 - 2012-09-28 08:45 - 00000000 ____N C:\Users\Pikis\AppData\Local\slc43EA.tmp
    2012-09-28 08:33 - 2012-09-28 08:33 - 00000000 ____N C:\Users\Pikis\AppData\Local\slc6A7.tmp
    2012-09-27 23:32 - 2012-03-22 00:29 - 62968832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-09-27 16:45 - 2012-09-27 16:45 - 00000000 ____N C:\Users\Pikis\AppData\Local\slcB31A.tmp
    2012-09-27 16:14 - 2012-09-27 16:14 - 00000000 ____N C:\Users\Pikis\AppData\Local\slc5A24.tmp
    2012-09-27 16:02 - 2012-09-27 16:02 - 00000000 ____N C:\Users\Pikis\AppData\Local\slc5EAE.tmp
    2012-09-27 15:56 - 2012-09-27 15:56 - 00000000 ____N C:\Users\Pikis\AppData\Local\slc566E.tmp
    2012-09-27 10:05 - 2012-09-27 10:05 - 00000000 ____N C:\Users\Pikis\AppData\Local\slc8FF6.tmp
    2012-09-26 09:17 - 2012-09-26 09:17 - 00001409 ____A C:\Windows\Upca.fot
    2012-09-26 09:17 - 2012-09-26 09:17 - 00001409 ____A C:\Windows\Code39.fot
    2012-09-26 09:17 - 2012-09-26 09:17 - 00001409 ____A C:\Windows\c128btt.fot
    2012-09-26 09:14 - 2012-09-26 09:14 - 00000000 ____N C:\Users\Pikis\AppData\Local\slc53DE.tmp
    2012-09-24 08:27 - 2010-11-20 22:01 - 00005244 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-09-23 08:13 - 2012-09-23 08:13 - 00000693 ____A C:\Users\Pikis\Desktop\Reorganizar - Acceso directo.lnk
    2012-09-16 19:54 - 2012-09-16 19:54 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_netaapl_01009.Wdf
    2012-09-11 17:45 - 2012-09-11 17:45 - 00000602 ____A C:\Windows\PFRO.log
    2012-09-09 20:36 - 2012-09-09 20:36 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    2012-09-09 20:23 - 2012-09-09 20:23 - 00000000 ____A C:\Windows\setuperr.log
    2012-09-05 20:52 - 2012-09-05 20:52 - 00007602 ____A C:\Users\Pikis\AppData\Local\Resmon.ResmonCfg
    2012-09-03 19:23 - 2009-07-14 05:53 - 00032518 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-08-30 21:03 - 2012-08-30 21:03 - 00193552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
    2012-08-30 21:03 - 2011-04-27 15:25 - 00099272 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
    2012-08-21 12:01 - 2012-09-13 22:07 - 00026840 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
    2012-08-21 12:01 - 2012-03-24 13:03 - 00106928 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi.dll
    2012-08-06 14:32 - 2012-08-06 14:32 - 00000000 ___AH C:\Users\Pikis\Documents\Default.rdp
    2012-07-22 18:29 - 2012-07-22 18:29 - 00406528 ____A (Propellerhead Software AB) C:\Windows\System32\ReWire.dll
    2012-07-22 18:29 - 2012-07-22 18:29 - 00338432 ____A (Propellerhead Software AB) C:\Windows\System32\REX Shared Library.dll
    2012-07-22 18:18 - 2012-07-22 18:18 - 00000322 ____A C:\Users\Pikis\Documents\ax_files.xml
    2012-07-22 18:13 - 2012-07-22 09:26 - 00477240 ____A (Duplex Secure Ltd.) C:\Windows\System32\Drivers\sptd.sys

    ZeroAccess:
    C:\Windows\Installer\{9d1431b4-0fd4-78b1-095e-f2e3b8f6f85a}
    C:\Windows\Installer\{9d1431b4-0fd4-78b1-095e-f2e3b8f6f85a}\L
    C:\Windows\Installer\{9d1431b4-0fd4-78b1-095e-f2e3b8f6f85a}\U

    ZeroAccess:
    C:\Users\Pikis\AppData\Local\{9d1431b4-0fd4-78b1-095e-f2e3b8f6f85a}
    C:\Users\Pikis\AppData\Local\{9d1431b4-0fd4-78b1-095e-f2e3b8f6f85a}\@
    C:\Users\Pikis\AppData\Local\{9d1431b4-0fd4-78b1-095e-f2e3b8f6f85a}\L
    C:\Users\Pikis\AppData\Local\{9d1431b4-0fd4-78b1-095e-f2e3b8f6f85a}\U

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================


    ==================== Memory info ===========================

    Percentage of memory in use: 16%
    Total physical RAM: 2942.3 MB
    Available physical RAM: 2467.1 MB
    Total Pagefile: 2938.54 MB
    Available Pagefile: 2468.25 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1970.28 MB

    ==================== Partitions =============================

    2 Drive c: (Win7) (Fixed) (Total:39.06 GB) (Free:1.07 GB) NTFS
    3 Drive e: (Datos) (Fixed) (Total:107.81 GB) (Free:32.79 GB) NTFS
    6 Drive h: (VIDEOS) (Removable) (Total:7.84 GB) (Free:1.95 GB) FAT32
    7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    8 Drive y: (WinXP) (Fixed) (Total:19.53 GB) (Free:7.33 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    N£m Disco Estado Tama¤o Disp Din Gpt
    ---------- ---------- ------- ------- --- ---
    Disco 0 En l¡nea 186 GB 19 GB
    Disco 1 En l¡nea 8044 MB 0 B

    Partitions of Disk 0:
    ===============

    N£m Partici¢n Tipo Tama¤o Desplazamiento
    ------------- ---------------- ------- ---------------
    Partici¢n 1 Principal 19 GB 31 KB
    Partici¢n 2 Principal 39 GB 19 GB
    Partici¢n 3 Principal 107 GB 58 GB

    =========================================================

    Disk: 0
    Partici¢n 1
    Tipo : 07
    Oculta : No
    Activa : S¡

    N£m Volumen Ltr Etiqueta Fs Tipo Tama¤o Estado Info
    ----------- --- ----------- ----- ---------- ------- --------- --------
    * Volumen 2 Y WinXP NTFS Partici¢n 19 GB Correcto

    =========================================================

    Disk: 0
    Partici¢n 2
    Tipo : 07
    Oculta : No
    Activa : No

    N£m Volumen Ltr Etiqueta Fs Tipo Tama¤o Estado Info
    ----------- --- ----------- ----- ---------- ------- --------- --------
    * Volumen 3 C Win7 NTFS Partici¢n 39 GB Correcto

    =========================================================

    Disk: 0
    Partici¢n 3
    Tipo : 07
    Oculta : No
    Activa : No

    N£m Volumen Ltr Etiqueta Fs Tipo Tama¤o Estado Info
    ----------- --- ----------- ----- ---------- ------- --------- --------
    * Volumen 4 E Datos NTFS Partici¢n 107 GB Correcto

    =========================================================

    Partitions of Disk 1:
    ===============

    N£m Partici¢n Tipo Tama¤o Desplazamiento
    ------------- ---------------- ------- ---------------
    Partici¢n 1 Principal 8043 MB 31 KB

    =========================================================

    Disk: 1
    Partici¢n 1
    Tipo : 0C
    Oculta : No
    Activa : S¡

    N£m Volumen Ltr Etiqueta Fs Tipo Tama¤o Estado Info
    ----------- --- ----------- ----- ---------- ------- --------- --------
    * Volumen 5 H VIDEOS FAT32 Extra¡ble 8043 MB Correcto

    =========================================================

    Last Boot: 2012-10-07 09:42

    ==================== End Of Log ============================

    Search.txt

    Farbar Recovery Scan Tool (x86) Version: 12-10-2012
    Ran by SYSTEM at 2012-10-14 19:51:50
    Running from H:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
    [2009-07-14 00:11] - [2009-07-14 02:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

    C:\Windows\System32\services.exe
    [2009-07-14 00:11] - [2009-07-14 02:14] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9

    === End Of Search ===

    Thank you!
     
  6. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    Restart normally.

    =================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    ==============================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ===============================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    Alternate download: http://www.filehippo.com/download_malwarebytes_anti_malware/
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ===============================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     

    Attached Files:

  7. Iván Campos

    Iván Campos TS Rookie Topic Starter Posts: 23

    Wow! You're kinda anti-malware angel!

    First instance, fixing was ok. This is the log:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-10-2012
    Ran by SYSTEM at 2012-10-14 20:28:18 Run:1
    Running from H:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
    C:\Windows\Installer\{9d1431b4-0fd4-78b1-095e-f2e3b8f6f85a} moved successfully.
    C:\Users\Pikis\AppData\Local\{9d1431b4-0fd4-78b1-095e-f2e3b8f6f85a} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
     
  8. Broni

    Broni Malware Annihilator Posts: 52,904   +344

  9. Iván Campos

    Iván Campos TS Rookie Topic Starter Posts: 23

    Second instance: TDSKiller: scanned ok without warnings or reboot:

    Part 1

    20:33:10.0710 2012 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
    20:33:11.0023 2012 ============================================================
    20:33:11.0023 2012 Current date / time: 2012/10/14 20:33:11.0023
    20:33:11.0023 2012 SystemInfo:
    20:33:11.0023 2012
    20:33:11.0023 2012 OS Version: 6.1.7601 ServicePack: 1.0
    20:33:11.0023 2012 Product type: Workstation
    20:33:11.0023 2012 ComputerName: PIKIS-PCHOME
    20:33:11.0023 2012 UserName: Pikis
    20:33:11.0023 2012 Windows directory: C:\Windows
    20:33:11.0023 2012 System windows directory: C:\Windows
    20:33:11.0023 2012 Processor architecture: Intel x86
    20:33:11.0023 2012 Number of processors: 2
    20:33:11.0023 2012 Page size: 0x1000
    20:33:11.0023 2012 Boot type: Normal boot
    20:33:11.0023 2012 ============================================================
    20:33:14.0946 2012 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    20:33:14.0946 2012 ============================================================
    20:33:14.0946 2012 \Device\Harddisk0\DR0:
    20:33:14.0946 2012 MBR partitions:
    20:33:14.0946 2012 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2711637
    20:33:14.0946 2012 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2711800, BlocksNum 0x4E20000
    20:33:14.0946 2012 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x7531800, BlocksNum 0xD7A0000
    20:33:14.0946 2012 ============================================================
    20:33:14.0977 2012 C: <-> \Device\Harddisk0\DR0\Partition2
    20:33:15.0008 2012 D: <-> \Device\Harddisk0\DR0\Partition1
    20:33:15.0102 2012 L: <-> \Device\Harddisk0\DR0\Partition3
    20:33:15.0102 2012 ============================================================
    20:33:15.0102 2012 Initialize success
    20:33:15.0102 2012 ============================================================
    20:33:21.0311 3360 ============================================================
    20:33:21.0311 3360 Scan started
    20:33:21.0311 3360 Mode: Manual;
    20:33:21.0311 3360 ============================================================
    20:33:22.0420 3360 ================ Scan system memory ========================
    20:33:22.0420 3360 System memory - ok
    20:33:22.0420 3360 ================ Scan services =============================
    20:33:22.0686 3360 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
    20:33:22.0702 3360 1394ohci - ok
    20:33:22.0764 3360 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    20:33:22.0764 3360 ACPI - ok
    20:33:22.0795 3360 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    20:33:22.0795 3360 AcpiPmi - ok
    20:33:22.0920 3360 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    20:33:22.0920 3360 AdobeARMservice - ok
    20:33:23.0030 3360 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    20:33:23.0045 3360 AdobeFlashPlayerUpdateSvc - ok
    20:33:23.0124 3360 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    20:33:23.0139 3360 adp94xx - ok
    20:33:23.0186 3360 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
    20:33:23.0202 3360 adpahci - ok
    20:33:23.0249 3360 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    20:33:23.0264 3360 adpu320 - ok
    20:33:23.0327 3360 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    20:33:23.0327 3360 AeLookupSvc - ok
    20:33:23.0405 3360 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
    20:33:23.0420 3360 AFD - ok
    20:33:23.0452 3360 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
    20:33:23.0467 3360 agp440 - ok
    20:33:23.0499 3360 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
    20:33:23.0499 3360 aic78xx - ok
    20:33:23.0561 3360 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
    20:33:23.0561 3360 ALG - ok
    20:33:23.0608 3360 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
    20:33:23.0608 3360 aliide - ok
    20:33:23.0655 3360 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
    20:33:23.0655 3360 amdagp - ok
    20:33:23.0686 3360 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
    20:33:23.0686 3360 amdide - ok
    20:33:23.0717 3360 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    20:33:23.0733 3360 AmdK8 - ok
    20:33:23.0749 3360 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
    20:33:23.0749 3360 AmdPPM - ok
    20:33:23.0811 3360 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
    20:33:23.0811 3360 amdsata - ok
    20:33:23.0874 3360 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
    20:33:23.0874 3360 amdsbs - ok
    20:33:23.0905 3360 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    20:33:23.0905 3360 amdxata - ok
    20:33:23.0952 3360 [ DD8D9C597AF7CD2F6B70A3D6A4A1ACEA ] androidusb C:\Windows\system32\Drivers\ssadadb.sys
    20:33:23.0952 3360 androidusb - ok
    20:33:23.0999 3360 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
    20:33:23.0999 3360 AppID - ok
    20:33:24.0045 3360 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    20:33:24.0045 3360 AppIDSvc - ok
    20:33:24.0092 3360 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
    20:33:24.0092 3360 Appinfo - ok
    20:33:24.0186 3360 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    20:33:24.0186 3360 Apple Mobile Device - ok
    20:33:24.0249 3360 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
    20:33:24.0264 3360 AppMgmt - ok
    20:33:24.0311 3360 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
    20:33:24.0327 3360 arc - ok
    20:33:24.0358 3360 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
    20:33:24.0374 3360 arcsas - ok
    20:33:24.0405 3360 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    20:33:24.0420 3360 AsyncMac - ok
    20:33:24.0452 3360 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
    20:33:24.0452 3360 atapi - ok
    20:33:24.0780 3360 [ E90E1738FF37D220BA798C2DFFA5DD5B ] athr C:\Windows\system32\DRIVERS\athr.sys
    20:33:24.0827 3360 athr - ok
    20:33:25.0000 3360 [ 86ACB6A60C50E99EB8E68710D5A12654 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
    20:33:25.0015 3360 Ati External Event Utility - ok
    20:33:25.0468 3360 [ 7DB96C2801A78513BDC133C25D07929E ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    20:33:25.0703 3360 atikmdag - ok
    20:33:25.0812 3360 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    20:33:25.0828 3360 AudioEndpointBuilder - ok
    20:33:25.0890 3360 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
    20:33:25.0890 3360 Audiosrv - ok
    20:33:26.0000 3360 [ 7692F4B242E45870873CAF4CB85CF769 ] AxAutoMntSrv C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe
    20:33:26.0000 3360 AxAutoMntSrv - ok
    20:33:26.0063 3360 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
    20:33:26.0079 3360 AxInstSV - ok
    20:33:26.0157 3360 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
    20:33:26.0172 3360 b06bdrv - ok
    20:33:26.0219 3360 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
    20:33:26.0235 3360 b57nd60x - ok
    20:33:26.0297 3360 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
    20:33:26.0329 3360 BDESVC - ok
    20:33:26.0360 3360 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
    20:33:26.0360 3360 Beep - ok
    20:33:26.0407 3360 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    20:33:26.0407 3360 blbdrive - ok
    20:33:26.0516 3360 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    20:33:26.0547 3360 Bonjour Service - ok
    20:33:26.0594 3360 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    20:33:26.0594 3360 bowser - ok
    20:33:26.0657 3360 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
    20:33:26.0672 3360 BrFiltLo - ok
    20:33:26.0704 3360 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
    20:33:26.0704 3360 BrFiltUp - ok
    20:33:26.0750 3360 [ 6E11F33D14D020F58D5E02E4D67DFA19 ] Browser C:\Windows\System32\browser.dll
    20:33:26.0750 3360 Browser - ok
    20:33:26.0829 3360 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    20:33:26.0844 3360 Brserid - ok
    20:33:26.0875 3360 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    20:33:26.0891 3360 BrSerWdm - ok
    20:33:26.0922 3360 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    20:33:26.0938 3360 BrUsbMdm - ok
    20:33:26.0969 3360 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    20:33:27.0001 3360 BrUsbSer - ok
    20:33:27.0080 3360 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
    20:33:27.0095 3360 BthEnum - ok
    20:33:27.0126 3360 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    20:33:27.0126 3360 BTHMODEM - ok
    20:33:27.0205 3360 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
    20:33:27.0205 3360 BthPan - ok
    20:33:27.0330 3360 [ C2FBF6D271D9A94D839C416BF186EAD9 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
    20:33:27.0361 3360 BTHPORT - ok
    20:33:27.0423 3360 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
    20:33:27.0423 3360 bthserv - ok
    20:33:27.0486 3360 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
    20:33:27.0486 3360 BTHUSB - ok
    20:33:27.0548 3360 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    20:33:27.0564 3360 cdfs - ok
    20:33:27.0658 3360 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    20:33:27.0705 3360 cdrom - ok
    20:33:27.0798 3360 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
    20:33:27.0798 3360 CertPropSvc - ok
    20:33:27.0830 3360 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
    20:33:27.0845 3360 circlass - ok
    20:33:27.0908 3360 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
    20:33:27.0923 3360 CLFS - ok
    20:33:27.0986 3360 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    20:33:28.0018 3360 clr_optimization_v2.0.50727_32 - ok
    20:33:28.0096 3360 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    20:33:28.0143 3360 clr_optimization_v4.0.30319_32 - ok
    20:33:28.0174 3360 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
    20:33:28.0174 3360 CmBatt - ok
    20:33:28.0206 3360 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
    20:33:28.0206 3360 cmdide - ok
    20:33:28.0284 3360 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
    20:33:28.0299 3360 CNG - ok
    20:33:28.0331 3360 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys
    20:33:28.0346 3360 Compbatt - ok
    20:33:28.0393 3360 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
    20:33:28.0393 3360 CompositeBus - ok
    20:33:28.0409 3360 COMSysApp - ok
    20:33:28.0440 3360 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    20:33:28.0440 3360 crcdisk - ok
    20:33:28.0518 3360 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    20:33:28.0518 3360 CryptSvc - ok
    20:33:28.0581 3360 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
    20:33:28.0596 3360 CSC - ok
    20:33:28.0674 3360 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
    20:33:28.0706 3360 CscService - ok
    20:33:28.0768 3360 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
    20:33:28.0784 3360 DcomLaunch - ok
    20:33:28.0831 3360 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
    20:33:28.0846 3360 defragsvc - ok
    20:33:28.0924 3360 [ FA4F31B026AEF62C68DB5C196A03B9A5 ] DELTAII C:\Windows\system32\DRIVERS\MAudioDelta.sys
    20:33:29.0002 3360 DELTAII - ok
    20:33:29.0053 3360 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    20:33:29.0053 3360 DfsC - ok
    20:33:29.0116 3360 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
    20:33:29.0131 3360 Dhcp - ok
    20:33:29.0163 3360 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
    20:33:29.0163 3360 discache - ok
    20:33:29.0241 3360 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
    20:33:29.0256 3360 Disk - ok
    20:33:29.0288 3360 [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
    20:33:29.0303 3360 dmvsc - ok
    20:33:29.0350 3360 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    20:33:29.0350 3360 Dnscache - ok
    20:33:29.0397 3360 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
    20:33:29.0413 3360 dot3svc - ok
    20:33:29.0444 3360 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
    20:33:29.0459 3360 DPS - ok
    20:33:29.0491 3360 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    20:33:29.0491 3360 drmkaud - ok
    20:33:29.0584 3360 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    20:33:29.0600 3360 DXGKrnl - ok
    20:33:29.0647 3360 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
    20:33:29.0663 3360 EapHost - ok
    20:33:29.0944 3360 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
    20:33:30.0038 3360 ebdrv - ok
    20:33:30.0091 3360 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
    20:33:30.0107 3360 EFS - ok
    20:33:30.0201 3360 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    20:33:30.0216 3360 ehRecvr - ok
    20:33:30.0248 3360 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
    20:33:30.0248 3360 ehSched - ok
    20:33:30.0310 3360 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
    20:33:30.0326 3360 elxstor - ok
    20:33:30.0357 3360 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
    20:33:30.0357 3360 ErrDev - ok
    20:33:30.0451 3360 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
    20:33:30.0466 3360 EventSystem - ok
    20:33:30.0498 3360 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
    20:33:30.0513 3360 exfat - ok
    20:33:30.0544 3360 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    20:33:30.0560 3360 fastfat - ok
    20:33:30.0638 3360 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
    20:33:30.0654 3360 Fax - ok
    20:33:30.0701 3360 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    20:33:30.0701 3360 fdc - ok
    20:33:30.0732 3360 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
    20:33:30.0748 3360 fdPHost - ok
    20:33:30.0763 3360 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
    20:33:30.0779 3360 FDResPub - ok
    20:33:30.0794 3360 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    20:33:30.0794 3360 FileInfo - ok
    20:33:30.0826 3360 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    20:33:30.0826 3360 Filetrace - ok
    20:33:30.0857 3360 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    20:33:30.0857 3360 flpydisk - ok
    20:33:30.0919 3360 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    20:33:30.0919 3360 FltMgr - ok
    20:33:31.0013 3360 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
    20:33:31.0044 3360 FontCache - ok
    20:33:31.0126 3360 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    20:33:31.0142 3360 FontCache3.0.0.0 - ok
    20:33:31.0173 3360 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    20:33:31.0173 3360 FsDepends - ok
    20:33:31.0220 3360 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    20:33:31.0220 3360 Fs_Rec - ok
    20:33:31.0267 3360 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    20:33:31.0283 3360 fvevol - ok
    20:33:31.0314 3360 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    20:33:31.0330 3360 gagp30kx - ok
    20:33:31.0376 3360 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    20:33:31.0392 3360 GEARAspiWDM - ok
    20:33:31.0486 3360 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
    20:33:31.0501 3360 gpsvc - ok
    20:33:31.0564 3360 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    20:33:31.0564 3360 gupdate - ok
    20:33:31.0595 3360 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    20:33:31.0595 3360 gupdatem - ok
    20:33:31.0626 3360 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    20:33:31.0626 3360 hcw85cir - ok
    20:33:31.0658 3360 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    20:33:31.0658 3360 HDAudBus - ok
    20:33:31.0689 3360 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
    20:33:31.0689 3360 HidBatt - ok
    20:33:31.0720 3360 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    20:33:31.0720 3360 HidBth - ok
    20:33:31.0767 3360 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
    20:33:31.0767 3360 HidIr - ok
    20:33:31.0798 3360 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
    20:33:31.0798 3360 hidserv - ok
    20:33:31.0845 3360 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    20:33:31.0845 3360 HidUsb - ok
    20:33:31.0876 3360 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
    20:33:31.0892 3360 hkmsvc - ok
    20:33:31.0939 3360 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    20:33:31.0955 3360 HomeGroupListener - ok
    20:33:32.0001 3360 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    20:33:32.0001 3360 HomeGroupProvider - ok
    20:33:32.0048 3360 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    20:33:32.0064 3360 HpSAMD - ok
    20:33:32.0130 3360 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    20:33:32.0146 3360 HTTP - ok
    20:33:32.0162 3360 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    20:33:32.0177 3360 hwpolicy - ok
    20:33:32.0208 3360 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    20:33:32.0208 3360 i8042prt - ok
    20:33:32.0271 3360 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    20:33:32.0271 3360 iaStorV - ok
    20:33:32.0380 3360 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    20:33:32.0412 3360 idsvc - ok
    20:33:32.0458 3360 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    20:33:32.0458 3360 iirsp - ok
    20:33:32.0537 3360 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
    20:33:32.0552 3360 IKEEXT - ok
    20:33:32.0599 3360 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
    20:33:32.0599 3360 intelide - ok
    20:33:32.0630 3360 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    20:33:32.0646 3360 intelppm - ok
    20:33:32.0693 3360 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    20:33:32.0708 3360 IPBusEnum - ok
    20:33:32.0740 3360 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    20:33:32.0740 3360 IpFilterDriver - ok
    20:33:32.0771 3360 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    20:33:32.0771 3360 IPMIDRV - ok
    20:33:32.0802 3360 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    20:33:32.0818 3360 IPNAT - ok
    20:33:32.0927 3360 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    20:33:32.0958 3360 iPod Service - ok
    20:33:33.0005 3360 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
    20:33:33.0021 3360 IRENUM - ok
    20:33:33.0052 3360 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    20:33:33.0052 3360 isapnp - ok
    20:33:33.0130 3360 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    20:33:33.0130 3360 iScsiPrt - ok
    20:33:33.0193 3360 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    20:33:33.0193 3360 kbdclass - ok
    20:33:33.0255 3360 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    20:33:33.0255 3360 kbdhid - ok
    20:33:33.0287 3360 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
    20:33:33.0302 3360 KeyIso - ok
    20:33:33.0365 3360 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    20:33:33.0365 3360 KSecDD - ok
    20:33:33.0412 3360 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    20:33:33.0412 3360 KSecPkg - ok
    20:33:33.0490 3360 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
    20:33:33.0505 3360 KtmRm - ok
    20:33:33.0599 3360 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
    20:33:33.0615 3360 LanmanServer - ok
    20:33:33.0693 3360 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    20:33:33.0708 3360 LanmanWorkstation - ok
    20:33:33.0802 3360 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    20:33:33.0802 3360 lltdio - ok
    20:33:33.0896 3360 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
    20:33:33.0896 3360 lltdsvc - ok
    20:33:33.0943 3360 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
    20:33:33.0943 3360 lmhosts - ok
    20:33:34.0005 3360 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    20:33:34.0005 3360 LSI_FC - ok
    20:33:34.0037 3360 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    20:33:34.0037 3360 LSI_SAS - ok
    20:33:34.0068 3360 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
    20:33:34.0068 3360 LSI_SAS2 - ok
    20:33:34.0115 3360 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    20:33:34.0115 3360 LSI_SCSI - ok
    20:33:34.0167 3360 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
    20:33:34.0167 3360 luafv - ok
    20:33:34.0214 3360 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    20:33:34.0214 3360 Mcx2Svc - ok
    20:33:34.0246 3360 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
    20:33:34.0246 3360 megasas - ok
    20:33:34.0292 3360 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
    20:33:34.0308 3360 MegaSR - ok
    20:33:34.0386 3360 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
    20:33:34.0386 3360 Microsoft Office Groove Audit Service - ok
    20:33:34.0433 3360 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
    20:33:34.0449 3360 MMCSS - ok
    20:33:34.0464 3360 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
    20:33:34.0480 3360 Modem - ok
    20:33:34.0511 3360 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    20:33:34.0527 3360 monitor - ok
    20:33:34.0558 3360 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    20:33:34.0558 3360 mouclass - ok
    20:33:34.0589 3360 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    20:33:34.0605 3360 mouhid - ok
    20:33:34.0652 3360 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    20:33:34.0652 3360 mountmgr - ok
    20:33:34.0746 3360 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    20:33:34.0746 3360 MozillaMaintenance - ok
    20:33:34.0839 3360 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
    20:33:34.0839 3360 MpFilter - ok
    20:33:34.0886 3360 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
    20:33:34.0886 3360 mpio - ok
    20:33:35.0011 3360 [ A69630D039C38018689190234F866D77 ] MpKsle639879e C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FA114E4E-F5F5-4D92-9D05-10AA4E315944}\MpKsle639879e.sys
    20:33:35.0011 3360 MpKsle639879e - ok
    20:33:35.0027 3360 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    20:33:35.0042 3360 mpsdrv - ok
    20:33:35.0074 3360 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    20:33:35.0089 3360 MRxDAV - ok
    20:33:35.0136 3360 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    20:33:35.0136 3360 mrxsmb - ok
    20:33:35.0184 3360 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    20:33:35.0184 3360 mrxsmb10 - ok
    20:33:35.0231 3360 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    20:33:35.0231 3360 mrxsmb20 - ok
    20:33:35.0262 3360 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
    20:33:35.0262 3360 msahci - ok
    20:33:35.0293 3360 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    20:33:35.0309 3360 msdsm - ok
    20:33:35.0340 3360 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
    20:33:35.0340 3360 MSDTC - ok
    20:33:35.0387 3360 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
    20:33:35.0387 3360 Msfs - ok
    20:33:35.0434 3360 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    20:33:35.0434 3360 mshidkmdf - ok
    20:33:35.0450 3360 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    20:33:35.0465 3360 msisadrv - ok
    20:33:35.0512 3360 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    20:33:35.0512 3360 MSiSCSI - ok
    20:33:35.0543 3360 msiserver - ok
    20:33:35.0575 3360 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    20:33:35.0575 3360 MSKSSRV - ok
    20:33:35.0668 3360 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
    20:33:35.0668 3360 MsMpSvc - ok
    20:33:35.0700 3360 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    20:33:35.0700 3360 MSPCLOCK - ok
    20:33:35.0731 3360 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    20:33:35.0731 3360 MSPQM - ok
    20:33:35.0778 3360 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    20:33:35.0793 3360 MsRPC - ok
    20:33:35.0825 3360 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    20:33:35.0825 3360 mssmbios - ok
    20:33:35.0840 3360 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    20:33:35.0856 3360 MSTEE - ok
    20:33:36.0184 3360 [ 70E994D23895DF6B1EE1E70145299FCF ] msvsmon90 C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe
    20:33:36.0278 3360 msvsmon90 - ok
    20:33:36.0325 3360 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
    20:33:36.0340 3360 MTConfig - ok
    20:33:36.0372 3360 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
    20:33:36.0372 3360 Mup - ok
    20:33:36.0450 3360 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
    20:33:36.0465 3360 napagent - ok
    20:33:36.0543 3360 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    20:33:36.0543 3360 NativeWifiP - ok
    20:33:36.0637 3360 [ E7C54812A2AAF43316EB6930C1FFA108 ] NDIS C:\Windows\system32\drivers\ndis.sys
    20:33:36.0668 3360 NDIS - ok
    20:33:36.0700 3360 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    20:33:36.0700 3360 NdisCap - ok
    20:33:36.0747 3360 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    20:33:36.0747 3360 NdisTapi - ok
    20:33:36.0778 3360 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    20:33:36.0778 3360 Ndisuio - ok
    20:33:36.0809 3360 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    20:33:36.0809 3360 NdisWan - ok
    20:33:36.0840 3360 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    20:33:36.0840 3360 NDProxy - ok
    20:33:36.0887 3360 [ 1352E1648213551923A0A822E441553C ] Netaapl C:\Windows\system32\DRIVERS\netaapl.sys
    20:33:36.0918 3360 Netaapl - ok
    20:33:36.0934 3360 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    20:33:36.0950 3360 NetBIOS - ok
    20:33:36.0981 3360 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    20:33:36.0981 3360 NetBT - ok
    20:33:36.0997 3360 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
    20:33:37.0012 3360 Netlogon - ok
    20:33:37.0090 3360 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
    20:33:37.0090 3360 Netman - ok
    20:33:37.0168 3360 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
    20:33:37.0168 3360 netprofm - ok
    20:33:37.0215 3360 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    20:33:37.0215 3360 NetTcpPortSharing - ok
    20:33:37.0262 3360 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    20:33:37.0262 3360 nfrd960 - ok
    20:33:37.0325 3360 [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    20:33:37.0340 3360 NisDrv - ok
    20:33:37.0387 3360 [ 3B846434055F80D9E89D0742F3ADAD34 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
    20:33:37.0403 3360 NisSrv - ok
    20:33:37.0465 3360 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
    20:33:37.0465 3360 NlaSvc - ok
    20:33:37.0497 3360 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
    20:33:37.0497 3360 Npfs - ok
    20:33:37.0528 3360 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
    20:33:37.0528 3360 nsi - ok
    20:33:37.0575 3360 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    20:33:37.0575 3360 nsiproxy - ok
    20:33:37.0731 3360 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    20:33:37.0762 3360 Ntfs - ok
    20:33:37.0793 3360 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
    20:33:37.0793 3360 Null - ok
    20:33:37.0840 3360 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    20:33:37.0840 3360 nvraid - ok
    20:33:37.0887 3360 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    20:33:37.0887 3360 nvstor - ok
    20:33:37.0934 3360 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    20:33:37.0950 3360 nv_agp - ok
    20:33:38.0043 3360 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    20:33:38.0043 3360 odserv - ok
    20:33:38.0075 3360 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    20:33:38.0075 3360 ohci1394 - ok
    20:33:38.0137 3360 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    20:33:38.0137 3360 ose - ok
    20:33:38.0232 3360 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    20:33:38.0248 3360 p2pimsvc - ok
    20:33:38.0310 3360 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
    20:33:38.0326 3360 p2psvc - ok
    20:33:38.0388 3360 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    20:33:38.0388 3360 Parport - ok
    20:33:38.0451 3360 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
    20:33:38.0451 3360 partmgr - ok
     
  10. Iván Campos

    Iván Campos TS Rookie Topic Starter Posts: 23

    TDSKiller, part 2

    20:33:38.0466 3360 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
    20:33:38.0482 3360 Parvdm - ok
    20:33:38.0513 3360 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
    20:33:38.0529 3360 PcaSvc - ok
    20:33:38.0576 3360 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
    20:33:38.0576 3360 pci - ok
    20:33:38.0607 3360 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
    20:33:38.0623 3360 pciide - ok
    20:33:38.0669 3360 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    20:33:38.0685 3360 pcmcia - ok
    20:33:38.0716 3360 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
    20:33:38.0716 3360 pcw - ok
    20:33:38.0794 3360 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    20:33:38.0810 3360 PEAUTH - ok
    20:33:38.0935 3360 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
    20:33:38.0982 3360 PeerDistSvc - ok
    20:33:39.0185 3360 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
    20:33:39.0249 3360 pla - ok
    20:33:39.0327 3360 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    20:33:39.0342 3360 PlugPlay - ok
    20:33:39.0374 3360 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    20:33:39.0389 3360 PNRPAutoReg - ok
    20:33:39.0436 3360 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    20:33:39.0436 3360 PNRPsvc - ok
    20:33:39.0499 3360 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    20:33:39.0514 3360 PolicyAgent - ok
    20:33:39.0561 3360 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
    20:33:39.0561 3360 Power - ok
    20:33:39.0608 3360 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    20:33:39.0624 3360 PptpMiniport - ok
    20:33:39.0655 3360 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
    20:33:39.0655 3360 Processor - ok
    20:33:39.0733 3360 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
    20:33:39.0733 3360 ProfSvc - ok
    20:33:39.0764 3360 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
    20:33:39.0764 3360 ProtectedStorage - ok
    20:33:39.0795 3360 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    20:33:39.0811 3360 Psched - ok
    20:33:39.0952 3360 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    20:33:39.0983 3360 ql2300 - ok
    20:33:40.0030 3360 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    20:33:40.0030 3360 ql40xx - ok
    20:33:40.0092 3360 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
    20:33:40.0108 3360 QWAVE - ok
    20:33:40.0139 3360 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    20:33:40.0139 3360 QWAVEdrv - ok
    20:33:40.0170 3360 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    20:33:40.0186 3360 RasAcd - ok
    20:33:40.0217 3360 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    20:33:40.0217 3360 RasAgileVpn - ok
    20:33:40.0287 3360 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
    20:33:40.0287 3360 RasAuto - ok
    20:33:40.0333 3360 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    20:33:40.0333 3360 Rasl2tp - ok
    20:33:40.0396 3360 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
    20:33:40.0412 3360 RasMan - ok
    20:33:40.0443 3360 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    20:33:40.0443 3360 RasPppoe - ok
    20:33:40.0490 3360 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    20:33:40.0490 3360 RasSstp - ok
    20:33:40.0537 3360 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    20:33:40.0552 3360 rdbss - ok
    20:33:40.0583 3360 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    20:33:40.0583 3360 rdpbus - ok
    20:33:40.0615 3360 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    20:33:40.0630 3360 RDPCDD - ok
    20:33:40.0677 3360 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
    20:33:40.0693 3360 RDPDR - ok
    20:33:40.0724 3360 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    20:33:40.0724 3360 RDPENCDD - ok
    20:33:40.0771 3360 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    20:33:40.0771 3360 RDPREFMP - ok
    20:33:40.0833 3360 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    20:33:40.0833 3360 RDPWD - ok
    20:33:40.0912 3360 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    20:33:40.0912 3360 rdyboost - ok
    20:33:40.0958 3360 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
    20:33:40.0974 3360 RemoteAccess - ok
    20:33:41.0021 3360 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    20:33:41.0037 3360 RemoteRegistry - ok
    20:33:41.0068 3360 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
    20:33:41.0083 3360 RFCOMM - ok
    20:33:41.0130 3360 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    20:33:41.0130 3360 RpcEptMapper - ok
    20:33:41.0177 3360 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
    20:33:41.0193 3360 RpcLocator - ok
    20:33:41.0255 3360 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
    20:33:41.0255 3360 RpcSs - ok
    20:33:41.0320 3360 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    20:33:41.0320 3360 rspndr - ok
    20:33:41.0351 3360 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
    20:33:41.0367 3360 s3cap - ok
    20:33:41.0398 3360 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
    20:33:41.0398 3360 SamSs - ok
    20:33:41.0445 3360 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    20:33:41.0445 3360 sbp2port - ok
    20:33:41.0507 3360 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
    20:33:41.0507 3360 SCardSvr - ok
    20:33:41.0554 3360 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    20:33:41.0554 3360 scfilter - ok
    20:33:41.0648 3360 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
    20:33:41.0679 3360 Schedule - ok
    20:33:41.0710 3360 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
    20:33:41.0726 3360 SCPolicySvc - ok
    20:33:41.0757 3360 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    20:33:41.0773 3360 SDRSVC - ok
    20:33:41.0820 3360 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    20:33:41.0820 3360 secdrv - ok
    20:33:41.0851 3360 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
    20:33:41.0851 3360 seclogon - ok
    20:33:41.0914 3360 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
    20:33:41.0914 3360 SENS - ok
    20:33:41.0960 3360 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
    20:33:41.0976 3360 SensrSvc - ok
    20:33:42.0007 3360 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    20:33:42.0007 3360 Serenum - ok
    20:33:42.0054 3360 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    20:33:42.0070 3360 Serial - ok
    20:33:42.0101 3360 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
    20:33:42.0101 3360 sermouse - ok
    20:33:42.0195 3360 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
    20:33:42.0210 3360 SessionEnv - ok
    20:33:42.0242 3360 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    20:33:42.0242 3360 sffdisk - ok
    20:33:42.0273 3360 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    20:33:42.0273 3360 sffp_mmc - ok
    20:33:42.0326 3360 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    20:33:42.0326 3360 sffp_sd - ok
    20:33:42.0357 3360 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    20:33:42.0357 3360 sfloppy - ok
    20:33:42.0451 3360 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    20:33:42.0466 3360 ShellHWDetection - ok
    20:33:42.0513 3360 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
    20:33:42.0513 3360 sisagp - ok
    20:33:42.0560 3360 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
    20:33:42.0560 3360 SiSRaid2 - ok
    20:33:42.0607 3360 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    20:33:42.0607 3360 SiSRaid4 - ok
    20:33:42.0654 3360 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
    20:33:42.0669 3360 Smb - ok
    20:33:42.0732 3360 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    20:33:42.0748 3360 SNMPTRAP - ok
    20:33:42.0779 3360 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
    20:33:42.0779 3360 spldr - ok
    20:33:42.0841 3360 [ 866A43013535DC8587C258E43579C764 ] Spooler C:\Windows\System32\spoolsv.exe
    20:33:42.0857 3360 Spooler - ok
    20:33:43.0123 3360 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
    20:33:43.0216 3360 sppsvc - ok
    20:33:43.0263 3360 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    20:33:43.0263 3360 sppuinotify - ok
    20:33:43.0389 3360 [ 0022CFFF1A41E5CE3A764050A7DDF22A ] sptd C:\Windows\System32\Drivers\sptd.sys
    20:33:43.0405 3360 sptd - ok
    20:33:43.0467 3360 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
    20:33:43.0483 3360 srv - ok
    20:33:43.0530 3360 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    20:33:43.0545 3360 srv2 - ok
    20:33:43.0577 3360 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    20:33:43.0592 3360 srvnet - ok
    20:33:43.0639 3360 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
    20:33:43.0639 3360 ssadbus - ok
    20:33:43.0686 3360 [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
    20:33:43.0702 3360 ssadmdfl - ok
    20:33:43.0733 3360 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
    20:33:43.0733 3360 ssadmdm - ok
    20:33:43.0795 3360 [ 1A5A397BC459F346AB56492B61EF79F6 ] ssadserd C:\Windows\system32\DRIVERS\ssadserd.sys
    20:33:43.0795 3360 ssadserd - ok
    20:33:43.0858 3360 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    20:33:43.0874 3360 SSDPSRV - ok
    20:33:43.0920 3360 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
    20:33:43.0920 3360 SstpSvc - ok
    20:33:44.0030 3360 [ E5C796B621F6FBA8616511063D7F0FFE ] StarWindServiceAE C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
    20:33:44.0030 3360 StarWindServiceAE - ok
    20:33:44.0077 3360 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
    20:33:44.0092 3360 stexstor - ok
    20:33:44.0170 3360 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
    20:33:44.0186 3360 StiSvc - ok
    20:33:44.0233 3360 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
    20:33:44.0233 3360 storflt - ok
    20:33:44.0280 3360 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
    20:33:44.0295 3360 StorSvc - ok
    20:33:44.0327 3360 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
    20:33:44.0327 3360 storvsc - ok
    20:33:44.0396 3360 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    20:33:44.0396 3360 swenum - ok
    20:33:44.0537 3360 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    20:33:44.0708 3360 SwitchBoard - ok
    20:33:44.0771 3360 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
    20:33:44.0787 3360 swprv - ok
    20:33:44.0896 3360 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
    20:33:44.0943 3360 SysMain - ok
    20:33:44.0990 3360 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
    20:33:44.0990 3360 TabletInputService - ok
    20:33:45.0208 3360 [ 1FF41723B6CF6EF0D2456691B75131BB ] TabletServicePen C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    20:33:45.0349 3360 TabletServicePen - ok
    20:33:45.0427 3360 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
    20:33:45.0443 3360 TapiSrv - ok
    20:33:45.0474 3360 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
    20:33:45.0490 3360 TBS - ok
    20:33:45.0630 3360 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    20:33:45.0677 3360 Tcpip - ok
    20:33:45.0818 3360 [ 7FA2E0F8B072BD04B77B421480B6CC22 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    20:33:45.0833 3360 TCPIP6 - ok
    20:33:45.0896 3360 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    20:33:45.0912 3360 tcpipreg - ok
    20:33:45.0958 3360 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    20:33:45.0958 3360 TDPIPE - ok
    20:33:46.0005 3360 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    20:33:46.0005 3360 TDTCP - ok
    20:33:46.0052 3360 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    20:33:46.0052 3360 tdx - ok
    20:33:46.0318 3360 [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7 C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
    20:33:46.0349 3360 TeamViewer7 - ok
    20:33:46.0414 3360 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    20:33:46.0429 3360 TermDD - ok
    20:33:46.0507 3360 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
    20:33:46.0539 3360 TermService - ok
    20:33:46.0570 3360 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
    20:33:46.0585 3360 Themes - ok
    20:33:46.0617 3360 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
    20:33:46.0617 3360 THREADORDER - ok
    20:33:46.0695 3360 [ C17EA46C3326A951DC3B8E883D661E0C ] TouchServicePen C:\Program Files\Tablet\Pen\Pen_TouchService.exe
    20:33:46.0789 3360 TouchServicePen - ok
    20:33:46.0867 3360 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
    20:33:46.0867 3360 TrkWks - ok
    20:33:46.0929 3360 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    20:33:46.0945 3360 TrustedInstaller - ok
    20:33:46.0976 3360 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    20:33:46.0992 3360 tssecsrv - ok
    20:33:47.0023 3360 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    20:33:47.0023 3360 TsUsbFlt - ok
    20:33:47.0070 3360 [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
    20:33:47.0070 3360 TsUsbGD - ok
    20:33:47.0117 3360 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    20:33:47.0117 3360 tunnel - ok
    20:33:47.0164 3360 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    20:33:47.0164 3360 uagp35 - ok
    20:33:47.0210 3360 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    20:33:47.0226 3360 udfs - ok
    20:33:47.0289 3360 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    20:33:47.0304 3360 UI0Detect - ok
    20:33:47.0351 3360 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    20:33:47.0351 3360 uliagpkx - ok
    20:33:47.0398 3360 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    20:33:47.0398 3360 umbus - ok
    20:33:47.0458 3360 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
    20:33:47.0458 3360 UmPass - ok
    20:33:47.0521 3360 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
    20:33:47.0521 3360 UmRdpService - ok
    20:33:47.0599 3360 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
    20:33:47.0615 3360 upnphost - ok
    20:33:47.0677 3360 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
    20:33:47.0724 3360 USBAAPL - ok
    20:33:47.0771 3360 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    20:33:47.0849 3360 usbaudio - ok
    20:33:47.0896 3360 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    20:33:47.0974 3360 usbccgp - ok
    20:33:48.0005 3360 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    20:33:48.0021 3360 usbcir - ok
    20:33:48.0052 3360 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    20:33:48.0052 3360 usbehci - ok
    20:33:48.0130 3360 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    20:33:48.0146 3360 usbhub - ok
    20:33:48.0193 3360 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    20:33:48.0193 3360 usbohci - ok
    20:33:48.0240 3360 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    20:33:48.0240 3360 usbprint - ok
    20:33:48.0287 3360 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    20:33:48.0287 3360 usbscan - ok
    20:33:48.0318 3360 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    20:33:48.0333 3360 USBSTOR - ok
    20:33:48.0365 3360 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    20:33:48.0365 3360 usbuhci - ok
    20:33:48.0412 3360 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
    20:33:48.0412 3360 UxSms - ok
    20:33:48.0458 3360 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
    20:33:48.0458 3360 VaultSvc - ok
    20:33:48.0505 3360 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    20:33:48.0505 3360 vdrvroot - ok
    20:33:48.0568 3360 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
    20:33:48.0583 3360 vds - ok
    20:33:48.0630 3360 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    20:33:48.0630 3360 vga - ok
    20:33:48.0662 3360 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
    20:33:48.0662 3360 VgaSave - ok
    20:33:48.0708 3360 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    20:33:48.0708 3360 vhdmp - ok
    20:33:48.0755 3360 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
    20:33:48.0755 3360 viaagp - ok
    20:33:48.0787 3360 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
    20:33:48.0787 3360 ViaC7 - ok
    20:33:48.0818 3360 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
    20:33:48.0833 3360 viaide - ok
    20:33:48.0880 3360 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
    20:33:48.0880 3360 vmbus - ok
    20:33:48.0912 3360 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
    20:33:48.0912 3360 VMBusHID - ok
    20:33:48.0958 3360 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    20:33:48.0958 3360 volmgr - ok
    20:33:49.0021 3360 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    20:33:49.0021 3360 volmgrx - ok
    20:33:49.0068 3360 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    20:33:49.0068 3360 volsnap - ok
    20:33:49.0130 3360 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    20:33:49.0130 3360 vsmraid - ok
    20:33:49.0240 3360 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
    20:33:49.0287 3360 VSS - ok
    20:33:49.0318 3360 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    20:33:49.0318 3360 vwifibus - ok
    20:33:49.0349 3360 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    20:33:49.0365 3360 vwififlt - ok
    20:33:49.0396 3360 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
    20:33:49.0396 3360 vwifimp - ok
    20:33:49.0443 3360 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
    20:33:49.0458 3360 W32Time - ok
    20:33:49.0505 3360 [ 427A8BC96F16C40DF81C2D2F4EDD32DD ] wacommousefilter C:\Windows\system32\DRIVERS\wacommousefilter.sys
    20:33:49.0521 3360 wacommousefilter - ok
    20:33:49.0552 3360 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    20:33:49.0552 3360 WacomPen - ok
    20:33:49.0599 3360 [ 846B58EA44BF8C92E4B59F4E2252C4C0 ] wacomvhid C:\Windows\system32\DRIVERS\wacomvhid.sys
    20:33:49.0599 3360 wacomvhid - ok
    20:33:49.0646 3360 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    20:33:49.0646 3360 WANARP - ok
    20:33:49.0677 3360 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    20:33:49.0677 3360 Wanarpv6 - ok
    20:33:49.0833 3360 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    20:33:49.0880 3360 WatAdminSvc - ok
    20:33:50.0021 3360 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
    20:33:50.0052 3360 wbengine - ok
    20:33:50.0099 3360 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    20:33:50.0115 3360 WbioSrvc - ok
    20:33:50.0162 3360 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
    20:33:50.0177 3360 wcncsvc - ok
    20:33:50.0193 3360 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    20:33:50.0208 3360 WcsPlugInService - ok
    20:33:50.0255 3360 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
    20:33:50.0255 3360 Wd - ok
    20:33:50.0318 3360 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    20:33:50.0318 3360 Wdf01000 - ok
    20:33:50.0349 3360 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
    20:33:50.0365 3360 WdiServiceHost - ok
    20:33:50.0396 3360 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
    20:33:50.0412 3360 WdiSystemHost - ok
    20:33:50.0475 3360 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
    20:33:50.0491 3360 WebClient - ok
    20:33:50.0522 3360 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
    20:33:50.0538 3360 Wecsvc - ok
    20:33:50.0569 3360 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
    20:33:50.0584 3360 wercplsupport - ok
    20:33:50.0631 3360 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
    20:33:50.0631 3360 WerSvc - ok
    20:33:50.0678 3360 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    20:33:50.0678 3360 WfpLwf - ok
    20:33:50.0725 3360 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    20:33:50.0725 3360 WIMMount - ok
    20:33:50.0756 3360 WinHttpAutoProxySvc - ok
    20:33:50.0834 3360 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    20:33:50.0850 3360 Winmgmt - ok
    20:33:50.0975 3360 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
    20:33:51.0022 3360 WinRM - ok
    20:33:51.0116 3360 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    20:33:51.0163 3360 WinUsb - ok
    20:33:51.0272 3360 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
    20:33:51.0303 3360 Wlansvc - ok
    20:33:51.0350 3360 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    20:33:51.0350 3360 WmiAcpi - ok
    20:33:51.0413 3360 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    20:33:51.0428 3360 wmiApSrv - ok
    20:33:51.0585 3360 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
    20:33:51.0632 3360 WMPNetworkSvc - ok
    20:33:51.0679 3360 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
    20:33:51.0695 3360 WPCSvc - ok
    20:33:51.0742 3360 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    20:33:51.0757 3360 WPDBusEnum - ok
    20:33:51.0789 3360 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    20:33:51.0789 3360 ws2ifsl - ok
    20:33:51.0820 3360 WSearch - ok
    20:33:52.0054 3360 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
    20:33:52.0117 3360 wuauserv - ok
    20:33:52.0164 3360 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    20:33:52.0164 3360 WudfPf - ok
    20:33:52.0226 3360 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    20:33:52.0226 3360 WUDFRd - ok
    20:33:52.0289 3360 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    20:33:52.0289 3360 wudfsvc - ok
    20:33:52.0335 3360 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
    20:33:52.0351 3360 WwanSvc - ok
    20:33:52.0429 3360 [ 30B73EB97218A16CBC6DE535782A1B35 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x86.sys
    20:33:52.0445 3360 yukonw7 - ok
    20:33:52.0507 3360 ================ Scan global ===============================
    20:33:52.0554 3360 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
    20:33:52.0601 3360 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
    20:33:52.0632 3360 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll
    20:33:52.0664 3360 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
    20:33:52.0726 3360 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
    20:33:52.0757 3360 [Global] - ok
    20:33:52.0757 3360 ================ Scan MBR ==================================
    20:33:52.0789 3360 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    20:33:53.0148 3360 \Device\Harddisk0\DR0 - ok
    20:33:53.0148 3360 ================ Scan VBR ==================================
    20:33:53.0148 3360 [ 27959597D0FE6987D7D3C45C23842FA3 ] \Device\Harddisk0\DR0\Partition1
    20:33:53.0164 3360 \Device\Harddisk0\DR0\Partition1 - ok
    20:33:53.0164 3360 [ 55CF30221AA105CE8D0D4374277412E4 ] \Device\Harddisk0\DR0\Partition2
    20:33:53.0179 3360 \Device\Harddisk0\DR0\Partition2 - ok
    20:33:53.0195 3360 [ 4E3005B4AE9669091DF303DD1BCE294D ] \Device\Harddisk0\DR0\Partition3
    20:33:53.0195 3360 \Device\Harddisk0\DR0\Partition3 - ok
    20:33:53.0195 3360 ============================================================
    20:33:53.0195 3360 Scan finished
    20:33:53.0195 3360 ============================================================
    20:33:53.0226 3912 Detected object count: 0
    20:33:53.0226 3912 Actual detected object count: 0
    20:34:02.0529 3764 Deinitialize success
     
  11. Iván Campos

    Iván Campos TS Rookie Topic Starter Posts: 23

    Third stage: MBAM finished scan with no threats

    Log:

    Malwarebytes Anti-Malware (Versión de Prueba) 1.65.0.1400
    www.malwarebytes.org

    Versión de la Base de Datos: v2012.10.14.05

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Pikis :: PIKIS-PCHOME [administrador]

    Protección: Habilitado

    14/10/2012 20:50:35
    mbam-log-2012-10-14 (20-50-35).txt

    Tipos de Análisis: Análisis Rápido
    Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
    Opciones de análisis desactivados: P2P
    Objetos examinados: 201905
    Tiempo transcurrido: 7 minuto(s), 45 segundo(s)

    Procesos en Memoria Detectados: 0
    (No se han detectado elementos maliciosos)

    Módulos de Memoria Detectados: 0
    (No se han detectado elementos maliciosos)

    Claves del Registro Detectados: 0
    (No se han detectado elementos maliciosos)

    Valores del Registro Detectados: 0
    (No se han detectado elementos maliciosos)

    Elementos de Datos del Registro Detectados: 0
    (No se han detectado elementos maliciosos)

    Carpetas Detectadas: 0
    (No se han detectado elementos maliciosos)

    Archivos Detectados: 0
    (No se han detectado elementos maliciosos)

    fin)
     
  12. Iván Campos

    Iván Campos TS Rookie Topic Starter Posts: 23

    Fourth stage: aswMBR

    Log:

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-14 21:01:30
    -----------------------------
    21:01:30.752 OS Version: Windows 6.1.7601 Service Pack 1
    21:01:30.752 Number of processors: 2 586 0x304
    21:01:30.768 ComputerName: PIKIS-PCHOME UserName: Pikis
    21:01:32.191 Initialize success
    21:24:28.780 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    21:24:28.780 Disk 0 Vendor: ST3200822AS 3.01 Size: 190782MB BusType: 3
    21:24:28.811 Disk 0 MBR read successfully
    21:24:28.811 Disk 0 MBR scan
    21:24:28.811 Disk 0 Windows 7 default MBR code
    21:24:28.827 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 20002 MB offset 63
    21:24:28.842 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 40000 MB offset 40966144
    21:24:28.858 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 110400 MB offset 122886144
    21:24:28.873 Disk 0 scanning sectors +348985344
    21:24:28.920 Disk 0 scanning C:\Windows\system32\drivers
    21:24:36.597 Service scanning
    21:24:42.989 Service MpKsle639879e C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FA114E4E-F5F5-4D92-9D05-10AA4E315944}\MpKsle639879e.sys **LOCKED** 32
    21:24:51.161 Modules scanning
    21:25:12.991 Disk 0 trace - called modules:
    21:25:13.022
    21:25:13.022 Scan finished successfully
    21:25:28.727 Disk 0 MBR has been saved successfully to "C:\Users\Pikis\Desktop\MBR.dat"
    21:25:28.743 The log file has been saved successfully to "C:\Users\Pikis\Desktop\aswMBR.txt"
     
  13. Iván Campos

    Iván Campos TS Rookie Topic Starter Posts: 23

    Great help! Things are really going well!

    Restarted the pc, and perform a quick scan with MSE. Seems to be right...

    But when I started to update windows, leaves and error 80246008, and don't download the updates...

    Thank you so much!
     
  14. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Please observe my rules:
    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ===============================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If restarting doesn't help use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  15. Iván Campos

    Iván Campos TS Rookie Topic Starter Posts: 23

    Oops. New apologies.

    Combofix is running in the infected pc. Actually in stage_50
     
  16. Iván Campos

    Iván Campos TS Rookie Topic Starter Posts: 23

    Here's the Combofix log:

    ComboFix 12-10-14.03 - Pikis 14/10/2012 22:45:42.1.2 - x86
    Microsoft Windows 7 Professional 6.1.7601.1.1252.34.3082.18.2942.2006 [GMT 2:00]
    Running from: c:\users\Pikis\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Public\sdelevURL.tmp
    c:\windows\system\Pncrt.dll
    c:\windows\system32\muzapp.exe
    c:\windows\system32\System32\MASetupCleaner.exe
    c:\windows\system32\System32\muzapp.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-14 to 2012-10-14 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-14 19:32 . 2012-10-14 19:32 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FA114E4E-F5F5-4D92-9D05-10AA4E315944}\MpKsld331e64e.sys
    2012-10-14 19:30 . 2012-10-14 21:20 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FA114E4E-F5F5-4D92-9D05-10AA4E315944}\offreg.dll
    2012-10-14 18:49 . 2012-10-14 18:49 -------- d-----w- c:\users\Pikis\AppData\Roaming\Malwarebytes
    2012-10-14 18:48 . 2012-10-14 18:48 -------- d-----w- c:\programdata\Malwarebytes
    2012-10-14 18:48 . 2012-10-14 18:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-10-14 18:48 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-10-14 16:06 . 2012-10-14 16:06 -------- d-----w- C:\FRST
    2012-10-14 14:50 . 2012-10-14 14:50 -------- d-----w- c:\users\Pikis\AppData\Roaming\QuickScan
    2012-10-14 09:00 . 2012-09-18 22:59 6980552 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FA114E4E-F5F5-4D92-9D05-10AA4E315944}\mpengine.dll
    2012-10-07 18:13 . 2012-10-07 18:13 -------- d-----w- c:\program files\PILAR_5.2
    2012-09-28 10:05 . 2012-09-28 10:51 -------- d-----w- C:\GrupoSP
    2012-09-28 08:24 . 2012-09-28 08:24 0 ------w- c:\users\Pikis\AppData\Local\slc3A0C.tmp
    2012-09-28 07:58 . 2012-09-28 07:58 0 ------w- c:\users\Pikis\AppData\Local\slc1C52.tmp
    2012-09-28 07:53 . 2012-09-28 07:53 0 ------w- c:\users\Pikis\AppData\Local\slcEFAD.tmp
    2012-09-28 07:49 . 2012-09-28 07:49 -------- d-----w- c:\programdata\Sage
    2012-09-28 07:45 . 2012-09-28 07:45 0 ------w- c:\users\Pikis\AppData\Local\slc43EA.tmp
    2012-09-28 07:33 . 2012-09-28 07:33 0 ------w- c:\users\Pikis\AppData\Local\slc6A7.tmp
    2012-09-28 07:28 . 2012-09-28 07:28 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
    2012-09-27 15:45 . 2012-09-27 15:45 0 ------w- c:\users\Pikis\AppData\Local\slcB31A.tmp
    2012-09-27 15:14 . 2012-09-27 15:14 0 ------w- c:\users\Pikis\AppData\Local\slc5A24.tmp
    2012-09-27 15:02 . 2012-09-27 15:02 0 ------w- c:\users\Pikis\AppData\Local\slc5EAE.tmp
    2012-09-27 14:56 . 2012-09-27 14:56 0 ------w- c:\users\Pikis\AppData\Local\slc566E.tmp
    2012-09-27 09:31 . 2012-10-10 18:50 -------- d-----w- C:\Ejercicios Facturaplus
    2012-09-27 09:05 . 2012-09-27 09:05 0 ------w- c:\users\Pikis\AppData\Local\slc8FF6.tmp
    2012-09-26 08:17 . 2012-09-26 08:17 1409 ----a-w- c:\windows\Upca.fot
    2012-09-26 08:17 . 2012-09-26 08:17 1409 ----a-w- c:\windows\Code39.fot
    2012-09-26 08:17 . 2012-09-26 08:17 1409 ----a-w- c:\windows\c128btt.fot
    2012-09-26 08:15 . 2012-09-26 08:15 -------- d-----w- c:\program files\MSXML 4.0
    2012-09-26 08:14 . 2011-10-06 11:51 4833792 ----a-w- c:\windows\system32\cdintf450.dll
    2012-09-26 08:14 . 2012-09-26 08:14 0 ------w- c:\users\Pikis\AppData\Local\slc53DE.tmp
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-10 19:45 . 2012-04-06 21:08 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-10-10 19:45 . 2012-03-21 22:40 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-08-30 20:03 . 2012-08-30 20:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    2012-08-30 20:03 . 2011-04-27 14:25 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
    2012-08-21 11:01 . 2012-09-13 21:07 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-08-21 11:01 . 2012-03-24 12:03 106928 ----a-w- c:\windows\system32\GEARAspi.dll
    2012-07-22 17:29 . 2012-07-22 17:29 338432 ----a-w- c:\windows\system32\REX Shared Library.dll
    2012-07-22 17:29 . 2012-07-22 17:29 406528 ----a-w- c:\windows\system32\ReWire.dll
    2012-07-22 17:13 . 2012-07-22 08:26 477240 ----a-w- c:\windows\system32\drivers\sptd.sys
    2012-09-28 07:28 . 2012-03-21 21:59 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\Pikis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\Pikis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\Pikis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2012-01-05 75624]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "M-Audio Taskbar Icon"="c:\windows\system32\DeltaIITray.exe" [2012-01-25 237872]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
    .
    c:\users\Pikis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Pikis\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
    2012-07-27 20:51 823224 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
    2012-07-27 20:51 36800 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
    2012-09-20 05:27 444904 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
    2011-01-12 05:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
    2012-08-27 19:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
    2010-03-25 02:50 2516296 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
    2010-04-02 08:18 1185112 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2012-07-20 09:38 116648 ----atw- c:\users\Pikis\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2009-02-26 16:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2012-09-09 21:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
    2012-07-16 04:24 21432 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
    2012-07-16 04:23 975800 ----a-w- c:\program files\Samsung\Kies\Kies.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
    2012-07-16 04:23 3524536 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
    2012-09-12 15:19 947176 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2012-01-17 09:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
    2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    .
    R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [x]
    R2 gupdate;Servicio de Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
    R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
    R3 gupdatem;Servicio de Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
    R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Inspección de red de Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
    R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
    R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
    S1 MpKsld331e64e;MpKsld331e64e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FA114E4E-F5F5-4D92-9D05-10AA4E315944}\MpKsld331e64e.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
    S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [x]
    S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
    S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [x]
    S3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\DRIVERS\MAudioDelta.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-14 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 19:45]
    .
    2012-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-04-06 21:33]
    .
    2012-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-04-06 21:33]
    .
    2012-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2186753102-28003779-2570860475-1000Core.job
    - c:\users\Pikis\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-20 09:38]
    .
    2012-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2186753102-28003779-2570860475-1000UA.job
    - c:\users\Pikis\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-20 09:38]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.es/
    uInternet Settings,ProxyOverride = *.local
    IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 80.58.61.250 80.58.61.254
    FF - ProfilePath - c:\users\Pikis\AppData\Roaming\Mozilla\Firefox\Profiles\lq793oox.default\
    FF - prefs.js: browser.startup.homepage - about:home
    FF - ExtSQL: 2012-10-14 16:50; {e001c731-5e37-4538-a5cb-8168736a2360}; c:\users\Pikis\AppData\Roaming\Mozilla\Firefox\Profiles\lq793oox.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-MobileDocuments - c:\program files\Common Files\Apple\Internet Services\ubd.exe
    MSConfigStartUp-KiesHelper - c:\program files\Samsung\Kies\KiesHelper.exe
    AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
    AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
    AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
    AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
    AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
    AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
    AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
    AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
    AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
    AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
    AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
    AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
    AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
    AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
    AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
    AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
    AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
    AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
    AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(3336)
    c:\users\Pikis\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Security Client\MsMpEng.exe
    c:\windows\system32\Ati2evxx.exe
    c:\windows\SYSTEM32\WISPTIS.EXE
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
    c:\windows\system32\taskhost.exe
    c:\program files\Tablet\Pen\Pen_TabletUser.exe
    c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
    c:\program files\Tablet\Pen\Pen_TouchUser.exe
    c:\windows\SYSTEM32\WISPTIS.EXE
    c:\program files\Common Files\microsoft shared\ink\TabTip.exe
    c:\windows\System32\rundll32.exe
    c:\program files\TeamViewer\Version7\TeamViewer.exe
    c:\windows\system32\conhost.exe
    c:\program files\TeamViewer\Version7\tv_w32.exe
    c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    .
    **************************************************************************
    .
    Completion time: 2012-10-14 23:31:13 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-10-14 21:31
    .
    Pre-Run: 1.654.951.936 bytes libres
    Post-Run: 1.994.776.576 bytes libres
    .
    - - End Of File - - 823CDEB511CF527C6EC3F450B73C0198

    Thanks again for your comprehension!
     
  17. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Looks good :)

    Any current issues?

    ========================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  18. Iván Campos

    Iván Campos TS Rookie Topic Starter Posts: 23

    Fine! I had no issues.

    OTL.txt:

    OTL logfile created on: 14/10/2012 23:57:21 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pikis\Desktop
    Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy

    2,87 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 65,76% Memory free
    5,74 Gb Paging File | 4,84 Gb Available in Paging File | 84,22% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 39,06 Gb Total Space | 1,92 Gb Free Space | 4,92% Space Free | Partition Type: NTFS
    Drive D: | 19,53 Gb Total Space | 7,04 Gb Free Space | 36,06% Space Free | Partition Type: NTFS
    Drive H: | 7,84 Gb Total Space | 7,82 Gb Free Space | 99,70% Space Free | Partition Type: FAT32
    Drive L: | 107,81 Gb Total Space | 32,60 Gb Free Space | 30,23% Space Free | Partition Type: NTFS

    Computer Name: PIKIS-PCHOME | User Name: Pikis | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/10/14 23:54:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pikis\Desktop\OTL.exe
    PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Microsoft Security Client\MsMpEng.exe
    PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/07/27 13:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Archivos de programa\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/07/16 16:31:32 | 007,445,416 | ---- | M] (TeamViewer GmbH) -- C:\Archivos de programa\TeamViewer\Version7\TeamViewer.exe
    PRC - [2012/07/16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Archivos de programa\TeamViewer\Version7\TeamViewer_Service.exe
    PRC - [2012/07/16 16:22:42 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:\Archivos de programa\TeamViewer\Version7\tv_w32.exe
    PRC - [2012/05/24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Pikis\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2011/09/08 17:48:34 | 005,554,552 | ---- | M] (Wacom Technology, Corp.) -- C:\Archivos de programa\Tablet\Pen\Pen_Tablet.exe
    PRC - [2011/09/08 17:48:34 | 003,281,272 | ---- | M] (Wacom Technology, Corp.) -- C:\Archivos de programa\Tablet\Pen\Pen_TouchUser.exe
    PRC - [2011/09/08 17:48:34 | 001,485,176 | ---- | M] (Wacom Technology, Corp.) -- C:\Archivos de programa\Tablet\Pen\Pen_TabletUser.exe
    PRC - [2011/09/08 17:48:34 | 000,451,960 | ---- | M] (Wacom Technology, Corp.) -- C:\Archivos de programa\Tablet\Pen\Pen_TouchService.exe
    PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010/11/20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Windows Media Player\wmpnetwk.exe
    PRC - [2010/11/20 23:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2009/12/23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Archivos de programa\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
    PRC - [2009/07/14 03:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Common Files\microsoft shared\ink\TabTip.exe
    PRC - [2009/07/14 03:14:21 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Common Files\microsoft shared\ink\InputPersonalization.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/09/08 17:48:36 | 000,962,936 | ---- | M] () -- C:\Archivos de programa\Tablet\Pen\libxml2.dll


    ========== Services (SafeList) ==========

    SRV - [2012/10/10 21:45:14 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/09/28 09:28:58 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Archivos de programa\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/09/12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Archivos de programa\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/07/27 13:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Archivos de programa\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/07/16 16:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Archivos de programa\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
    SRV - [2012/03/22 00:52:09 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2012/01/05 17:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Archivos de programa\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe -- (AxAutoMntSrv)
    SRV - [2011/09/08 17:48:34 | 005,554,552 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Archivos de programa\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
    SRV - [2011/09/08 17:48:34 | 000,451,960 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Archivos de programa\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
    SRV - [2011/07/20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
    SRV - [2010/11/20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Archivos de programa\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Archivos de programa\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/12/23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Archivos de programa\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
    SRV - [2009/07/14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
    SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Archivos de programa\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009/02/26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
    SRV - [2008/07/29 13:10:46 | 003,201,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
    SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Pikis\AppData\Local\Temp\mbr.sys -- (mbr)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Pikis\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ah324dxy)
    DRV - [2012/10/14 21:32:07 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FA114E4E-F5F5-4D92-9D05-10AA4E315944}\MpKsld331e64e.sys -- (MpKsld331e64e)
    DRV - [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2012/08/30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2012/07/22 19:13:49 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
    DRV - [2012/01/25 19:32:54 | 000,306,096 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MAudioDelta.sys -- (DELTAII)
    DRV - [2011/12/08 06:22:26 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
    DRV - [2011/12/08 06:22:26 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
    DRV - [2011/12/08 06:22:26 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd)
    DRV - [2011/12/08 06:22:26 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb)
    DRV - [2011/12/08 06:22:26 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
    DRV - [2011/09/08 17:49:26 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
    DRV - [2011/09/08 17:49:24 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
    DRV - [2011/08/02 17:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
    DRV - [2010/11/20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
    DRV - [2010/11/20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
    DRV - [2010/11/20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2010/11/20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010/11/20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
    DRV - [2010/11/20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV - [2010/11/20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2010/11/20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2010/05/19 04:37:34 | 001,269,760 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2010/02/11 09:42:22 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2009/09/28 10:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
    DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2186753102-28003779-2570860475-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
    IE - HKU\S-1-5-21-2186753102-28003779-2570860475-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-ES
    IE - HKU\S-1-5-21-2186753102-28003779-2570860475-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1B 48 3C D1 40 4D CD 01 [binary data]
    IE - HKU\S-1-5-21-2186753102-28003779-2570860475-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-2186753102-28003779-2570860475-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-2186753102-28003779-2570860475-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2186753102-28003779-2570860475-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "about:home"
    FF - prefs.js..extensions.enabledAddons: youtube2mp3@mondayx.de:1.2.3
    FF - prefs.js..extensions.enabledAddons: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.119
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
    FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Pikis\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Pikis\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/10/05 00:01:57 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/28 09:28:59 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/28 09:28:59 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

    [2012/03/21 23:59:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pikis\AppData\Roaming\mozilla\Extensions
    [2012/10/14 16:50:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pikis\AppData\Roaming\mozilla\Firefox\Profiles\lq793oox.default\extensions
    [2012/10/14 16:50:15 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Pikis\AppData\Roaming\mozilla\Firefox\Profiles\lq793oox.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
    [2012/04/08 12:19:35 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\Pikis\AppData\Roaming\mozilla\firefox\profiles\lq793oox.default\extensions\youtube2mp3@mondayx.de.xpi
    [2012/04/24 23:43:59 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
    [2012/09/28 09:28:59 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/09/28 09:28:57 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/07/20 11:11:49 | 000,003,882 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\drae.xml
    [2012/06/12 19:04:32 | 000,001,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-es.xml
    [2012/09/28 09:28:57 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
    [2012/06/12 19:04:32 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-es.xml
    [2012/06/12 19:04:32 | 000,001,102 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-es.xml

    ========== Chrome ==========

    CHR - homepage: about:home
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
    CHR - homepage: about:home
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Pikis\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Pikis\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Pikis\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Pikis\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - plugin: Java(TM) Platform SE 7 U3 (Enabled) = C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll
    CHR - plugin: Java Deployment Toolkit 7.0.30.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
    CHR - plugin: WacomTabletPlugin (Enabled) = C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll
    CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files\TabletPlugins\npwacom.dll
    CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - Extension: Angry Birds = C:\Users\Pikis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
    CHR - Extension: Google Drive = C:\Users\Pikis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
    CHR - Extension: TV = C:\Users\Pikis\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.11_0\
    CHR - Extension: Grooveshark = C:\Users\Pikis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blelaljgakacjdeaggpjilljobdmboff\1.7_0\
    CHR - Extension: Facebook = C:\Users\Pikis\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1.0.3_0\
    CHR - Extension: AdBlock = C:\Users\Pikis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.45_0\
    CHR - Extension: TweetDeck = C:\Users\Pikis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\1.6.2_0\
    CHR - Extension: TweetDeck = C:\Users\Pikis\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\2.0.2_0\
    CHR - Extension: PDF Cloud Herramientas = C:\Users\Pikis\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjpieolhcmajmolkhbbeljknkcdcmffk\1.0.1.4_0\
    CHR - Extension: Google Reader = C:\Users\Pikis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.3_0\
    CHR - Extension: Google Reader = C:\Users\Pikis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0\
    CHR - Extension: Gmail = C:\Users\Pikis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/10/14 23:21:15 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Archivos de programa\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Archivos de programa\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Archivos de programa\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Archivos de programa\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\DeltaIITray.exe ()
    O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\S-1-5-21-2186753102-28003779-2570860475-1000..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe (Alcohol Soft Development Team)
    O4 - Startup: C:\Users\Pikis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Pikis\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2186753102-28003779-2570860475-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2186753102-28003779-2570860475-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Archivos de programa\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Archivos de programa\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0700E41B-7348-41F6-A832-D1EA906B17F5}: DhcpNameServer = 80.58.61.250 80.58.61.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A476A34-C514-402A-B2EC-1F864CCE8D73}: DhcpNameServer = 80.58.61.250 80.58.61.254
    O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Archivos de programa\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2012/03/19 23:11:21 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/10/14 23:55:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Pikis\Desktop\OTL.exe
    [2012/10/14 23:31:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/10/14 23:21:21 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/10/14 23:18:53 | 000,000,000 | ---D | C] -- C:\Users\Pikis\AppData\Local\temp
    [2012/10/14 22:40:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/10/14 22:40:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/10/14 22:40:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/10/14 22:40:03 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/10/14 22:39:38 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/10/14 22:37:43 | 004,980,339 | R--- | C] (Swearware) -- C:\Users\Pikis\Desktop\ComboFix.exe
    [2012/10/14 22:05:54 | 000,000,000 | ---D | C] -- C:\Users\Pikis\Desktop\Virus removal
    [2012/10/14 20:49:03 | 000,000,000 | ---D | C] -- C:\Users\Pikis\AppData\Roaming\Malwarebytes
    [2012/10/14 20:48:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/10/14 20:48:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/10/14 20:48:40 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/10/14 20:48:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/10/14 18:06:58 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/10/14 16:50:21 | 000,000,000 | ---D | C] -- C:\Users\Pikis\AppData\Roaming\QuickScan
    [2012/10/07 20:13:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PILAR
    [2012/10/07 20:13:23 | 000,000,000 | ---D | C] -- C:\Program Files\PILAR_5.2
    [2012/09/28 12:05:34 | 000,000,000 | ---D | C] -- C:\GrupoSP
    [2012/09/28 09:49:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Sage
    [2012/09/27 11:31:10 | 000,000,000 | ---D | C] -- C:\Ejercicios Facturaplus
    [2012/09/26 10:15:18 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
    [2012/09/26 10:14:20 | 004,833,792 | ---- | C] (Amyuni Technologies
    http://www.amyuni.com) -- C:\Windows\System32\cdintf450.dll
    [2012/09/26 10:13:05 | 000,000,000 | ---D | C] -- C:\Users\Pikis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grupo SP
    [2012/09/26 10:13:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grupo SP
    [2012/09/23 09:14:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    [11 C:\Users\Pikis\AppData\Local\*.tmp files -> C:\Users\Pikis\AppData\Local\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/10/14 23:54:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pikis\Desktop\OTL.exe
    [2012/10/14 23:52:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2186753102-28003779-2570860475-1000UA.job
    [2012/10/14 23:48:00 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/10/14 23:45:01 | 000,000,838 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/10/14 23:28:59 | 000,022,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/10/14 23:28:59 | 000,022,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/10/14 23:21:15 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/10/14 23:20:57 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/10/14 23:20:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/10/14 23:20:15 | 2313,920,512 | -HS- | M] () -- C:\hiberfil.sys
    [2012/10/14 22:34:14 | 004,980,339 | R--- | M] (Swearware) -- C:\Users\Pikis\Desktop\ComboFix.exe
    [2012/10/14 20:52:04 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2186753102-28003779-2570860475-1000Core.job
    [2012/10/14 20:47:46 | 003,311,354 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
    [2012/10/14 20:47:46 | 001,488,678 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/10/14 20:47:46 | 001,005,604 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
    [2012/10/14 20:47:46 | 000,847,084 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/10/14 10:55:26 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/10/10 21:45:14 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2012/10/10 21:45:13 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2012/10/07 20:14:47 | 000,000,200 | ---- | M] () -- C:\Users\Pikis\.pilar
    [2012/09/28 12:52:14 | 000,001,543 | ---- | M] () -- C:\Users\Pikis\Desktop\SP Panel de Gestión.lnk
    [2012/09/26 10:17:06 | 000,001,409 | ---- | M] () -- C:\Windows\Upca.fot
    [2012/09/26 10:17:06 | 000,001,409 | ---- | M] () -- C:\Windows\Code39.fot
    [2012/09/26 10:17:06 | 000,001,409 | ---- | M] () -- C:\Windows\c128btt.fot
    [2012/09/23 09:13:18 | 000,000,693 | ---- | M] () -- C:\Users\Pikis\Desktop\Reorganizar - Acceso directo.lnk
    [2012/09/16 20:54:52 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_netaapl_01009.Wdf
    [11 C:\Users\Pikis\AppData\Local\*.tmp files -> C:\Users\Pikis\AppData\Local\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/10/14 22:40:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/10/14 22:40:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/10/14 22:40:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/10/14 22:40:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/10/14 22:40:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/10/13 12:09:53 | 000,001,504 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
    [2012/10/07 20:13:38 | 000,000,200 | ---- | C] () -- C:\Users\Pikis\.pilar
    [2012/09/28 12:06:10 | 000,001,543 | ---- | C] () -- C:\Users\Pikis\Desktop\SP Panel de Gestión.lnk
    [2012/09/26 10:17:06 | 000,001,409 | ---- | C] () -- C:\Windows\Upca.fot
    [2012/09/26 10:17:06 | 000,001,409 | ---- | C] () -- C:\Windows\Code39.fot
    [2012/09/26 10:17:06 | 000,001,409 | ---- | C] () -- C:\Windows\c128btt.fot
    [2012/09/26 10:12:08 | 000,024,496 | ---- | C] () -- C:\Windows\c128btt.ttf
    [2012/09/26 10:12:08 | 000,007,280 | ---- | C] () -- C:\Windows\Code39.ttf
    [2012/09/26 10:12:03 | 000,017,056 | ---- | C] () -- C:\Windows\Upca.ttf
    [2012/09/23 09:13:18 | 000,000,693 | ---- | C] () -- C:\Users\Pikis\Desktop\Reorganizar - Acceso directo.lnk
    [2012/09/16 20:54:52 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_netaapl_01009.Wdf
    [2012/09/05 21:52:54 | 000,007,602 | ---- | C] () -- C:\Users\Pikis\AppData\Local\Resmon.ResmonCfg
    [2012/06/28 22:55:03 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
    [2012/03/21 23:00:23 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2012/01/31 01:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
    [2012/01/31 01:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
    [2012/01/31 01:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
    [2012/01/31 01:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
    [2012/01/31 01:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
    [2012/01/25 19:33:06 | 000,237,872 | ---- | C] () -- C:\Windows\System32\DeltaIITray.exe
    [2011/04/12 03:30:30 | 003,311,354 | ---- | C] () -- C:\Windows\System32\perfh00A.dat
    [2011/04/12 03:30:30 | 001,005,604 | ---- | C] () -- C:\Windows\System32\perfc00A.dat
    [2011/04/12 03:30:30 | 000,341,432 | ---- | C] () -- C:\Windows\System32\perfi00A.dat
    [2011/04/12 03:30:30 | 000,041,390 | ---- | C] () -- C:\Windows\System32\perfd00A.dat
    [2010/11/20 23:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

    ========== ZeroAccess Check ==========

    [2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "ThreadingModel" = Both
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    < End of report >
     
  19. Iván Campos

    Iván Campos TS Rookie Topic Starter Posts: 23

    And Extras.txt

    OTL Extras logfile created on: 14/10/2012 23:57:21 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pikis\Desktop
    Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy

    2,87 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 65,76% Memory free
    5,74 Gb Paging File | 4,84 Gb Available in Paging File | 84,22% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 39,06 Gb Total Space | 1,92 Gb Free Space | 4,92% Space Free | Partition Type: NTFS
    Drive D: | 19,53 Gb Total Space | 7,04 Gb Free Space | 36,06% Space Free | Partition Type: NTFS
    Drive H: | 7,84 Gb Total Space | 7,82 Gb Free Space | 99,70% Space Free | Partition Type: FAT32
    Drive L: | 107,81 Gb Total Space | 32,60 Gb Free Space | 30,23% Space Free | Partition Type: NTFS

    Computer Name: PIKIS-PCHOME | User Name: Pikis | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2186753102-28003779-2570860475-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{6595E579-EC46-4092-BEE2-D4F6FD883F39}C:\users\pikis\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\pikis\appdata\roaming\dropbox\bin\dropbox.exe |
    "UDP Query User{795A9280-2B4F-4ECF-9361-549E596166DF}C:\users\pikis\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\pikis\appdata\roaming\dropbox\bin\dropbox.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
    "{0FFAC7BB-50DC-CB54-6CA7-A8B74513280B}" = CCC Help Chinese Traditional
    "{1111706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series" = Canon MP495 series MP Drivers
    "{1C802083-6D79-78ED-BF1C-601DDF908DD1}" = Catalyst Control Center Core Implementation
    "{2222706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3 SDK
    "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
    "{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java(TM) 7 Update 3
    "{2737AD08-BDFC-4F1E-86E1-B2024333DEC6}" = M-Audio Delta 6.0.8 (x86)
    "{282C4EAA-F162-F52F-7BAF-C7B50DAAA00A}" = ccc-utility
    "{28728178-FF15-218B-0B63-012692F42C28}" = CCC Help Danish
    "{30120000-0044-0C0A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Spanish) 2007 (Beta)
    "{30D86E98-F6BE-4B31-ACDD-5F06C1C72FED}" = Microsoft SQL Server 2008 Native Client
    "{32851025-1E46-83A3-1320-471619254E39}" = Catalyst Control Center Localization All
    "{32A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java(TM) SE Development Kit 7 Update 3
    "{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
    "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{40217B2F-462B-94A4-E84E-6A1C6EDBCE2F}" = CCC Help Swedish
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}" = ATI Catalyst Install Manager
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
    "{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client ES-ES Language Pack
    "{5343A801-92E5-C234-9F27-AB27EC738BF6}" = CCC Help Japanese
    "{5D22226D-EBC1-C95F-7746-2E3A9F4C97BA}" = CCC Help Russian
    "{600C37F2-098B-A165-C1DB-6AE2B89D8D49}" = Catalyst Control Center Graphics Previews Common
    "{61F8CA2C-9A80-8A1B-D3B9-347530CB387F}" = CCC Help Norwegian
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Compatibilidad con Aplicaciones de Apple
    "{674B407D-EAB1-B6B6-F9BF-C34CEE4CD83F}" = Catalyst Control Center Graphics Light
    "{69F411C5-4851-6DA9-EA4C-160BEF8788AA}" = CCC Help French
    "{6D972506-DC01-39BC-A5DD-06DA86E00031}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - ESN
    "{6DD27E54-2598-0FEC-7CE1-BE00924C0570}" = Catalyst Control Center Graphics Previews Vista
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7C27114E-6FC8-21F5-E501-FE48F09243DF}" = CCC Help Dutch
    "{7D481DFF-88C5-4685-B0EA-D167F0B46CF1}" = Microsoft Antimalware Service ES-ES Language Pack
    "{7E05074C-4291-3280-9348-2C70169D4F9E}" = Microsoft Visual Studio 2008 Shell (integrated mode) - ESN
    "{80237C20-CBF3-F841-4AD5-E727AA86FBD1}" = CCC Help Italian
    "{802EE127-D32A-1447-09DC-77419772BCDC}" = CCC Help Portuguese
    "{836AFA32-7B8B-2C19-99D9-36EF32B42EB8}" = CCC Help Thai
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8CC68433-5837-4075-B81F-EA7E4F14CE60}" = iCloud
    "{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
    "{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007
    "{90120000-0015-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
    "{90120000-0016-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
    "{90120000-0018-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007
    "{90120000-0019-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007
    "{90120000-001A-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
    "{90120000-001B-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
    "{90120000-001F-0403-0000-0000000FF1CE}_ENTERPRISE_{BEADB115-DB47-4BD0-A9EC-AE585AFAB2D8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
    "{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
    "{90120000-001F-042D-0000-0000000FF1CE}_ENTERPRISE_{017A6981-5E03-4A97-830A-35FE0927BB7F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
    "{90120000-001F-0456-0000-0000000FF1CE}_ENTERPRISE_{A3A03B41-14EA-4E50-97D8-FCF429AE0CCB}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
    "{90120000-006E-0C0A-0000-0000000FF1CE}_ENTERPRISE_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
    "{90120000-00A1-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A4-0C0A-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
    "{90120000-00BA-0C0A-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Spanish) 2007
    "{90120000-00BA-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{946942CB-D078-F33A-A3CD-27E0393507FD}" = CCC Help Turkish
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95B012AD-3A4A-31D7-9167-5D07D2A71F47}" = Microsoft .NET Framework 4 Client Profile ESN Language Pack
    "{9682B99B-BB28-AD37-CA50-C1CB5BFF0FA6}" = Catalyst Control Center Graphics Full New
    "{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
    "{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}" = Catalyst Control Center InstallProxy
    "{A02CC93A-134F-0319-1438-B1E895B52577}" = CCC Help German
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A7E1ADB8-162B-7C33-60FB-0561A17BD876}" = CCC Help Spanish
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A96EEF55-155C-552E-ABB1-6FDAEF5BD944}" = CCC Help Polish
    "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
    "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
    "{AC76BA86-7AD7-1034-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Español
    "{ADB25FF0-AEC4-2CFB-130C-2C60D80C5934}" = CCC Help Greek
    "{B04D5DA5-11DA-830C-85C6-0FF9185787E7}" = Skins
    "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
    "{BB603E9F-ECE8-7713-B0AC-7E0614E8C058}" = Catalyst Control Center HydraVision Full
    "{BE232D60-AEA5-502F-ACBF-9AC188A82C21}" = CCC Help Finnish
    "{C15C4AB5-EF5D-5050-273C-4636E3FBE301}" = CCC Help Czech
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
    "{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DF931A79-09E9-4B03-9A04-48FAEA665538}" = Microsoft SQL Server Compact 3.5 SP1 - Español
    "{E09CD13D-7CE3-351C-1625-8DC7F21A99C0}" = ccc-core-static
    "{E373E0E2-20F5-90DF-B315-615EA6E52101}" = Catalyst Control Center Graphics Full Existing
    "{E4FE3E4B-7307-4288-9ACF-F3009CA62E7B}" = Secure Download Manager
    "{E6DA746E-1175-88BD-2B16-1DC62018E060}" = CCC Help Chinese Standard
    "{F053BFD9-4357-6A82-6042-CF919667448F}" = CCC Help English
    "{F17EB02C-DA0D-EDEF-2E16-501FB700A710}" = CCC Help Hungarian
    "{F5DDC0CD-F13A-83F0-5103-563A17EA306F}" = CCC Help Korean
    "5513-1208-7298-9440" = JDownloader 0.9
    "7-Zip" = 7-Zip 9.20
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "All ATI Software" = ATI - Utilidad de desinstalación de software
    "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
    "CanonMyPrinter" = Canon My Printer
    "CanonSolutionMenuEX" = Canon Solution Menu EX
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.dmp.contentviewer" = Adobe Content Viewer
    "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
    "Easy-WebPrint EX" = Canon Easy-WebPrint EX
    "eMule" = eMule
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.2
    "Guitar Pro 5_is1" = Guitar Pro 5.0
    "InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
    "iPhoneBackupExtractor" = iPhone Backup Extractor
    "JDownloader" = JDownloader
    "Live Delta 2.1.2" = Live Delta 2.1.2
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versión 1.65.0.1400
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile ESN Language Pack" = Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN
    "Microsoft Security Client" = Microsoft Security Essentials
    "Mozilla Firefox 15.0.1 (x86 es-ES)" = Mozilla Firefox 15.0.1 (x86 es-ES)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
    "nbi-glassfish-mod-3.1.2.23.0" = GlassFish Server Open Source Edition 3.1.2
    "nbi-nb-base-7.1.1.0.0" = NetBeans IDE 7.1.1
    "nbi-tomcat-7.0.22.0.0" = Apache Tomcat 7.0.22
    "Pen Tablet Driver" = Bamboo
    "PILAR_is1" = PILAR 5.2.5
    "Reason5_is1" = Reason 5.0
    "Registro de usuario de Canon MP495 series" = Registro de usuario de Canon MP495 series
    "TeamViewer 7" = TeamViewer 7
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 2.0.2
    "Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
    "Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
    "Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2186753102-28003779-2570860475-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "Google Chrome" = Google Chrome
    "MyFreeCodec" = MyFreeCodec

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 14/10/2012 14:33:54 | Computer Name = Pikis-PCHome | Source = Microsoft-Windows-LoadPerf | ID = 3012
    Description = Las cadenas de rendimiento del valor del Registro de rendimiento están
    dañadas al procesar el proveedor de contador de extensión Performance. El valor
    BaseIndex del Registro de rendimiento es el primer valor DWORD, el valor LastCounter
    es el segundo valor DWORD y el valor LastHelp es el tercer valor DWORD de la sección
    de datos.

    Error - 14/10/2012 14:33:54 | Computer Name = Pikis-PCHome | Source = Microsoft-Windows-LoadPerf | ID = 3011
    Description = Error al descargar las cadenas del contador de rendimiento para el
    servicio WmiApRpl (WmiApRpl). El primer valor DWORD de la sección de datos contiene
    el código de error.

    Error - 14/10/2012 14:37:49 | Computer Name = Pikis-PCHome | Source = Microsoft-Windows-LoadPerf | ID = 3012
    Description = Las cadenas de rendimiento del valor del Registro de rendimiento están
    dañadas al procesar el proveedor de contador de extensión Performance. El valor
    BaseIndex del Registro de rendimiento es el primer valor DWORD, el valor LastCounter
    es el segundo valor DWORD y el valor LastHelp es el tercer valor DWORD de la sección
    de datos.

    Error - 14/10/2012 14:37:49 | Computer Name = Pikis-PCHome | Source = Microsoft-Windows-LoadPerf | ID = 3012
    Description = Las cadenas de rendimiento del valor del Registro de rendimiento están
    dañadas al procesar el proveedor de contador de extensión Performance. El valor
    BaseIndex del Registro de rendimiento es el primer valor DWORD, el valor LastCounter
    es el segundo valor DWORD y el valor LastHelp es el tercer valor DWORD de la sección
    de datos.

    Error - 14/10/2012 14:37:49 | Computer Name = Pikis-PCHome | Source = Microsoft-Windows-LoadPerf | ID = 3011
    Description = Error al descargar las cadenas del contador de rendimiento para el
    servicio WmiApRpl (WmiApRpl). El primer valor DWORD de la sección de datos contiene
    el código de error.

    Error - 14/10/2012 14:47:43 | Computer Name = Pikis-PCHome | Source = Microsoft-Windows-LoadPerf | ID = 3012
    Description = Las cadenas de rendimiento del valor del Registro de rendimiento están
    dañadas al procesar el proveedor de contador de extensión Performance. El valor
    BaseIndex del Registro de rendimiento es el primer valor DWORD, el valor LastCounter
    es el segundo valor DWORD y el valor LastHelp es el tercer valor DWORD de la sección
    de datos.

    Error - 14/10/2012 14:47:43 | Computer Name = Pikis-PCHome | Source = Microsoft-Windows-LoadPerf | ID = 3012
    Description = Las cadenas de rendimiento del valor del Registro de rendimiento están
    dañadas al procesar el proveedor de contador de extensión Performance. El valor
    BaseIndex del Registro de rendimiento es el primer valor DWORD, el valor LastCounter
    es el segundo valor DWORD y el valor LastHelp es el tercer valor DWORD de la sección
    de datos.

    Error - 14/10/2012 14:47:43 | Computer Name = Pikis-PCHome | Source = Microsoft-Windows-LoadPerf | ID = 3011
    Description = Error al descargar las cadenas del contador de rendimiento para el
    servicio WmiApRpl (WmiApRpl). El primer valor DWORD de la sección de datos contiene
    el código de error.

    Error - 14/10/2012 15:31:27 | Computer Name = Pikis-PCHome | Source = WinMgmt | ID = 10
    Description =

    Error - 14/10/2012 17:21:41 | Computer Name = Pikis-PCHome | Source = WinMgmt | ID = 10
    Description =

    [ OSession Events ]
    Error - 25/03/2012 10:31:28 | Computer Name = Pikis-PCHome | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 305
    seconds with 240 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 14/10/2012 14:31:36 | Computer Name = Pikis-PCHome | Source = Service Control Manager | ID = 7001
    Description = El servicio Proveedor de Grupo Hogar depende del servicio Publicación
    de recurso de detección de función, el cual no pudo iniciarse debido al siguiente
    error: %%-2147024891

    Error - 14/10/2012 15:29:48 | Computer Name = Pikis-PCHome | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
    Description = Se deshabilitaron algunas características de administración de energía
    en estado de rendimiento del procesador debido a un problema conocido de firmware.
    Consulte al fabricante del equipo si hay firmware actualizado.

    Error - 14/10/2012 15:30:30 | Computer Name = Pikis-PCHome | Source = Service Control Manager | ID = 7023
    Description = El servicio Publicación de recurso de detección de función se cerró
    con el siguiente error: %%-2147024891

    Error - 14/10/2012 15:31:20 | Computer Name = Pikis-PCHome | Source = Service Control Manager | ID = 7001
    Description = El servicio Proveedor de Grupo Hogar depende del servicio Publicación
    de recurso de detección de función, el cual no pudo iniciarse debido al siguiente
    error: %%-2147024891

    Error - 14/10/2012 15:31:20 | Computer Name = Pikis-PCHome | Source = Service Control Manager | ID = 7023
    Description = El servicio Publicación de recurso de detección de función se cerró
    con el siguiente error: %%-2147024891

    Error - 14/10/2012 16:45:19 | Computer Name = Pikis-PCHome | Source = Service Control Manager | ID = 7030
    Description = El servicio PEVSystemStart ha sido marcado como servicio interactivo.
    Sin embargo, el sistema está configurado para no permitir servicios interactivos.
    Este servicio puede tener un funcionamiento incorrecto.

    Error - 14/10/2012 16:55:34 | Computer Name = Pikis-PCHome | Source = Service Control Manager | ID = 7030
    Description = El servicio PEVSystemStart ha sido marcado como servicio interactivo.
    Sin embargo, el sistema está configurado para no permitir servicios interactivos.
    Este servicio puede tener un funcionamiento incorrecto.

    Error - 14/10/2012 17:19:20 | Computer Name = Pikis-PCHome | Source = Service Control Manager | ID = 7030
    Description = El servicio PEVSystemStart ha sido marcado como servicio interactivo.
    Sin embargo, el sistema está configurado para no permitir servicios interactivos.
    Este servicio puede tener un funcionamiento incorrecto.

    Error - 14/10/2012 17:20:11 | Computer Name = Pikis-PCHome | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
    Description = Se deshabilitaron algunas características de administración de energía
    en estado de rendimiento del procesador debido a un problema conocido de firmware.
    Consulte al fabricante del equipo si hay firmware actualizado.

    Error - 14/10/2012 17:20:32 | Computer Name = Pikis-PCHome | Source = EventLog | ID = 6008
    Description = El cierre anterior del sistema a las 23:19:30 del ?14/?10/?2012 resultó
    inesperado.


    < End of report >

    This is an information-roller-coaster!
     
  20. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ah324dxy)
      [2012/10/14 18:06:58 | 000,000,000 | ---D | C] -- C:\FRST
      [2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "ThreadingModel" = Both
      "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    =============================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  21. Iván Campos

    Iván Campos TS Rookie Topic Starter Posts: 23

    Back again! OTL's log:

    All processes killed
    ========== OTL ==========
    Error: No service named ah324dxy was found to stop!
    Service\Driver key ah324dxy not found.
    C:\FRST\Quarantine\{9d1431b4-0fd4-78b1-095e-f2e3b8f6f85a}\{9d1431b4-0fd4-78b1-095e-f2e3b8f6f85a}\U folder moved successfully.
    C:\FRST\Quarantine\{9d1431b4-0fd4-78b1-095e-f2e3b8f6f85a}\{9d1431b4-0fd4-78b1-095e-f2e3b8f6f85a}\L folder moved successfully.
    C:\FRST\Quarantine\{9d1431b4-0fd4-78b1-095e-f2e3b8f6f85a}\{9d1431b4-0fd4-78b1-095e-f2e3b8f6f85a} folder moved successfully.
    C:\FRST\Quarantine\{9d1431b4-0fd4-78b1-095e-f2e3b8f6f85a}\U folder moved successfully.
    C:\FRST\Quarantine\{9d1431b4-0fd4-78b1-095e-f2e3b8f6f85a}\L folder moved successfully.
    C:\FRST\Quarantine\{9d1431b4-0fd4-78b1-095e-f2e3b8f6f85a} folder moved successfully.
    C:\FRST\Quarantine folder moved successfully.
    C:\FRST\Logs folder moved successfully.
    C:\FRST\Hives folder moved successfully.
    C:\FRST folder moved successfully.
    C:\Windows\assembly\Desktop.ini moved successfully.
    File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
    File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56502 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Pikis
    ->Temp folder emptied: 5750 bytes
    ->Temporary Internet Files folder emptied: 6114920 bytes
    ->Java cache emptied: 897569 bytes
    ->FireFox cache emptied: 322913629 bytes
    ->Google Chrome cache emptied: 196501218 bytes
    ->Flash cache emptied: 1940 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 15072 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 502,00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Pikis
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0,00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Pikis
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0,00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 10152012_213619

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  22. Iván Campos

    Iván Campos TS Rookie Topic Starter Posts: 23

    Security Check's log:

    Results of screen317's Security Check version 0.99.51
    Windows 7 Service Pack 1 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Microsoft Security Essentials
    (On Access scanning disabled!)
    Error obtaining update status for antivirus!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware versión 1.65.0.1400
    JavaFX 2.0.3
    JavaFX 2.0.3 SDK
    Java(TM) 6 Update 17
    Java(TM) 7 Update 3
    Java(TM) SE Development Kit 7 Update 3
    Java version out of Date!
    Adobe Flash Player 11.4.402.287
    Adobe Reader X 10.1.2 Adobe Reader out of Date!
    Mozilla Firefox (15.0.1)
    Google Chrome 21.0.1180.83
    Google Chrome 21.0.1180.89
    Google Chrome 22.0.1229.79
    Google Chrome 22.0.1229.92
    Google Chrome 22.0.1229.94
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C:
    ````````````````````End of Log``````````````````````
     
  23. Iván Campos

    Iván Campos TS Rookie Topic Starter Posts: 23

    FSS's log:

    Farbar Service Scanner Version: 07-10-2012
    Ran by Pikis (administrator) on 15-10-2012 at 22:15:59
    Running from "C:\Users\Pikis\Desktop"
    Microsoft Windows 7 Professional Service Pack 1 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcore.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  24. Iván Campos

    Iván Campos TS Rookie Topic Starter Posts: 23

    adwCleaner's log:

    # AdwCleaner v2.005 - Fichero creado el 15/10/2012 a 23:49:22
    # Actualizado el 14/10/2012 por Xplode
    # Sistema operativo : Windows 7 Professional Service Pack 1 (32 bits)
    # Usuario : Pikis - PIKIS-PCHOME
    # Modo de inicio : Normal
    # Ejecutado desde : C:\Users\Pikis\Downloads\adwcleaner.exe
    # Opción [Supresión]


    ***** [Servicios] *****


    ***** [Ficheros / Carpetas] *****


    ***** [Registro] *****

    Clave Supprimida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Clave Supprimida : HKCU\Software\Softonic
    Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Clave Supprimida : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

    ***** [Navegadores] *****

    -\\ Internet Explorer v9.0.8112.16421

    [OK] El registro no contiene ninguna entrada ilegítima.

    -\\ Mozilla Firefox v15.0.1 (es-ES)

    Nombre del perfil : default
    Fichero : C:\Users\Pikis\AppData\Roaming\Mozilla\Firefox\Profiles\lq793oox.default\prefs.js

    [OK] El fichero no contiene ninguna entrada ilegítima.

    -\\ Google Chrome v22.0.1229.94

    Fichero : C:\Users\Pikis\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] El fichero no contiene ninguna entrada ilegítima.

    *************************

    AdwCleaner[S1].txt - [1339 octets] - [15/10/2012 23:49:22]

    ########## EOF - C:\AdwCleaner[S1].txt - [1399 octets] ##########
     
  25. Iván Campos

    Iván Campos TS Rookie Topic Starter Posts: 23

    TFC's log:
    Getting user folders.

    Stopping running processes.

    Emptying Temp folders.


    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Pikis
    ->Temp folder emptied: 273824 bytes
    ->Temporary Internet Files folder emptied: 33175 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 44086867 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 492 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 3292 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 380055311 bytes
    %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 974 bytes

    Emptying RecycleBin. Do not interrupt.

    RecycleBin emptied: 0 bytes
    Process complete!

    Total Files Cleaned = 405,00 mb
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...