Inactive-A Have a rootkit, bootkit CANNOT remove :(

Patryk · Jul 30, 2013

I need some help with removing a rootkit its trufosalt from gmer log but however when I do a bootsector scan in avira it gives me BSOD when I do scan with aswMBR it crashes, I need help is anyone willing to help me remove this nasty?!

Patryk · Jul 30, 2013

Code:

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-07-30 17:02:22
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000038 Intel___ rev.1.0. 476.90GB
Running: gmer.exe; Driver: C:\Users\ALPINO\AppData\Local\Temp\pxldrpog.sys
 
 
---- User code sections - GMER 2.1 ----
 
.text  C:\WINDOWS\system32\wininit.exe[592] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 698											00007fff5ccf267a 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\system32\wininit.exe[592] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 706											00007fff5ccf2682 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\system32\wininit.exe[592] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 270											00007fff5ccf2faa 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\system32\wininit.exe[592] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 294											00007fff5ccf2fc2 4 bytes {CALL 0xffffffffff5ccf34}
.text  C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 698											00007fff5ccf267a 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 706											00007fff5ccf2682 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 270											00007fff5ccf2faa 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\system32\services.exe[684] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 294											00007fff5ccf2fc2 4 bytes {CALL 0xffffffffff5ccf34}
.text  C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 698											  00007fff5ccf267a 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 706											  00007fff5ccf2682 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 270											  00007fff5ccf2faa 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\system32\lsass.exe[696] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 294											  00007fff5ccf2fc2 4 bytes {CALL 0xffffffffff5ccf34}
.text  C:\WINDOWS\system32\svchost.exe[812] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 698											00007fff5ccf267a 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\system32\svchost.exe[812] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 706											00007fff5ccf2682 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\system32\svchost.exe[812] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 270											00007fff5ccf2faa 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\system32\svchost.exe[812] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 294											00007fff5ccf2fc2 4 bytes {CALL 0xffffffffff5ccf34}
.text  C:\WINDOWS\system32\dwm.exe[912] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506																  00007fff5cd016aa 4 bytes [D0, 5C, FF, 7F]
.text  C:\WINDOWS\system32\dwm.exe[912] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514																  00007fff5cd016b2 4 bytes [D0, 5C, FF, 7F]
.text  C:\WINDOWS\system32\dwm.exe[912] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118																	00007fff5cd0181a 4 bytes [D0, 5C, FF, 7F]
.text  C:\WINDOWS\system32\dwm.exe[912] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142																	00007fff5cd01832 4 bytes [D0, 5C, FF, 7F]
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[968] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506									00007fff5cd016aa 4 bytes [D0, 5C, FF, 7F]
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[968] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514									00007fff5cd016b2 4 bytes [D0, 5C, FF, 7F]
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[968] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118										00007fff5cd0181a 4 bytes [D0, 5C, FF, 7F]
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[968] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142										00007fff5cd01832 4 bytes [D0, 5C, FF, 7F]
.text  C:\WINDOWS\system32\nvvsvc.exe[976] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506															  00007fff5cd016aa 4 bytes [D0, 5C, FF, 7F]
.text  C:\WINDOWS\system32\nvvsvc.exe[976] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514															  00007fff5cd016b2 4 bytes [D0, 5C, FF, 7F]
.text  C:\WINDOWS\system32\nvvsvc.exe[976] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118																  00007fff5cd0181a 4 bytes [D0, 5C, FF, 7F]
.text  C:\WINDOWS\system32\nvvsvc.exe[976] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142																  00007fff5cd01832 4 bytes [D0, 5C, FF, 7F]
.text  C:\WINDOWS\System32\svchost.exe[516] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 698											00007fff5ccf267a 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\System32\svchost.exe[516] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 706											00007fff5ccf2682 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\System32\svchost.exe[516] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 270											00007fff5ccf2faa 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\System32\svchost.exe[516] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 294											00007fff5ccf2fc2 4 bytes {CALL 0xffffffffff5ccf34}
.text  C:\WINDOWS\system32\svchost.exe[584] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 698											00007fff5ccf267a 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\system32\svchost.exe[584] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 706											00007fff5ccf2682 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\system32\svchost.exe[584] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 270											00007fff5ccf2faa 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\system32\svchost.exe[584] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 294											00007fff5ccf2fc2 4 bytes {CALL 0xffffffffff5ccf34}
.text  C:\WINDOWS\system32\svchost.exe[900] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 698											00007fff5ccf267a 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\system32\svchost.exe[900] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 706											00007fff5ccf2682 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\system32\svchost.exe[900] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 270											00007fff5ccf2faa 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\system32\svchost.exe[900] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 294											00007fff5ccf2fc2 4 bytes {CALL 0xffffffffff5ccf34}
.text  C:\WINDOWS\System32\svchost.exe[1064] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 698											00007fff5ccf267a 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\System32\svchost.exe[1064] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 706											00007fff5ccf2682 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\System32\svchost.exe[1064] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 270											00007fff5ccf2faa 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\System32\svchost.exe[1064] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 294											00007fff5ccf2fc2 4 bytes {CALL 0xffffffffff5ccf34}
.text  C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 698											00007fff5ccf267a 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 706											00007fff5ccf2682 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 270											00007fff5ccf2faa 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\system32\svchost.exe[1216] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 294											00007fff5ccf2fc2 4 bytes {CALL 0xffffffffff5ccf34}
.text  C:\WINDOWS\System32\spoolsv.exe[1420] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 698											00007fff5ccf267a 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\System32\spoolsv.exe[1420] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 706											00007fff5ccf2682 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\System32\spoolsv.exe[1420] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 270											00007fff5ccf2faa 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\System32\spoolsv.exe[1420] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 294											00007fff5ccf2fc2 4 bytes {CALL 0xffffffffff5ccf34}
.text  C:\WINDOWS\System32\spoolsv.exe[1420] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506															00007fff5cd016aa 4 bytes [D0, 5C, FF, 7F]
.text  C:\WINDOWS\System32\spoolsv.exe[1420] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514															00007fff5cd016b2 4 bytes [D0, 5C, FF, 7F]
.text  C:\WINDOWS\System32\spoolsv.exe[1420] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118																00007fff5cd0181a 4 bytes [D0, 5C, FF, 7F]
.text  C:\WINDOWS\System32\spoolsv.exe[1420] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142																00007fff5cd01832 4 bytes [D0, 5C, FF, 7F]
.text  C:\WINDOWS\system32\svchost.exe[1448] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 698											00007fff5ccf267a 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\system32\svchost.exe[1448] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 706											00007fff5ccf2682 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\system32\svchost.exe[1448] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 270											00007fff5ccf2faa 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\system32\svchost.exe[1448] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 294											00007fff5ccf2fc2 4 bytes {CALL 0xffffffffff5ccf34}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1776] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 698			00007fff5ccf267a 4 bytes [CF, 5C, FF, 7F]
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1776] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 706			00007fff5ccf2682 4 bytes [CF, 5C, FF, 7F]
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1776] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 270			00007fff5ccf2faa 4 bytes [CF, 5C, FF, 7F]
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[1776] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 294			00007fff5ccf2fc2 4 bytes {CALL 0xffffffffff5ccf34}
.text  C:\Program Files\Windows Defender\MsMpEng.exe[700] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 506												00007fff5cd016aa 4 bytes [D0, 5C, FF, 7F]
.text  C:\Program Files\Windows Defender\MsMpEng.exe[700] C:\WINDOWS\system32\psapi.dll!GetModuleBaseNameA + 514												00007fff5cd016b2 4 bytes [D0, 5C, FF, 7F]
.text  C:\Program Files\Windows Defender\MsMpEng.exe[700] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 118												  00007fff5cd0181a 4 bytes [D0, 5C, FF, 7F]
.text  C:\Program Files\Windows Defender\MsMpEng.exe[700] C:\WINDOWS\system32\psapi.dll!QueryWorkingSet + 142												  00007fff5cd01832 4 bytes [D0, 5C, FF, 7F]
.text  C:\Program Files\Windows Defender\MsMpEng.exe[700] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 698							  00007fff5ccf267a 4 bytes [CF, 5C, FF, 7F]
.text  C:\Program Files\Windows Defender\MsMpEng.exe[700] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 706							  00007fff5ccf2682 4 bytes [CF, 5C, FF, 7F]
.text  C:\Program Files\Windows Defender\MsMpEng.exe[700] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 270							  00007fff5ccf2faa 4 bytes [CF, 5C, FF, 7F]
.text  C:\Program Files\Windows Defender\MsMpEng.exe[700] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 294							  00007fff5ccf2fc2 4 bytes {CALL 0xffffffffff5ccf34}
.text  C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2148] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 698  00007fff5ccf267a 4 bytes [CF, 5C, FF, 7F]
.text  C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2148] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 706  00007fff5ccf2682 4 bytes [CF, 5C, FF, 7F]
.text  C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2148] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 270  00007fff5ccf2faa 4 bytes [CF, 5C, FF, 7F]
.text  C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe[2148] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 294  00007fff5ccf2fc2 4 bytes {CALL 0xffffffffff5ccf34}
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2688] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 698			00007fff5ccf267a 4 bytes [CF, 5C, FF, 7F]
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2688] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 706			00007fff5ccf2682 4 bytes [CF, 5C, FF, 7F]
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2688] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 270			00007fff5ccf2faa 4 bytes [CF, 5C, FF, 7F]
.text  C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2688] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 294			00007fff5ccf2fc2 4 bytes {CALL 0xffffffffff5ccf34}
.text  C:\WINDOWS\Explorer.EXE[2880] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506																	00007fff5cd016aa 4 bytes [D0, 5C, FF, 7F]
.text  C:\WINDOWS\Explorer.EXE[2880] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514																	00007fff5cd016b2 4 bytes [D0, 5C, FF, 7F]
.text  C:\WINDOWS\Explorer.EXE[2880] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118																		00007fff5cd0181a 4 bytes [D0, 5C, FF, 7F]
.text  C:\WINDOWS\Explorer.EXE[2880] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142																		00007fff5cd01832 4 bytes [D0, 5C, FF, 7F]
.text  C:\WINDOWS\Explorer.EXE[2880] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 698													00007fff5ccf267a 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\Explorer.EXE[2880] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 706													00007fff5ccf2682 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\Explorer.EXE[2880] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 270													00007fff5ccf2faa 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\Explorer.EXE[2880] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 294													00007fff5ccf2fc2 4 bytes {CALL 0xffffffffff5ccf34}
.text  C:\WINDOWS\system32\svchost.exe[3100] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 698											00007fff5ccf267a 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\system32\svchost.exe[3100] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 706											00007fff5ccf2682 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\system32\svchost.exe[3100] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 270											00007fff5ccf2faa 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\system32\svchost.exe[3100] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 294											00007fff5ccf2fc2 4 bytes {CALL 0xffffffffff5ccf34}
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3356] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 698					00007fff5ccf267a 4 bytes [CF, 5C, FF, 7F]
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3356] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 706					00007fff5ccf2682 4 bytes [CF, 5C, FF, 7F]
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3356] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 270					00007fff5ccf2faa 4 bytes [CF, 5C, FF, 7F]
.text  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3356] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 294					00007fff5ccf2fc2 4 bytes {CALL 0xffffffffff5ccf34}
.text  C:\WINDOWS\system32\SearchIndexer.exe[3380] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 698									  00007fff5ccf267a 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\system32\SearchIndexer.exe[3380] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 706									  00007fff5ccf2682 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\system32\SearchIndexer.exe[3380] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 270									  00007fff5ccf2faa 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\system32\SearchIndexer.exe[3380] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 294									  00007fff5ccf2fc2 4 bytes {CALL 0xffffffffff5ccf34}
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3704] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 202												  00007fff47dc3cfa 4 bytes [DC, 47, FF, 7F]
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3704] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 226												  00007fff47dc3d12 4 bytes [DC, 47, FF, 7F]
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3704] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506											00007fff5cd016aa 4 bytes [D0, 5C, FF, 7F]
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3704] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514											00007fff5cd016b2 4 bytes [D0, 5C, FF, 7F]
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3704] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118											  00007fff5cd0181a 4 bytes [D0, 5C, FF, 7F]
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3704] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142											  00007fff5cd01832 4 bytes [D0, 5C, FF, 7F]
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3704] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 698						  00007fff5ccf267a 4 bytes [CF, 5C, FF, 7F]
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3704] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 706						  00007fff5ccf2682 4 bytes [CF, 5C, FF, 7F]
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3704] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 270						  00007fff5ccf2faa 4 bytes [CF, 5C, FF, 7F]
.text  C:\Program Files\Logitech\SetPointP\SetPoint.exe[3704] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 294						  00007fff5ccf2fc2 4 bytes {CALL 0xffffffffff5ccf34}
.text  C:\WINDOWS\system32\wbem\wmiprvse.exe[3348] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 698									  00007fff5ccf267a 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\system32\wbem\wmiprvse.exe[3348] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 706									  00007fff5ccf2682 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\system32\wbem\wmiprvse.exe[3348] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 270									  00007fff5ccf2faa 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\system32\wbem\wmiprvse.exe[3348] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 294									  00007fff5ccf2fc2 4 bytes {CALL 0xffffffffff5ccf34}
.text  C:\WINDOWS\system32\wbem\wmiprvse.exe[992] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 698									  00007fff5ccf267a 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\system32\wbem\wmiprvse.exe[992] C:\WINDOWS\system32\NSI.dll!NsiGetAllPersistentParametersWithMask + 706									  00007fff5ccf2682 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\system32\wbem\wmiprvse.exe[992] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 270									  00007fff5ccf2faa 4 bytes [CF, 5C, FF, 7F]
.text  C:\WINDOWS\system32\wbem\wmiprvse.exe[992] C:\WINDOWS\system32\NSI.dll!NsiSetAllPersistentParametersWithMask + 294									  00007fff5ccf2fc2 4 bytes {CALL 0xffffffffff5ccf34}
 
---- Threads - GMER 2.1 ----
 
Thread  C:\WINDOWS\system32\csrss.exe [600:2076]																												fffff96000966d40
Thread  C:\WINDOWS\system32\csrss.exe [600:4200]																												fffff96000966d40
 
---- Registry - GMER 2.1 ----
 
Reg	HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed																		1301831310
Reg	HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw																									  0x64 0x62 0x03 0x00 ...
Reg	HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask																								  0x64 0x62 0x03 0x00 ...
Reg	HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@Rw																									  0x64 0x62 0x03 0x00 ...
Reg	HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\1@RwMask																								  0x64 0x62 0x03 0x00 ...
Reg	HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\2@Rw																									  0x64 0x62 0x03 0x00 ...
Reg	HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\2@RwMask																								  0x64 0x62 0x03 0x00 ...
Reg	HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\3@Rw																									  0x64 0x62 0x03 0x00 ...
Reg	HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\3@RwMask																								  0x64 0x62 0x03 0x00 ...
Reg	HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shutdown@CleanShutdown																		  1
Reg	HKCU\Software\Microsoft\Windows\CurrentVersion\ImmersiveShell\Grid@Logo100																			  %USERPROFILE%\AppData\Local\Microsoft\Windows\Explorer\TileCacheLogo-4451000_100.dat
Reg	HKCU\Software\Microsoft\Windows\CurrentVersion\ImmersiveShell\Grid@Tickle80																			  %USERPROFILE%\AppData\Local\Microsoft\Windows\Explorer\TileCacheTickle-4450890_80.dat
Reg	HKCU\Software\Microsoft\Windows\CurrentVersion\Store\RefreshBannedAppList@BannedAppsLastModified														0x00 0x72 0xDD 0x46 ...
 
---- EOF - GMER 2.1 ----

Broni · Jul 30, 2013

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

Patryk · Jul 30, 2013

Here is the HIjackthis log since dds tells me cannot run in compatibility mode I am running windows 8.1 BTW,

[HJT log removed by Broni]

Patryk · Jul 30, 2013

Also I was able to use Winpatrol on windows 8.1 avast + a whole lot of anti virus programs are not compatible yet but most software works and windows 8.1 is just about same as far as kernel and all that goes I have a 64 bit version here is the log from winpatrol

I know you do not read attachments but this one is very helpful in my case its winpatrol log and it exceeds posting limit

Broni · Jul 30, 2013

HJT is a very outdated tool and it's not used anymore.

Did you run Malwarebytes?

Did you try to run DDS normally?

Patryk · Jul 30, 2013

Yes it won't start at all I ran malwarebytes and shows clean but tdsskill showed 4 malicious services I delted them now it only shows one every reboot with diff #

Broni · Jul 30, 2013

Please re-read my rules, especially:

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

If you don't stick to my rules I may close this topic.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.

Patryk · Jul 31, 2013

I wanna paste the logs for both of .txt files however they are larger than the form field allows me to, what do you suggest ? I'm trying to go by your rules since Im desperate for proffesional help such as yours.

Patryk · Jul 31, 2013

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 03
Ran by ALPINO (administrator) on 31-07-2013 00:32:37
Running from C:\Users\ALPINO\Desktop
Windows 8.1 Preview (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ASUSTek Computer Inc.) C:\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(ASUS) C:\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.12\atkexComSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
() C:\WINDOWS\SysWOW64\PnkBstrA.exe
(VMware, Inc.) C:\WINDOWS\SysWOW64\vmnat.exe
(VMware, Inc.) C:\WINDOWS\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(ASUSTek Computer Inc.) C:\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ASUSTek Computer Inc.) C:\ASUS\ATK Package\ATK Hotkey\SynptSync64.exe
(ASUSTek Computer Inc.) C:\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3023600 2013-02-26] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-04-08] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-27] (NVIDIA Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\InprocServer32: [Default-cscui] <==== ATTENTION!
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673184 2013-07-03] (Disc Soft Ltd)
HKCU\...\Run: [Google Update] - C:\Users\ALPINO\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-07-27] (Google Inc.)
HKCU\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [436800 2013-07-15] (BillP Studios)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
AppInit_DLLs: C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll [653600 2013-07-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll [593696 2013-07-27] (NVIDIA Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
SearchScopes: HKLM - DefaultScope value is missing.
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{1390ECB8-7172-4FF6-B6FD-EC9C2E02CA4D}: [NameServer]192.168.2.1
Tcpip\..\Interfaces\{404684B1-3872-4AF7-B1E0-39C409862041}: [NameServer]192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\ALPINO\AppData\Roaming\Mozilla\Firefox\Profiles\snpnfi7z.default
FF Homepage: https://www.google.com
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\ALPINO\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\ALPINO\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Extension: No Name - C:\Users\ALPINO\AppData\Roaming\Mozilla\Firefox\Profiles\snpnfi7z.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\ALPINO\AppData\Roaming\Mozilla\Firefox\Profiles\snpnfi7z.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
Chrome:
=======
CHR RestoreOnStartup: "https://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google

riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Extension: (Google Drive) - C:\Users\ALPINO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (Web Developer) - C:\Users\ALPINO\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm\0.4.3_0
CHR Extension: (YouTube) - C:\Users\ALPINO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\ALPINO\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Lamborghini Sesto Elemento Theme) - C:\Users\ALPINO\AppData\Local\Google\Chrome\User Data\Default\Extensions\dappigdjllcnkkoacaoolciaolaaiemb\1.0_0
CHR Extension: (AdBlock) - C:\Users\ALPINO\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.4_0
CHR Extension: (Pixlr Editor) - C:\Users\ALPINO\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk\1.2_0
CHR Extension: (StumbleUpon) - C:\Users\ALPINO\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg\5.7.11.1_0
CHR Extension: (Google Voice (by Google)) - C:\Users\ALPINO\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo\2.4.1_0
CHR Extension: (ShiftEdit) - C:\Users\ALPINO\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcgmndephhjcabhhjfcmncnhbmgbkpij\1.39_0
CHR Extension: (Grooveshark Downloader) - C:\Users\ALPINO\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooblpjoncpjmbncgocjlnannofkjjhnp\2.9.9_0
CHR Extension: (Gmail) - C:\Users\ALPINO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
S3 AppReadiness; C:\Windows\system32\AppReadiness.dll [546304 2013-06-15] (Microsoft Corporation)
S3 AppXSvc; C:\Windows\system32\appxdeploymentserver.dll [1249280 2013-06-15] (Microsoft Corporation)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.12\atkexComSvc.exe [917120 2010-10-28] ()
R2 ASLDRService; C:\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [106880 2012-09-11] (ASUSTek Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 ATKGFNEXSrv; C:\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-21] (ASUS)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [114176 2013-06-15] (Microsoft Corporation)
S3 lfsvc; C:\Windows\System32\GeofenceMonitorService.dll [431104 2013-06-15] (Microsoft Corporation)
R3 NcbService; C:\Windows\System32\ncbservice.dll [150016 2013-06-15] (Microsoft Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14984480 2013-07-27] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-07-22] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [129024 2013-06-15] (Microsoft Corporation)
S3 smphost; C:\Windows\System32\smphost.dll [13312 2013-06-15] (Microsoft Corporation)
S3 vmicguestinterface; C:\Windows\System32\ICSvc.dll [516096 2013-06-15] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [345336 2013-06-15] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [24576 2013-06-15] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-06-15] (Microsoft Corporation)
S4 WiTopiaService; C:\Program Files\WiTopia\WiTopiaService.exe [63064 2013-05-02] (SparkLabs)
R3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1292288 2013-06-15] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [788240 2013-06-15] (PMC-Sierra)
R1 ahcache; C:\Windows\System32\DRIVERS\ahcache.sys [77312 2013-06-15] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R2 ASMMAP64; C:\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [15416 2009-07-02] (ASUS)
R2 ASMMAP64; C:\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [15416 2009-07-02] (ASUS)
R1 ATKWMIACPIIO; C:\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)
R1 ATKWMIACPIIO; C:\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7323720 2012-12-19] (Broadcom Corporation)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2013-07-21] (Disc Soft Ltd)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [650736 2013-06-05] (Intel Corporation)
S0 intelpep; C:\Windows\System32\drivers\intelpep.sys [37640 2013-06-15] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81672 2013-06-15] (LSI Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-03-20] (Intel Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-06-15] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [88064 2013-06-15] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39712 2013-05-14] (NVIDIA Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [934152 2013-06-15] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [138752 2013-06-15] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [56584 2013-06-15] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [27912 2013-06-15] (Microsoft Corporation)
S3 visctap0901; C:\Windows\system32\DRIVERS\visctap0901.sys [38344 2013-05-02] (The OpenVPN Project)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [126216 2013-06-15] (Microsoft Corporation)
S3 aswMBR; \??\C:\Users\ALPINO\AppData\Local\Temp\aswMBR.sys [x]
U0 avc3;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-31 00:26 - 2013-07-31 00:26 - 00000000 ____D C:\FRST
2013-07-31 00:25 - 2013-07-31 00:25 - 01781589 _____ (Farbar) C:\Users\ALPINO\Desktop\FRST64.exe
2013-07-31 00:00 - 2013-07-31 00:31 - 00003022 _____ C:\WINDOWS\System32\Tasks\MSIAfterburner
2013-07-30 21:19 - 2013-07-30 21:29 - 00051474 _____ C:\WINDOWS\WindowsUpdate.log
2013-07-30 21:03 - 2013-07-30 21:03 - 00000000 ____D C:\Users\ALPINO\Desktop\RealBench_v1.1
2013-07-30 20:44 - 2013-07-30 20:44 - 00000000 ____D C:\Stinger_Quarantine
2013-07-30 20:43 - 2013-07-30 21:12 - 00000000 ____D C:\Program Files\stinger
2013-07-30 17:08 - 2013-07-30 17:08 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\WinPatrol
2013-07-30 17:07 - 2013-07-30 17:07 - 00000000 ____D C:\ProgramData\InstallMate
2013-07-30 17:07 - 2013-07-30 17:07 - 00000000 ____D C:\Program Files (x86)\BillP Studios
2013-07-30 15:57 - 2013-07-30 16:06 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-07-30 13:42 - 2013-07-30 13:42 - 00000000 ____D C:\NvidiaLogging
2013-07-30 13:42 - 2013-05-14 15:28 - 00039712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2013-07-30 13:42 - 2013-05-14 15:27 - 00029984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2013-07-30 13:42 - 2013-05-14 15:27 - 00028448 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2013-07-30 11:58 - 2013-07-30 11:58 - 00000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information
2013-07-30 11:58 - 2013-07-30 11:58 - 00000000 ___HD C:\ProgramData\CanonBJ
2013-07-30 11:58 - 2013-07-30 11:58 - 00000000 ___HD C:\Program Files\CanonBJ
2013-07-30 11:58 - 2007-10-22 14:00 - 00269824 _____ (CANON INC.) C:\WINDOWS\system32\CNMLM97.DLL
2013-07-30 05:29 - 2013-07-30 05:29 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Immunity Debugger
2013-07-30 05:28 - 2013-07-30 05:28 - 00000000 ____D C:\Program Files (x86)\Immunity Inc
2013-07-30 03:29 - 2013-07-30 03:29 - 00000000 ____D C:\Users\ALPINO\.ssh
2013-07-30 03:24 - 2013-07-30 03:42 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\GitHub
2013-07-30 03:24 - 2013-07-30 03:42 - 00000000 ____D C:\Users\ALPINO\AppData\Local\GitHub
2013-07-30 03:24 - 2013-07-30 03:30 - 00000000 ____D C:\Users\ALPINO\Documents\GitHub
2013-07-30 03:24 - 2013-07-30 03:24 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2013-07-30 03:24 - 2013-07-30 03:24 - 00000000 ____D C:\Users\ALPINO\AppData\Local\Deployment
2013-07-30 03:24 - 2013-07-30 03:24 - 00000000 ____D C:\Users\ALPINO\AppData\Local\Apps\2.0
2013-07-30 02:25 - 2013-07-30 02:28 - 00000000 ____D C:\Users\ALPINO\Documents\Security
2013-07-30 01:30 - 2013-07-30 21:15 - 00000000 ____D C:\WINDOWS\Minidump
2013-07-29 05:52 - 2013-07-29 05:52 - 00000000 _____ C:\Users\ALPINO\Desktop\New Text Document.txt
2013-07-29 04:58 - 1999-07-01 20:36 - 00162816 _____ C:\WINDOWS\wget.exe
2013-07-29 04:52 - 2013-07-29 05:23 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Wireshark
2013-07-29 04:50 - 2013-07-29 04:50 - 00000000 ____D C:\Program Files\Wireshark
2013-07-29 04:50 - 2013-07-29 04:50 - 00000000 ____D C:\Program Files (x86)\WinPcap
2013-07-29 04:22 - 2013-07-29 04:22 - 00000546 _____ C:\WINDOWS\SysWOW64\bufferpool.txt
2013-07-29 04:07 - 2013-07-29 04:07 - 00000000 ____D C:\WINDOWS\SysWOW64\Atheros_L1e
2013-07-28 21:41 - 2013-07-28 21:41 - 00006966 _____ C:\Users\ALPINO\AppData\Local\recently-used.xbel
2013-07-28 21:17 - 2013-07-28 21:38 - 00000000 ____D C:\Users\ALPINO\Downloads\Windows 7.ULTIMATE.SP1.ALL.EDITIONS.32-64.bit-MAFIAA
2013-07-27 18:00 - 2013-07-28 21:21 - 00000000 ____D C:\Users\ALPINO\Downloads\Red.Gate.Reflector.v7.5.2.1.Incl.Keygen-Lz0
2013-07-27 17:35 - 2013-07-30 23:40 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1926566171-1257342452-1398987820-1001UA.job
2013-07-27 17:35 - 2013-07-27 17:40 - 00000876 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1926566171-1257342452-1398987820-1001Core.job
2013-07-27 17:35 - 2013-07-27 17:35 - 00003876 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1926566171-1257342452-1398987820-1001UA
2013-07-27 17:35 - 2013-07-27 17:35 - 00003496 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1926566171-1257342452-1398987820-1001Core
2013-07-27 17:35 - 2013-07-27 17:35 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
2013-07-27 16:43 - 2013-07-27 17:46 - 00000000 ____D C:\Users\ALPINO\Downloads\Oblivion 2013 720p BRrip ac3 DiVERSiTY (MOTW)
2013-07-27 16:28 - 2013-07-27 16:46 - 00000000 ____D C:\Users\ALPINO\Downloads\The Evil Dead (1981) [1080p]
2013-07-27 15:26 - 2013-07-27 15:36 - 00000000 ____D C:\Users\ALPINO\Downloads\Evil.Dead.2013.1080p.BluRay.DTS.x264-PublicHD
2013-07-26 01:51 - 2013-07-26 01:51 - 00000000 ____D C:\Users\ALPINO\Documents\Virtual Machines
2013-07-26 01:48 - 2013-07-30 01:03 - 00000000 ____D C:\Users\ALPINO\AppData\Local\VMware
2013-07-26 01:46 - 2013-07-30 01:06 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\VMware
2013-07-25 22:49 - 2013-07-25 22:49 - 00000000 ____D C:\tools
2013-07-25 22:48 - 2013-07-25 22:48 - 00000000 ____D C:\KFU
2013-07-25 21:40 - 2013-07-28 21:21 - 00000000 ____D C:\WINDOWS\LastGood
2013-07-25 21:38 - 2013-07-25 21:41 - 00000000 ____D C:\Users\ALPINO\.android
2013-07-25 16:25 - 2013-07-25 17:15 - 1562378240 _____ C:\Users\ALPINO\Downloads\zorin-os-7-core-32.iso
2013-07-25 16:23 - 2013-07-25 16:23 - 00000000 ____D C:\Program Files\Common Files\VMware
2013-07-25 16:23 - 2013-02-26 02:29 - 00933968 _____ (VMware, Inc.) C:\WINDOWS\system32\vnetlib64.dll
2013-07-25 16:23 - 2013-02-26 02:28 - 00436304 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnat.exe
2013-07-25 16:23 - 2013-02-26 02:28 - 00357456 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnetdhcp.exe
2013-07-25 16:23 - 2013-02-26 02:28 - 00067664 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmx86.sys
2013-07-25 16:23 - 2013-02-26 02:28 - 00030800 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmnetuserif.sys
2013-07-25 16:23 - 2013-02-26 02:27 - 00033360 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\VMkbd.sys
2013-07-25 16:23 - 2012-10-24 14:17 - 00070296 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vsock.sys
2013-07-25 16:23 - 2012-10-24 14:17 - 00067224 _____ (VMware, Inc.) C:\WINDOWS\system32\vsocklib.dll
2013-07-25 16:23 - 2012-10-24 14:17 - 00063128 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vsocklib.dll
2013-07-25 16:23 - 2012-10-11 16:15 - 00052376 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\hcmon.sys
2013-07-25 16:22 - 2013-07-30 21:13 - 00000000 ____D C:\ProgramData\VMware
2013-07-25 16:22 - 2013-07-25 16:22 - 00000000 ____D C:\Program Files (x86)\VMware
2013-07-25 16:19 - 2013-07-25 16:19 - 00000815 _____ C:\Users\Public\Desktop\WiTopia.lnk
2013-07-25 16:19 - 2013-07-25 16:19 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\WiTopia
2013-07-25 16:19 - 2013-07-25 16:19 - 00000000 ____D C:\Program Files\WiTopia
2013-07-25 01:42 - 2013-07-25 01:45 - 00000000 ____D C:\Users\ALPINO\Downloads\Grown Ups 2 2013 READNFO TS XViD AC3-FREE
2013-07-24 19:40 - 2013-07-24 19:40 - 00000000 ____D C:\Users\ALPINO\Desktop\GAMES
2013-07-24 19:22 - 2013-07-29 01:03 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\NVIDIA
2013-07-24 19:22 - 2013-07-24 19:22 - 00000000 ____D C:\Users\ALPINO\AppData\Local\Logitech
2013-07-24 19:22 - 2013-07-24 19:22 - 00000000 ____D C:\Program Files\Logitech Gaming Software
2013-07-24 18:51 - 2013-07-24 18:51 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2013-07-24 18:49 - 2013-07-24 18:49 - 00000000 ____D C:\Users\ALPINO\Desktop\MSIAfterburnerSetup300Beta11
2013-07-24 18:48 - 2013-07-24 18:48 - 15851608 _____ C:\Users\ALPINO\Desktop\MSIAfterburnerSetup300Beta11.zip
2013-07-24 18:35 - 2013-07-24 18:35 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-07-24 18:34 - 2013-07-30 13:42 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-07-24 18:34 - 2013-07-25 16:29 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2013-07-24 18:34 - 2013-07-24 18:34 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-07-24 18:34 - 2013-07-13 21:17 - 00061216 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2013-07-24 18:34 - 2013-07-13 21:17 - 00053024 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2013-07-24 18:33 - 2013-07-13 21:17 - 29335328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2013-07-24 18:33 - 2013-07-13 21:17 - 25256224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2013-07-24 18:33 - 2013-07-13 21:17 - 22100256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2013-07-24 18:33 - 2013-07-13 21:17 - 17560352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2013-07-24 18:33 - 2013-07-13 21:17 - 13621504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2013-07-24 18:33 - 2013-07-13 21:17 - 12880928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2013-07-24 18:33 - 2013-07-13 21:17 - 11244320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2013-07-24 18:33 - 2013-07-13 21:17 - 09248072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2013-07-24 18:33 - 2013-07-13 21:17 - 07694808 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2013-07-24 18:33 - 2013-07-13 21:17 - 07648000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2013-07-24 18:33 - 2013-07-13 21:17 - 06329552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2013-07-24 18:33 - 2013-07-13 21:17 - 02968352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2013-07-24 18:33 - 2013-07-13 21:17 - 02789152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2013-07-24 18:33 - 2013-07-13 21:17 - 02630304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2013-07-24 18:33 - 2013-07-13 21:17 - 02007328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvenc.dll
2013-07-24 18:33 - 2013-07-13 21:17 - 02007328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvenc.dll
2013-07-24 18:33 - 2013-07-13 21:17 - 01882912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6432619.dll
2013-07-24 18:33 - 2013-07-13 21:17 - 01511712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6432619.dll
2013-07-24 18:33 - 2013-07-13 21:17 - 00632096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2013-07-24 18:33 - 2013-07-13 21:17 - 00603424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2013-07-24 18:33 - 2013-07-13 21:17 - 00517408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2013-07-24 18:33 - 2013-07-13 21:17 - 00515360 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2013-07-24 18:33 - 2013-07-13 21:17 - 00458528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2013-07-24 18:33 - 2013-07-13 21:17 - 00388384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2013-07-24 18:33 - 2013-06-16 08:38 - 00196384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2013-07-24 18:33 - 2013-06-16 08:38 - 00031520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2013-07-24 18:32 - 2013-07-30 19:19 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-24 18:32 - 2013-07-30 13:41 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-07-24 18:32 - 2013-07-13 15:49 - 06598432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2013-07-24 18:32 - 2013-07-13 15:49 - 03447072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2013-07-24 18:32 - 2013-07-13 15:48 - 02559776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2013-07-24 18:32 - 2013-07-13 15:48 - 00911136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2013-07-24 18:32 - 2013-07-13 15:48 - 00219424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2013-07-24 18:32 - 2013-07-13 15:48 - 00063776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2013-07-24 18:17 - 2013-07-24 18:22 - 235150888 _____ (NVIDIA Corporation) C:\Users\ALPINO\Desktop\326.19-notebook-win8-win7-64bit-international-beta.exe
2013-07-23 17:02 - 2013-07-12 00:46 - 22564864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-07-23 17:02 - 2013-07-11 23:37 - 16983552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-07-23 17:02 - 2013-07-11 22:34 - 04208128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2013-07-23 17:02 - 2013-07-11 22:23 - 01349120 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-07-23 17:02 - 2013-07-11 22:15 - 01140736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-07-23 17:02 - 2013-07-09 00:10 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeXmlParser.dll
2013-07-22 21:33 - 2013-07-22 21:33 - 00000000 ____D C:\.Trash-0
2013-07-22 16:17 - 2013-07-22 16:29 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\ImgBurn
2013-07-22 05:31 - 2013-07-30 21:09 - 00000000 ____D C:\Users\ALPINO\Desktop\DEVELOPMENT
2013-07-22 05:12 - 2013-07-22 05:13 - 00000455 _____ C:\Users\ALPINO\Desktop\KALI LINUX NOTES.txt
2013-07-22 02:55 - 2013-07-23 15:40 - 00000000 ___DC C:\WINDOWS\Panther
2013-07-22 02:55 - 2013-07-22 02:55 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2013-07-22 02:51 - 2013-07-22 02:51 - 00000000 ____D C:\Program Files\Synaptics
2013-07-22 02:51 - 2013-07-22 02:51 - 00000000 ____D C:\Program Files\Reference Assemblies
2013-07-22 02:51 - 2013-07-22 02:51 - 00000000 ____D C:\Program Files\MSBuild
2013-07-22 02:51 - 2013-07-22 02:51 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2013-07-22 02:51 - 2013-07-22 02:51 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-07-22 02:51 - 2013-05-28 21:35 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2013-07-22 02:51 - 2013-05-28 21:35 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2013-07-22 02:51 - 2013-05-28 21:35 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2013-07-22 02:51 - 2013-05-28 21:35 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-07-22 02:51 - 2013-05-28 21:35 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2013-07-22 02:51 - 2013-05-28 21:35 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2013-07-22 02:50 - 2013-07-23 18:18 - 00000000 ____D C:\Recovery
2013-07-22 02:50 - 2013-07-22 02:50 - 02208256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-07-22 02:50 - 2013-07-22 02:50 - 01788416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-07-22 02:50 - 2013-07-22 02:50 - 01538304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2013-07-22 02:50 - 2013-07-22 02:50 - 00395520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2013-07-22 01:22 - 2013-07-22 01:22 - 00177416 _____ C:\ProgramData\1374470482.bdinstall.bin
2013-07-22 00:57 - 2013-07-22 01:05 - 00000000 ____D C:\Users\ALPINO\Documents\Battlefield 2
2013-07-22 00:08 - 2013-07-22 01:35 - 00000000 ____D C:\Program Files (x86)\EA GAMES
2013-07-21 23:37 - 2013-07-03 02:47 - 13506048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2013-07-21 23:37 - 2013-07-03 02:23 - 17929216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2013-07-21 23:37 - 2013-06-29 00:03 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2013-07-21 23:37 - 2013-06-28 23:09 - 00294400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2013-07-21 23:37 - 2013-06-27 22:50 - 05636096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-07-21 23:37 - 2013-06-27 22:40 - 04246528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-07-21 23:37 - 2013-06-27 22:35 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2013-07-21 23:37 - 2013-06-27 22:27 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2013-07-21 23:37 - 2013-06-27 22:11 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2013-07-21 23:37 - 2013-06-27 21:55 - 00617472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2013-07-21 23:37 - 2013-06-27 21:54 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2013-07-21 23:37 - 2013-06-27 00:40 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2013-07-21 23:37 - 2013-06-27 00:16 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2013-07-21 23:37 - 2013-06-25 00:13 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-07-21 23:37 - 2013-06-24 23:50 - 11087872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-07-21 23:37 - 2013-06-21 05:57 - 00986440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2013-07-21 23:37 - 2013-06-21 05:57 - 00817504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2013-07-21 23:37 - 2013-06-21 05:57 - 00778264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2013-07-21 23:37 - 2013-06-21 05:57 - 00705936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2013-07-21 23:37 - 2013-06-21 03:27 - 00784408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2013-07-21 23:37 - 2013-06-21 03:27 - 00638256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2013-07-21 23:37 - 2013-06-21 03:27 - 00597992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2013-07-21 23:37 - 2013-06-21 03:27 - 00553056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2013-07-21 23:37 - 2013-06-20 02:59 - 12849152 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2013-07-21 23:37 - 2013-06-20 01:15 - 11428352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2013-07-21 23:37 - 2013-06-20 00:20 - 05914624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2013-07-21 23:37 - 2013-06-20 00:17 - 04016128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2013-07-21 23:35 - 2013-07-21 23:35 - 00078752 _____ (BitDefender) C:\WINDOWS\system32\Drivers\bdvedisk.sys
2013-07-21 23:34 - 2013-07-21 23:34 - 00283064 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtsoftbus01.sys
2013-07-21 23:29 - 2013-07-21 23:29 - 00421952 _____ C:\ProgramData\1374463289.bdinstall.bin
2013-07-21 23:21 - 2013-07-22 01:22 - 00000000 ____D C:\Program Files\Bitdefender
2013-07-21 23:09 - 2013-07-21 23:09 - 00001453 _____ C:\Users\ALPINO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-21 23:09 - 2013-07-21 23:09 - 00000020 ___SH C:\Users\ALPINO\ntuser.ini
2013-07-21 23:06 - 2013-07-21 23:06 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2013-07-21 23:03 - 2013-07-30 21:17 - 00869556 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-07-21 23:01 - 2013-07-30 04:17 - 00000000 ____D C:\Users\ALPINO

Patryk · Jul 31, 2013

2013-07-21 23:01 - 2013-07-21 23:01 - 00000000 ___RD C:\Users\ALPINO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-07-21 23:01 - 2013-07-21 23:01 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2013-07-21 23:01 - 2013-06-16 01:37 - 00000000 ___RD C:\Users\ALPINO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-07-21 23:01 - 2013-06-16 01:37 - 00000000 ___RD C:\Users\ALPINO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-07-21 23:01 - 2013-06-16 01:37 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-07-21 22:57 - 2013-07-21 23:06 - 00020958 _____ C:\WINDOWS\diagwrn.xml
2013-07-21 22:57 - 2013-07-21 23:06 - 00020958 _____ C:\WINDOWS\diagerr.xml
2013-07-21 22:56 - 2013-07-30 13:42 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-07-21 22:56 - 2013-07-21 22:56 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2013-07-21 22:56 - 2013-07-21 22:56 - 00000264 _____ C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job
2013-07-21 22:56 - 2013-07-21 22:56 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2013-07-21 22:56 - 2013-07-21 22:56 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2013-07-21 22:56 - 2013-07-21 22:56 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2013-07-21 22:56 - 2013-07-21 22:56 - 00000000 ____D C:\Program Files\Realtek
2013-07-21 21:16 - 2013-07-21 21:41 - 2056960000 _____ C:\Users\ALPINO\Downloads\Battlefield 2.iso
2013-07-21 21:08 - 2013-07-23 15:40 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\DAEMON Tools Lite
2013-07-21 21:08 - 2013-07-21 23:34 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-07-21 21:08 - 2013-07-21 21:08 - 00564824 _____ (Duplex Secure Ltd.) C:\WINDOWS\system32\Drivers\sptd.sys
2013-07-21 21:03 - 2013-07-21 23:34 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2013-07-21 19:54 - 2013-07-21 20:04 - 00000000 ____D C:\Users\ALPINO\AppData\Local\gtk-2.0
2013-07-21 19:54 - 2013-07-21 19:54 - 00000000 ____D C:\Users\ALPINO\.thumbnails
2013-07-21 19:53 - 2013-07-22 15:49 - 00000000 ____D C:\Users\ALPINO\.gimp-2.8
2013-07-21 19:53 - 2013-07-21 19:53 - 00000000 ____D C:\Users\ALPINO\AppData\Local\gegl-0.2
2013-07-21 19:52 - 2013-07-21 19:53 - 00000000 ____D C:\Program Files\GIMP 2
2013-07-20 03:43 - 2013-07-20 03:43 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Wargaming.net
2013-07-16 12:33 - 2013-07-16 12:40 - 00000041 _____ C:\Users\ALPINO\Desktop\FIOS.txt
2013-07-15 01:16 - 2013-02-27 15:37 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\WINDOWS\SysWOW64\CSVer.dll
2013-07-14 21:18 - 2013-07-14 21:18 - 00000000 ____D C:\Users\ALPINO\Documents\Arduino
2013-07-14 21:18 - 2013-07-14 21:18 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Arduino
2013-07-14 21:16 - 2013-07-14 21:16 - 00000000 ____D C:\Program Files (x86)\Arduino
2013-07-13 15:24 - 2013-07-13 15:24 - 00571168 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2013-07-12 03:56 - 2013-07-21 16:27 - 00089088 _____ C:\WINDOWS\system32\umstartup.etl
2013-07-11 15:14 - 2013-07-28 21:06 - 00000000 ____D C:\Program Files\Common Files\WiTopia
2013-07-11 15:13 - 2013-05-02 03:40 - 00038344 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\visctap0901.sys
2013-07-11 14:43 - 2013-07-11 14:43 - 00001024 _____ C:\.rnd
2013-07-10 02:55 - 2013-07-10 02:55 - 00000000 ____D C:\Python27
2013-07-10 02:41 - 2013-07-10 02:41 - 00000000 ____D C:\dd
2013-07-10 02:18 - 2013-07-10 02:18 - 00000000 ____D C:\Users\ALPINO\.idlerc
2013-07-10 01:51 - 2013-07-10 11:40 - 00000000 ____D C:\MP3
2013-07-10 01:51 - 2013-07-10 02:04 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Groovedown
2013-07-10 01:51 - 2013-07-10 01:51 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Groovedown_Uninstall
2013-07-09 20:44 - 2013-07-09 20:44 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-07-09 18:31 - 2013-02-27 11:17 - 06293504 ____N C:\G75VX.BIN
2013-07-09 17:24 - 2013-01-29 04:35 - 01510176 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2013-07-09 17:23 - 2013-07-13 21:17 - 15890648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2013-07-09 17:23 - 2013-07-13 21:17 - 15631064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2013-07-09 17:23 - 2013-07-13 21:17 - 02985648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2013-07-09 17:23 - 2013-07-13 21:17 - 00022581 _____ C:\WINDOWS\system32\nvinfo.pb
2013-07-09 17:23 - 2013-06-21 08:06 - 01832224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6432049.dll
2013-07-09 17:23 - 2013-06-21 08:06 - 01511712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6432049.dll
2013-07-09 17:17 - 2013-07-29 05:17 - 00000000 ____D C:\Program Files (x86)\Notepad++
2013-07-09 17:17 - 2013-07-09 17:18 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Notepad++
2013-07-09 17:17 - 2013-07-09 17:17 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2013-07-09 01:36 - 2013-07-09 01:36 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\ICSharpCode
2013-07-09 01:33 - 2013-07-09 01:33 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Telerik
2013-07-09 01:33 - 2013-07-09 01:33 - 00000000 ____D C:\Users\ALPINO\AppData\Local\Telerik_AD
2013-07-09 01:33 - 2013-07-09 01:33 - 00000000 ____D C:\Users\ALPINO\AppData\Local\IsolatedStorage
2013-07-09 01:23 - 2013-07-09 01:23 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\JetBrains
2013-07-09 01:23 - 2013-07-09 01:23 - 00000000 ____D C:\Users\ALPINO\AppData\Local\SymbolSourceSymbols
2013-07-09 01:23 - 2013-07-09 01:23 - 00000000 ____D C:\Users\ALPINO\AppData\Local\RefSrcSymbols
2013-07-09 01:23 - 2013-07-09 01:23 - 00000000 ____D C:\Users\ALPINO\AppData\Local\JetBrains
2013-07-09 01:22 - 2013-07-09 01:22 - 00000000 ____D C:\Program Files (x86)\JetBrains
2013-07-09 00:43 - 2013-07-30 16:49 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\vlc
2013-07-09 00:43 - 2013-07-09 00:43 - 00001267 _____ C:\Users\ALPINO\Desktop\vlc.lnk
2013-07-09 00:39 - 2013-06-11 10:21 - 00000000 ____D C:\Program Files\VLC
2013-07-08 06:11 - 2013-07-30 19:42 - 00000000 ____D C:\ProgramData\Package Cache
2013-07-08 06:11 - 2013-07-08 06:11 - 00000248 _____ C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2013-07-08 06:11 - 2013-07-08 06:11 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2013-07-08 06:11 - 2013-07-08 06:11 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2013-07-08 06:11 - 2013-07-08 06:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2013-07-08 06:11 - 2013-07-08 06:11 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-07-08 06:11 - 2013-03-20 15:45 - 00016344 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\IntelMEFWVer.dll
2013-07-08 06:08 - 2013-07-30 19:42 - 00000000 ____D C:\Program Files (x86)\Intel
2013-07-08 06:08 - 2013-07-08 06:11 - 00000000 ____D C:\uninstall
2013-07-08 06:08 - 2013-07-08 06:08 - 00000000 ____D C:\Intel
2013-07-08 05:09 - 2013-07-22 02:54 - 00015648 _____ C:\WINDOWS\system32\Drivers\nvflash.sys
2013-07-08 04:14 - 2013-07-08 04:14 - 00000000 ____D C:\Users\ALPINO\AppData\Local\Realmware
2013-07-08 03:42 - 2013-07-08 03:42 - 00002774 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2013-07-08 03:42 - 2013-07-08 03:42 - 00000000 ____D C:\Program Files\CCleaner
2013-07-08 02:50 - 2013-07-08 02:50 - 00000000 ____D C:\Program Files\CPUID
2013-07-07 22:10 - 2013-07-07 22:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-02 23:10 - 2013-07-02 23:10 - 00867240 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\npDeployJava1.dll
2013-07-02 23:10 - 2013-07-02 23:10 - 00789416 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\deployJava1.dll
2013-07-02 23:10 - 2013-07-02 23:10 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2013-07-02 23:10 - 2013-07-02 23:10 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2013-07-02 23:10 - 2013-07-02 23:10 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2013-07-02 23:10 - 2013-07-02 23:10 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2013-07-02 23:10 - 2013-07-02 23:10 - 00000000 ____D C:\ProgramData\Sun
2013-07-02 23:10 - 2013-07-02 23:10 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-02 22:58 - 2013-07-31 00:31 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2013-07-02 22:58 - 2013-07-20 02:55 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2013-07-02 22:51 - 2013-07-07 20:51 - 00000000 ____D C:\Users\ALPINO\Heaven
2013-07-02 22:50 - 2013-07-22 03:44 - 01065984 _____ C:\Users\ALPINO\AppData\Local\file__0.localstorage
2013-07-02 22:49 - 2013-07-02 22:49 - 00000000 ____D C:\Program Files (x86)\Unigine
==================== One Month Modified Files and Folders =======
2013-07-31 00:31 - 2013-07-31 00:00 - 00003022 _____ C:\WINDOWS\System32\Tasks\MSIAfterburner
2013-07-31 00:31 - 2013-07-02 22:58 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2013-07-31 00:26 - 2013-07-31 00:26 - 00000000 ____D C:\FRST
2013-07-31 00:25 - 2013-07-31 00:25 - 01781589 _____ (Farbar) C:\Users\ALPINO\Desktop\FRST64.exe
2013-07-31 00:19 - 2013-06-02 14:04 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-31 00:00 - 2013-06-16 01:37 - 00000000 ____D C:\WINDOWS\system32\sru
2013-07-30 23:58 - 2013-06-10 10:24 - 00290184 _____ C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2013-07-30 23:58 - 2013-06-10 09:22 - 00290184 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2013-07-30 23:58 - 2013-06-10 09:22 - 00280904 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2013-07-30 23:43 - 2013-06-07 12:03 - 00000000 ____D C:\Program Files (x86)\Origin
2013-07-30 23:40 - 2013-07-27 17:35 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1926566171-1257342452-1398987820-1001UA.job
2013-07-30 21:29 - 2013-07-30 21:19 - 00051474 _____ C:\WINDOWS\WindowsUpdate.log
2013-07-30 21:29 - 2013-06-03 00:51 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1926566171-1257342452-1398987820-1001
2013-07-30 21:19 - 2013-06-02 14:04 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-30 21:19 - 2013-06-02 14:04 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-30 21:17 - 2013-07-21 23:03 - 00869556 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-07-30 21:15 - 2013-07-30 01:30 - 00000000 ____D C:\WINDOWS\Minidump
2013-07-30 21:13 - 2013-07-25 16:22 - 00000000 ____D C:\ProgramData\VMware
2013-07-30 21:13 - 2013-06-16 00:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-07-30 21:12 - 2013-07-30 20:43 - 00000000 ____D C:\Program Files\stinger
2013-07-30 21:12 - 2013-06-15 23:17 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2013-07-30 21:12 - 2013-06-03 01:05 - 00000000 ___RD C:\Users\ALPINO\Desktop\PROGS
2013-07-30 21:09 - 2013-07-22 05:31 - 00000000 ____D C:\Users\ALPINO\Desktop\DEVELOPMENT
2013-07-30 21:03 - 2013-07-30 21:03 - 00000000 ____D C:\Users\ALPINO\Desktop\RealBench_v1.1
2013-07-30 20:44 - 2013-07-30 20:44 - 00000000 ____D C:\Stinger_Quarantine
2013-07-30 19:42 - 2013-07-08 06:11 - 00000000 ____D C:\ProgramData\Package Cache
2013-07-30 19:42 - 2013-07-08 06:08 - 00000000 ____D C:\Program Files (x86)\Intel
2013-07-30 19:19 - 2013-07-24 18:32 - 00000000 ____D C:\ProgramData\NVIDIA
2013-07-30 17:08 - 2013-07-30 17:08 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\WinPatrol
2013-07-30 17:07 - 2013-07-30 17:07 - 00000000 ____D C:\ProgramData\InstallMate
2013-07-30 17:07 - 2013-07-30 17:07 - 00000000 ____D C:\Program Files (x86)\BillP Studios
2013-07-30 16:49 - 2013-07-09 00:43 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\vlc
2013-07-30 16:06 - 2013-07-30 15:57 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-07-30 13:42 - 2013-07-30 13:42 - 00000000 ____D C:\NvidiaLogging
2013-07-30 13:42 - 2013-07-24 18:34 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-07-30 13:42 - 2013-07-21 22:56 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-07-30 13:42 - 2013-06-10 08:51 - 00000000 ____D C:\Users\ALPINO\AppData\Local\NVIDIA
2013-07-30 13:41 - 2013-07-24 18:32 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-07-30 12:31 - 2013-06-02 19:19 - 00000000 ____D C:\Users\ALPINO\AppData\Local\VirtualStore
2013-07-30 11:58 - 2013-07-30 11:58 - 00000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information
2013-07-30 11:58 - 2013-07-30 11:58 - 00000000 ___HD C:\ProgramData\CanonBJ
2013-07-30 11:58 - 2013-07-30 11:58 - 00000000 ___HD C:\Program Files\CanonBJ
2013-07-30 05:29 - 2013-07-30 05:29 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Immunity Debugger
2013-07-30 05:28 - 2013-07-30 05:28 - 00000000 ____D C:\Program Files (x86)\Immunity Inc
2013-07-30 04:17 - 2013-07-21 23:01 - 00000000 ____D C:\Users\ALPINO
2013-07-30 03:42 - 2013-07-30 03:24 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\GitHub
2013-07-30 03:42 - 2013-07-30 03:24 - 00000000 ____D C:\Users\ALPINO\AppData\Local\GitHub
2013-07-30 03:30 - 2013-07-30 03:24 - 00000000 ____D C:\Users\ALPINO\Documents\GitHub
2013-07-30 03:29 - 2013-07-30 03:29 - 00000000 ____D C:\Users\ALPINO\.ssh
2013-07-30 03:24 - 2013-07-30 03:24 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2013-07-30 03:24 - 2013-07-30 03:24 - 00000000 ____D C:\Users\ALPINO\AppData\Local\Deployment
2013-07-30 03:24 - 2013-07-30 03:24 - 00000000 ____D C:\Users\ALPINO\AppData\Local\Apps\2.0
2013-07-30 02:28 - 2013-07-30 02:25 - 00000000 ____D C:\Users\ALPINO\Documents\Security
2013-07-30 01:06 - 2013-07-26 01:46 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\VMware
2013-07-30 01:03 - 2013-07-26 01:48 - 00000000 ____D C:\Users\ALPINO\AppData\Local\VMware
2013-07-29 05:52 - 2013-07-29 05:52 - 00000000 _____ C:\Users\ALPINO\Desktop\New Text Document.txt
2013-07-29 05:33 - 2013-06-16 01:37 - 00000000 ____D C:\WINDOWS\system32\NDF
2013-07-29 05:23 - 2013-07-29 04:52 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Wireshark
2013-07-29 05:17 - 2013-07-09 17:17 - 00000000 ____D C:\Program Files (x86)\Notepad++
2013-07-29 04:50 - 2013-07-29 04:50 - 00000000 ____D C:\Program Files\Wireshark
2013-07-29 04:50 - 2013-07-29 04:50 - 00000000 ____D C:\Program Files (x86)\WinPcap
2013-07-29 04:22 - 2013-07-29 04:22 - 00000546 _____ C:\WINDOWS\SysWOW64\bufferpool.txt
2013-07-29 04:07 - 2013-07-29 04:07 - 00000000 ____D C:\WINDOWS\SysWOW64\Atheros_L1e
2013-07-29 04:07 - 2013-06-03 01:50 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-07-29 01:03 - 2013-07-24 19:22 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\NVIDIA
2013-07-29 00:04 - 2013-06-10 08:29 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\foobar2000
2013-07-28 21:41 - 2013-07-28 21:41 - 00006966 _____ C:\Users\ALPINO\AppData\Local\recently-used.xbel
2013-07-28 21:41 - 2013-06-10 05:38 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\deluge
2013-07-28 21:38 - 2013-07-28 21:17 - 00000000 ____D C:\Users\ALPINO\Downloads\Windows 7.ULTIMATE.SP1.ALL.EDITIONS.32-64.bit-MAFIAA
2013-07-28 21:21 - 2013-07-27 18:00 - 00000000 ____D C:\Users\ALPINO\Downloads\Red.Gate.Reflector.v7.5.2.1.Incl.Keygen-Lz0
2013-07-28 21:21 - 2013-07-25 21:40 - 00000000 ____D C:\WINDOWS\LastGood
2013-07-28 21:06 - 2013-07-11 15:14 - 00000000 ____D C:\Program Files\Common Files\WiTopia
2013-07-27 17:46 - 2013-07-27 16:43 - 00000000 ____D C:\Users\ALPINO\Downloads\Oblivion 2013 720p BRrip ac3 DiVERSiTY (MOTW)
2013-07-27 17:40 - 2013-07-27 17:35 - 00000876 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1926566171-1257342452-1398987820-1001Core.job
2013-07-27 17:35 - 2013-07-27 17:35 - 00003876 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1926566171-1257342452-1398987820-1001UA
2013-07-27 17:35 - 2013-07-27 17:35 - 00003496 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1926566171-1257342452-1398987820-1001Core
2013-07-27 17:35 - 2013-07-27 17:35 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
2013-07-27 17:35 - 2013-06-02 14:04 - 00000000 ____D C:\Users\ALPINO\AppData\Local\Google
2013-07-27 17:30 - 2013-06-03 01:06 - 00000000 ____D C:\PICTUREZ
2013-07-27 16:46 - 2013-07-27 16:28 - 00000000 ____D C:\Users\ALPINO\Downloads\The Evil Dead (1981) [1080p]
2013-07-27 15:36 - 2013-07-27 15:26 - 00000000 ____D C:\Users\ALPINO\Downloads\Evil.Dead.2013.1080p.BluRay.DTS.x264-PublicHD
2013-07-26 01:51 - 2013-07-26 01:51 - 00000000 ____D C:\Users\ALPINO\Documents\Virtual Machines
2013-07-25 22:49 - 2013-07-25 22:49 - 00000000 ____D C:\tools
2013-07-25 22:48 - 2013-07-25 22:48 - 00000000 ____D C:\KFU
2013-07-25 21:41 - 2013-07-25 21:38 - 00000000 ____D C:\Users\ALPINO\.android
2013-07-25 17:15 - 2013-07-25 16:25 - 1562378240 _____ C:\Users\ALPINO\Downloads\zorin-os-7-core-32.iso
2013-07-25 16:29 - 2013-07-24 18:34 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2013-07-25 16:29 - 2013-06-02 15:00 - 00000000 ____D C:\Users\ALPINO\Desktop\ANTI MALWARE
2013-07-25 16:23 - 2013-07-25 16:23 - 00000000 ____D C:\Program Files\Common Files\VMware
2013-07-25 16:23 - 2013-06-03 01:53 - 00883630 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2013-07-25 16:22 - 2013-07-25 16:22 - 00000000 ____D C:\Program Files (x86)\VMware
2013-07-25 16:19 - 2013-07-25 16:19 - 00000815 _____ C:\Users\Public\Desktop\WiTopia.lnk
2013-07-25 16:19 - 2013-07-25 16:19 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\WiTopia
2013-07-25 16:19 - 2013-07-25 16:19 - 00000000 ____D C:\Program Files\WiTopia
2013-07-25 01:45 - 2013-07-25 01:42 - 00000000 ____D C:\Users\ALPINO\Downloads\Grown Ups 2 2013 READNFO TS XViD AC3-FREE
2013-07-24 19:40 - 2013-07-24 19:40 - 00000000 ____D C:\Users\ALPINO\Desktop\GAMES
2013-07-24 19:22 - 2013-07-24 19:22 - 00000000 ____D C:\Users\ALPINO\AppData\Local\Logitech
2013-07-24 19:22 - 2013-07-24 19:22 - 00000000 ____D C:\Program Files\Logitech Gaming Software
2013-07-24 19:22 - 2013-06-12 15:38 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Logishrd
2013-07-24 18:51 - 2013-07-24 18:51 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2013-07-24 18:49 - 2013-07-24 18:49 - 00000000 ____D C:\Users\ALPINO\Desktop\MSIAfterburnerSetup300Beta11
2013-07-24 18:48 - 2013-07-24 18:48 - 15851608 _____ C:\Users\ALPINO\Desktop\MSIAfterburnerSetup300Beta11.zip
2013-07-24 18:35 - 2013-07-24 18:35 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-07-24 18:34 - 2013-07-24 18:34 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2013-07-24 18:32 - 2013-06-16 01:37 - 00000000 ____D C:\WINDOWS\Help
2013-07-24 18:22 - 2013-07-24 18:17 - 235150888 _____ (NVIDIA Corporation) C:\Users\ALPINO\Desktop\326.19-notebook-win8-win7-64bit-international-beta.exe
2013-07-24 17:39 - 2013-06-04 03:09 - 00000000 ____D C:\Program Files (x86)\EVGA Precision X
2013-07-24 17:38 - 2013-06-04 03:10 - 00003022 _____ C:\WINDOWS\System32\Tasks\EVGAPrecision
2013-07-24 17:31 - 2013-06-16 01:37 - 00000000 ____D C:\WINDOWS\AppReadiness
2013-07-24 17:25 - 2013-06-30 02:34 - 00000000 ____D C:\Program Files (x86)\ASUS
2013-07-24 15:24 - 2013-06-02 19:19 - 00000000 ____D C:\Users\ALPINO\AppData\Local\Packages
2013-07-24 06:12 - 2013-06-16 01:37 - 00000000 ____D C:\WINDOWS\rescache
2013-07-23 22:05 - 2012-07-26 01:37 - 00000000 ____D C:\Users\Default.migrated
2013-07-23 18:18 - 2013-07-22 02:50 - 00000000 ____D C:\Recovery
2013-07-23 15:40 - 2013-07-22 02:55 - 00000000 ___DC C:\WINDOWS\Panther
2013-07-23 15:40 - 2013-07-21 21:08 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\DAEMON Tools Lite
2013-07-22 21:33 - 2013-07-22 21:33 - 00000000 ____D C:\.Trash-0
2013-07-22 16:29 - 2013-07-22 16:17 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\ImgBurn
2013-07-22 16:12 - 2013-06-02 19:19 - 00000000 ___RD C:\Users\ALPINO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-22 15:49 - 2013-07-21 19:53 - 00000000 ____D C:\Users\ALPINO\.gimp-2.8
2013-07-22 05:13 - 2013-07-22 05:12 - 00000455 _____ C:\Users\ALPINO\Desktop\KALI LINUX NOTES.txt
2013-07-22 03:50 - 2013-06-02 19:19 - 00000000 ____D C:\ProgramData\PRICache
2013-07-22 03:44 - 2013-07-02 22:50 - 01065984 _____ C:\Users\ALPINO\AppData\Local\file__0.localstorage
2013-07-22 02:55 - 2013-07-22 02:55 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2013-07-22 02:55 - 2013-06-16 01:37 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
2013-07-22 02:54 - 2013-07-08 05:09 - 00015648 _____ C:\WINDOWS\system32\Drivers\nvflash.sys
2013-07-22 02:51 - 2013-07-22 02:51 - 00000000 ____D C:\Program Files\Synaptics
2013-07-22 02:51 - 2013-07-22 02:51 - 00000000 ____D C:\Program Files\Reference Assemblies
2013-07-22 02:51 - 2013-07-22 02:51 - 00000000 ____D C:\Program Files\MSBuild
2013-07-22 02:51 - 2013-07-22 02:51 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2013-07-22 02:51 - 2013-07-22 02:51 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-07-22 02:50 - 2013-07-22 02:50 - 02208256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-07-22 02:50 - 2013-07-22 02:50 - 01788416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-07-22 02:50 - 2013-07-22 02:50 - 01538304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2013-07-22 02:50 - 2013-07-22 02:50 - 00395520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2013-07-22 02:12 - 2013-06-10 09:22 - 00076888 _____ C:\WINDOWS\SysWOW64\PnkBstrA.exe
2013-07-22 01:35 - 2013-07-22 00:08 - 00000000 ____D C:\Program Files (x86)\EA GAMES
2013-07-22 01:22 - 2013-07-22 01:22 - 00177416 _____ C:\ProgramData\1374470482.bdinstall.bin
2013-07-22 01:22 - 2013-07-21 23:21 - 00000000 ____D C:\Program Files\Bitdefender
2013-07-22 01:22 - 2013-06-03 00:59 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2013-07-22 01:22 - 2012-07-26 04:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2013-07-22 01:13 - 2013-06-08 09:07 - 00000000 ____D C:\Users\ALPINO\Desktop\Pat
2013-07-22 01:05 - 2013-07-22 00:57 - 00000000 ____D C:\Users\ALPINO\Documents\Battlefield 2
2013-07-22 01:05 - 2013-06-10 10:24 - 00000000 ____D C:\Users\ALPINO\AppData\Local\PunkBuster
2013-07-22 00:16 - 2013-06-15 23:17 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2013-07-22 00:13 - 2013-06-07 12:10 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Origin
2013-07-22 00:13 - 2013-06-07 12:10 - 00000000 ____D C:\Users\ALPINO\AppData\Local\Origin
2013-07-22 00:11 - 2013-06-16 01:37 - 00000000 ___RD C:\WINDOWS\ToastData
2013-07-21 23:53 - 2013-06-16 01:37 - 00000000 ____D C:\WINDOWS\WinStore
2013-07-21 23:35 - 2013-07-21 23:35 - 00078752 _____ (BitDefender) C:\WINDOWS\system32\Drivers\bdvedisk.sys
2013-07-21 23:34 - 2013-07-21 23:34 - 00283064 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtsoftbus01.sys
2013-07-21 23:34 - 2013-07-21 21:08 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-07-21 23:34 - 2013-07-21 21:03 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2013-07-21 23:29 - 2013-07-21 23:29 - 00421952 _____ C:\ProgramData\1374463289.bdinstall.bin
2013-07-21 23:09 - 2013-07-21 23:09 - 00001453 _____ C:\Users\ALPINO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-21 23:09 - 2013-07-21 23:09 - 00000020 ___SH C:\Users\ALPINO\ntuser.ini
2013-07-21 23:09 - 2013-06-16 01:37 - 00000000 ____D C:\WINDOWS\system32\restore
2013-07-21 23:09 - 2013-06-16 01:37 - 00000000 ____D C:\WINDOWS\FileManager
2013-07-21 23:09 - 2013-06-16 01:37 - 00000000 ____D C:\WINDOWS\Camera
2013-07-21 23:09 - 2013-06-02 19:19 - 00000000 ___RD C:\Users\ALPINO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-07-21 23:07 - 2013-06-16 01:37 - 00000000 ____D C:\WINDOWS\Registration
2013-07-21 23:06 - 2013-07-21 23:06 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2013-07-21 23:06 - 2013-07-21 22:57 - 00020958 _____ C:\WINDOWS\diagwrn.xml
2013-07-21 23:06 - 2013-07-21 22:57 - 00020958 _____ C:\WINDOWS\diagerr.xml
2013-07-21 23:06 - 2013-06-16 01:37 - 00000000 __RSD C:\WINDOWS\Media
2013-07-21 23:06 - 2013-06-16 01:37 - 00000000 __RHD C:\Users\Public\Libraries
2013-07-21 23:02 - 2013-06-16 01:37 - 00000000 ____D C:\WINDOWS\tracing
2013-07-21 23:01 - 2013-07-21 23:01 - 00000000 ___RD C:\Users\ALPINO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-07-21 23:01 - 2013-07-21 23:01 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2013-07-21 23:01 - 2013-06-16 04:31 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2013-07-21 23:01 - 2013-06-16 04:31 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2013-07-21 23:01 - 2013-06-16 04:31 - 00000000 ____D C:\WINDOWS\system32\WCN
2013-07-21 23:01 - 2013-06-16 01:40 - 00000000 ____D C:\WINDOWS\DigitalLocker
2013-07-21 23:01 - 2013-06-16 01:37 - 00000000 __SHD C:\Program Files\Windows Sidebar
2013-07-21 23:01 - 2013-06-16 01:37 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2013-07-21 23:01 - 2013-06-16 01:37 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2013-07-21 23:01 - 2013-06-16 01:37 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2013-07-21 23:01 - 2013-06-16 01:37 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2013-07-21 23:01 - 2013-06-16 01:37 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2013-07-21 23:01 - 2013-06-16 01:37 - 00000000 ____D C:\WINDOWS\system32\spool
2013-07-21 23:01 - 2013-06-16 01:37 - 00000000 ____D C:\WINDOWS\system32\Recovery
2013-07-21 23:01 - 2013-06-16 01:37 - 00000000 ____D C:\WINDOWS\system32\MUI
2013-07-21 23:01 - 2013-06-16 01:37 - 00000000 ____D C:\WINDOWS\system32\IME
2013-07-21 23:01 - 2013-06-16 01:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-07-21 23:01 - 2013-06-15 23:28 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2013-07-21 23:01 - 2013-06-10 08:48 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InfraRecorder
2013-07-21 23:01 - 2013-06-06 01:50 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Newsbin6
2013-07-21 22:57 - 2013-06-15 23:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2013-07-21 22:56 - 2013-07-21 22:56 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2013-07-21 22:56 - 2013-07-21 22:56 - 00000264 _____ C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job
2013-07-21 22:56 - 2013-07-21 22:56 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2013-07-21 22:56 - 2013-07-21 22:56 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2013-07-21 22:56 - 2013-07-21 22:56 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2013-07-21 22:56 - 2013-07-21 22:56 - 00000000 ____D C:\Program Files\Realtek
2013-07-21 22:56 - 2013-06-15 23:28 - 00000000 __RHD C:\Users\Default
2013-07-21 21:41 - 2013-07-21 21:16 - 2056960000 _____ C:\Users\ALPINO\Downloads\Battlefield 2.iso
2013-07-21 21:08 - 2013-07-21 21:08 - 00564824 _____ (Duplex Secure Ltd.) C:\WINDOWS\system32\Drivers\sptd.sys
2013-07-21 20:04 - 2013-07-21 19:54 - 00000000 ____D C:\Users\ALPINO\AppData\Local\gtk-2.0
2013-07-21 19:54 - 2013-07-21 19:54 - 00000000 ____D C:\Users\ALPINO\.thumbnails
2013-07-21 19:53 - 2013-07-21 19:53 - 00000000 ____D C:\Users\ALPINO\AppData\Local\gegl-0.2
2013-07-21 19:53 - 2013-07-21 19:52 - 00000000 ____D C:\Program Files\GIMP 2
2013-07-21 16:27 - 2013-07-12 03:56 - 00089088 _____ C:\WINDOWS\system32\umstartup.etl
2013-07-20 03:43 - 2013-07-20 03:43 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Wargaming.net
2013-07-20 02:55 - 2013-07-02 22:58 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2013-07-20 02:55 - 2013-06-03 03:20 - 00000000 ____D C:\Games
2013-07-16 12:40 - 2013-07-16 12:33 - 00000041 _____ C:\Users\ALPINO\Desktop\FIOS.txt
2013-07-14 21:18 - 2013-07-14 21:18 - 00000000 ____D C:\Users\ALPINO\Documents\Arduino
2013-07-14 21:18 - 2013-07-14 21:18 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Arduino
2013-07-14 21:16 - 2013-07-14 21:16 - 00000000 ____D C:\Program Files (x86)\Arduino
2013-07-14 21:14 - 2013-06-02 14:04 - 00003886 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-14 21:14 - 2013-06-02 14:04 - 00003650 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-13 21:17 - 2013-07-24 18:34 - 00061216 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2013-07-13 21:17 - 2013-07-24 18:34 - 00053024 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2013-07-13 21:17 - 2013-07-24 18:33 - 29335328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2013-07-13 21:17 - 2013-07-24 18:33 - 25256224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2013-07-13 21:17 - 2013-07-24 18:33 - 22100256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2013-07-13 21:17 - 2013-07-24 18:33 - 17560352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2013-07-13 21:17 - 2013-07-24 18:33 - 13621504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2013-07-13 21:17 - 2013-07-24 18:33 - 12880928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2013-07-13 21:17 - 2013-07-24 18:33 - 11244320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2013-07-13 21:17 - 2013-07-24 18:33 - 09248072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2013-07-13 21:17 - 2013-07-24 18:33 - 07694808 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2013-07-13 21:17 - 2013-07-24 18:33 - 07648000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2013-07-13 21:17 - 2013-07-24 18:33 - 06329552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2013-07-13 21:17 - 2013-07-24 18:33 - 02968352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2013-07-13 21:17 - 2013-07-24 18:33 - 02789152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2013-07-13 21:17 - 2013-07-24 18:33 - 02630304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2013-07-13 21:17 - 2013-07-24 18:33 - 02007328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvenc.dll
2013-07-13 21:17 - 2013-07-24 18:33 - 02007328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvenc.dll
2013-07-13 21:17 - 2013-07-24 18:33 - 01882912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6432619.dll
2013-07-13 21:17 - 2013-07-24 18:33 - 01511712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6432619.dll
2013-07-13 21:17 - 2013-07-24 18:33 - 00632096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2013-07-13 21:17 - 2013-07-24 18:33 - 00603424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2013-07-13 21:17 - 2013-07-24 18:33 - 00517408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2013-07-13 21:17 - 2013-07-24 18:33 - 00515360 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2013-07-13 21:17 - 2013-07-24 18:33 - 00458528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2013-07-13 21:17 - 2013-07-24 18:33 - 00388384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2013-07-13 21:17 - 2013-07-09 17:23 - 15890648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2013-07-13 21:17 - 2013-07-09 17:23 - 15631064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2013-07-13 21:17 - 2013-07-09 17:23 - 02985648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2013-07-13 21:17 - 2013-07-09 17:23 - 00022581 _____ C:\WINDOWS\system32\nvinfo.pb
2013-07-13 15:49 - 2013-07-24 18:32 - 06598432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2013-07-13 15:49 - 2013-07-24 18:32 - 03447072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2013-07-13 15:48 - 2013-07-24 18:32 - 02559776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2013-07-13 15:48 - 2013-07-24 18:32 - 00911136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2013-07-13 15:48 - 2013-07-24 18:32 - 00219424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2013-07-13 15:48 - 2013-07-24 18:32 - 00063776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2013-07-13 15:24 - 2013-07-13 15:24 - 00571168 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2013-07-12 00:46 - 2013-07-23 17:02 - 22564864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-07-11 23:37 - 2013-07-23 17:02 - 16983552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-07-11 22:34 - 2013-07-23 17:02 - 04208128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2013-07-11 22:23 - 2013-07-23 17:02 - 01349120 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-07-11 22:15 - 2013-07-23 17:02 - 01140736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-07-11 14:43 - 2013-07-11 14:43 - 00001024 _____ C:\.rnd
2013-07-10 11:40 - 2013-07-10 01:51 - 00000000 ____D C:\MP3
2013-07-10 02:55 - 2013-07-10 02:55 - 00000000 ____D C:\Python27
2013-07-10 02:41 - 2013-07-10 02:41 - 00000000 ____D C:\dd
2013-07-10 02:18 - 2013-07-10 02:18 - 00000000 ____D C:\Users\ALPINO\.idlerc
2013-07-10 02:04 - 2013-07-10 01:51 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Groovedown
2013-07-10 01:51 - 2013-07-10 01:51 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Groovedown_Uninstall
2013-07-09 20:44 - 2013-07-09 20:44 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-07-09 18:36 - 2013-06-04 02:55 - 00000000 ____D C:\ASUS
2013-07-09 17:18 - 2013-07-09 17:17 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Notepad++
2013-07-09 17:17 - 2013-07-09 17:17 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2013-07-09 01:36 - 2013-07-09 01:36 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\ICSharpCode
2013-07-09 01:33 - 2013-07-09 01:33 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\Telerik
2013-07-09 01:33 - 2013-07-09 01:33 - 00000000 ____D C:\Users\ALPINO\AppData\Local\Telerik_AD
2013-07-09 01:33 - 2013-07-09 01:33 - 00000000 ____D C:\Users\ALPINO\AppData\Local\IsolatedStorage
2013-07-09 01:23 - 2013-07-09 01:23 - 00000000 ____D C:\Users\ALPINO\AppData\Roaming\JetBrains
2013-07-09 01:23 - 2013-07-09 01:23 - 00000000 ____D C:\Users\ALPINO\AppData\Local\SymbolSourceSymbols
2013-07-09 01:23 - 2013-07-09 01:23 - 00000000 ____D C:\Users\ALPINO\AppData\Local\RefSrcSymbols
2013-07-09 01:23 - 2013-07-09 01:23 - 00000000 ____D C:\Users\ALPINO\AppData\Local\JetBrains
2013-07-09 01:22 - 2013-07-09 01:22 - 00000000 ____D C:\Program Files (x86)\JetBrains
2013-07-09 00:50 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-07-09 00:43 - 2013-07-09 00:43 - 00001267 _____ C:\Users\ALPINO\Desktop\vlc.lnk
2013-07-09 00:10 - 2013-07-23 17:02 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeXmlParser.dll
2013-07-08 06:11 - 2013-07-08 06:11 - 00000248 _____ C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2013-07-08 06:11 - 2013-07-08 06:11 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2013-07-08 06:11 - 2013-07-08 06:11 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2013-07-08 06:11 - 2013-07-08 06:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2013-07-08 06:11 - 2013-07-08 06:11 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-07-08 06:11 - 2013-07-08 06:08 - 00000000 ____D C:\uninstall
2013-07-08 06:11 - 2013-06-03 01:53 - 00000000 ____D C:\ProgramData\Intel
2013-07-08 06:08 - 2013-07-08 06:08 - 00000000 ____D C:\Intel
2013-07-08 04:14 - 2013-07-08 04:14 - 00000000 ____D C:\Users\ALPINO\AppData\Local\Realmware
2013-07-08 03:42 - 2013-07-08 03:42 - 00002774 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2013-07-08 03:42 - 2013-07-08 03:42 - 00000000 ____D C:\Program Files\CCleaner
2013-07-08 02:50 - 2013-07-08 02:50 - 00000000 ____D C:\Program Files\CPUID
2013-07-08 01:11 - 2013-06-03 01:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-07 22:10 - 2013-07-07 22:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-07 20:51 - 2013-07-02 22:51 - 00000000 ____D C:\Users\ALPINO\Heaven
2013-07-03 02:47 - 2013-07-21 23:37 - 13506048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2013-07-03 02:23 - 2013-07-21 23:37 - 17929216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2013-07-02 23:10 - 2013-07-02 23:10 - 00867240 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\npDeployJava1.dll
2013-07-02 23:10 - 2013-07-02 23:10 - 00789416 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\deployJava1.dll
2013-07-02 23:10 - 2013-07-02 23:10 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2013-07-02 23:10 - 2013-07-02 23:10 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2013-07-02 23:10 - 2013-07-02 23:10 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2013-07-02 23:10 - 2013-07-02 23:10 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2013-07-02 23:10 - 2013-07-02 23:10 - 00000000 ____D C:\ProgramData\Sun
2013-07-02 23:10 - 2013-07-02 23:10 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-02 22:53 - 2012-07-26 04:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2013-07-02 22:49 - 2013-07-02 22:49 - 00000000 ____D C:\Program Files (x86)\Unigine
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe
[2013-06-15 18:48] - [2013-06-15 18:48] - 0558080 ____A (Microsoft Corporation) DEB887EA2EBEDF01644A200B4BDB181B
C:\Windows\System32\wininit.exe
[2013-06-15 18:52] - [2013-06-15 18:52] - 0145408 ____A (Microsoft Corporation) CACA6578AF9C48C29D7BF6AEFAF00599
C:\Windows\explorer.exe
[2013-06-15 18:01] - [2013-06-15 22:25] - 2254384 ____A (Microsoft Corporation) 2CF1204E913AEA5A492D89C153F3345E
C:\Windows\SysWOW64\explorer.exe
[2013-06-15 17:33] - [2013-06-15 21:33] - 2009104 ____A (Microsoft Corporation) 253252BBC9E61728986CB54261F8AECD
C:\Windows\System32\svchost.exe
[2013-06-15 18:48] - [2013-06-15 22:30] - 0037768 ____A (Microsoft Corporation) F7191317F1CD10F35DC74E24C1B71E06
C:\Windows\SysWOW64\svchost.exe
[2013-06-15 18:07] - [2013-06-15 21:38] - 0031552 ____A (Microsoft Corporation) D9F8FA4911FBF85919BA17FFE5B34430
C:\Windows\System32\services.exe
[2013-06-15 23:17] - [2013-06-15 23:17] - 0403408 ____A (Microsoft Corporation) 258527780FC8FFCF0A29F7455073C529
C:\Windows\System32\User32.dll
[2013-06-15 18:50] - [2013-06-15 22:25] - 1513264 ____A (Microsoft Corporation) 42F67E93E2C853A915E73F3A4645E3C9
C:\Windows\SysWOW64\User32.dll
[2013-06-15 18:10] - [2013-06-15 18:10] - 1359360 ____A (Microsoft Corporation) FCDCDEFD5A8BA26FDCD950607162339C
C:\Windows\System32\userinit.exe
[2013-06-15 18:56] - [2013-06-15 18:56] - 0025088 ____A (Microsoft Corporation) 166CB1E28BED6196B5030E91AD932998
C:\Windows\SysWOW64\userinit.exe
[2013-06-15 18:13] - [2013-06-15 18:13] - 0021504 ____A (Microsoft Corporation) 7AFC7764F71DBB1BC5A60EE67FE94C70
C:\Windows\System32\Drivers\volsnap.sys
[2013-06-15 20:36] - [2013-06-15 22:26] - 0312072 ___AC (Microsoft Corporation) 9365B092503F8B0B6C724D1A8E4433D4
LastRegBack: 2013-07-21 22:56
==================== End Of Log ============================

Patryk · Jul 31, 2013

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-07-2013 03
Ran by ALPINO at 2013-07-31 00:33:00
Running from C:\Users\ALPINO\Desktop
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Arduino (x32 Version: 1.0.5)
ATK Package (x32 Version: 1.0.0023)
Battlefield 2(TM) (x32)
Battlefield 3™ (x32 Version: 1.6.0.0)
Canon iP2600 series
CPUID ROG CPU-Z 1.61.3 (Version: 1.61.3)
DAEMON Tools Lite (x32 Version: 4.47.1.0335)
Deluge 1.3.6 (x32)
eaner (Version: 4.03)
eReg (x32 Version: 1.20.138.34)
ESN Sonar (x32 Version: 0.70.4)
foobar2000 v1.2.6 (x32 Version: 1.2.6)
GIMP 2.8.6 (Version: 2.8.6)
GitHub (HKCU Version: 1.0.52.0)
Google Chrome (x32 Version: 28.0.1500.72)
Google Update Helper (x32 Version: 1.3.21.153)
HashTab 5.1.0.23 (Version: 5.1.0.23)
Heaven Benchmark version 4.0 (x32 Version: 4.0)
InfraRecorder 0.53 (x64 edition) (Version: 0.53.00.00)
Intel(R) Management Engine Components (x32 Version: 9.5.0.1393)
Intel(R) Rapid Storage Technology (Version: 12.5.0.1066)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
JetBrains dotPeek 1.0 (x32 Version: 1.0.0)
Logitech Gaming Software (Version: 8.45.88)
Logitech Gaming Software 8.46 (Version: 8.46.27)
Logitech SetPoint 6.52 (Version: 6.52.74)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 22.0 (x86 en-US) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSI Afterburner 3.0.0 Beta 11 (x32 Version: 3.0.0 Beta 11)
Music Manager (HKCU)
Newsbin Pro (Version: 6.42)
Notepad++ (x32 Version: 6.4.2)
NVIDIA 3D Vision Driver 326.19 (Version: 326.19)
NVIDIA Control Panel 326.19 (Version: 326.19)
NVIDIA GeForce Experience 1.6 (Version: 1.6)
NVIDIA Graphics Driver 326.19 (Version: 326.19)
NVIDIA HD Audio Driver 1.3.26.4 (Version: 1.3.26.4)
NVIDIA Install Application (Version: 2.1002.132.865)
NVIDIA PhysX (x32 Version: 9.13.0604)
NVIDIA PhysX System Software 9.13.0604 (Version: 9.13.0604)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2619)
NVIDIA Update 7.2.17 (Version: 7.2.17)
NVIDIA Update Components (Version: 7.2.17)
NVIDIA Virtual Audio 1.2.1 (Version: 1.2.1)
Origin (x32 Version: 9.2.1.4399)
PunkBuster Services (x32 Version: 0.991)
Python 2.7.5 (x32 Version: 2.7.5150)
Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.1.0.17)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6873)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.14.0)
SHIELD Streaming (Version: 1.05.19)
SimCity™ (x32 Version: 1.0.0.0)
Synaptics Pointing Device Driver (Version: 16.3.15.1)
tools-windows (x32 Version: 9.2.3.1031769)
VMware Player (Version: 5.0.2)
VMware Player (x32 Version: 5.0.2)
WinPatrol (Version: 28.5.2013.0)
WinPcap 4.1.3 (x32 Version: 4.1.0.2980)
Wireshark 1.10.1 (64-bit) (x32 Version: 1.10.1)
WiTopia (Version: 2.1.1.0148)
World of Tanks (x32)

==================== Restore Points =========================

29-07-2013 08:07:46 Installed Qualcomm Atheros Inc.(R) AR81Family Gigabit/Fast Ether+e>
30-07-2013 23:40:53 Intel Extreme Tuning Utility

==================== Hosts content: ==========================

2013-06-15 23:17 - 2013-07-30 19:33 - 00000822 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0394935B-5DBE-4826-9827-334B3886A3AD} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {04950C4A-AAD2-4C2B-B40D-474AE7F62201} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {04AA5D62-19A1-43B3-AB30-9540A5CC9741} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\MpCmdRun.exe [2013-06-15] (Microsoft Corporation)
Task: {073FDA5A-800B-4E98-8425-B9B3D615313D} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {07F6065F-F1B1-49CE-99F0-8ED089C93A22} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {08FE8991-7AC6-4095-9B19-95D1C29513DC} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-06-15] (Microsoft Corporation)
Task: {0DB37CC8-500D-4B79-9B32-628AEE447A0A} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {1102840F-2F0C-4014-A796-1BF59FE7E183} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1926566171-1257342452-1398987820-1001
Task: {13097136-48B2-4B8E-884C-7B93C69E59A6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1926566171-1257342452-1398987820-1001Core => C:\Users\ALPINO\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-27] (Google Inc.)
Task: {17C5AEF1-DB6E-43CF-9A6F-F925BDB9663B} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2013-06-15] (Microsoft Corporation)
Task: {18E0D946-0CCB-4828-90F8-887725F96EF0} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {1B2DE521-838A-4EFE-BA0F-BA9D7F8D9184} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\WINDOWS\system32\sc.exe [2013-06-15] (Microsoft Corporation)
Task: {1B72052E-3B8E-4CF5-BD31-55B1F1305A6F} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {1EE4A503-EE28-4FE6-AA54-2E1172E6A479} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {20D957C4-243C-4C5A-853C-266B6FD22992} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-02] (Google Inc.)
Task: {2905FCF5-09F4-4A5F-9AB4-2B340202B54E} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2013-07-15] ()
Task: {29194692-B244-4E2B-AA03-2336DF8C57BD} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {2B1BC8B2-20B5-4149-B8CE-9ABE5BE6908C} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {2BA0A72E-7E9C-4228-84E8-F9CD234F65A6} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: {2BB942FB-9EEC-4B09-96C6-A6750A67CBBE} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {2C249E3B-3524-4079-8FB8-364946A90F05} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {2FC98F63-CE89-4528-9DC1-4ECD3FE8D693} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {3047B310-66E4-4680-BE7D-CA89BF8F3446} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {3335687C-14A4-4039-B734-BEFE9B59E27C} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-15] (Microsoft Corporation)
Task: {3AD92515-9126-4AD6-AAB8-8DA8A3DF4D97} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {3DF8EE62-E164-4398-BD73-65AA7DF1CDC6} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {40525C58-79C2-47A1-9AA2-F1D7FC4F0691} - System32\Tasks\Microsoft\Windows\WindowsBackup\ConfigNotification => C:\Windows\System32\sdclt.exe No File
Task: {41458A76-CA8F-40EE-A24E-4E1C65934B1F} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2013-06-15] (Microsoft Corporation)
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {4D113265-418B-45EF-A8AA-9D5590E69053} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {533B55E2-5676-4162-8943-E1F0B1A1EC54} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {58135C79-42C7-448D-8BE1-A4E7C1068EF8} - System32\Tasks\Microsoft\Windows\AppReadiness\TriggerTask
Task: {6309A99F-3DFA-4297-8C95-A1AD7D712FDD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\MpCmdRun.exe [2013-06-15] (Microsoft Corporation)
Task: {6333B11A-D2DA-40EF-8B8C-F96D8C049FA3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {70DD051C-5FE1-4364-B2D0-C63C90B9B550} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2013-06-15] (Microsoft Corporation)
Task: {72FFFA2E-C2DB-4E38-B85D-7E4B8FE18649} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {73AE7550-FE70-4A2D-9FAC-E887225204C7} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {77F32B49-9D7F-40F7-A8C7-27ACC491FBBD} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {78AF792E-16E1-404F-8B62-9C347A39E4AD} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-02-26] (Synaptics Incorporated)
Task: {7DD38FB8-B4EA-475F-AD7D-91F92F43975C} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2013-06-15] (Microsoft Corporation)
Task: {7EE9CFF0-8992-4B4E-B315-A05907C1FD56} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {81E853F7-6BE3-4F83-ADB6-6341CA65657E} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
Task: {86DB582D-59EB-448C-B819-4A8A60D87252} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2013-06-15] (Microsoft Corporation)
Task: {872B7413-91E4-495A-A143-AB9C6C7A7627} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {89BAF0B4-4897-4A62-97C2-1FE51EAECCF4} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {8B700344-4A5E-47F6-8AE4-FD2A75744BF5} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {910703EE-4DE6-4733-AB53-D5BD7AC596B0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1926566171-1257342452-1398987820-1001UA => C:\Users\ALPINO\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-27] (Google Inc.)
Task: {932C9519-5ED3-4461-8E70-13C5D39F2CAD} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {9958ABF2-4E33-47F8-8E43-DD3554FEC04B} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
Task: {9EF5DF04-7A3F-4931-933A-44A80D834D19} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {A5B60A69-3373-45E3-A87E-E811971B5F4C} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {A9715841-AB9B-4B3A-9692-87890E56B895} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {AE420812-EF96-402E-AF6D-0C8D79949860} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {AE46FB24-E30C-4775-B8FC-904E39ED4D48} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2013-06-15] (Microsoft Corporation)
Task: {B097EA9E-911C-4309-8C3D-1B4997E3655A} - System32\Tasks\EVGAPrecision => C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe No File
Task: {C2C5A71F-A5EC-4D1A-B92A-7FB2A626F00E} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {C55B2043-5578-4C54-A92F-5D1D2B3F0BED} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {C9EBD69A-2EFB-4017-8264-6D32CE4AEFB9} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {D15C4743-048B-470F-84D4-214A2F3A0EA6} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {D1CB60A8-47DE-4FED-B1BA-AF59505B6A7F} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {D601F79C-272D-49F1-A503-04ADEAC9B76A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2013-06-15] (Microsoft Corporation)
Task: {D6AD20F6-AFFD-47F9-A19C-F6DB42070E79} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {D8D82993-5802-4A9A-B99A-9CBFC560A4FA} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {E01F8BF5-1956-49BF-B770-F8AB63CB02AA} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {E0BC623D-2C36-4F2E-8BF9-A6210F1116D9} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {E1183EB1-6E12-427A-BF88-6B79378F1CAD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-02] (Google Inc.)
Task: {E72D32F3-032B-4725-973F-2E9DCE43E7C5} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
Task: {E974CA30-7DB4-4907-8C2B-A311572BA839} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {EBF933C6-ECC6-424D-8E54-F8D56438F4F8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\MpCmdRun.exe [2013-06-15] (Microsoft Corporation)
Task: {EF11BB0B-37E9-4AE8-9F24-84673786BD5E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\MpCmdRun.exe [2013-06-15] (Microsoft Corporation)
Task: {F1DA6E19-D959-4B0E-8D46-EB585F5220FD} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {F28968FE-579E-4128-9D20-69FA4CC8E719} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => C:\Windows\system32\rundll32.exe [2013-06-15] (Microsoft Corporation)
Task: {F2B43BC6-1FCC-421C-9DD2-2F6217F7CA0F} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {F750183B-FC93-4D03-B7B9-D60550478E37} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {FC6AF5AD-A209-4ED5-B3A2-3C07D8EAC601} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: {FDA39514-5975-4AEB-9E34-9DF6406E633D} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2013-06-15] (Microsoft Corporation)
Task: {FDC7FF18-CEF3-41D8-927C-6B8B8F0AE3C8} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2013-06-15] (Microsoft Corporation)
Task: {FEAF06BF-C601-4665-A32B-CB10A58609CE} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {FF7F247D-DB06-4999-9A70-CFBC798209EF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1926566171-1257342452-1398987820-1001Core.job => C:\Users\ALPINO\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1926566171-1257342452-1398987820-1001UA.job => C:\Users\ALPINO\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Faulty Device Manager Devices =============

Name: Viscosity Virtual Adapter V9.1
Description: Viscosity Virtual Adapter V9.1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Sparklabs
Service: visctap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Viscosity Virtual Adapter V9.1
Description: Viscosity Virtual Adapter V9.1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Sparklabs
Service: visctap0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Kernel Debug Network Adapter
Description: Microsoft Kernel Debug Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: kdnic
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Broadcom 802.11ac Network Adapter
Description: Broadcom 802.11ac Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/30/2013 08:44:56 PM) (Source: Application Error) (User: )
Description: Faulting application name: AsSysCtrlService.exe, version: 0.0.0.0, time stamp: 0x4cc00d4c
Faulting module name: KERNELBASE.dll, version: 6.3.9431.0, time stamp: 0x51bcf867
Exception code: 0x0eedfade
Fault offset: 0x00013f29
Faulting process id: 0x600
Faulting application start time: 0xAsSysCtrlService.exe0
Faulting application path: AsSysCtrlService.exe1
Faulting module path: AsSysCtrlService.exe2
Report Id: AsSysCtrlService.exe3
Faulting package full name: AsSysCtrlService.exe4
Faulting package-relative application ID: AsSysCtrlService.exe5

Error: (07/30/2013 08:42:30 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9431.0_none_4c5a88cade1c4961.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9431.0_none_4c5a88cade1c4961.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9431.0_none_4c5a88cade1c4961.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9431.0_none_4c5a88cade1c4961.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9431.0_none_9407bfa1f2987267.manifest.

Error: (07/30/2013 07:39:53 PM) (Source: Application Error) (User: )
Description: Faulting application name: WinPatrolEx.exe, version: 28.5.2013.0, time stamp: 0x51e44da0
Faulting module name: WinPatrolEx.exe, version: 28.5.2013.0, time stamp: 0x51e44da0
Exception code: 0xc0000005
Fault offset: 0x0004cd70
Faulting process id: 0x688
Faulting application start time: 0xWinPatrolEx.exe0
Faulting application path: WinPatrolEx.exe1
Faulting module path: WinPatrolEx.exe2
Report Id: WinPatrolEx.exe3
Faulting package full name: WinPatrolEx.exe4
Faulting package-relative application ID: WinPatrolEx.exe5

Error: (07/30/2013 07:39:31 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\ProgramData\Package Cache\{ab3c86f5-8479-4252-a09b-4ee9ac4d5808}\xtu-setup-exe.exe Cache\{ab3c86f5-8479-4252-a09b-4ee9ac4d5808}\xtu-setup-exe.exe" /modify; Description = Intel Extreme Tuning Utility; Error = 0x8007043c).

Error: (07/30/2013 07:21:45 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Event filter with query "select * from __InstanceModificationEvent where targetinstance isa '__ArbitratorConfiguration'" could not be reactivated in namespace "//./root" because of error 0x80041033. Events cannot be delivered through this filter until the problem is corrected.

Error: (07/30/2013 07:21:45 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __TimerEvent" whose target class "__TimerEvent" in //./root namespace does not exist. The query will be ignored.

Error: (07/30/2013 07:21:45 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __SystemEvent" whose target class "__SystemEvent" in //./root namespace does not exist. The query will be ignored.

Error: (07/30/2013 07:21:45 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __NamespaceOperationEvent" whose target class "__NamespaceOperationEvent" in //./root namespace does not exist. The query will be ignored.

Error: (07/30/2013 07:21:45 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __ClassOperationEvent" whose target class "__ClassOperationEvent" in //./root namespace does not exist. The query will be ignored.

Error: (07/30/2013 07:21:45 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Event provider $Core attempted to register query "select * from __InstanceOperationEvent" whose target class "__InstanceOperationEvent" in //./root namespace does not exist. The query will be ignored.

System errors:
=============
Error: (07/30/2013 11:25:49 PM) (Source: DCOM) (User: ASTOPSO)
Description: {AB807329-7324-431B-8B36-DBD581F56E0B}

Error: (07/30/2013 11:25:19 PM) (Source: DCOM) (User: ASTOPSO)
Description: {AB807329-7324-431B-8B36-DBD581F56E0B}

Error: (07/30/2013 09:30:47 PM) (Source: DCOM) (User: ASTOPSO)
Description: {AB807329-7324-431B-8B36-DBD581F56E0B}

Error: (07/30/2013 09:30:16 PM) (Source: DCOM) (User: ASTOPSO)
Description: {AB807329-7324-431B-8B36-DBD581F56E0B}

Error: (07/30/2013 08:44:57 PM) (Source: Service Control Manager) (User: )
Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).

Error: (07/30/2013 08:44:56 PM) (Source: Service Control Manager) (User: )
Description: The ASUS System Control Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/30/2013 08:44:56 PM) (Source: Service Control Manager) (User: )
Description: The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).

Error: (07/30/2013 08:44:56 PM) (Source: Service Control Manager) (User: )
Description: The ASUS Com Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/30/2013 08:44:56 PM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

Error: (07/30/2013 07:40:07 PM) (Source: DCOM) (User: ASTOPSO)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Microsoft Office Sessions:
=========================
Error: (07/30/2013 08:44:56 PM) (Source: Application Error)(User: )
Description: AsSysCtrlService.exe0.0.0.04cc00d4cKERNELBASE.dll6.3.9431.051bcf8670eedfade00013f2960001ce8d7e83d07ed3C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dll6b75abc0-f97a-11e2-becf-08606e0e934e

Error: (07/30/2013 08:42:30 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9431.0_none_4c5a88cade1c4961.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9431.0_none_9407bfa1f2987267.manifestC:\Users\ALPINO\Desktop\SoftonicDownloader_for_mcafee-stinger.exe

Error: (07/30/2013 07:39:53 PM) (Source: Application Error)(User: )
Description: WinPatrolEx.exe28.5.2013.051e44da0WinPatrolEx.exe28.5.2013.051e44da0c00000050004cd7068801ce8d7bdbb6c1b9C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrolEx.exeC:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrolEx.exe549ee6b0-f971-11e2-becd-f7f3472e8c43

Error: (07/30/2013 07:39:31 PM) (Source: System Restore)(User: )
Description: C:\ProgramData\Package Cache\{ab3c86f5-8479-4252-a09b-4ee9ac4d5808}\xtu-setup-exe.exe Cache\{ab3c86f5-8479-4252-a09b-4ee9ac4d5808}\xtu-setup-exe.exe" /modifyIntel Extreme Tuning Utility0x8007043c

Error: (07/30/2013 07:21:45 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: //./rootselect * from __InstanceModificationEvent where targetinstance isa '__ArbitratorConfiguration'0x80041033

Error: (07/30/2013 07:21:45 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: $Coreselect * from __TimerEvent__TimerEvent//./root

Error: (07/30/2013 07:21:45 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: $Coreselect * from __SystemEvent__SystemEvent//./root

Error: (07/30/2013 07:21:45 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: $Coreselect * from __NamespaceOperationEvent__NamespaceOperationEvent//./root

Error: (07/30/2013 07:21:45 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: $Coreselect * from __ClassOperationEvent__ClassOperationEvent//./root

Error: (07/30/2013 07:21:45 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY)
Description: $Coreselect * from __InstanceOperationEvent__InstanceOperationEvent//./root

CodeIntegrity Errors:
===================================
Date: 2013-07-30 14:33:23.410
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\ALPINO\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-07-30 14:33:23.406
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\ALPINO\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-07-30 14:32:04.638
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\ALPINO\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-07-30 14:32:04.633
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\ALPINO\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-07-30 14:31:11.353
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\ALPINO\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-07-24 00:06:31.557
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-07-23 22:22:43.734
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-07-23 22:14:10.570
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-07-23 22:13:41.426
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-07-23 22:10:32.251
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 8143.14 MB
Available physical RAM: 6839.39 MB
Total Pagefile: 16335.14 MB
Available Pagefile: 14964.13 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: (M4SSD-0) (Fixed) (Total:476.55 GB) (Free:356.04 GB) NTFS (Disk=0 Partition=2)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 477 GB) (Disk ID: 93114E71)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=477 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Patryk · Jul 31, 2013

Thanks again Im really trying to get this thing fixed and I appologize for skipping few of your rules

Broni · Jul 31, 2013

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

What do you use as your AV program?

Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.

Close all the running programs
Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

Unzip downloaded file.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

Broni · Aug 5, 2013

Still with me?

Broni · Aug 10, 2013

This topic is marked as abandoned and closed due to inactivity.
This member will NOT be eligible to receive any more help in malware removal forum.

Inactive-A Have a rootkit, bootkit CANNOT remove :(

Patryk

Posts: 10 +0

Patryk

Posts: 10 +0

Broni

Posts: 56,041 +517

Patryk

Posts: 10 +0

Patryk

Posts: 10 +0

Attachments

Broni

Posts: 56,041 +517

Patryk

Posts: 10 +0

Broni

Posts: 56,041 +517

Patryk

Posts: 10 +0

Patryk

Posts: 10 +0

Patryk

Posts: 10 +0

Patryk

Posts: 10 +0

Patryk

Posts: 10 +0

Broni

Posts: 56,041 +517

Attachments

Broni

Posts: 56,041 +517

Broni

Posts: 56,041 +517

Similar threads

Latest posts