Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

consrv.dll virus


  • This topic is locked This topic is locked
19 replies to this topic

#1 Axent

Axent

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 15 May 2012 - 01:23 PM

avg found the virus and removed it, but when i did a reboot on the computer, windows couldnt intiate and i had to restore to a previous state where the consrv.dll virus is intact.I believe is that virus but it can as well be another virus as far as i know. I get this every time i try to delete it and i would very much appreciate help.
my sistem is windows 7 64-bits on a vaio notebook
Here are the logs

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Fede at 19:50:01 on 2012-05-15
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.34.3082.18.3950.2134 [GMT 2:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Care\VAIOCareService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\dlbkcoms.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
c:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Windows\SysWOW64\PnkBstrA.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler64.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\rundll32.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Users\Public\Documents\fede\Steam\steam.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\SONY\Marketing Tools\MarketingTools.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\iTunesHelper.exe
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Users\Fede\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fede\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fede\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fede\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Fede\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fede\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fede\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fede\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.imesh.com
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://start.facemoods.com/?a=grupo&s={searchTerms}&f=4
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {5c5e27f7-258c-6640-49bc-25b2480d5d44} - C:\Windows\SysWow64\ssqlwoa.dll
BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live Aplicación auxiliar de inicio de sesión: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Facetheme: {de4e75d3-60aa-4f02-a0e4-c8a40576574c} - C:\Program Files (x86)\Object\bho_project.dll
TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [MSIDLL] C:\Windows\SysWOW64\rundll32.exe msiaxe32.dll,aARBxCZb
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Steam] "C:\Users\Public\Documents\fede\Steam\steam.exe" -silent
uRun: [PlayNC Launcher]
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Google Update] "C:\Users\Fede\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\iTunesHelper.exe"
mRun: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xportar a Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Enviar imagen al dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Enviar página al dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
TCP: DhcpNameServer = 80.58.61.250 80.58.61.254
TCP: Interfaces\{1EFB8A60-ADE3-4852-AA62-C8616E1EABDA} : NameServer = 80.58.61.250,80.58.61.254
TCP: Interfaces\{1EFB8A60-ADE3-4852-AA62-C8616E1EABDA} : DhcpNameServer = 80.58.61.250 80.58.61.254
TCP: Interfaces\{1EFB8A60-ADE3-4852-AA62-C8616E1EABDA}\75C414E4F544430303 : NameServer = 80.58.61.250,80.58.61.254
TCP: Interfaces\{1EFB8A60-ADE3-4852-AA62-C8616E1EABDA}\75C414E4F544430303 : DhcpNameServer = 80.58.61.250 80.58.61.254
TCP: Interfaces\{1EFB8A60-ADE3-4852-AA62-C8616E1EABDA}\75C414E4F554242334 : NameServer = 80.58.61.250,80.58.61.254
TCP: Interfaces\{1EFB8A60-ADE3-4852-AA62-C8616E1EABDA}\75C414E4F554242334 : DhcpNameServer = 80.58.61.250 80.58.61.254
TCP: Interfaces\{927587AB-1894-493E-8E72-6063314BF69A} : DhcpNameServer = 172.16.16.19
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Notify: ecojink - C:\Windows\system32\config\systemprofile\AppData\Local\ecojink.dll
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs:
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
{5C5E27F7-258C-6640-49BC-25B2480D5D44}
{64182481-4F71-486b-A045-B233BD0DA8FC}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{AA58ED58-01DD-4d91-8333-CF10577473F7}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
BHO-X64: {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - No File
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{de4e75d3-60aa-4f02-a0e4-c8a40576574c}
{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun-x64: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\iTunesHelper.exe"
mRun-x64: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
AppInit_DLLs-X64:
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 dlbk_device;dlbk_device;C:\Windows\system32\dlbkcoms.exe -service --> C:\Windows\system32\dlbkcoms.exe -service [?]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-5-19 13336]
R2 MsDepSvc;Servicio Agente de implementación web;C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-4-1 67400]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\SONY\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys --> C:\Windows\system32\drivers\rimssne64.sys [?]
R2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsne64.sys --> C:\Windows\system32\drivers\risdsne64.sys [?]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2010-5-20 104960]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-9-22 2320920]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-9-14 642416]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2010-5-20 821760]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys --> C:\Windows\system32\drivers\SFEP.sys [?]
R3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-5-20 571248]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2010-5-20 1165680]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Servicio Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-20 133104]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-8-31 362992]
S2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE --> C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-5 257696]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Servicio de Windows Live Protección infantil;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Servicio de Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-20 133104]
S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-8-31 313840]
S3 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2010-5-20 167424]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-5-20 120104]
S3 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2010-5-20 70952]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-5-20 427304]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-5-20 75048]
S3 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2010-5-20 91432]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-5-20 480624]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-5-20 361840]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-5-20 110960]
S3 WatAdminSvc;Servicio de tecnologías de activación de Windows;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MSSQLServerADHelper100;Servicio auxiliar de SQL Active Directory;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S4 RsFx0150;RsFx0150 Driver;C:\Windows\system32\DRIVERS\RsFx0150.sys --> C:\Windows\system32\DRIVERS\RsFx0150.sys [?]
S4 SQLAgent$SQLEXPRESS;Agente SQL Server (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-4-3 428384]
.
=============== Created Last 30 ================
.
2012-05-15 17:19:46 -------- d-----we C:\Windows\system64
2012-05-15 17:06:08 -------- d-----w- C:\FRST
2012-05-15 16:40:48 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-15 12:28:01 -------- d-----w- C:\Users\Fede\AppData\Roaming\Easeware
2012-05-15 12:27:41 -------- d-----w- C:\Program Files\Easeware
2012-05-14 19:02:53 -------- dc----w- C:\Users\Fede\AppData\Local\MigWiz
2012-05-14 18:42:24 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-05-14 18:42:24 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-05-11 08:59:50 -------- d-----w- C:\$AVG
2012-05-11 08:59:48 -------- d-----w- C:\ProgramData\AVG2012
2012-05-11 08:58:18 -------- d-----w- C:\Program Files (x86)\AVG
2012-05-11 01:06:04 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-11 01:06:03 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-11 01:06:03 3143680 ----a-w- C:\Windows\System32\win32k.sys
2012-05-11 01:06:02 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-11 01:05:59 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-10 18:04:13 -------- d-----w- C:\Update
2012-05-09 15:07:35 -------- d-----w- C:\Users\Fede\AppData\Roaming\Xidicone
2012-05-09 15:06:51 -------- d-----w- C:\ProgramData\Xidicone
2012-05-09 11:00:59 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-05-06 19:14:58 -------- d-----w- C:\Users\Fede\AppData\Roaming\Malwarebytes
2012-05-06 19:13:51 -------- d-----w- C:\ProgramData\Malwarebytes
2012-05-06 19:13:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-06 18:13:41 -------- d-----w- C:\Users\Fede\AppData\Local\NPE
2012-05-06 18:13:41 -------- d-----w- C:\ProgramData\Norton
2012-05-06 11:48:09 -------- d--h--w- C:\ProgramData\Common Files
2012-05-06 11:43:05 -------- d-----w- C:\ProgramData\MFAData
2012-05-06 11:10:04 110080 ----a-r- C:\Users\Fede\AppData\Roaming\Microsoft\Installer\{5B210B8A-B66E-4702-B44D-0D6F388D29EB}\IconF7A21AF7.exe
2012-05-06 11:10:04 110080 ----a-r- C:\Users\Fede\AppData\Roaming\Microsoft\Installer\{5B210B8A-B66E-4702-B44D-0D6F388D29EB}\IconD7F16134.exe
2012-05-06 11:10:04 110080 ----a-r- C:\Users\Fede\AppData\Roaming\Microsoft\Installer\{5B210B8A-B66E-4702-B44D-0D6F388D29EB}\Icon1226A4C5.exe
2012-05-06 11:10:02 -------- d-----w- C:\sh4ldr
2012-05-06 11:10:02 -------- d-----w- C:\Program Files\Enigma Software Group
2012-05-06 11:09:38 -------- d-----w- C:\Windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-05-06 11:07:35 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2012-05-06 11:07:26 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2012-05-06 11:06:20 -------- d-----w- C:\ProgramData\EA Core
2012-05-06 11:06:17 -------- d-----w- C:\ProgramData\EA Logs
2012-05-05 17:21:22 0 --sha-w- C:\Windows\System32\dds_trash_log.cmd
2012-05-05 17:20:24 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-04 10:52:57 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FE7DB59B-F1C2-4301-9891-A5274288A180}\mpengine.dll
2012-05-02 00:46:28 4472832 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2012-04-25 21:28:11 -------- d-s---w- C:\Users\Fede\Google Drive
2012-04-24 22:16:31 -------- d-----w- C:\ProgramData\Premium
2012-04-24 22:16:02 -------- d-----w- C:\ProgramData\InstallMate
2012-04-23 18:51:28 -------- d-----w- C:\Users\Fede\AppData\Roaming\LolClient
2012-04-23 18:28:00 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2012-04-23 18:28:00 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2012-04-23 18:27:59 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2012-04-22 21:59:53 -------- d-----w- C:\Users\Fede\AppData\Local\Sony Corporation
2012-04-22 11:24:38 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2012-04-22 10:50:33 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2012-04-22 10:49:46 -------- d-----w- C:\ProgramData\Battle.net
2012-04-22 10:33:16 -------- d-----w- C:\Users\Fede\AppData\Roaming\Auslogics
2012-04-18 13:24:16 -------- d-----w- C:\Users\Fede\AppData\Local\The Witcher 2
.
==================== Find3M ====================
.
2012-05-13 09:45:07 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-30 11:09:53 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-03-23 16:20:14 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-03-23 16:20:12 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-03-11 12:32:53 283416 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-03-11 00:09:03 283416 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-03-03 06:29:57 1541120 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-03 06:29:42 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-03-03 06:29:42 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-03-03 06:29:42 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-03-03 06:29:41 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-03-03 05:40:21 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-03 05:40:10 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-03-03 05:40:09 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-03-03 05:40:09 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-03-03 05:40:09 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-03-01 06:54:38 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:45:41 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:40:14 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:35:16 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:49:05 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:45:05 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:40:44 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-24 17:04:20 171008 ----a-w- C:\Program Files (x86)\binkw32.dll
2012-02-23 08:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2011-08-10 15:04:43 1524557 ----a-w- C:\Program Files\wrar401es[1].exe
.
============= FINISH: 19:50:52,47 ===============

Edited by Axent, 15 May 2012 - 01:26 PM.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:07 PM

Posted 15 May 2012 - 03:36 PM

Good evening. :)

Download OTL by OldTimer from here and save it to your Desktop.

  • Double click the tool to run it.
  • Check the Scan All User box at the top.
  • Copy and paste the following into the Custom Scans/Fixes box at the bottom:

    • netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      consrv.dll
      explorer.exe
      winlogon.exe
      Userinit.exe
      svchost.exe
      /md5stop
      C:\Windows\assembly\tmp\U\*.* /s
      %Temp%\smtmp\1\*.*
      %Temp%\smtmp\2\*.*
      %Temp%\smtmp\3\*.*
      %Temp%\smtmp\4\*.*
      >C:\commands.txt echo list vol /raw /hide /c
      /wait
      >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
      /wait
      type c:\diskreport.txt /c
      /wait
      erase c:\commands.txt /hide /c
      /wait
      erase c:\diskreport.txt /hide /c
      CREATERESTOREPOINT
  • Click the Run Scan button and allow it to do it's thing.
  • Once the scan has completed two notepad windows, OTL.Txt and Extras.Txt, will open - these text files will be saved in the same location as OTL.
  • Please post the contents of both in your next reply - you may need to post each seperately if they are overly long.
Also, do you have a flashdrive of at least 128 Mb that you can lay your hands on as it may be helpful?

So long, and thanks for all the fish.

 

 


#3 Axent

Axent
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 15 May 2012 - 03:42 PM

Good evening and thank you for replying. I have a problem with the link as i dont get the download file. I do have a 16GB flash drive.(Nevermind i suceeded on downloading the file)

Edited by Axent, 15 May 2012 - 03:52 PM.


#4 Axent

Axent
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 15 May 2012 - 04:09 PM

Heres the otl.txt log


OTL logfile created on: 15/05/2012 22:57:23 - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Fede\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy

3,86 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 46,27% Memory free
7,71 Gb Paging File | 5,04 Gb Available in Paging File | 65,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454,84 Gb Total Space | 380,40 Gb Free Space | 83,63% Space Free | Partition Type: NTFS
Drive H: | 14,89 Gb Total Space | 14,81 Gb Free Space | 99,43% Space Free | Partition Type: FAT32

Computer Name: JUAN-VAIO | User Name: Fede | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/15 22:40:20 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Fede\Desktop\OTL.exe
PRC - [2012/05/02 18:33:00 | 011,396,840 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2012/04/21 14:09:48 | 000,489,256 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/03/26 20:54:53 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2012/03/23 18:20:12 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/02/15 18:41:41 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Users\Public\Documents\fede\Steam\steam.exe
PRC - [2012/01/19 13:30:04 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
PRC - [2012/01/16 18:22:12 | 000,421,736 | ---- | M] (Apple Inc.) -- C:\iTunesHelper.exe
PRC - [2011/12/09 19:22:26 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2011/03/15 18:59:32 | 000,312,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010/05/20 11:58:30 | 000,026,624 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\Marketing Tools\MarketingTools.exe
PRC - [2009/12/14 22:06:24 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/12/14 22:06:08 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/12/01 22:03:52 | 000,204,648 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
PRC - [2009/12/01 22:03:52 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe
PRC - [2009/11/21 00:25:24 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/11/21 00:25:22 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/10/24 03:18:52 | 000,597,792 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exe
PRC - [2009/09/14 19:24:08 | 000,206,336 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009/09/14 18:53:48 | 000,642,416 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2009/08/26 19:24:00 | 000,320,880 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe
PRC - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/15 19:20:52 | 000,571,392 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI37402\pysqlite2._sqlite.pyd
MOD - [2012/05/15 19:20:52 | 000,263,168 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI37402\win32com.shell.shell.pyd
MOD - [2012/05/15 19:20:52 | 000,096,256 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI37402\win32api.pyd
MOD - [2012/05/15 19:20:52 | 000,086,016 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI37402\_elementtree.pyd
MOD - [2012/05/15 19:20:52 | 000,070,656 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI37402\wx._html2.pyd
MOD - [2012/05/15 19:20:52 | 000,040,448 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI37402\_socket.pyd
MOD - [2012/05/15 19:20:51 | 001,169,408 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI37402\wx._core_.pyd
MOD - [2012/05/15 19:20:51 | 001,056,256 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI37402\wx._controls_.pyd
MOD - [2012/05/15 19:20:51 | 000,807,424 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI37402\wx._windows_.pyd
MOD - [2012/05/15 19:20:51 | 000,792,576 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI37402\wx._gdi_.pyd
MOD - [2012/05/15 19:20:51 | 000,731,136 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI37402\wx._misc_.pyd
MOD - [2012/05/15 19:20:51 | 000,645,120 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI37402\_ssl.pyd
MOD - [2012/05/15 19:20:51 | 000,354,304 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI37402\pythoncom26.dll
MOD - [2012/05/15 19:20:51 | 000,311,808 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI37402\_hashlib.pyd
MOD - [2012/05/15 19:20:51 | 000,167,936 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI37402\win32gui.pyd
MOD - [2012/05/15 19:20:51 | 000,153,088 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI37402\pyexpat.pyd
MOD - [2012/05/15 19:20:51 | 000,121,856 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI37402\wx._wizard.pyd
MOD - [2012/05/15 19:20:51 | 000,111,104 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI37402\win32file.pyd
MOD - [2012/05/15 19:20:51 | 000,110,592 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI37402\pywintypes26.dll
MOD - [2012/05/15 19:20:51 | 000,073,728 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI37402\_ctypes.pyd
MOD - [2012/05/15 19:20:51 | 000,039,424 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI37402\win32inet.pyd
MOD - [2012/05/15 19:20:51 | 000,036,352 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI37402\win32process.pyd
MOD - [2012/05/15 19:20:51 | 000,017,920 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI37402\win32event.pyd
MOD - [2012/05/15 19:20:51 | 000,011,776 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI37402\win32crypt.pyd
MOD - [2012/05/15 19:20:51 | 000,011,776 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI37402\select.pyd
MOD - [2012/05/13 11:45:07 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012/05/11 22:50:08 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\49ed832fa09c702258b6ed873c485428\System.ServiceProcess.ni.dll
MOD - [2012/05/11 22:49:53 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012/05/11 22:49:29 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90d42781d5b19478870e412f7b7c71eb\System.Windows.Forms.ni.dll
MOD - [2012/05/11 22:49:22 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e65dbd1b68789fc21b9fb3c605b699a7\System.Drawing.ni.dll
MOD - [2012/05/11 22:49:09 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll
MOD - [2012/05/11 22:49:04 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012/05/11 22:49:01 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012/05/11 22:49:00 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/05/11 22:48:52 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2012/04/28 04:07:01 | 000,444,400 | ---- | M] () -- C:\Users\Fede\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
MOD - [2012/04/28 04:06:59 | 003,915,248 | ---- | M] () -- C:\Users\Fede\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
MOD - [2012/04/28 04:05:34 | 000,122,880 | ---- | M] () -- C:\Users\Fede\AppData\Local\Google\Chrome\Application\18.0.1025.168\avutil-51.dll
MOD - [2012/04/28 04:05:33 | 000,220,672 | ---- | M] () -- C:\Users\Fede\AppData\Local\Google\Chrome\Application\18.0.1025.168\avformat-53.dll
MOD - [2012/04/28 04:05:32 | 001,747,456 | ---- | M] () -- C:\Users\Fede\AppData\Local\Google\Chrome\Application\18.0.1025.168\avcodec-53.dll
MOD - [2012/04/28 03:09:18 | 008,743,584 | ---- | M] () -- C:\Users\Fede\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
MOD - [2012/04/28 03:09:18 | 008,743,584 | ---- | M] () -- C:\Users\Fede\AppData\Local\Google\Chrome\APPLIC~1\180102~1.168\gcswf32.dll
MOD - [2012/04/21 14:09:47 | 020,297,512 | ---- | M] () -- C:\Users\Public\Documents\fede\Steam\bin\libcef.dll
MOD - [2012/04/21 14:09:47 | 000,214,528 | ---- | M] () -- C:\Users\Public\Documents\fede\Steam\bin\mssvoice.asi
MOD - [2012/04/21 14:09:47 | 000,095,744 | ---- | M] () -- C:\Users\Public\Documents\fede\Steam\bin\mssmp3.asi
MOD - [2012/04/21 14:09:40 | 000,907,048 | ---- | M] () -- C:\Users\Public\Documents\fede\Steam\bin\chromehtml.DLL
MOD - [2012/04/21 14:09:39 | 001,099,576 | ---- | M] () -- C:\Users\Public\Documents\fede\Steam\bin\avcodec-53.dll
MOD - [2012/04/21 14:09:39 | 000,190,776 | ---- | M] () -- C:\Users\Public\Documents\fede\Steam\bin\avformat-53.dll
MOD - [2012/04/21 14:09:39 | 000,123,192 | ---- | M] () -- C:\Users\Public\Documents\fede\Steam\bin\avutil-51.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/05/20 21:19:05 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009/07/14 03:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2009/07/14 03:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV:64bit: - [2010/01/27 22:10:56 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/09/16 23:28:42 | 000,167,424 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Care\collsvc.exe -- (SampleCollector) Intel®
SRV:64bit: - [2009/07/14 03:39:46 | 000,006,656 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\Windows\SysNative\pdlnebas.dll -- (msmpsvc)
SRV:64bit: - [2007/06/25 22:17:18 | 000,567,024 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dlbkcoms.exe -- (dlbk_device)
SRV - [2012/05/13 11:45:07 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/21 14:09:48 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/03/23 18:20:12 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/04/01 21:17:08 | 000,067,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Archivos de programa\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
SRV - [2011/03/28 21:51:25 | 004,323,256 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/04/03 20:00:12 | 061,913,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Archivos de programa\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2010/04/03 20:00:10 | 000,428,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Archivos de programa\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) Agente SQL Server (SQLEXPRESS)
SRV - [2010/04/03 20:00:08 | 000,059,744 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Archivos de programa\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)
SRV - [2010/04/03 12:00:10 | 000,146,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Archivos de programa\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/12/14 22:06:24 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/12/14 22:06:08 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/12/01 22:03:52 | 000,204,648 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009/11/30 19:51:18 | 000,571,248 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Archivos de programa\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2009/11/25 19:06:06 | 000,821,760 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Archivos de programa\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV - [2009/11/21 00:25:24 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/10/30 09:50:40 | 001,165,680 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Archivos de programa\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/10/15 16:34:36 | 000,427,304 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009/10/15 16:34:36 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009/10/15 16:34:36 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009/10/15 16:34:34 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009/10/15 16:34:34 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009/09/16 13:27:12 | 000,480,624 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2009/09/14 19:24:08 | 000,206,336 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/09/14 19:24:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/09/14 18:53:48 | 000,642,416 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009/09/08 18:09:20 | 000,110,960 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV - [2009/09/04 22:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Archivos de programa\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/09/01 21:42:00 | 000,361,840 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV - [2009/08/31 01:59:30 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009/08/31 01:59:18 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007/03/28 13:08:32 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\dlbkcoms.exe -- (dlbk_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2012/03/01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/06 20:37:35 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 21:44:12 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/07/21 18:00:06 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/04/03 11:30:40 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0150.sys -- (RsFx0150)
DRV:64bit: - [2010/01/27 22:10:59 | 006,106,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/12/16 22:03:59 | 000,244,736 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2009/12/16 22:03:04 | 007,778,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/12/16 04:49:48 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/12/14 22:06:07 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/11/21 00:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/11/18 06:30:44 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/11/18 06:30:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/11/18 06:30:32 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/11/18 06:30:21 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/11/18 06:23:46 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/11/13 22:08:21 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/11/12 22:16:19 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/11/12 22:06:44 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/11/06 22:27:30 | 000,093,696 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2009/11/04 11:59:59 | 000,253,488 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/10/09 04:47:00 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/09/15 22:09:08 | 000,075,776 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
DRV:64bit: - [2009/08/19 22:09:21 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009/08/05 23:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/05/14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/02 23:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=grupo&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-308961309-1451343532-2030891354-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01
IE - HKU\S-1-5-21-308961309-1451343532-2030891354-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-308961309-1451343532-2030891354-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.imesh.com
IE - HKU\S-1-5-21-308961309-1451343532-2030891354-1001\..\SearchScopes,DefaultScope = {236B63D2-C830-4D50-BF8D-72341EB4E5E0}
IE - HKU\S-1-5-21-308961309-1451343532-2030891354-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-308961309-1451343532-2030891354-1001\..\SearchScopes\{0941DDD1-2D97-4133-A902-2D031DCF7E3F}: "URL" = http://rover.ebay.com/rover/1/1185-80716-26233-2/4?satitle={searchTerms}
IE - HKU\S-1-5-21-308961309-1451343532-2030891354-1001\..\SearchScopes\{236B63D2-C830-4D50-BF8D-72341EB4E5E0}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC_esES402
IE - HKU\S-1-5-21-308961309-1451343532-2030891354-1001\..\SearchScopes\{3D3B741D-956C-4E8D-B642-E5EA46D61C7C}: "URL" = http://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search
IE - HKU\S-1-5-21-308961309-1451343532-2030891354-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-308961309-1451343532-2030891354-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=1083&systemid=1&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-308961309-1451343532-2030891354-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-308961309-1451343532-2030891354-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: c:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: c:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Fede\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Fede\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)


[2011/11/13 04:40:58 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Fede\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Fede\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Fede\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U16 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: WPI Detector 1.4 (Enabled) = c:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - Extension: YouTube = C:\Users\Fede\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: B\u00FAsqueda de Google = C:\Users\Fede\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: MonsterDivx = C:\Users\Fede\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkinfljboeildloankgjmljfibngeefa\0.95_0\
CHR - Extension: PricePeep = C:\Users\Fede\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.1.83.0_0\
CHR - Extension: Cuevana Stream = C:\Users\Fede\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooagbcohbmlpkfkdnodbomgphbcecalj\4.2_0\
CHR - Extension: Cuevana Stream = C:\Users\Fede\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooagbcohbmlpkfkdnodbomgphbcecalj\4.2_0\.svn\props\.svn-work
CHR - Extension: Gmail = C:\Users\Fede\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

Hosts file not found
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Archivos de programa\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live ID Sign-in Helper) - {5C5E27F7-258C-6640-49BC-25B2480D5D44} - C:\Windows\SysWOW64\ssqlwoa.dll ()
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - No CLSID value found.
O2 - BHO: (Facetheme) - {de4e75d3-60aa-4f02-a0e4-c8a40576574c} - C:\Program Files (x86)\Object\bho_project.dll (InternetEngine)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-308961309-1451343532-2030891354-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Apoint] C:\Archivos de programa\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-308961309-1451343532-2030891354-1001..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-308961309-1451343532-2030891354-1001..\Run: [MSIDLL] C:\Windows\SysWOW64\rundll32.exe msiaxe32.dll,aARBxCZb File not found
O4 - HKU\S-1-5-21-308961309-1451343532-2030891354-1001..\Run: [PlayNC Launcher] File not found
O4 - HKU\S-1-5-21-308961309-1451343532-2030891354-1001..\Run: [Steam] C:\Users\Public\Documents\fede\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Enviar imagen al dispositivo &Bluetooth... - C:\Archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Enviar página al dispositivo &Bluetooth... - C:\Archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Enviar imagen al dispositivo &Bluetooth... - C:\Archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Enviar página al dispositivo &Bluetooth... - C:\Archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - Reg Error: Key error. File not found
O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EFB8A60-ADE3-4852-AA62-C8616E1EABDA}: DhcpNameServer = 80.58.61.250 80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EFB8A60-ADE3-4852-AA62-C8616E1EABDA}: NameServer = 80.58.61.250,80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{927587AB-1894-493E-8E72-6063314BF69A}: DhcpNameServer = 172.16.16.19
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ecojink: DllName - (C:\Windows\system32\config\systemprofile\AppData\Local\ecojink.dll) - C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ecojink.dll ()
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-308961309-1451343532-2030891354-1001\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=consrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: msmpsvc - C:\Windows\SysNative\pdlnebas.dll (Oak Technology Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/05/15 22:52:26 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Fede\Desktop\OTL.exe
[2012/05/15 19:49:58 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Fede\Desktop\dds.com
[2012/05/15 19:19:46 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2012/05/15 19:06:08 | 000,000,000 | ---D | C] -- C:\FRST
[2012/05/15 18:40:48 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/05/15 18:37:53 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/15 18:13:39 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/15 18:13:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/15 14:28:01 | 000,000,000 | ---D | C] -- C:\Users\Fede\AppData\Roaming\Easeware
[2012/05/15 14:27:41 | 000,000,000 | ---D | C] -- C:\Program Files\Easeware
[2012/05/14 21:20:10 | 000,000,000 | ---D | C] -- C:\Users\Fede\Documents\DisabledCUStartItems
[2012/05/14 21:20:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DisabledAUStartItems
[2012/05/14 21:02:53 | 000,000,000 | ---D | C] -- C:\Users\Fede\AppData\Local\MigWiz
[2012/05/14 20:42:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/05/14 20:42:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/05/11 23:28:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2012/05/11 23:10:38 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/05/11 10:59:50 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/05/11 10:59:48 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/05/11 10:58:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/05/11 03:07:21 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/05/11 03:07:20 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012/05/11 03:07:20 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/05/11 03:07:20 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012/05/11 03:07:20 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/05/11 03:06:04 | 005,504,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/05/11 03:06:03 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/05/11 03:06:02 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/10 23:18:01 | 000,000,000 | ---D | C] -- C:\Users\Fede\Documents\Notas Fuenca
[2012/05/10 20:04:13 | 000,000,000 | ---D | C] -- C:\Update
[2012/05/09 17:07:35 | 000,000,000 | ---D | C] -- C:\Users\Fede\AppData\Roaming\Xidicone
[2012/05/09 17:06:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Xidicone
[2012/05/09 16:45:44 | 000,000,000 | ---D | C] -- C:\Users\Fede\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 2.7
[2012/05/09 13:00:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/05/07 23:02:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/05/06 21:14:58 | 000,000,000 | ---D | C] -- C:\Users\Fede\AppData\Roaming\Malwarebytes
[2012/05/06 21:13:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/06 21:13:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/06 20:13:41 | 000,000,000 | ---D | C] -- C:\Users\Fede\AppData\Local\NPE
[2012/05/06 20:13:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/05/06 13:48:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/05/06 13:43:05 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/05/06 13:36:46 | 000,000,000 | ---D | C] -- C:\Users\Fede\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/05/06 13:10:04 | 000,000,000 | ---D | C] -- C:\Users\Fede\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2012/05/06 13:10:02 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/05/06 13:10:02 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/05/06 13:07:35 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2012/05/06 13:07:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012/05/06 13:06:20 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2012/05/06 13:06:17 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2012/05/05 19:20:24 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/05/02 02:46:28 | 004,472,832 | ---- | C] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2012/04/25 23:28:11 | 000,000,000 | --SD | C] -- C:\Users\Fede\Google Drive
[2012/04/25 23:27:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2012/04/25 00:16:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012/04/25 00:16:02 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/04/23 20:51:28 | 000,000,000 | ---D | C] -- C:\Users\Fede\AppData\Roaming\LolClient
[2012/04/23 20:28:00 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2012/04/23 20:28:00 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2012/04/23 20:27:59 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2012/04/23 20:20:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewFeature1
[2012/04/22 23:59:53 | 000,000,000 | ---D | C] -- C:\Users\Fede\AppData\Local\Sony Corporation
[2012/04/22 13:24:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012/04/22 12:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Beta
[2012/04/22 12:50:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2012/04/22 12:49:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012/04/22 12:33:16 | 000,000,000 | ---D | C] -- C:\Users\Fede\AppData\Roaming\Auslogics
[2012/04/18 15:24:16 | 000,000,000 | ---D | C] -- C:\Users\Fede\AppData\Local\The Witcher 2
[2012/04/18 15:18:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
[2012/02/24 19:04:20 | 000,171,008 | ---- | C] (RAD Game Tools, Inc.) -- C:\Program Files (x86)\binkw32.dll
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/15 23:00:01 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/15 22:43:00 | 000,000,838 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/15 22:41:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-308961309-1451343532-2030891354-1001UA.job
[2012/05/15 22:40:20 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Fede\Desktop\OTL.exe
[2012/05/15 21:00:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/15 19:49:53 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Fede\Desktop\dds.com
[2012/05/15 19:47:38 | 000,000,178 | ---- | M] () -- C:\Users\Fede\defogger_reenable
[2012/05/15 19:47:21 | 000,050,477 | ---- | M] () -- C:\Users\Fede\Desktop\Defogger.exe
[2012/05/15 19:27:44 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/15 19:27:44 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/15 19:19:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/15 19:19:02 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/14 13:41:00 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-308961309-1451343532-2030891354-1001Core.job
[2012/05/13 11:45:07 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/05/13 11:45:07 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/05/12 11:35:26 | 001,883,188 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/12 11:35:26 | 000,812,434 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2012/05/12 11:35:26 | 000,719,096 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/12 11:35:26 | 000,183,864 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2012/05/12 11:35:26 | 000,146,990 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/11 22:43:39 | 000,459,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/11 11:41:25 | 000,000,073 | -H-- | M] () -- C:\splash.idx
[2012/05/10 23:21:48 | 000,001,406 | ---- | M] () -- C:\Users\Fede\Desktop\Winamp.lnk
[2012/05/06 20:14:09 | 000,000,767 | ---- | M] () -- C:\Users\Fede\AppData\Roaming\SMRBackup250.dat
[2012/05/06 13:49:37 | 000,034,814 | ---- | M] () -- C:\Users\Fede\AppData\Local\dt.dat
[2012/05/06 13:36:47 | 000,002,269 | ---- | M] () -- C:\Users\Fede\Desktop\Google Chrome.lnk
[2012/05/06 12:16:54 | 000,000,000 | -HS- | M] () -- C:\Windows\SysNative\dds_trash_log.cmd
[2012/05/02 02:46:28 | 004,472,832 | ---- | M] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2012/04/22 12:34:57 | 000,342,694 | ---- | M] () -- C:\test.xml
[2012/04/18 15:23:50 | 001,838,396 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/15 19:47:38 | 000,000,178 | ---- | C] () -- C:\Users\Fede\defogger_reenable
[2012/05/15 19:47:28 | 000,050,477 | ---- | C] () -- C:\Users\Fede\Desktop\Defogger.exe
[2012/05/13 11:45:08 | 000,000,838 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/10 23:21:48 | 000,001,406 | ---- | C] () -- C:\Users\Fede\Desktop\Winamp.lnk
[2012/05/06 20:14:09 | 000,000,767 | ---- | C] () -- C:\Users\Fede\AppData\Roaming\SMRBackup250.dat
[2012/05/06 13:49:37 | 000,034,814 | ---- | C] () -- C:\Users\Fede\AppData\Local\dt.dat
[2012/05/06 13:36:47 | 000,002,269 | ---- | C] () -- C:\Users\Fede\Desktop\Google Chrome.lnk
[2012/05/06 13:36:13 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-308961309-1451343532-2030891354-1001UA.job
[2012/05/06 13:36:12 | 000,001,054 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-308961309-1451343532-2030891354-1001Core.job
[2012/05/05 19:21:22 | 000,000,000 | -HS- | C] () -- C:\Windows\SysNative\dds_trash_log.cmd
[2012/04/22 12:34:56 | 000,342,694 | ---- | C] () -- C:\test.xml
[2012/03/17 20:11:16 | 000,007,605 | ---- | C] () -- C:\Users\Fede\AppData\Local\Resmon.ResmonCfg
[2012/03/09 20:39:05 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/03/09 20:39:00 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/02/24 19:04:20 | 1267,728,384 | ---- | C] () -- C:\Program Files (x86)\chunks1.vpp_pc
[2012/02/24 19:04:20 | 000,785,632 | ---- | C] () -- C:\Program Files (x86)\bitmaps_pc
[2012/02/24 19:03:54 | 390,983,680 | ---- | C] () -- C:\Program Files (x86)\audio.vpp_pc
[2012/02/24 19:03:46 | 243,096,384 | ---- | C] () -- C:\Program Files (x86)\anims.vpp_pc
[2012/01/29 18:38:53 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbkserv.dll
[2012/01/29 18:38:53 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbkusb1.dll
[2012/01/29 18:38:53 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbkhbn3.dll
[2012/01/29 18:38:53 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbkpmui.dll
[2012/01/29 18:38:53 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbklmpm.dll
[2012/01/29 18:38:53 | 000,538,096 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbkcoms.exe
[2012/01/29 18:38:53 | 000,462,848 | ---- | C] () -- C:\Windows\SysWow64\dlbkjswr.dll
[2012/01/29 18:38:53 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\dlbkutil.dll
[2012/01/29 18:38:53 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbkinpa.dll
[2012/01/29 18:38:53 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbkiesc.dll
[2012/01/29 18:38:53 | 000,386,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbkih.exe
[2012/01/29 18:38:53 | 000,323,584 | ---- | C] ( ) -- C:\Windows\SysWow64\DLBKhcp.dll
[2012/01/29 18:38:53 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\DLBKinst.dll
[2012/01/29 18:38:53 | 000,181,744 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbkppls.exe
[2012/01/29 18:38:53 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbkprox.dll
[2012/01/29 18:38:53 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\dlbkinsb.dll
[2012/01/29 18:38:53 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbkpplc.dll
[2012/01/29 18:38:53 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\dlbkcur.dll
[2012/01/29 18:38:53 | 000,073,728 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbkcu.dll
[2012/01/29 18:38:52 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbkcomc.dll
[2012/01/29 18:38:52 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbkcomm.dll
[2012/01/29 18:38:52 | 000,382,448 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbkcfg.exe
[2012/01/29 18:18:58 | 000,000,139 | ---- | C] () -- C:\Windows\dellstat.ini
[2011/08/10 17:04:41 | 001,524,557 | ---- | C] () -- C:\Program Files\wrar401es[1].exe
[2011/04/08 18:47:31 | 001,838,396 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/16 14:35:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/05/20 11:53:43 | 000,000,221 | ---- | C] () -- C:\ProgramData\MusicStation.xml
[2010/05/20 11:37:54 | 000,002,119 | ---- | C] () -- C:\Windows\SysWow64\McOEMAppRules.dat
[2010/05/20 00:08:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/05/19 23:45:17 | 000,870,544 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/05/19 23:45:17 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/05/19 23:45:17 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/05/19 23:45:15 | 000,050,036 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/05/19 23:45:14 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/05/19 23:45:08 | 000,028,732 | ---- | C] () -- C:\Windows\SysWow64\ativvsny.dat
[2010/05/19 23:45:08 | 000,026,936 | ---- | C] () -- C:\Windows\SysWow64\ativvsnl.dat

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2012/01/16 18:22:08 | 009,777,000 | ---- | M] (Apple Inc.) -- C:\iTunes.exe
[2012/01/16 18:22:12 | 000,421,736 | ---- | M] (Apple Inc.) -- C:\iTunesHelper.exe

< MD5 for: CONSRV.DLL >
[2009/07/14 03:39:46 | 000,053,248 | ---- | M] () MD5=6BF2039986AF96D98E08824AC6C383FD -- C:\Windows\SysNative\consrv.dll
[2009/07/14 03:39:46 | 000,053,248 | ---- | M] () MD5=6BF2039986AF96D98E08824AC6C383FD -- C:\Windows\system64\consrv.dll

< MD5 for: EXPLORER.EXE >
[2011/02/26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2009/08/03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\system64\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\system64\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\system64\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart versi¢n 6.1.7600
Copyright © 1999-2008 Microsoft Corporation.
En el equipo: JUAN-VAIO
N£m Volumen Ltr Etiqueta Fs Tipo Tama¤o Estado Info
----------- --- ----------- ----- ---------- ------- --------- --------
Volumen 0 E DVD-ROM 0 B Sin medio
Volumen 1 G DVD-ROM 0 B Sin medio
Volumen 2 System Res NTFS Partici¢n 100 MB Correcto Sistema
Volumen 3 C NTFS Partici¢n 454 GB Correcto Arranque
Volumen 4 Recovery NTFS Partici¢n 10 GB Correcto Oculto
Volumen 5 D Extra¡ble 0 B Sin medio
Volumen 6 F Extra¡ble 0 B Sin medio
Volumen 7 H FEDE FAT32 Extra¡ble 14 GB Correcto

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

< End of report >

#5 Axent

Axent
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 15 May 2012 - 04:10 PM

And here is the extras.txt log


OTL Extras logfile created on: 15/05/2012 22:57:23 - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Fede\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy

3,86 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 46,27% Memory free
7,71 Gb Paging File | 5,04 Gb Available in Paging File | 65,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454,84 Gb Total Space | 380,40 Gb Free Space | 83,63% Space Free | Partition Type: NTFS
Drive H: | 14,89 Gb Total Space | 14,81 Gb Free Space | 99,43% Space Free | Partition Type: FAT32

Computer Name: JUAN-VAIO | User Name: Fede | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-308961309-1451343532-2030891354-1001\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{019D2D21-18DA-4C2A-80A3-F3082F998632}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9DA6C5CF-6142-4BAD-AE0F-C64B39BF68DD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{C3E322C3-AB88-4AF1-A2A0-7A27553F60E2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{011F63F0-9F1B-48A7-A9D7-7426A6C31EDF}" = protocol=17 | dir=in | app=c:\users\fede\downloads\sweetimsetup.exe |
"{07EEEC55-E71F-4AE9-8C9F-275E1BDE0AFD}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{0AF91FD4-5E19-4274-A261-0E5BD6830596}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\mediabar\datamngr\toolbar\dtuser.exe |
"{0C7502D8-405D-4355-86F3-69C309D7C65D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{0D3C8BE6-3599-4C9C-A20F-D40707DCF5AE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1116ACE6-91AB-471B-9DA0-3C5EC9C267A7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{11EE81F5-1C0F-4AB2-8BEB-7BBB9CBDE7DC}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{120896B8-B351-4F74-B19B-7EA9D2F2D7DE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{130F5538-2043-470A-B5B0-778C95F19654}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe |
"{158D0F8A-9726-4936-9F39-19FB8D969DE7}" = protocol=17 | dir=in | app=c:\users\public\documents\fede\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{1964A61D-7687-4B09-9937-47739A24BA12}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{1CBFC080-2731-464A-BE12-7ACF5FF6369F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1ED812A4-A0A7-41C9-AB56-6ADFE0FD3052}" = protocol=6 | dir=in | app=c:\users\public\documents\fede\mass effect\masseffectlauncher.exe |
"{21AE58D5-E1C5-4851-AE82-678A3EE6326A}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{239F3F3D-6B5C-4B81-BCBA-D19AA29D6BD5}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{26D8A3D0-C501-4C63-994A-E3CA01CA1238}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2804AB48-40B2-40E6-8F83-219A891C3100}" = protocol=17 | dir=in | app=c:\users\public\documents\fede\assassin's creed revelations\acrsp.exe |
"{2830EF7A-6321-417E-B995-B6F0460CFC31}" = protocol=17 | dir=in | app=c:\users\public\documents\fede\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{28344E79-BF83-4B69-ADA1-F4B1D73863FB}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{28A0F4F3-4806-4FE9-8117-A55D2DB77359}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{2987E2AC-88F6-4E04-8811-1EAEAECE2AB2}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2BA0F6E5-FE33-4A53-9616-8282A2F4732A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3179CB98-1F92-4C32-844C-5A3D949E9A28}" = protocol=6 | dir=in | app=c:\users\public\documents\fede\rockstar games\eflc\launcheflc.exe |
"{327E725A-2B0E-4D02-8FCD-9656C15F41A7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{36758F33-EC6E-4E49-A2B5-FEB2C186A7E5}" = protocol=6 | dir=in | app=c:\users\public\documents\fede\prototype\prototypef.exe |
"{3C5E0B03-B271-471B-9E68-B67DDAE96B3F}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{3C97ABA5-0D68-4CD7-BA28-E7F72FD57B22}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\mediabar\datamngr\toolbar\dtuser.exe |
"{40BA96F3-5C4A-4D4A-BC33-2BE577A06F94}" = protocol=6 | dir=in | app=c:\users\public\documents\fede\diablo iii beta\diablo iii.exe |
"{42D2FD6A-EA2B-4C92-93FB-020F745D9A4C}" = protocol=6 | dir=in | app=c:\users\public\documents\fede\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{43DF2045-C661-4B02-99A0-5B6990F49559}" = protocol=17 | dir=in | app=c:\users\public\documents\fede\assassin's creed revelations\assassinscreedrevelations.exe |
"{44224ADC-86D7-4A82-BE17-BEFF69B240CA}" = protocol=6 | dir=in | app=c:\users\public\documents\fede\assassin's creed revelations\assassinscreedrevelations.exe |
"{45A78C15-7AE4-4275-9138-7370C7C5AE82}" = protocol=6 | dir=in | app=c:\users\public\documents\fede\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{472FCC2E-0B75-4099-A003-613103A94901}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{47FA2969-8C05-48BA-A4AC-37646C271892}" = protocol=6 | dir=in | app=c:\users\public\documents\fede\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"{4A5E5E13-0BD5-4C9A-8ECF-3DB92838D416}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{4AAD95B1-38A7-4FCF-9FD5-F08C8C06E9E0}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{4BD7BC61-AFB8-4AFD-AA3A-ADD268591AD8}" = protocol=6 | dir=in | app=c:\users\public\documents\fede\mass effect\binaries\masseffect.exe |
"{5112C96A-F8A7-46FF-858F-1042CA87E70C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{51A6417C-FD32-4ADF-A6EC-9236F37FF9B8}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{56AAA2DB-C66A-4F80-B56E-3C6C800E2FE0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{582DC98E-9438-47C1-B7B9-E2D71A19DA69}" = protocol=17 | dir=in | app=c:\users\public\documents\fede\diablo iii beta\diablo iii.exe |
"{592CD6E9-F2B4-4790-8291-E6DDECD481F3}" = protocol=17 | dir=in | app=c:\users\public\documents\fede\mass effect\binaries\masseffect.exe |
"{59B061F8-F7B1-4939-8B3B-F629FAC9E1FE}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{5CFEB706-DC6D-4F9B-B9D9-D047ABB76C16}" = protocol=17 | dir=in | app=c:\users\public\documents\fede\mass effect\masseffectlauncher.exe |
"{62E6D02D-A6C8-4AB2-B404-8011626FEF70}" = protocol=17 | dir=in | app=c:\users\public\documents\fede\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"{64B9CB74-4618-489C-B3AA-B9132642CAF8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{66A0F652-1702-4017-8D47-EC7EE5CE6338}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{699F8418-AA05-4B95-BBB7-F82996BF6FE2}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect 2\masseffect2launcher.exe |
"{6A4A2842-2814-463F-A6BF-58CF0E13ECC3}" = protocol=6 | dir=in | app=c:\users\fede\downloads\sweetimsetup.exe |
"{7652C04B-A5C7-4270-B51C-8079AAAFC8DD}" = protocol=6 | dir=in | app=c:\users\public\documents\fede\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"{77B871C8-2917-4198-BDED-1797C6904F00}" = protocol=6 | dir=in | app=c:\users\public\documents\fede\nba2k12\nba2k12.exe |
"{812A4391-4068-42B4-A1B3-535DA8776CC5}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2\masseffect2launcher.exe |
"{835A3A3C-DA8A-4134-88D0-24C88AF9E400}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{869D69E0-86C1-4BA2-8296-3B20687DEB4D}" = protocol=17 | dir=in | app=c:\users\public\documents\fede\tropico 4\tropico4.exe |
"{8DA31EEA-EF57-40D0-ACE8-26CAFC82D578}" = protocol=17 | dir=in | app=c:\windows\syswow64\dlbkcoms.exe |
"{9B242CA4-5C4E-4D42-A8F1-C8022E765DF0}" = protocol=6 | dir=in | app=c:\users\public\documents\fede\tropico 4\tropico4.exe |
"{A0D21831-26C8-4571-82E9-04A8666B3C3E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A5D3C9CB-0328-4BE7-B7E9-0F8CA589F455}" = protocol=17 | dir=in | app=c:\windows\system32\dlbkcoms.exe |
"{A9587BA1-9979-4B4F-AFEC-AB4B4C62EFBF}" = protocol=17 | dir=in | app=c:\users\public\documents\fede\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"{B0782688-FFF0-46C0-8A56-16E94074EDCD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{B100A742-AF9B-4DA2-BE88-C49BB500D3B4}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect 2\binaries\masseffect2.exe |
"{B282C1C3-B4E0-4A1B-9AC1-A6FC9BE6C081}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{B325ABB3-BB50-4C40-A91E-EA0B5BBF64E6}" = protocol=6 | dir=in | app=c:\windows\syswow64\dlbkcoms.exe |
"{B64175FB-2C5A-4BF9-8D8A-0020F8AF8F05}" = dir=in | app=c:\itunes.exe |
"{BF5375C4-1041-4EBC-B396-F6A27A3DD139}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{C2C25CF4-E946-4023-AD7E-1D7F663D4D74}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{C79B4CCB-5BF0-4F05-8F7D-94A922E91361}" = protocol=6 | dir=in | app=c:\windows\system32\dlbkcoms.exe |
"{C81E97A4-C87C-4356-845D-DD67EC6BF173}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CBB5A7AC-6B15-4867-A94B-ED5DBE2165A4}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CEA529AE-127F-4E7E-A755-BC0B336EB0AD}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{D082B930-774B-484E-9921-007DC7DEE95C}" = protocol=6 | dir=in | app=c:\users\public\documents\fede\assassin's creed revelations\acrsp.exe |
"{D5E6CFFE-3ED0-4659-8686-873B1E3ACB73}" = protocol=17 | dir=in | app=c:\users\public\documents\fede\prototype\prototypef.exe |
"{D68B8689-13B8-4177-8C25-FCA3A259DB71}" = protocol=17 | dir=in | app=c:\users\public\documents\fede\assassin's creed revelations\acrmp.exe |
"{D91B90D4-C096-4B4B-AEFD-D687A1ED4EEC}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe |
"{DEACF245-5CE2-4431-8FC2-9DA6973B4475}" = protocol=6 | dir=in | app=c:\users\public\documents\fede\assassin's creed revelations\acrmp.exe |
"{E22179F9-4C53-4653-BEF7-57B410486BE7}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{E4B992A7-D51F-44DC-8F53-2AD85574CAF8}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{E613740C-6289-4D2F-82A1-157C1D265D5D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{EA141331-CBC2-4EA9-9AF6-4980BD73D2AA}" = protocol=17 | dir=in | app=c:\users\public\documents\fede\nba2k12\nba2k12.exe |
"{ED147D63-3175-4F94-A74E-B7F5E3C13841}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{F0452916-B572-48B1-B98C-E7CAC60A9970}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{F5E570F4-B683-43DE-A41C-08EEB1D5D9C5}" = protocol=17 | dir=in | app=c:\users\public\documents\fede\pes2012\pes2012.exe |
"{FA736E33-E8B8-481D-8101-03FC45C76CBB}" = protocol=17 | dir=in | app=c:\users\public\documents\fede\rockstar games\eflc\launcheflc.exe |
"{FEFB9D6C-8510-4DFB-89A1-7513630256A0}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{FF025E6F-855D-4D18-A26C-2A038FECE916}" = protocol=6 | dir=in | app=c:\users\public\documents\fede\pes2012\pes2012.exe |
"TCP Query User{13CCC0EA-8D49-464B-99BC-42D91D68F3FF}C:\program files (x86)\ncsoft\lineage ii\system\l2.bin" = protocol=6 | dir=in | app=c:\program files (x86)\ncsoft\lineage ii\system\l2.bin |
"TCP Query User{1C6210FC-1C62-4627-8E7A-618FFEB261CB}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{25DF3149-A6C5-4BB5-BD5B-DB8A101ADF25}C:\users\public\documents\fede\juegos\the witcher 2 enhanced edition\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\users\public\documents\fede\juegos\the witcher 2 enhanced edition\bin\witcher2.exe |
"TCP Query User{27266BE9-B429-4EB5-9EAE-3874A5D1AAC1}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{46D273D5-7DDC-4AC6-86C9-F6909FD9C7B6}C:\users\public\documents\fede\rockstar games\eflc\eflc.exe" = protocol=6 | dir=in | app=c:\users\public\documents\fede\rockstar games\eflc\eflc.exe |
"TCP Query User{59B1CD53-5165-486D-BE9D-87308A6CFE23}C:\casino\bwin casino\casino.exe" = protocol=6 | dir=in | app=c:\casino\bwin casino\casino.exe |
"TCP Query User{6AF06460-FA76-4C22-8CF9-EC8DD68168AA}C:\users\public\documents\fede\saints row the third\saintsrowthethird.exe" = protocol=6 | dir=in | app=c:\users\public\documents\fede\saints row the third\saintsrowthethird.exe |
"TCP Query User{7FD27A86-5656-42DB-B48B-93D36529E85E}C:\users\public\documents\fede\saints row the third\saintsrowthethird.exe" = protocol=6 | dir=in | app=c:\users\public\documents\fede\saints row the third\saintsrowthethird.exe |
"TCP Query User{CE1600D7-229C-489A-9C82-E2055FA7A1AB}C:\users\public\documents\fede\kingdoms of amalur reckoning\reckoning.exe" = protocol=6 | dir=in | app=c:\users\public\documents\fede\kingdoms of amalur reckoning\reckoning.exe |
"TCP Query User{DCE84C1E-CBE6-4379-9BF5-2EDBDA36DC6D}C:\users\public\documents\fede\nba2k12\nba2k12.exe" = protocol=6 | dir=in | app=c:\users\public\documents\fede\nba2k12\nba2k12.exe |
"TCP Query User{E77B958E-B967-4A57-A079-FB51D7630A60}C:\users\public\documents\fede\driver.san francisco.v 1.04.1114\driver.exe" = protocol=6 | dir=in | app=c:\users\public\documents\fede\driver.san francisco.v 1.04.1114\driver.exe |
"UDP Query User{18B27679-4235-4C93-B9A6-6D40EB0EC35A}C:\users\public\documents\fede\saints row the third\saintsrowthethird.exe" = protocol=17 | dir=in | app=c:\users\public\documents\fede\saints row the third\saintsrowthethird.exe |
"UDP Query User{32E8E422-3106-4B18-892F-EB617AD6A416}C:\program files (x86)\ncsoft\lineage ii\system\l2.bin" = protocol=17 | dir=in | app=c:\program files (x86)\ncsoft\lineage ii\system\l2.bin |
"UDP Query User{3E0B4CEE-5D7E-4545-8E37-E93B8FAE9567}C:\users\public\documents\fede\driver.san francisco.v 1.04.1114\driver.exe" = protocol=17 | dir=in | app=c:\users\public\documents\fede\driver.san francisco.v 1.04.1114\driver.exe |
"UDP Query User{4267F0AE-CEE6-488B-A0CA-4B6F3D6B8407}C:\users\public\documents\fede\rockstar games\eflc\eflc.exe" = protocol=17 | dir=in | app=c:\users\public\documents\fede\rockstar games\eflc\eflc.exe |
"UDP Query User{5B06D4D1-143E-441D-94B4-163531136696}C:\users\public\documents\fede\juegos\the witcher 2 enhanced edition\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\users\public\documents\fede\juegos\the witcher 2 enhanced edition\bin\witcher2.exe |
"UDP Query User{5EFCAC96-AED0-4B99-A47D-FC3494447385}C:\users\public\documents\fede\nba2k12\nba2k12.exe" = protocol=17 | dir=in | app=c:\users\public\documents\fede\nba2k12\nba2k12.exe |
"UDP Query User{67337DC2-87F4-460E-9573-FC42D7076932}C:\casino\bwin casino\casino.exe" = protocol=17 | dir=in | app=c:\casino\bwin casino\casino.exe |
"UDP Query User{99640363-80A1-4CD9-9FF5-F6F56D9BACEE}C:\users\public\documents\fede\saints row the third\saintsrowthethird.exe" = protocol=17 | dir=in | app=c:\users\public\documents\fede\saints row the third\saintsrowthethird.exe |
"UDP Query User{B3A0EA94-032C-450D-A34E-6C0A3F5B699C}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{C4247AB0-11FE-4974-AA55-E76CA10CED04}C:\users\public\documents\fede\kingdoms of amalur reckoning\reckoning.exe" = protocol=17 | dir=in | app=c:\users\public\documents\fede\kingdoms of amalur reckoning\reckoning.exe |
"UDP Query User{DEC247B4-8E62-44AA-A343-B7821640B0B5}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{08D401E5-E23D-4372-8F9E-764963B19483}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"{0F8CCE41-B6D0-43BB-BDBA-B8DF073216DB}" = SQL Server 2008 R2 Common Files
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java™ 6 Update 16 (64-bit)
"{2CDD9D22-AD67-4588-93AD-147C979F6E7C}" = AVG 2012
"{32F2679A-EEDC-41B1-9162-E0044A11654D}" = Microsoft SQL Server VSS Writer
"{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 Common Files
"{3BC6E87B-7E7B-3F78-9BD1-708B199B1EB5}" = Microsoft .NET Framework 4 Extended ESN Language Pack
"{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}" = Microsoft SQL Server 2008 R2 Native Client
"{5134B35A-B559-4762-94A4-FD4918977953}" = Microsoft Web Deploy 2.0
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{587AD91D-BA13-4033-9938-61CFC7F4F581}" = Microsoft SQL Server Compact 4.0 x64 ESN
"{5B210B8A-B66E-4702-B44D-0D6F388D29EB}" = SpyHunter
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{6C65F9E9-E17B-3A63-8C08-DD50FC97043A}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{773C7652-85B8-4335-9C78-1113CDBD73DA}" = Archivos auxiliares de instalación de Microsoft SQL Server 2008
"{8557776A-3E8B-335B-8EF7-EFBB02C6948C}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ESN
"{87EF4D47-939B-4FEC-8B94-703B19AE7BD2}" = Progr. de instalación de Microsoft SQL Server 2008 R2 (Español)
"{8D1163BE-5ECD-0303-87F7-35ED38BBB2E1}" = ATI Catalyst Install Manager
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A2122A9C-A699-4365-ADF8-68FEAC125D61}" = SQL Server 2008 R2 Database Engine Shared
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AF688AD8-21D3-4B17-9775-9955B1135DEC}" = SQL Server 2008 R2 Database Engine Services
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BB57A765-FFFE-498B-8C1E-6C9CE2AB92BA}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{BF456ADA-407C-BFA2-52DA-08ECE9E18549}" = ccc-utility64
"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{C3C912BB-BF4B-3788-8A19-DA5B999CE0C6}" = Microsoft .NET Framework 4 Client Profile ESN Language Pack
"{C9F697B9-FAC8-4B76-9D3D-40FA3BFA4F9E}" = Microsoft SQL Server System CLR Types (x64)
"{CC4878C0-4A6A-49CD-AAA7-DD3FCB06CC84}" = Microsoft Web Platform Installer 3.0
"{DE620959-4E84-4FA7-97BE-A6D4048016A2}" = SQL Server 2008 R2 Database Engine Shared
"{E016AA48-A21B-4728-9BD0-E3AAE23BEE5F}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{E33B102B-7D42-4AEF-B0C8-296567736169}" = Windows Live Protección Infantil
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}" = Sql Server Customer Experience Improvement Program
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = SQL Server 2008 R2 Database Engine Services
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"930E4792BDAEAFB62A9514EE7578775658A5D07C" = Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Dell AIO Printer A920" = Dell AIO Printer A920
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile ESN Language Pack" = Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended ESN Language Pack" = Paquete de idioma de Microsoft .NET Framework 4 Extended ESN
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64 bits)
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64 bits)
"Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN" = Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN
"TeamSpeak 3 Client" = TeamSpeak 3 Client

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{0215A652-E081-4B09-9333-DC85AAB67FFA}" = Adobe Dreamweaver CS5.5
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04E9B02B-4F85-4B73-B865-27B9B8B35877}" = NBA 2K12
"{08096C0A-B9B2-7F42-3760-BD9A1CBA9A6E}" = Catalyst Control Center Graphics Full Existing
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{10014C6B-F482-991B-8865-32BFEA347CE1}" = CCC Help Hungarian
"{10A16AF7-AD18-40A1-8A94-5CB2316C7323}" = Microsoft Silverlight 4 SDK - Español
"{127BCB7C-B976-4312-A760-6383892AD13C}" = Microsoft SQL Server Browser
"{12D0BE8D-538C-4AB1-86DE-C540308F50DA}" = VAIO Content Metadata Manager Settings
"{1404E04F-C98C-5195-251E-9CED867E37D7}" = CCC Help French
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
"{1AA0193C-398B-D400-A156-C060CFDDF132}" = Catalyst Control Center Core Implementation
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1E450972-E996-4EC1-A4C3-1518A46928D0}" = VAIO Content Metadata Intelligent Network Service Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1FD416D0-CC16-41D1-A25C-C9986CD8BBAB}" = VAIO Content Metadata Intelligent Analyzing Manager
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Herramienta de carga de Windows Live
"{208345BE-27BB-4367-B245-A5B6E764FDD0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{2110ECBD-BF15-4673-8852-8C68DDEB26AC}" = Media Gallery
"{21E7A706-31FF-46AA-A294-FA4A8917B59F}" = Microsoft ASP.NET MVC 3 - VWD Express 2010 Tools Update
"{221125DC-6A40-4900-B844-591F5E1195B0}" = Microsoft Visual Web Developer 2005 Express Edition - ENU
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{233C14B1-D05F-96A7-1509-C87417F899F8}" = CCC Help Turkish
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = Configuración de Monitorización de contenido del VAIO
"{257FE0F8-5623-4C93-A183-E30448F79B18}" = IIS 7.5 Express
"{2637552C-A1EE-D6C9-3D9E-716BCB76081D}" = ccc-core-static
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{291FB4BF-EEC7-4CF9-8469-F39ED1DBC4D8}" = VAIO Content Metadata XML Interface Library
"{2B83A043-BA8C-4164-98AA-29529D0BE756}" = Windows Live Essentials
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34DC654E-6E43-4BFA-9E00-6C16CFA7B9F0}" = VAIO Data Restore Tool
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{37531547-B1F4-45E6-98FC-8AF5F2F0EAA4}" = VAIO Content Metadata Manager Settings
"{3CFFC382-6C23-42CB-8B1E-625F9F84E362}" = Microsoft ASP.NET Web Pages - VWD Express 2010 Tools
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4427F384-B5BE-4769-B7D0-C784FC321EB1}" = VAIO Content Metadata Intelligent Network Service Manager
"{4882EBF5-CA37-4EF4-BCB8-9B0E78B907D0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{49939C5A-7835-120D-1195-7374E1AE1CAB}" = CCC Help Spanish
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5810367F-CB89-1257-0283-EC37270741E7}" = CCC Help Russian
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data
"{5A4C0B1D-2379-AAE0-4907-56E83D6D8A8C}" = CCC Help Italian
"{5BDFAB82-060E-438B-AB4F-A2331B2294C0}" = Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update 5
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = Transferencias VAIO
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{650CF18F-629C-3CF1-307D-5C93321B41CD}" = Catalyst Control Center Graphics Full New
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6842DCCB-2840-4E46-8AF3-BEA9CFF3455B}" = Sony Sound Forge 9.0
"{69131367-6458-6271-8277-25E408572433}" = CCC Help German
"{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Mass Effect™ 3
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D8ED20E-E792-4DAC-BB66-009836CBD80B}" = VAIO Content Monitoring Settings
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72A6B2E5-3286-4D77-8AAC-A4BE2A8FCB90}" = CCC Help Finnish
"{7392AA60-133D-4761-94DB-8FBC9B6CD5EA}" = VAIO Content Metadata Intelligent Network Service Manager
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{7593234B-2AEB-4FC9-B02D-C9B30D86084C}" = Windows Live Asistente para el inicio de sesión
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
"{79B56745-1296-490E-86A7-AE07A034AB26}" = Microsoft ASP.NET MVC 3 - ESN
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = Administración de energía del VAIO
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85076DFF-7A17-3566-9CC0-488E6E6D4494}" = Microsoft Visual Web Developer 2010 Express - ENU
"{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
"{878D2EB2-2D55-42A9-955E-1E08F28529FD}" = Sony Media Manager 2.2
"{87A29380-9FFF-6D32-BBF1-61569DFD5BEA}" = CCC Help Portuguese
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide
"{8924FD04-AFF1-4387-B08B-6A979485F2BD}" = Windows Live Call
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D047BB8-0D97-4163-27CE-351BDF225D00}" = Catalyst Control Center Localization All
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8E3C0F37-2280-4043-BAD0-3C9E5EB723EC}" = Google Drive
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EEA1427-5C0D-469F-9FC6-A622A99D98EB}" = Trixie
"{8F862B8C-D3F7-74F5-6C08-F0F70F744FF7}" = CCC Help Japanese
"{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007
"{90120000-0015-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007
"{90120000-0019-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007
"{90120000-001A-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_ENTERPRISE_{BEADB115-DB47-4BD0-A9EC-AE585AFAB2D8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-042D-0000-0000000FF1CE}_ENTERPRISE_{017A6981-5E03-4A97-830A-35FE0927BB7F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0456-0000-0000000FF1CE}_ENTERPRISE_{A3A03B41-14EA-4E50-97D8-FCF429AE0CCB}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0C0A-1000-0000000FF1CE}_ENTERPRISE_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0C0A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Spanish) 2007
"{90120000-0044-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}_ENTERPRISE_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
"{90120000-00A1-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0C0A-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Spanish) 2007
"{90120000-00BA-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{914DD274-9C5D-44CA-9AC7-12B8D2D4DA08}" = Windows Live Sync
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931FE23C-BB40-4C7A-A594-DB35908D8E83}" = VAIO Quick Web Access
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype™
"{935B5086-C002-0FBC-0723-5741D2478EE7}" = Catalyst Control Center InstallProxy
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{96D8E26D-70CB-44DE-AE50-43095A39E5B2}" = VAIO Entertainment Platform
"{9763733B-6453-4EC3-BFD2-92FB60889204}" = Microsoft ASP.NET Web Pages - ESN
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B163B82-3B46-4CE5-BF01-A53E550A8E58}" = Sony Home Network Library
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DA53D22-D922-494C-B1D7-51CD9BCB9E4A}" = VAIO Hardware Diagnostics
"{9EAC0E21-510E-4259-A9C6-F5D5B8969036}" = Catalyst Control Center - Branding
"{A0F4F993-C4A7-F093-CF8D-5F03B39252F2}" = CCC Help Thai
"{A3563827-B0DB-44DC-B037-15CC4E5E692F}" = VAIO Content Metadata XML Interface Library
"{A477F82B-F291-5BB0-74FF-6654A27B311A}" = CCC Help Dutch
"{A4EFAC49-5605-E9FA-5C1B-75D8AACF6139}" = Catalyst Control Center Graphics Light
"{A5630CB0-6D3C-4C93-9A51-03BEB835A982}" = NuGet
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = Configuración de funciones originales del VAIO
"{A7BBE3D6-F19A-40E6-96EC-84E1DC88F262}" = Galería fotográfica de Windows Live
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A95187EF-BCF4-4468-B501-C0BAB976ADD1}" = VAIO Personalization Manager
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AA668097-C081-B41E-DEDA-83BB12B7E85F}" = CCC Help Korean
"{AB259D46-F851-41B0-9AFA-AED8998AD68A}" = MusicStation
"{AC050677-EAFC-4B57-8F83-8205F65134D2}" = VAIO Content Metadata XML Interface Library
"{AC76BA86-7AD7-1034-7B44-A92000000001}" = Adobe Reader 9.2 - Español
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{B1DADBEB-7F82-4B29-84D6-5F14A020F0A0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{B2F0AAB1-8C1C-1EFE-6594-417BBB023D6B}" = CCC Help Czech
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B8583CB3-8ABE-407E-8BC6-F9A83EAC9133}" = Windows Live Writer
"{B85C4CB2-B352-4BD8-818C-BCE353599107}" = SweetIM for Messenger 3.6
"{BCA907B6-5A0F-473E-8C63-0FF0CFAEB7B7}" = VAIO Personalization Manager
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{BEC001F9-0451-4396-92D7-E1A4E7854BF3}" = Windows Live Mail
"{C0618520-5C63-1583-B78A-CEE1139EF1E6}" = CCC Help Polish
"{C4156B59-DD7E-40DF-AF08-E568A27A6409}" = Windows Live Messenger
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C84E8865-5E2B-5A46-99F2-B8A35917B8BF}" = Catalyst Control Center Graphics Previews Common
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D36B6249-71E7-9E85-A9D6-E2239783301E}" = CCC Help Norwegian
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D533C9D4-ED96-4191-B9C3-279C0DD6BABA}" = Sony Noise Reduction Plug-In 2.0e
"{D5DC1775-F67A-6399-BE1D-960FC2254F91}" = CCC Help Chinese Standard
"{D604D3C7-337D-FE67-09DE-A641D3B4D886}" = CCC Help Danish
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel® Turbo Boost Technology Driver
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
"{DCCAB2CD-3E76-4B47-A8DB-35BAF7B600A3}" = Oracle Crystal Ball (32-bit)
"{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}" = Microsoft ASP.NET MVC 3
"{DD23714B-A2C6-A6D2-9309-75AFAFF1F8E6}" = CCC Help English
"{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = Media Gallery
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{DFB951D6-4270-42D8-B4B7-AA4B01911DC3}" = Sony Vegas 7.0
"{E3DC1111-5D32-40F9-BB81-64E31294C1A4}" = VAIO Personalization Manager
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E737A098-F161-4B6F-AF22-86AAE34F6FBD}" = Pro Evolution Soccer 2012
"{E7D5D189-E71D-EA01-419F-699F57B1ED65}" = Catalyst Control Center Graphics Previews Vista
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{ED780CA9-0687-3C12-B439-3369F224941F}" = Microsoft Visual Studio 2010 Service Pack 1
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1432614-6183-49E6-98E8-674485463CFE}" = VAIO Original Function Settings
"{F2894826-BF35-CE79-5EA6-7BAD1DF6F8BF}" = CCC Help Greek
"{F392063E-8736-7812-47E7-7598F0B56D9D}" = CCC Help Swedish
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4}" = Byki
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"{FF4EB4E5-55BB-D9AF-B5A2-3D6F359E7472}" = CCC Help Chinese Traditional
"1ClickDownload" = 1ClickDownload
"7-Zip" = 7-Zip 4.57
"Adobe AIR" = Adobe AIR
"BitTorrent" = BitTorrent
"Brink_is1" = Brink
"bwin Casino" = bwin Casino
"bwin Poker JPC_is1" = bwin Poker JPC 1.0.0
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"DAEMON Tools Pro" = DAEMON Tools Pro
"Diablo III Beta" = Diablo III Beta
"Driver.San Francisco.v 1.04.1114_is1" = Driver.San Francisco.v 1.04.1114
"ENTERPRISE" = Microsoft Office Enterprise 2007
"facemoods" = Facemoods Toolbar
"facetheme" = Facetheme
"Football Manager 2012_is1" = Football Manager 2012
"InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)
"InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"InstallShield_{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Juego Prototype™
"InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"Kingdoms of Amalur Reckoning_is1" = Kingdoms of Amalur Reckoning
"Mafia II_is1" = Mafia II
"MarketingTools" = VAIO Marketing Tools
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Web Developer 2005 Express Edition - ENU" = Microsoft Visual Web Developer 2005 Express Edition - ENU
"Microsoft Visual Web Developer 2010 Express - ENU" = Microsoft Visual Web Developer 2010 Express - ENU
"Opera 11.62.1347" = Opera 11.62
"Picasa 3" = Picasa 3
"PokerStars" = PokerStars
"PricePeep" = PricePeep for Google Chrome
"PunkBusterSvc" = PunkBuster Services
"Saints Row The Third_is1" = Saints Row The Third
"SecondLifeViewer" = SecondLifeViewer (remove only)
"splashtop" = VAIO Quick Web Access
"Steam App 113400" = APB Reloaded
"Steam App 24200" = DC Universe Online
"The Darkness II_is1" = The Darkness II
"The Witcher 2 - Assassins of Kings Enhanced Edition_is1" = The Witcher 2 - Assassins of Kings Enhanced Edition
"uTorrent" = µTorrent
"VAIO Help and Support" =
"VAIO Premium Partners" = VAIO Premium Partners
"VAIO screensaver" = VAIO screensaver
"Wall Street Raider_is1" = Wall Street Raider 6.30
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-308961309-1451343532-2030891354-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Byki Express for Current User" = Byki Express for Current User
"Google Chrome" = Google Chrome
"NCsoft-Lineage2" = Lineage II
"Tropico 4" = Tropico 4 1.00
"Winamp Detect" = Aplicación para detectar Winamp

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:07 PM

Posted 15 May 2012 - 04:38 PM

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive. Plug the flashdrive into the infected PC and then enter System Recovery Options.

  • To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Click on Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt

  • Select Command Prompt.
  • In the Command Window type in notepad and hit <ENTER>.
  • When a notepad window opens, under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and hit <ENTER>.

    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • A log, called FRST.txt, will be created on the flash drive - please copy and paste the contents in your reply.

So long, and thanks for all the fish.

 

 


#7 Axent

Axent
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 15 May 2012 - 04:49 PM

Heres the frst log

Scan result of Farbar Recovery Scan Tool Version: 13-05-2012
Ran by SYSTEM at 15-05-2012 23:44:05
Running from G:\
Windows 7 Home Premium (X64) OS Language: Spanish Modern Sort
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [9636896 2009-12-16] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] %ProgramFiles%\Apoint\Apoint.exe [208384 2009-11-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [171520 2010-05-20] (Sun Microsystems, Inc.)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2327952 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-11-20] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-10-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [320880 2009-08-26] (Sony Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-01-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [538472 2009-06-17] (Symantec Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [597792 2009-10-24] (Sony Corporation)
HKLM-x32\...\Run: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe [26624 2010-05-20] (Sony Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" [149280 2010-05-20] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I [362200 2011-09-05] (facemoods.com)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)
HKLM-x32\...\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [114992 2012-01-19] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [74752 2011-12-09] (Nullsoft, Inc.)
HKU\Fede\...\Run: [MSIDLL] C:\Windows\SysWOW64\rundll32.exe msiaxe32.dll,aARBxCZb [x]
HKU\Fede\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-05-20] (Google Inc.)
HKU\Fede\...\Run: [Steam] "C:\Users\Public\Documents\fede\Steam\steam.exe" -silent [1242448 2012-02-15] (Valve Corporation)
HKU\Fede\...\Run: [PlayNC Launcher] [x]
HKU\Fede\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [11396840 2012-05-02] (Google)
HKU\Fede\...\Run: [Google Update] "C:\Users\Fede\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-05-06] (Google Inc.)
HKU\juan\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-05-20] (Google Inc.)
HKU\juan\...\Run: [msnmsgr] ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [3872080 2010-04-16] (Microsoft Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254
AppInit_DLLs:
Tcpip\..\Interfaces\{1EFB8A60-ADE3-4852-AA62-C8616E1EABDA}: [NameServer]80.58.61.250,80.58.61.254
SubSystems: [Windows] ATTENTION! ====> ZeroAccess

==================== Services (Whitelisted) ======

3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 dlbk_device; C:\Windows\system32\dlbkcoms.exe -service [567024 2007-06-25] ( )
2 dlbk_device; C:\Windows\SysWow64\dlbkcoms.exe -service [538096 2007-03-28] ( )
2 IAStorDataMgrSvc; "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe" [13336 2009-11-20] (Intel Corporation)
3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [64856 2009-02-26] (Microsoft Corporation)
2 msmpsvc; C:\Windows\System32\pdlnebas.dll [6656 2009-07-14] (Oak Technology Inc.)
3 npggsvc; C:\Windows\SysWow64\GameMon.des -service [4323256 2011-03-28] (INCA Internet Co., Ltd.)
2 PMBDeviceInfoProvider; "C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe" [360224 2009-10-24] (Sony Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2012-03-23] ()
3 Roxio UPnP Renderer 10; "C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe" [313840 2009-08-31] (Sonic Solutions)
2 Roxio Upnp Server 10; "C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe" [362992 2009-08-31] (Sonic Solutions)
3 SampleCollector; "C:\Program Files\Sony\VAIO Care\collsvc.exe" "/service" "/counter=\Processor(_Total)\% Processor Time:5" "/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5" "/counter=\Network Interface(*)\Bytes Total/sec:5" "/directory=inteldata" [167424 2009-09-16] (Intel Corporation)
3 SOHCImp; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe" [120104 2009-10-15] (Sony Corporation)
3 SOHDBSvr; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe" [70952 2009-10-15] (Sony Corporation)
3 SOHDms; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe" [427304 2009-10-15] (Sony Corporation)
3 SOHDs; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe" [75048 2009-10-15] (Sony Corporation)
3 SOHPlMgr; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe" [91432 2009-10-15] (Sony Corporation)
2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2320920 2009-12-14] (Intel Corporation)
3 VAIO Entertainment TV Device Arbitration Service; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe" [69632 2009-09-14] (Sony Corporation)
2 VAIO Event Service; "C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe" [204648 2009-12-01] (Sony Corporation)
3 VAIO Power Management; "C:\Program Files\Sony\VAIO Power Management\SPMService.exe" [571248 2009-11-30] (Sony Corporation)
2 VCFw; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe" [642416 2009-09-14] (Sony Corporation)
3 VcmIAlzMgr; "C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe" [480624 2009-09-16] (Sony Corporation)
3 VcmINSMgr; "C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe" [361840 2009-09-01] (Sony Corporation)
3 VcmXmlIfHelper; "C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe" [110960 2009-09-08] (Sony Corporation)
2 VSNService; "C:\Program Files\Sony\VAIO Smart Network\VSNService.exe" [821760 2009-11-25] (Sony Corporation)
3 VUAgent; "C:\Program Files\Sony\VAIO Update 5\VUAgent.exe" [1165680 2009-10-30] (Sony Corporation)
2 VzCdbSvc; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe" [206336 2009-09-14] (Sony Corporation)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [x]
2 MsDepSvc; "c:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe" -runService:MsDepSvc [x]
2 MSSQL$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [x]
4 MSSQLServerADHelper100; "c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [x]
2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [x]
4 SQLAgent$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS [x]
4 SQLBrowser; "c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x]
2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x]

========================== Drivers (Whitelisted) =============

3 ArcSoftKsUFilter; C:\Windows\System32\Drivers\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-02-06] (DT Soft Ltd)
3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [7778176 2009-12-16] (Intel Corporation)
3 Point64; C:\Windows\System32\Drivers\Point64.sys [45456 2010-07-21] (Microsoft Corporation)
2 rimspci; C:\Windows\System32\drivers\rimssne64.sys [93696 2009-11-06] (REDC)
2 risdsnpe; C:\Windows\System32\drivers\risdsne64.sys [75776 2009-09-15] (REDC)
4 RsFx0150; C:\Windows\System32\Drivers\RsFx0150.sys [313696 2010-04-03] (Microsoft Corporation)
3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-11-12] ()
3 dump_wmimmc; \??\C:\Program Files (x86)\NCsoft\Lineage II\system\GameGuard\dump_wmimmc.sys [x]
3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: msmpsvc

============ One Month Created Files and Folders ==============

2012-05-15 22:07 - 2012-05-15 22:07 - 0101872 ____A C:\Users\Fede\Desktop\Extras.Txt
2012-05-15 21:52 - 2012-05-15 21:40 - 0595456 ____A (OldTimer Tools) C:\Users\Fede\Desktop\OTL.exe
2012-05-15 21:51 - 2012-05-15 21:51 - 0595968 ____A (OldTimer Tools) C:\Users\Fede\Downloads\OTL.scr
2012-05-15 21:40 - 2012-05-15 21:40 - 0595456 ____A (OldTimer Tools) C:\Users\Fede\Downloads\OTL.exe
2012-05-15 19:00 - 2012-05-15 19:00 - 0302592 ____A C:\Users\Fede\Downloads\n4vtl3q1.exe
2012-05-15 18:57 - 2012-05-15 18:57 - 0302592 ____A C:\Users\Fede\Downloads\zclyzmgs.exe
2012-05-15 18:56 - 2012-05-15 18:56 - 0038990 ____A C:\Users\Fede\Desktop\Attach.txt
2012-05-15 18:56 - 2012-05-15 18:56 - 0028798 ____A C:\Users\Fede\Desktop\DDS.txt
2012-05-15 18:49 - 2012-05-15 18:49 - 0607260 ____R (Swearware) C:\Users\Fede\Desktop\dds.com
2012-05-15 18:49 - 2012-05-15 18:49 - 0607260 ____A (Swearware) C:\Users\Fede\Downloads\dds.com
2012-05-15 18:47 - 2012-05-15 18:47 - 0050477 ____A C:\Users\Fede\Downloads\Defogger.exe
2012-05-15 18:47 - 2012-05-15 18:47 - 0050477 ____A C:\Users\Fede\Desktop\Defogger.exe
2012-05-15 18:47 - 2012-05-15 18:47 - 0000550 ____A C:\Users\Fede\Desktop\defogger_disable.log
2012-05-15 18:47 - 2012-05-15 18:47 - 0000178 ____A C:\Users\Fede\defogger_reenable
2012-05-15 18:19 - 2012-05-15 18:19 - 0000000 ____D C:\Windows\system64
2012-05-15 18:06 - 2012-05-15 23:44 - 0000000 ____D C:\FRST
2012-05-15 17:40 - 2012-05-15 17:40 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-05-15 17:39 - 2012-05-15 17:40 - 0140412 ____A C:\TDSSKiller.2.7.34.0_15.05.2012_18.39.48_log.txt
2012-05-15 17:37 - 2012-05-15 17:37 - 0034638 ____A C:\ComboFix.txt
2012-05-15 17:28 - 2012-05-15 17:28 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-05-15 17:28 - 2012-05-15 17:28 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-05-15 17:28 - 2012-05-15 17:28 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-05-15 17:28 - 2012-05-15 17:28 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-05-15 17:28 - 2012-05-15 17:28 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-05-15 17:28 - 2012-05-15 17:28 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-05-15 17:28 - 2012-05-15 17:28 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-05-15 17:28 - 2012-05-15 17:28 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-05-15 17:28 - 2012-05-15 17:28 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-05-15 17:28 - 2012-05-15 17:28 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-05-15 17:13 - 2012-05-15 19:14 - 0000000 ____D C:\Windows\ERDNT
2012-05-15 17:13 - 2012-05-15 17:37 - 0000000 ____D C:\Qoobox
2012-05-15 13:28 - 2012-05-15 13:28 - 0000000 ____D C:\Users\Fede\AppData\Roaming\Easeware
2012-05-15 13:27 - 2012-05-15 13:27 - 0000000 ____D C:\Program Files\Easeware
2012-05-14 23:56 - 2012-05-15 00:07 - 3252027392 ____A C:\Users\Fede\Downloads\X17-58879.iso
2012-05-14 20:20 - 2012-05-14 20:20 - 0000000 ____D C:\Users\Public\Documents\DisabledAUStartItems
2012-05-14 20:20 - 2012-05-14 20:20 - 0000000 ____D C:\Users\Fede\Documents\DisabledCUStartItems
2012-05-14 20:02 - 2012-05-14 20:03 - 0000000 ___DC C:\Users\Fede\AppData\Local\MigWiz
2012-05-14 19:42 - 2012-05-14 23:07 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-05-14 19:42 - 2012-05-14 23:07 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-05-14 19:42 - 2012-05-14 23:07 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-05-14 18:22 - 2012-05-14 18:22 - 3877872 ____A (AVG Technologies) C:\Users\Fede\Downloads\avg_free_stb_all_2012_2171_free.exe
2012-05-13 10:45 - 2012-05-15 21:43 - 0000838 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-05-12 10:37 - 2012-04-26 19:03 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-11 22:27 - 2012-05-11 22:27 - 15263592 ____A (Google Inc.) C:\Users\Fede\Downloads\picasa39-setup.exe
2012-05-11 22:10 - 2012-05-11 22:10 - 0000000 ____D C:\Users\All Users\ATI
2012-05-11 22:10 - 2012-05-11 22:10 - 0000000 ____D C:\ProgramData\ATI
2012-05-11 10:17 - 2012-05-11 10:19 - 0013032 ____A C:\Users\Fede\Downloads\sqlwoa.dll.zip
2012-05-11 09:59 - 2012-05-14 23:07 - 0000000 ____D C:\Users\All Users\AVG2012
2012-05-11 09:59 - 2012-05-14 23:07 - 0000000 ____D C:\ProgramData\AVG2012
2012-05-11 09:59 - 2012-05-11 09:59 - 0000000 ____D C:\$AVG
2012-05-11 09:58 - 2012-05-11 13:29 - 0000000 ____D C:\Program Files (x86)\AVG
2012-05-11 02:07 - 2012-03-30 12:09 - 1895280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-11 02:07 - 2012-03-03 07:29 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-05-11 02:07 - 2012-03-03 07:29 - 1541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-11 02:07 - 2012-03-03 07:29 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-05-11 02:07 - 2012-03-03 07:29 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-05-11 02:07 - 2012-03-03 07:29 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-05-11 02:07 - 2012-03-03 06:40 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-05-11 02:07 - 2012-03-03 06:40 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-11 02:07 - 2012-03-03 06:40 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-05-11 02:07 - 2012-03-03 06:40 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-05-11 02:07 - 2012-03-03 06:40 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-05-11 02:06 - 2012-04-02 06:34 - 5504880 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-11 02:06 - 2012-04-02 05:46 - 3958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-11 02:06 - 2012-04-02 05:46 - 3902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-11 02:06 - 2012-04-02 04:01 - 3143680 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-11 02:05 - 2012-03-17 08:55 - 0075632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-10 22:21 - 2012-05-10 22:21 - 0001406 ____A C:\Users\Fede\Desktop\Winamp.lnk
2012-05-10 22:18 - 2012-05-10 22:18 - 0000000 ____D C:\Users\Fede\Documents\Notas Fuenca
2012-05-10 19:04 - 2012-05-11 13:53 - 0000000 ____D C:\Update
2012-05-09 16:07 - 2012-05-10 14:44 - 0000000 ____D C:\Users\Fede\AppData\Roaming\Xidicone
2012-05-09 16:06 - 2012-05-09 16:06 - 0000000 ____D C:\Users\All Users\Xidicone
2012-05-09 16:06 - 2012-05-09 16:06 - 0000000 ____D C:\ProgramData\Xidicone
2012-05-09 12:00 - 2012-05-10 14:44 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-05-09 11:17 - 2012-05-15 18:20 - 0179612 ____A C:\Windows\ntbtlog.txt
2012-05-07 22:02 - 2012-05-07 22:02 - 0000000 ____D C:\Users\Default\AppData\LocalGoogle
2012-05-07 22:02 - 2012-05-07 22:02 - 0000000 ____D C:\Users\Default\AppData\Local\Google
2012-05-07 22:02 - 2012-05-07 22:02 - 0000000 ____D C:\Users\Default User\AppData\LocalGoogle
2012-05-07 22:02 - 2012-05-07 22:02 - 0000000 ____D C:\Users\Default User\AppData\Local\Google
2012-05-06 20:14 - 2012-05-06 20:14 - 0000000 ____D C:\Users\Fede\AppData\Roaming\Malwarebytes
2012-05-06 20:13 - 2012-05-07 17:39 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-06 20:13 - 2012-05-06 20:13 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-05-06 20:13 - 2012-05-06 20:13 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-05-06 19:14 - 2012-05-06 19:14 - 0000767 ____A C:\Users\Fede\AppData\Roaming\SMRBackup250.dat
2012-05-06 19:13 - 2012-05-06 20:48 - 0000000 ____D C:\Users\All Users\Norton
2012-05-06 19:13 - 2012-05-06 20:48 - 0000000 ____D C:\ProgramData\Norton
2012-05-06 19:13 - 2012-05-06 19:15 - 0000000 ____D C:\Users\Fede\AppData\Local\NPE
2012-05-06 12:49 - 2012-05-06 12:49 - 0034814 ____A C:\Users\Fede\AppData\Local\dt.dat
2012-05-06 12:43 - 2012-05-15 19:14 - 0000000 ____D C:\Users\All Users\MFAData
2012-05-06 12:43 - 2012-05-15 19:14 - 0000000 ____D C:\ProgramData\MFAData
2012-05-06 12:36 - 2012-05-15 22:41 - 0001106 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-308961309-1451343532-2030891354-1001UA.job
2012-05-06 12:36 - 2012-05-14 12:41 - 0001054 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-308961309-1451343532-2030891354-1001Core.job
2012-05-06 12:36 - 2012-05-06 12:36 - 0002269 ____A C:\Users\Fede\Desktop\Google Chrome.lnk
2012-05-06 12:10 - 2012-05-09 11:49 - 0000000 ____D C:\Program Files\Enigma Software Group
2012-05-06 12:10 - 2012-05-06 12:50 - 0000000 ____D C:\sh4ldr
2012-05-06 12:09 - 2012-05-06 12:10 - 0000000 ____D C:\Windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-05-06 12:07 - 2012-05-09 11:49 - 0000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-05-06 12:06 - 2012-05-06 12:06 - 0000000 ____D C:\Users\All Users\EA Logs
2012-05-06 12:06 - 2012-05-06 12:06 - 0000000 ____D C:\Users\All Users\EA Core
2012-05-06 12:06 - 2012-05-06 12:06 - 0000000 ____D C:\ProgramData\EA Logs
2012-05-06 12:06 - 2012-05-06 12:06 - 0000000 ____D C:\ProgramData\EA Core
2012-05-05 18:21 - 2012-05-06 11:16 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-05-05 18:20 - 2012-05-13 10:45 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-02 01:46 - 2012-05-02 01:46 - 4472832 ____A (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2012-04-25 22:28 - 2012-05-15 18:21 - 0000000 ___SD C:\Users\Fede\Google Drive
2012-04-25 22:27 - 2012-04-25 22:27 - 0000000 ____D C:\Users\Fede\AppData\LocalGoogle
2012-04-24 23:16 - 2012-05-09 11:49 - 0000000 ____D C:\Users\All Users\InstallMate
2012-04-24 23:16 - 2012-05-09 11:49 - 0000000 ____D C:\ProgramData\InstallMate
2012-04-24 23:16 - 2012-04-24 23:16 - 0000000 ____D C:\Users\All Users\Premium
2012-04-24 23:16 - 2012-04-24 23:16 - 0000000 ____D C:\ProgramData\Premium
2012-04-23 19:51 - 2012-04-23 19:51 - 0000000 ____D C:\Users\Fede\AppData\Roaming\LolClient
2012-04-23 19:28 - 2008-07-12 07:18 - 1493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2012-04-23 19:28 - 2008-07-12 07:18 - 0467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2012-04-23 19:27 - 2008-07-12 07:18 - 3851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2012-04-22 22:59 - 2012-04-22 22:59 - 0000000 ____D C:\Users\Fede\AppData\Local\Sony Corporation
2012-04-22 12:24 - 2012-04-22 12:24 - 0000000 ____D C:\Users\All Users\Blizzard Entertainment
2012-04-22 12:24 - 2012-04-22 12:24 - 0000000 ____D C:\ProgramData\Blizzard Entertainment
2012-04-22 11:49 - 2012-05-09 11:49 - 0000000 ____D C:\Users\All Users\Battle.net
2012-04-22 11:49 - 2012-05-09 11:49 - 0000000 ____D C:\ProgramData\Battle.net
2012-04-22 11:34 - 2012-04-22 11:34 - 0342694 ____A C:\test.xml
2012-04-22 11:33 - 2012-04-22 11:33 - 0000000 ____D C:\Users\Fede\AppData\Roaming\Auslogics
2012-04-18 14:24 - 2012-04-18 14:24 - 0000000 ____D C:\Users\Fede\AppData\Local\The Witcher 2
2012-04-15 18:56 - 2012-05-10 22:18 - 0000000 ____D C:\Users\Fede\Documents\Master D.F


============ 3 Months Modified Files and Folders =============

2012-05-15 23:44 - 2012-05-15 18:06 - 0000000 ____D C:\FRST
2012-05-15 22:42 - 2010-09-22 21:37 - 1712242 ____A C:\Windows\WindowsUpdate.log
2012-05-15 22:41 - 2012-05-06 12:36 - 0001106 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-308961309-1451343532-2030891354-1001UA.job
2012-05-15 22:08 - 2012-05-15 22:07 - 0154512 ____A C:\Users\Fede\Desktop\OTL.Txt
2012-05-15 22:07 - 2012-05-15 22:07 - 0101872 ____A C:\Users\Fede\Desktop\Extras.Txt
2012-05-15 22:00 - 2010-05-20 10:36 - 0001114 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-05-15 21:51 - 2012-05-15 21:51 - 0595968 ____A (OldTimer Tools) C:\Users\Fede\Downloads\OTL.scr
2012-05-15 21:43 - 2012-05-13 10:45 - 0000838 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-05-15 21:40 - 2012-05-15 21:52 - 0595456 ____A (OldTimer Tools) C:\Users\Fede\Desktop\OTL.exe
2012-05-15 21:40 - 2012-05-15 21:40 - 0595456 ____A (OldTimer Tools) C:\Users\Fede\Downloads\OTL.exe
2012-05-15 21:36 - 2009-07-14 05:51 - 0098941 ____A C:\Windows\setupact.log
2012-05-15 20:38 - 2012-04-01 18:05 - 0000000 ____D C:\Users\Fede\AppData\Local\PokerStars
2012-05-15 20:38 - 2012-04-01 18:04 - 0000000 ____D C:\Program Files (x86)\PokerStars
2012-05-15 20:00 - 2010-05-20 10:36 - 0001110 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-05-15 19:14 - 2012-05-15 17:13 - 0000000 ____D C:\Windows\ERDNT
2012-05-15 19:14 - 2012-05-06 12:43 - 0000000 ____D C:\Users\All Users\MFAData
2012-05-15 19:14 - 2012-05-06 12:43 - 0000000 ____D C:\ProgramData\MFAData
2012-05-15 19:14 - 2012-03-16 19:47 - 0000000 ____D C:\Users\Fede\AppData\Roaming\TS3Client
2012-05-15 19:14 - 2012-03-13 15:08 - 0000000 ____D C:\Users\Fede\AppData\Roaming\Winamp
2012-05-15 19:14 - 2012-03-13 15:08 - 0000000 ____D C:\Program Files (x86)\Winamp
2012-05-15 19:14 - 2012-02-23 23:18 - 0000000 ____D C:\Users\All Users\SweetIM
2012-05-15 19:14 - 2012-02-23 23:18 - 0000000 ____D C:\ProgramData\SweetIM
2012-05-15 19:14 - 2012-02-19 14:39 - 0000000 ____D C:\iTunesHelper.Resources
2012-05-15 19:14 - 2012-02-19 14:37 - 0000000 ____D C:\Program Files\Bonjour
2012-05-15 19:14 - 2012-02-19 14:37 - 0000000 ____D C:\Program Files (x86)\Bonjour
2012-05-15 19:14 - 2011-11-13 03:40 - 0000000 ____D C:\Program Files (x86)\Object
2012-05-15 19:14 - 2011-11-13 03:40 - 0000000 ____D C:\Program Files (x86)\facemoods.com
2012-05-15 19:14 - 2011-10-23 10:48 - 0000000 ____D C:\Users\Fede\AppData\Local\Sony_Corporation
2012-05-15 19:14 - 2011-08-10 16:08 - 0000000 ____D C:\Program Files (x86)\WinRAR
2012-05-15 19:14 - 2010-11-29 14:57 - 0000000 ____D C:\Program Files\Microsoft IntelliPoint
2012-05-15 19:14 - 2010-09-22 21:38 - 0000000 ____D C:\users\juan
2012-05-15 19:14 - 2010-05-20 10:54 - 0000000 ____D C:\Users\All Users\Symantec
2012-05-15 19:14 - 2010-05-20 10:54 - 0000000 ____D C:\ProgramData\Symantec
2012-05-15 19:14 - 2010-05-20 10:30 - 0000000 ____D C:\Program Files\Apoint
2012-05-15 19:14 - 2009-07-14 06:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2012-05-15 19:14 - 2009-07-14 06:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2012-05-15 19:14 - 2009-07-14 06:32 - 0000000 ____D C:\Program Files (x86)\Windows Defender
2012-05-15 19:14 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\System32\Speech
2012-05-15 19:14 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\System32\es-ES
2012-05-15 19:14 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\AppCompat
2012-05-15 19:14 - 2009-07-14 04:18 - 0000000 __SHD C:\$Recycle.Bin
2012-05-15 19:13 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\registration
2012-05-15 19:12 - 2011-11-29 19:13 - 0000000 ____D C:\Users\Fede\AppData\Roaming\Skype
2012-05-15 19:12 - 2009-07-14 04:20 - 0000000 ___RD C:\users\Public
2012-05-15 19:11 - 2012-03-26 19:41 - 0000000 ____D C:\Root
2012-05-15 19:11 - 2010-05-20 10:34 - 0000000 ____D C:\Program Files (x86)\Downloaded Installations
2012-05-15 19:00 - 2012-05-15 19:00 - 0302592 ____A C:\Users\Fede\Downloads\n4vtl3q1.exe
2012-05-15 18:57 - 2012-05-15 18:57 - 0302592 ____A C:\Users\Fede\Downloads\zclyzmgs.exe
2012-05-15 18:56 - 2012-05-15 18:56 - 0038990 ____A C:\Users\Fede\Desktop\Attach.txt
2012-05-15 18:56 - 2012-05-15 18:56 - 0028798 ____A C:\Users\Fede\Desktop\DDS.txt
2012-05-15 18:49 - 2012-05-15 18:49 - 0607260 ____R (Swearware) C:\Users\Fede\Desktop\dds.com
2012-05-15 18:49 - 2012-05-15 18:49 - 0607260 ____A (Swearware) C:\Users\Fede\Downloads\dds.com
2012-05-15 18:47 - 2012-05-15 18:47 - 0050477 ____A C:\Users\Fede\Downloads\Defogger.exe
2012-05-15 18:47 - 2012-05-15 18:47 - 0050477 ____A C:\Users\Fede\Desktop\Defogger.exe
2012-05-15 18:47 - 2012-05-15 18:47 - 0000550 ____A C:\Users\Fede\Desktop\defogger_disable.log
2012-05-15 18:47 - 2012-05-15 18:47 - 0000178 ____A C:\Users\Fede\defogger_reenable
2012-05-15 18:47 - 2011-10-23 10:47 - 0000000 ____D C:\users\Fede
2012-05-15 18:27 - 2009-07-14 05:45 - 0013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-15 18:27 - 2009-07-14 05:45 - 0013872 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-15 18:21 - 2012-04-25 22:28 - 0000000 ___SD C:\Users\Fede\Google Drive
2012-05-15 18:20 - 2012-05-09 11:17 - 0179612 ____A C:\Windows\ntbtlog.txt
2012-05-15 18:20 - 2009-07-14 06:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-15 18:19 - 2012-05-15 18:19 - 0000000 ____D C:\Windows\system64
2012-05-15 18:19 - 2010-09-22 21:30 - 3106480128 __ASH C:\hiberfil.sys
2012-05-15 18:19 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-05-15 17:40 - 2012-05-15 17:40 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-05-15 17:40 - 2012-05-15 17:39 - 0140412 ____A C:\TDSSKiller.2.7.34.0_15.05.2012_18.39.48_log.txt
2012-05-15 17:37 - 2012-05-15 17:37 - 0034638 ____A C:\ComboFix.txt
2012-05-15 17:37 - 2012-05-15 17:13 - 0000000 ____D C:\Qoobox
2012-05-15 17:29 - 2009-07-14 03:34 - 99614720 ____A C:\Windows\System32\config\software.bak
2012-05-15 17:29 - 2009-07-14 03:34 - 2621440 ____A C:\Windows\System32\config\default.bak
2012-05-15 17:29 - 2009-07-14 03:34 - 23855104 ____A C:\Windows\System32\config\system.bak
2012-05-15 17:29 - 2009-07-14 03:34 - 0262144 ____A C:\Windows\System32\config\security.bak
2012-05-15 17:29 - 2009-07-14 03:34 - 0262144 ____A C:\Windows\System32\config\sam.bak
2012-05-15 17:28 - 2012-05-15 17:28 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG2
2012-05-15 17:28 - 2012-05-15 17:28 - 0000000 __ASH C:\Windows\System32\config\system.tmp.LOG1
2012-05-15 17:28 - 2012-05-15 17:28 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG2
2012-05-15 17:28 - 2012-05-15 17:28 - 0000000 __ASH C:\Windows\System32\config\software.tmp.LOG1
2012-05-15 17:28 - 2012-05-15 17:28 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG2
2012-05-15 17:28 - 2012-05-15 17:28 - 0000000 __ASH C:\Windows\System32\config\security.tmp.LOG1
2012-05-15 17:28 - 2012-05-15 17:28 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG2
2012-05-15 17:28 - 2012-05-15 17:28 - 0000000 __ASH C:\Windows\System32\config\sam.tmp.LOG1
2012-05-15 17:28 - 2012-05-15 17:28 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG2
2012-05-15 17:28 - 2012-05-15 17:28 - 0000000 __ASH C:\Windows\System32\config\default.tmp.LOG1
2012-05-15 13:28 - 2012-05-15 13:28 - 0000000 ____D C:\Users\Fede\AppData\Roaming\Easeware
2012-05-15 13:27 - 2012-05-15 13:27 - 0000000 ____D C:\Program Files\Easeware
2012-05-15 00:07 - 2012-05-14 23:56 - 3252027392 ____A C:\Users\Fede\Downloads\X17-58879.iso
2012-05-14 23:07 - 2012-05-14 19:42 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-05-14 23:07 - 2012-05-14 19:42 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2012-05-14 23:07 - 2012-05-14 19:42 - 0000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-05-14 23:07 - 2012-05-11 09:59 - 0000000 ____D C:\Users\All Users\AVG2012
2012-05-14 23:07 - 2012-05-11 09:59 - 0000000 ____D C:\ProgramData\AVG2012
2012-05-14 20:20 - 2012-05-14 20:20 - 0000000 ____D C:\Users\Public\Documents\DisabledAUStartItems
2012-05-14 20:20 - 2012-05-14 20:20 - 0000000 ____D C:\Users\Fede\Documents\DisabledCUStartItems
2012-05-14 20:11 - 2012-02-28 21:27 - 0000000 ____D C:\Users\Fede\AppData\Local\ElevatedDiagnostics
2012-05-14 20:03 - 2012-05-14 20:02 - 0000000 ___DC C:\Users\Fede\AppData\Local\MigWiz
2012-05-14 18:22 - 2012-05-14 18:22 - 3877872 ____A (AVG Technologies) C:\Users\Fede\Downloads\avg_free_stb_all_2012_2171_free.exe
2012-05-14 12:41 - 2012-05-06 12:36 - 0001054 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-308961309-1451343532-2030891354-1001Core.job
2012-05-13 10:45 - 2012-05-05 18:20 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-13 10:45 - 2011-10-13 17:05 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-12 10:37 - 2010-09-30 14:40 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-05-12 10:37 - 2010-09-30 14:40 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-05-12 10:35 - 2010-05-20 20:20 - 0812434 ____A C:\Windows\System32\perfh00A.dat
2012-05-12 10:35 - 2010-05-20 20:20 - 0183864 ____A C:\Windows\System32\perfc00A.dat
2012-05-12 10:35 - 2009-07-14 06:13 - 1883188 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-12 10:20 - 2012-02-06 19:44 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-11 22:27 - 2012-05-11 22:27 - 15263592 ____A (Google Inc.) C:\Users\Fede\Downloads\picasa39-setup.exe
2012-05-11 22:10 - 2012-05-11 22:10 - 0000000 ____D C:\Users\All Users\ATI
2012-05-11 22:10 - 2012-05-11 22:10 - 0000000 ____D C:\ProgramData\ATI
2012-05-11 21:43 - 2009-07-14 05:45 - 0459296 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-11 13:53 - 2012-05-10 19:04 - 0000000 ____D C:\Update
2012-05-11 13:53 - 2011-10-23 10:47 - 0000000 ____D C:\Users\Fede\AppData\Roaming\Sony Corporation
2012-05-11 13:53 - 2010-05-20 10:35 - 0000000 ___HD C:\SPLASH.SYS
2012-05-11 13:53 - 2010-05-19 22:42 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-05-11 13:52 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\SysWOW64\NetworkList
2012-05-11 13:52 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\SysWOW64\Msdtc
2012-05-11 13:51 - 2012-03-17 20:09 - 0000000 ____D C:\Users\Fede\AppData\Roaming\2K Sports
2012-05-11 13:51 - 2011-07-14 12:24 - 0000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-05-11 13:51 - 2011-07-14 12:24 - 0000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-05-11 13:51 - 2011-04-08 17:44 - 0000000 ____D C:\Users\juan\AppData\Local\Downloaded Installations
2012-05-11 13:51 - 2010-12-16 13:33 - 0000000 ____D C:\Users\juan\AppData\Roaming\Skype
2012-05-11 13:51 - 2010-09-30 23:28 - 0000000 ____D C:\Users\juan\AppData\Roaming\ArcSoft
2012-05-11 13:51 - 2010-09-30 17:17 - 0000000 ____D C:\Users\juan\AppData\Roaming\Adobe
2012-05-11 13:51 - 2010-09-22 21:52 - 0000000 ____D C:\Users\juan\AppData\Local\Microsoft Games
2012-05-11 13:51 - 2010-09-22 21:41 - 0000000 ____D C:\Users\juan\AppData\Local\Sony_Corporation
2012-05-11 13:51 - 2010-09-22 21:38 - 0000000 ____D C:\Users\juan\AppData\Roaming\Sony Corporation
2012-05-11 13:51 - 2010-09-22 21:38 - 0000000 ____D C:\Users\juan\AppData\LocalLow
2012-05-11 13:51 - 2010-05-20 00:01 - 0000000 ____D C:\Users\All Users\Sony Corporation
2012-05-11 13:51 - 2010-05-20 00:01 - 0000000 ____D C:\ProgramData\Sony Corporation
2012-05-11 13:51 - 2009-07-14 04:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-05-11 13:50 - 2011-06-30 10:32 - 0000000 ____D C:\e1fda1b4f3ed07bf18f5
2012-05-11 13:50 - 2010-09-30 14:40 - 0000000 __RHD C:\MSOCache
2012-05-11 13:50 - 2010-05-20 10:33 - 0000000 ____D C:\Program Files (x86)\ATI Technologies
2012-05-11 13:50 - 2010-05-20 10:32 - 0000000 ____D C:\Program Files (x86)\SONY
2012-05-11 13:29 - 2012-05-11 09:58 - 0000000 ____D C:\Program Files (x86)\AVG
2012-05-11 13:25 - 2010-05-20 03:02 - 0000000 ____D C:\Program Files\Windows Journal
2012-05-11 10:41 - 2010-05-20 10:34 - 0706608 ____A C:\lv.log
2012-05-11 10:41 - 2010-02-02 15:01 - 0000073 ____H C:\splash.idx
2012-05-11 10:19 - 2012-05-11 10:17 - 0013032 ____A C:\Users\Fede\Downloads\sqlwoa.dll.zip
2012-05-11 09:59 - 2012-05-11 09:59 - 0000000 ____D C:\$AVG
2012-05-10 22:23 - 2011-10-13 17:40 - 0000000 ____D C:\Users\Public\Documents\fede
2012-05-10 22:21 - 2012-05-10 22:21 - 0001406 ____A C:\Users\Fede\Desktop\Winamp.lnk
2012-05-10 22:18 - 2012-05-10 22:18 - 0000000 ____D C:\Users\Fede\Documents\Notas Fuenca
2012-05-10 22:18 - 2012-04-15 18:56 - 0000000 ____D C:\Users\Fede\Documents\Master D.F
2012-05-10 14:57 - 2009-07-14 06:32 - 0000000 ____D C:\Program Files (x86)\Windows Portable Devices
2012-05-10 14:54 - 2009-07-14 06:32 - 0000000 ____D C:\Program Files\Windows Portable Devices
2012-05-10 14:45 - 2010-05-20 20:20 - 0000000 ____D C:\Windows\SysWOW64\es
2012-05-10 14:45 - 2010-05-20 20:20 - 0000000 ____D C:\Windows\System32\Drivers\es-ES
2012-05-10 14:45 - 2009-07-14 06:32 - 0000000 ____D C:\Program Files\Windows Defender
2012-05-10 14:45 - 2009-07-14 06:32 - 0000000 ____D C:\Program Files\DVD Maker
2012-05-10 14:45 - 2009-07-14 06:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-05-10 14:45 - 2009-07-14 06:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-05-10 14:45 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\TAPI
2012-05-10 14:45 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\SysWOW64\sppui
2012-05-10 14:45 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\SysWOW64\Setup
2012-05-10 14:45 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\SysWOW64\oobe
2012-05-10 14:45 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2012-05-10 14:45 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\SysWOW64\manifeststore
2012-05-10 14:45 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\SysWOW64\es-ES
2012-05-10 14:45 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2012-05-10 14:45 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\SysWOW64\da-DK
2012-05-10 14:45 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\SysWOW64\cs-CZ
2012-05-10 14:45 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2012-05-10 14:45 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\System32\sppui
2012-05-10 14:45 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\System32\Setup
2012-05-10 14:45 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\System32\oobe
2012-05-10 14:45 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\System32\migwiz
2012-05-10 14:45 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\System32\manifeststore
2012-05-10 14:45 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\System32\Dism
2012-05-10 14:45 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\System32\da-DK
2012-05-10 14:45 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\System32\cs-CZ
2012-05-10 14:45 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\System32\AdvancedInstallers
2012-05-10 14:45 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\servicing
2012-05-10 14:45 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\rescache
2012-05-10 14:45 - 2009-07-14 04:20 - 0000000 ____D C:\Program Files\Common Files\System
2012-05-10 14:44 - 2012-05-09 16:07 - 0000000 ____D C:\Users\Fede\AppData\Roaming\Xidicone
2012-05-10 14:44 - 2012-05-09 12:00 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-05-10 14:44 - 2012-03-09 15:22 - 0000000 ____D C:\Users\Fede\AppData\Roaming\uTorrent
2012-05-10 14:44 - 2010-05-20 20:20 - 0000000 ____D C:\Windows\SysWOW64\XPSViewer
2012-05-10 14:44 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\SysWOW64\Speech
2012-05-10 14:44 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\SysWOW64\MUI
2012-05-10 14:44 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\System32\spp
2012-05-10 14:44 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\System32\MUI
2012-05-10 14:44 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\security
2012-05-10 14:24 - 2011-10-23 10:47 - 0000000 ____D C:\Users\Fede\AppData\LocalLow
2012-05-10 14:23 - 2010-09-30 14:40 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2012-05-09 16:06 - 2012-05-09 16:06 - 0000000 ____D C:\Users\All Users\Xidicone
2012-05-09 16:06 - 2012-05-09 16:06 - 0000000 ____D C:\ProgramData\Xidicone
2012-05-09 11:54 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\system
2012-05-09 11:53 - 2011-11-29 19:13 - 0000000 ____D C:\Users\Fede\AppData\Roaming\ArcSoft
2012-05-09 11:53 - 2010-05-20 10:36 - 0000000 ____D C:\Program Files (x86)\Google
2012-05-09 11:51 - 2011-11-29 19:45 - 0000000 ____D C:\Windows\SysWOW64\spool
2012-05-09 11:51 - 2011-11-13 03:41 - 0000000 ____D C:\Windows\System32\Macromed
2012-05-09 11:51 - 2010-05-20 20:20 - 0000000 ____D C:\Windows\SysWOW64\winrm
2012-05-09 11:51 - 2010-05-20 20:20 - 0000000 ____D C:\Windows\SysWOW64\WCN
2012-05-09 11:51 - 2010-05-20 20:20 - 0000000 ____D C:\Windows\SysWOW64\slmgr
2012-05-09 11:51 - 2010-05-20 20:20 - 0000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2012-05-09 11:51 - 2010-05-20 20:20 - 0000000 ____D C:\Windows\System32\winrm
2012-05-09 11:51 - 2010-05-20 20:20 - 0000000 ____D C:\Windows\System32\WCN
2012-05-09 11:51 - 2010-05-20 20:20 - 0000000 ____D C:\Windows\System32\slmgr
2012-05-09 11:51 - 2010-05-20 20:20 - 0000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2012-05-09 11:51 - 2010-05-20 10:36 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2012-05-09 11:51 - 2010-05-20 10:29 - 0000000 ____D C:\Windows\SysWOW64\ca-ES
2012-05-09 11:51 - 2009-07-14 06:32 - 0000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
2012-05-09 11:51 - 2009-07-14 06:32 - 0000000 ____D C:\Windows\System32\WindowsPowerShell
2012-05-09 11:51 - 2009-07-14 06:32 - 0000000 ____D C:\Windows\System32\WinBioPlugIns
2012-05-09 11:51 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\Web
2012-05-09 11:51 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\Vss
2012-05-09 11:51 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\SysWOW64\spp
2012-05-09 11:51 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\SysWOW64\InstallShield
2012-05-09 11:51 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\SysWOW64\IME
2012-05-09 11:51 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\SysWOW64\com
2012-05-09 11:51 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-05-09 11:51 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\System32\spool
2012-05-09 11:51 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\System32\SMI
2012-05-09 11:51 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\System32\NetworkList
2012-05-09 11:51 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\System32\Msdtc
2012-05-09 11:51 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\System32\IME
2012-05-09 11:50 - 2012-04-13 13:20 - 0000000 ____D C:\Users\Fede\AppData\Roaming\Opera
2012-05-09 11:50 - 2012-04-13 13:20 - 0000000 ____D C:\Users\Fede\AppData\Local\Opera
2012-05-09 11:50 - 2012-04-04 23:45 - 0000000 ____D C:\Users\Fede\AppData\Local\THQ
2012-05-09 11:50 - 2012-03-30 20:08 - 0000000 ____D C:\Users\Fede\AppData\Roaming\Kalypso Media
2012-05-09 11:50 - 2012-03-25 16:01 - 0000000 ____D C:\Users\Fede\AppData\Roaming\Transparent
2012-05-09 11:50 - 2012-03-23 17:20 - 0000000 ____D C:\Users\Fede\AppData\Roaming\PunkBuster
2012-05-09 11:50 - 2012-03-21 23:11 - 0000000 ____D C:\Users\Fede\P5JavaClientSettings
2012-05-09 11:50 - 2012-03-19 19:11 - 0000000 ____D C:\Users\Fede\AppData\Local\Rockstar Games
2012-05-09 11:50 - 2012-03-14 18:33 - 0000000 ____D C:\Users\Fede\.frostwire5
2012-05-09 11:50 - 2012-03-11 16:06 - 0000000 ____D C:\Users\Fede\AppData\Local\2K Games
2012-05-09 11:50 - 2012-03-09 19:43 - 0000000 ____D C:\Users\Fede\AppData\Local\PunkBuster
2012-05-09 11:50 - 2012-03-02 18:07 - 0000000 ____D C:\Users\Fede\AppData\Roaming\Sports Interactive
2012-05-09 11:50 - 2012-02-20 17:15 - 0000000 ____D C:\Users\Fede\AppData\Local\Amazon
2012-05-09 11:50 - 2012-02-12 19:11 - 0000000 ____D C:\Users\Fede\AppData\Local\SKIDROW
2012-05-09 11:50 - 2012-02-08 20:18 - 0000000 ____D C:\Users\Fede\AppData\Roaming\SecondLife
2012-05-09 11:50 - 2012-02-06 20:11 - 0000000 ____D C:\Users\Fede\Adobe Dreamweaver CS5.5
2012-05-09 11:50 - 2012-02-06 20:09 - 0000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2012-05-09 11:50 - 2012-02-06 20:09 - 0000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2012-05-09 11:50 - 2012-02-06 19:55 - 0000000 ____D C:\Windows\symbols
2012-05-09 11:50 - 2012-02-06 19:47 - 0000000 ____D C:\Users\All Users\VS
2012-05-09 11:50 - 2012-02-06 19:47 - 0000000 ____D C:\ProgramData\VS
2012-05-09 11:50 - 2012-02-06 19:36 - 0000000 ____D C:\Users\Fede\AppData\Roaming\DAEMON Tools Pro
2012-05-09 11:50 - 2011-11-29 20:03 - 0000000 ____D C:\Users\Fede\AppData\Roaming\Sony
2012-05-09 11:50 - 2011-11-29 19:45 - 0000000 ____D C:\Users\All Users\Sony
2012-05-09 11:50 - 2011-11-29 19:45 - 0000000 ____D C:\ProgramData\Sony
2012-05-09 11:50 - 2011-10-26 14:45 - 0000000 ____D C:\Users\Fede\AppData\Roaming\Macromedia
2012-05-09 11:50 - 2011-10-26 14:45 - 0000000 ____D C:\Users\Fede\AppData\Roaming\Adobe
2012-05-09 11:50 - 2011-10-26 14:45 - 0000000 ____D C:\Users\Fede\AppData\Local\Google
2012-05-09 11:50 - 2011-10-23 11:16 - 0000000 ____D C:\Users\Fede\AppData\Local\Microsoft Games
2012-05-09 11:50 - 2011-10-23 10:47 - 0000000 ____D C:\Users\Fede\AppData\Local\VirtualStore
2012-05-09 11:50 - 2010-12-16 13:33 - 0000000 ____D C:\Users\All Users\Skype
2012-05-09 11:50 - 2010-12-16 13:33 - 0000000 ____D C:\ProgramData\Skype
2012-05-09 11:50 - 2010-05-20 10:59 - 0000000 ____D C:\Users\All Users\Uninstall
2012-05-09 11:50 - 2010-05-20 10:59 - 0000000 ____D C:\ProgramData\Uninstall
2012-05-09 11:50 - 2010-05-20 10:29 - 0000000 ____D C:\Windows\System32\ca-ES
2012-05-09 11:50 - 2009-07-14 06:32 - 0000000 ____D C:\Windows\Performance
2012-05-09 11:50 - 2009-07-14 05:45 - 0000000 ____D C:\Windows\Setup
2012-05-09 11:50 - 2009-07-14 05:45 - 0000000 ____D C:\Windows\ServiceProfiles
2012-05-09 11:50 - 2009-07-14 04:20 - 0000000 __RSD C:\Windows\Media
2012-05-09 11:50 - 2009-07-14 04:20 - 0000000 __RHD C:\users\Default
2012-05-09 11:50 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\System32\com
2012-05-09 11:50 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\Speech
2012-05-09 11:50 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\schemas
2012-05-09 11:50 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\Resources
2012-05-09 11:50 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-05-09 11:50 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\PLA
2012-05-09 11:50 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\IME
2012-05-09 11:50 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\Help
2012-05-09 11:50 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\Globalization
2012-05-09 11:50 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\Branding
2012-05-09 11:49 - 2012-05-06 12:10 - 0000000 ____D C:\Program Files\Enigma Software Group
2012-05-09 11:49 - 2012-05-06 12:07 - 0000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-05-09 11:49 - 2012-04-24 23:16 - 0000000 ____D C:\Users\All Users\InstallMate
2012-05-09 11:49 - 2012-04-24 23:16 - 0000000 ____D C:\ProgramData\InstallMate
2012-05-09 11:49 - 2012-04-22 11:49 - 0000000 ____D C:\Users\All Users\Battle.net
2012-05-09 11:49 - 2012-04-22 11:49 - 0000000 ____D C:\ProgramData\Battle.net
2012-05-09 11:49 - 2012-04-11 22:01 - 0000000 ____D C:\Casino
2012-05-09 11:49 - 2012-03-21 23:11 - 0000000 ____D C:\bwinPoker JPC
2012-05-09 11:49 - 2012-03-19 18:40 - 0000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-05-09 11:49 - 2012-03-14 19:39 - 0000000 ____D C:\AMD
2012-05-09 11:49 - 2012-02-27 20:33 - 0000000 ____D C:\Program Files (x86)\Pando Networks
2012-05-09 11:49 - 2012-02-23 23:18 - 0000000 ____D C:\Program Files (x86)\SweetIM
2012-05-09 11:49 - 2012-02-19 14:39 - 0000000 ____D C:\Program Files\iTunes
2012-05-09 11:49 - 2012-02-19 14:39 - 0000000 ____D C:\Program Files\iPod
2012-05-09 11:49 - 2012-02-19 14:39 - 0000000 ____D C:\iTunes.Resources
2012-05-09 11:49 - 2012-02-10 17:13 - 0000000 ____D C:\Users\All Users\Electronic Arts
2012-05-09 11:49 - 2012-02-10 17:13 - 0000000 ____D C:\ProgramData\Electronic Arts
2012-05-09 11:49 - 2012-02-07 23:44 - 0000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2012-05-09 11:49 - 2012-02-06 20:02 - 0000000 ____D C:\d3ed90896da1e123515dea37
2012-05-09 11:49 - 2012-02-06 19:40 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 10.0
2012-05-09 11:49 - 2012-02-06 19:37 - 0000000 ____D C:\Program Files (x86)\DAEMON Tools Pro
2012-05-09 11:49 - 2012-02-06 18:21 - 0000000 ____D C:\Program Files\Microsoft Visual Studio 8
2012-05-09 11:49 - 2012-02-06 17:35 - 0000000 ____D C:\Program Files\IIS
2012-05-09 11:49 - 2012-02-06 17:35 - 0000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2012-05-09 11:49 - 2012-02-06 17:35 - 0000000 ____D C:\Program Files (x86)\IIS
2012-05-09 11:49 - 2012-02-06 17:34 - 0000000 ____D C:\Program Files (x86)\IIS Express
2012-05-09 11:49 - 2012-02-06 17:33 - 0000000 ____D C:\Program Files\Microsoft Visual Studio 10.0
2012-05-09 11:49 - 2012-02-06 17:33 - 0000000 ____D C:\Program Files\Microsoft Help Viewer
2012-05-09 11:49 - 2012-02-06 17:33 - 0000000 ____D C:\Program Files (x86)\Microsoft SDKs
2012-05-09 11:49 - 2012-02-06 17:24 - 0000000 ____D C:\Program Files\Microsoft Visual Studio 9.0
2012-05-09 11:49 - 2012-02-06 17:24 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 9.0
2012-05-09 11:49 - 2012-02-06 17:12 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2012-05-09 11:49 - 2012-02-06 17:11 - 0000000 ____D C:\Program Files\Microsoft SQL Server
2012-05-09 11:49 - 2012-01-29 17:38 - 0000000 ____D C:\Program Files (x86)\Dell AIO Printer A920
2012-05-09 11:49 - 2012-01-29 16:36 - 0000000 ____D C:\Program Files\Dell AIO Printer A920
2012-05-09 11:49 - 2012-01-29 16:25 - 0000000 ____D C:\Dell
2012-05-09 11:49 - 2011-11-29 19:43 - 0000000 ____D C:\Program Files (x86)\Sony Setup
2012-05-09 11:49 - 2011-11-13 03:23 - 0000000 ____D C:\Program Files (x86)\Bhelpuri
2012-05-09 11:49 - 2011-07-14 12:23 - 0000000 ____D C:\Users\All Users\Apple Computer
2012-05-09 11:49 - 2011-07-14 12:23 - 0000000 ____D C:\ProgramData\Apple Computer
2012-05-09 11:49 - 2011-07-14 12:23 - 0000000 ____D C:\Program Files\Common Files\Apple
2012-05-09 11:49 - 2011-07-14 12:23 - 0000000 ____D C:\Program Files (x86)\QuickTime
2012-05-09 11:49 - 2011-07-14 12:23 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2012-05-09 11:49 - 2011-07-14 12:22 - 0000000 ____D C:\Users\All Users\Apple
2012-05-09 11:49 - 2011-07-14 12:22 - 0000000 ____D C:\ProgramData\Apple
2012-05-09 11:49 - 2011-04-08 17:46 - 0000000 ____D C:\Program Files (x86)\Oracle
2012-05-09 11:49 - 2010-12-16 13:33 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-05-09 11:49 - 2010-09-30 23:28 - 0000000 ____D C:\Users\All Users\ArcSoft
2012-05-09 11:49 - 2010-09-30 23:28 - 0000000 ____D C:\ProgramData\ArcSoft
2012-05-09 11:49 - 2010-09-30 14:45 - 0000000 ____D C:\Program Files (x86)\Microsoft Works
2012-05-09 11:49 - 2010-09-30 14:45 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2012-05-09 11:49 - 2010-09-30 14:41 - 0000000 ____D C:\Program Files\Microsoft Office
2012-05-09 11:49 - 2010-09-30 14:41 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2012-05-09 11:49 - 2010-05-20 11:18 - 0000000 ____D C:\Program Files\Windows Live
2012-05-09 11:49 - 2010-05-20 11:15 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-05-09 11:49 - 2010-05-20 11:11 - 0000000 ____D C:\Program Files (x86)\Sony Corporation
2012-05-09 11:49 - 2010-05-20 11:01 - 0000000 ____D C:\Program Files\Sony
2012-05-09 11:49 - 2010-05-20 11:00 - 0000000 ____D C:\Program Files\Java
2012-05-09 11:49 - 2010-05-20 11:00 - 0000000 ____D C:\Program Files (x86)\Java
2012-05-09 11:49 - 2010-05-20 10:59 - 0000000 ____D C:\Program Files (x86)\Roxio
2012-05-09 11:49 - 2010-05-20 10:54 - 0000000 ____D C:\Program Files (x86)\Symantec
2012-05-09 11:49 - 2010-05-20 10:53 - 0000000 ____D C:\Program Files\Microsoft Synchronization Services
2012-05-09 11:49 - 2010-05-20 10:53 - 0000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2012-05-09 11:49 - 2010-05-20 10:53 - 0000000 ____D C:\Program Files (x86)\MusicStation
2012-05-09 11:49 - 2010-05-20 10:53 - 0000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2012-05-09 11:49 - 2010-05-20 10:53 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-05-09 11:49 - 2010-05-20 10:38 - 0000000 ____D C:\Users\All Users\McAfee
2012-05-09 11:49 - 2010-05-20 10:38 - 0000000 ____D C:\ProgramData\McAfee
2012-05-09 11:49 - 2010-05-20 10:37 - 0000000 ____D C:\Users\All Users\Google
2012-05-09 11:49 - 2010-05-20 10:37 - 0000000 ____D C:\ProgramData\Google
2012-05-09 11:49 - 2010-05-20 10:37 - 0000000 ____D C:\Program Files\Google
2012-05-09 11:49 - 2010-05-20 10:37 - 0000000 ____D C:\Program Files (x86)\ArcSoft
2012-05-09 11:49 - 2010-05-20 10:36 - 0000000 ____D C:\Program Files (x86)\Evernote
2012-05-09 11:49 - 2010-05-20 10:32 - 0000000 ____D C:\Users\All Users\Adobe
2012-05-09 11:49 - 2010-05-20 10:32 - 0000000 ____D C:\ProgramData\Adobe
2012-05-09 11:49 - 2010-05-20 10:32 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-05-09 11:49 - 2010-05-20 10:30 - 0000000 ____D C:\Program Files\Realtek
2012-05-09 11:49 - 2010-05-20 10:30 - 0000000 ____D C:\Program Files (x86)\Realtek
2012-05-09 11:49 - 2010-05-20 00:01 - 0000000 ____D C:\Program Files\Common Files\Sony Shared
2012-05-09 11:49 - 2010-05-19 23:04 - 0000000 ____D C:\Program Files\ATI
2012-05-09 11:49 - 2010-05-19 22:28 - 0000000 ____D C:\Program Files\WIDCOMM
2012-05-09 11:49 - 2010-05-19 22:28 - 0000000 ____D C:\Program Files\DIFX
2012-05-09 11:49 - 2010-05-19 22:09 - 0000000 ____D C:\Program Files (x86)\Intel
2012-05-09 11:49 - 2009-07-14 06:32 - 0000000 ____D C:\Program Files\Reference Assemblies
2012-05-09 11:49 - 2009-07-14 06:32 - 0000000 ____D C:\Program Files\MSBuild
2012-05-09 11:49 - 2009-07-14 06:32 - 0000000 ____D C:\Program Files\Microsoft Games
2012-05-09 11:49 - 2009-07-14 06:32 - 0000000 ____D C:\Program Files (x86)\Reference Assemblies
2012-05-09 11:49 - 2009-07-14 06:32 - 0000000 ____D C:\Program Files (x86)\MSBuild
2012-05-09 11:49 - 2009-07-14 04:20 - 0000000 ____D C:\Program Files\Windows NT
2012-05-09 11:49 - 2009-07-14 04:20 - 0000000 ____D C:\Program Files\Common Files\SpeechEngines
2012-05-09 11:49 - 2009-07-14 04:20 - 0000000 ____D C:\Program Files (x86)\Windows NT
2012-05-09 11:34 - 2010-05-20 10:25 - 0415770 ____A C:\Windows\PFRO.log
2012-05-07 22:02 - 2012-05-07 22:02 - 0000000 ____D C:\Users\Default\AppData\LocalGoogle
2012-05-07 22:02 - 2012-05-07 22:02 - 0000000 ____D C:\Users\Default\AppData\Local\Google
2012-05-07 22:02 - 2012-05-07 22:02 - 0000000 ____D C:\Users\Default User\AppData\LocalGoogle
2012-05-07 22:02 - 2012-05-07 22:02 - 0000000 ____D C:\Users\Default User\AppData\Local\Google
2012-05-07 17:39 - 2012-05-06 20:13 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-06 20:48 - 2012-05-06 19:13 - 0000000 ____D C:\Users\All Users\Norton
2012-05-06 20:48 - 2012-05-06 19:13 - 0000000 ____D C:\ProgramData\Norton
2012-05-06 20:48 - 2010-05-20 03:02 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-05-06 20:14 - 2012-05-06 20:14 - 0000000 ____D C:\Users\Fede\AppData\Roaming\Malwarebytes
2012-05-06 20:13 - 2012-05-06 20:13 - 0000000 ____D C:\Users\All Users\Malwarebytes
2012-05-06 20:13 - 2012-05-06 20:13 - 0000000 ____D C:\ProgramData\Malwarebytes
2012-05-06 19:15 - 2012-05-06 19:13 - 0000000 ____D C:\Users\Fede\AppData\Local\NPE
2012-05-06 19:14 - 2012-05-06 19:14 - 0000767 ____A C:\Users\Fede\AppData\Roaming\SMRBackup250.dat
2012-05-06 12:50 - 2012-05-06 12:10 - 0000000 ____D C:\sh4ldr
2012-05-06 12:49 - 2012-05-06 12:49 - 0034814 ____A C:\Users\Fede\AppData\Local\dt.dat
2012-05-06 12:36 - 2012-05-06 12:36 - 0002269 ____A C:\Users\Fede\Desktop\Google Chrome.lnk
2012-05-06 12:10 - 2012-05-06 12:09 - 0000000 ____D C:\Windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-05-06 12:06 - 2012-05-06 12:06 - 0000000 ____D C:\Users\All Users\EA Logs
2012-05-06 12:06 - 2012-05-06 12:06 - 0000000 ____D C:\Users\All Users\EA Core
2012-05-06 12:06 - 2012-05-06 12:06 - 0000000 ____D C:\ProgramData\EA Logs
2012-05-06 12:06 - 2012-05-06 12:06 - 0000000 ____D C:\ProgramData\EA Core
2012-05-06 12:05 - 2010-05-20 11:09 - 0601420 ____A C:\Windows\DirectX.log
2012-05-06 12:05 - 2009-07-14 06:08 - 0032518 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-06 11:16 - 2012-05-05 18:21 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-05-02 01:46 - 2012-05-02 01:46 - 4472832 ____A (Google Inc.) C:\Windows\SysWOW64\GPhotos.scr
2012-04-26 19:03 - 2012-05-12 10:37 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-04-25 22:27 - 2012-04-25 22:27 - 0000000 ____D C:\Users\Fede\AppData\LocalGoogle
2012-04-24 23:16 - 2012-04-24 23:16 - 0000000 ____D C:\Users\All Users\Premium
2012-04-24 23:16 - 2012-04-24 23:16 - 0000000 ____D C:\ProgramData\Premium
2012-04-23 20:08 - 2012-02-27 20:34 - 0000000 ____D C:\Users\Fede\AppData\Local\PMB Files
2012-04-23 20:08 - 2012-02-27 20:34 - 0000000 ____D C:\Users\All Users\PMB Files
2012-04-23 20:08 - 2012-02-27 20:34 - 0000000 ____D C:\ProgramData\PMB Files
2012-04-23 19:51 - 2012-04-23 19:51 - 0000000 ____D C:\Users\Fede\AppData\Roaming\LolClient
2012-04-22 23:10 - 2011-11-29 20:03 - 0000000 ____D C:\Users\Fede\AppData\Local\Sony
2012-04-22 23:02 - 2012-02-19 14:27 - 0000000 ____D C:\Users\Fede\AppData\Local\Apple Computer
2012-04-22 22:59 - 2012-04-22 22:59 - 0000000 ____D C:\Users\Fede\AppData\Local\Sony Corporation
2012-04-22 12:24 - 2012-04-22 12:24 - 0000000 ____D C:\Users\All Users\Blizzard Entertainment
2012-04-22 12:24 - 2012-04-22 12:24 - 0000000 ____D C:\ProgramData\Blizzard Entertainment
2012-04-22 11:34 - 2012-04-22 11:34 - 0342694 ____A C:\test.xml
2012-04-22 11:33 - 2012-04-22 11:33 - 0000000 ____D C:\Users\Fede\AppData\Roaming\Auslogics
2012-04-18 14:24 - 2012-04-18 14:24 - 0000000 ____D C:\Users\Fede\AppData\Local\The Witcher 2
2012-04-18 14:23 - 2011-04-08 17:47 - 1838396 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-04-17 11:04 - 2010-09-27 22:02 - 0000000 ____D C:\Users\juan\AppData\Local\Google
2012-04-17 11:00 - 2010-11-05 18:22 - 0000000 ____D C:\Users\juan\Tracing
2012-04-17 11:00 - 2010-09-22 21:38 - 0120496 ____A C:\Users\juan\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-11 22:01 - 2012-04-11 22:01 - 0000751 ____A C:\Users\juan\Desktop\bwin Casino.lnk
2012-04-11 22:01 - 2012-04-11 22:01 - 0000751 ____A C:\Users\Fede\Desktop\bwin Casino.lnk
2012-04-09 20:09 - 2012-04-09 20:09 - 0000000 ____D C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2012-04-02 16:57 - 2012-04-02 16:57 - 0000000 ____D C:\Program Files\Common Files\INCA Shared
2012-04-02 06:34 - 2012-05-11 02:06 - 5504880 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-04-02 05:46 - 2012-05-11 02:06 - 3958128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-04-02 05:46 - 2012-05-11 02:06 - 3902320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-02 04:01 - 2012-05-11 02:06 - 3143680 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-04-01 18:05 - 2012-04-01 18:05 - 0001061 ____A C:\Users\Public\Desktop\PokerStars.lnk
2012-04-01 17:31 - 2012-04-01 17:31 - 0000000 ____D C:\Users\Fede\AppData\Roaming\InstallShield
2012-04-01 08:53 - 2009-07-14 04:20 - 0000000 ____D C:\Windows\System32\NDF
2012-03-30 20:53 - 2012-03-30 20:09 - 0000000 ____D C:\Users\Fede\AppData\Roaming\Tropico 4
2012-03-30 12:09 - 2012-05-11 02:07 - 1895280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-28 12:55 - 2012-03-28 12:55 - 0000000 ____D C:\Users\Fede\AppData\Local\Skyrim
2012-03-27 10:37 - 2009-07-14 03:34 - 0000510 ____A C:\Windows\win.ini
2012-03-26 13:58 - 2011-10-23 10:48 - 0120496 ____A C:\Users\Fede\AppData\Local\GDIPFONTCACHEV1.DAT
2012-03-25 21:45 - 2012-02-20 17:15 - 0000000 ____D C:\Users\Fede\Documents\My Kindle Content
2012-03-25 16:01 - 2012-03-25 16:01 - 0000000 __HDC C:\Users\Fede\AppData\Local\{7D4B3D1D-104E-4507-9123-568BC721B7E2}
2012-03-25 16:01 - 2012-03-25 15:57 - 0002612 ____A C:\Users\Fede\BykiDownloader.log
2012-03-23 17:22 - 2012-03-23 17:22 - 0000000 ____D C:\Users\All Users\Ubisoft
2012-03-23 17:22 - 2012-03-23 17:22 - 0000000 ____D C:\ProgramData\Ubisoft
2012-03-23 17:20 - 2012-03-09 19:39 - 0189248 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-03-23 17:20 - 2012-03-09 19:39 - 0075136 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2012-03-21 23:11 - 2012-03-21 23:11 - 0001507 ____A C:\Users\Public\Desktop\bwin Poker JPC.lnk
2012-03-21 23:11 - 2012-03-21 23:11 - 0000000 ____D C:\Users\Fede\AppData\Local\P5
2012-03-19 18:58 - 2012-03-19 18:58 - 0000000 __RHD C:\Users\Fede\AppData\Roaming\SecuROM
2012-03-19 18:57 - 2012-03-19 18:57 - 0000000 __SHD C:\Users\All Users\SecuROM
2012-03-19 18:57 - 2012-03-19 18:57 - 0000000 __SHD C:\ProgramData\SecuROM
2012-03-19 18:40 - 2012-03-19 18:40 - 0000000 ____D C:\Windows\SysWOW64\xlive
2012-03-19 01:56 - 2012-03-18 13:57 - 0000000 ____D C:\Users\Fede\AppData\Local\Ubisoft Game Launcher
2012-03-18 19:03 - 2012-03-18 19:03 - 0000000 ____D C:\Uninstall
2012-03-18 14:14 - 2012-03-18 14:14 - 0000000 ___HD C:\Users\Fede\InstallAnywhere
2012-03-18 13:55 - 2012-03-18 13:55 - 0000000 ____D C:\Windows\SysWOW64\directx
2012-03-18 13:55 - 2010-09-22 21:39 - 0000000 ___HD C:\Windows\msdownld.tmp
2012-03-18 00:28 - 2012-03-18 00:28 - 0000000 ____D C:\Users\Fede\AppData\Local\FalloutNV
2012-03-17 20:45 - 2012-03-17 20:40 - 0000000 ____D C:\Users\Fede\AppData\Roaming\DarknessII
2012-03-17 19:11 - 2012-03-17 19:11 - 0007605 ____A C:\Users\Fede\AppData\Local\Resmon.ResmonCfg
2012-03-17 08:55 - 2012-05-11 02:05 - 0075632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-15 15:00 - 2012-03-15 15:00 - 0000000 ____D C:\Users\Fede\AppData\Local\My Games
2012-03-15 14:36 - 2012-03-15 14:36 - 0000000 ____D C:\Windows\SysWOW64\2087
2012-03-14 23:02 - 2012-03-14 23:02 - 0065536 __ASH C:\Windows\System32\config\COMPONENTS{199a9220-032f-11e1-be21-f07bcbe829e3}.TxR.blf
2012-03-14 19:25 - 2012-03-14 19:25 - 0000000 ____D C:\Users\Fede\AppData\Local\splash damage
2012-03-14 18:34 - 2012-03-14 18:34 - 0000000 ____D C:\Users\Fede\AppData\Roaming\Azureus
2012-03-14 18:32 - 2012-03-14 18:32 - 0000000 ____D C:\Users\Fede\AppData\Local\RavenBleuSA
2012-03-14 18:32 - 2012-03-14 18:32 - 0000000 ____D C:\Program Files (x86)\PricePeep
2012-03-13 15:08 - 2012-03-13 15:08 - 0000000 ____D C:\Program Files (x86)\Winamp Detect
2012-03-12 00:45 - 2011-07-14 12:25 - 0000000 ____D C:\Users\juan\AppData\Roaming\Apple Computer
2012-03-12 00:35 - 2010-09-22 21:40 - 0000174 ___SH C:\Users\juan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-03-11 13:32 - 2012-03-09 19:43 - 0283416 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-03-11 01:09 - 2012-03-09 19:39 - 0283416 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-03-09 15:22 - 2012-03-09 15:22 - 0000000 ____D C:\Program Files (x86)\uTorrent
2012-03-09 15:22 - 2012-01-31 15:33 - 0000000 ____D C:\Users\Fede\AppData\Roaming\BitTorrent
2012-03-08 14:21 - 2012-03-08 14:16 - 0005115 ____A C:\Windows\IE9_main.log
2012-03-08 14:19 - 2012-03-08 14:19 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-03-08 14:19 - 2012-03-08 14:19 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-03-08 14:19 - 2012-03-08 14:19 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-03-08 14:19 - 2012-03-08 14:19 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-03-08 14:19 - 2012-03-08 14:19 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-03-08 14:19 - 2012-03-08 14:19 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-03-08 14:19 - 2012-03-08 14:19 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-03-08 14:19 - 2012-03-08 14:19 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-03-08 14:19 - 2012-03-08 14:19 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-03-08 14:19 - 2012-03-08 14:19 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-03-08 14:19 - 2012-03-08 14:19 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-03-08 14:19 - 2012-03-08 14:19 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-03-08 14:19 - 2012-03-08 14:19 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-03-08 14:19 - 2012-03-08 14:19 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-03-08 14:19 - 2012-03-08 14:19 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-03-08 14:19 - 2012-03-08 14:19 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-03-08 14:19 - 2012-03-08 14:19 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-03-08 14:19 - 2012-03-08 14:19 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-03-08 14:19 - 2012-03-08 14:19 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-03-08 14:19 - 2012-03-08 14:19 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-03-08 14:19 - 2012-03-08 14:19 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-03-08 14:19 - 2012-03-08 14:19 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-03-08 14:19 - 2012-03-08 14:19 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-03-08 14:19 - 2012-03-08 14:19 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-03-08 14:19 - 2012-03-08 14:19 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-03-03 13:39 - 2012-02-23 23:18 - 0000000 ____D C:\Users\Fede\Tracing
2012-03-03 07:29 - 2012-05-11 02:07 - 1837568 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2012-03-03 07:29 - 2012-05-11 02:07 - 1541120 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-03 07:29 - 2012-05-11 02:07 - 0902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-03-03 07:29 - 2012-05-11 02:07 - 0320512 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2012-03-03 07:29 - 2012-05-11 02:07 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-03-03 06:40 - 2012-05-11 02:07 - 1170944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2012-03-03 06:40 - 2012-05-11 02:07 - 1074176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-03 06:40 - 2012-05-11 02:07 - 0739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-03-03 06:40 - 2012-05-11 02:07 - 0218624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2012-03-03 06:40 - 2012-05-11 02:07 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-03-02 18:15 - 2012-03-02 18:15 - 0000000 ____D C:\Users\Fede\AppData\Local\Chromium
2012-03-02 18:07 - 2012-03-02 18:07 - 0000000 ____D C:\Users\Fede\AppData\Local\Sports Interactive
2012-03-01 07:54 - 2012-04-12 01:44 - 0022896 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-03-01 07:45 - 2012-04-12 01:44 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-03-01 07:40 - 2012-04-12 01:44 - 0080896 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-03-01 07:35 - 2012-04-12 01:44 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-03-01 06:49 - 2012-04-12 01:44 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-03-01 06:45 - 2012-04-12 01:44 - 0158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-03-01 06:40 - 2012-04-12 01:44 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-28 08:34 - 2012-04-12 01:45 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-28 08:02 - 2012-04-12 01:45 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-28 07:56 - 2012-04-12 01:45 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-28 07:50 - 2012-04-12 01:45 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-28 07:49 - 2012-04-12 01:45 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-28 07:48 - 2012-04-12 01:45 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-28 07:48 - 2012-04-12 01:45 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-28 07:47 - 2012-04-12 01:45 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-28 07:45 - 2012-04-12 01:45 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-28 07:43 - 2012-04-12 01:45 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-28 07:43 - 2012-04-12 01:45 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-28 07:42 - 2012-04-12 01:45 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-28 07:39 - 2012-04-12 01:45 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-28 02:52 - 2012-04-12 01:45 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-28 02:27 - 2012-04-12 01:45 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-28 02:18 - 2012-04-12 01:45 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-28 02:12 - 2012-04-12 01:45 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-28 02:11 - 2012-04-12 01:45 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-28 02:11 - 2012-04-12 01:45 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-28 02:09 - 2012-04-12 01:45 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-28 02:08 - 2012-04-12 01:45 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-28 02:06 - 2012-04-12 01:45 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-28 02:04 - 2012-04-12 01:45 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-28 02:03 - 2012-04-12 01:45 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-28 02:03 - 2012-04-12 01:45 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-28 01:59 - 2012-04-12 01:45 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-27 20:33 - 2012-02-27 20:33 - 0000000 ____D C:\Users\Fede\AppData\Local\Pando_Temp
2012-02-26 19:36 - 2012-02-26 19:36 - 0000000 ____D C:\Users\Fede\AppData\Local\BigHugeEngine
2012-02-24 18:06 - 2012-02-24 18:04 - 1267728384 ____A C:\Program Files (x86)\chunks1.vpp_pc
2012-02-24 18:04 - 2012-02-24 18:04 - 0785632 ____A C:\Program Files (x86)\bitmaps_pc
2012-02-24 18:04 - 2012-02-24 18:04 - 0171008 ____A (RAD Game Tools, Inc.) C:\Program Files (x86)\binkw32.dll
2012-02-24 18:04 - 2012-02-24 18:03 - 390983680 ____A C:\Program Files (x86)\audio.vpp_pc
2012-02-24 18:03 - 2012-02-24 18:03 - 243096384 ____A C:\Program Files (x86)\anims.vpp_pc
2012-02-24 18:03 - 2012-02-24 18:03 - 0000000 ____D C:\Program Files (x86)\shaders
2012-02-24 18:03 - 2012-02-24 18:03 - 0000000 ____D C:\Program Files (x86)\Microsoft.VC80.CRT
2012-02-24 18:03 - 2012-02-24 18:03 - 0000000 ____D C:\Program Files (x86)\DirectX
2012-02-24 18:03 - 2012-02-24 18:03 - 0000000 ____D C:\Program Files (x86)\data
2012-02-23 23:22 - 2012-02-23 23:02 - 0000000 ____D C:\Users\Fede\AppData\Roaming\SmartDraw
2012-02-23 23:02 - 2012-02-23 23:02 - 0000000 ____D C:\Users\Fede\AppData\System
2012-02-23 09:18 - 2012-02-15 18:37 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-20 17:15 - 2012-02-20 17:15 - 0002184 ____A C:\Users\Fede\Desktop\Kindle.lnk
2012-02-19 19:43 - 2012-02-06 20:01 - 0000000 ____D C:\Users\Fede\AppData\Local\Adobe
2012-02-19 14:39 - 2012-02-19 14:39 - 0000000 ____D C:\Mozilla Plugins
2012-02-19 14:39 - 2012-02-19 14:39 - 0000000 ____D C:\CD Configuration
2012-02-19 14:28 - 2011-10-23 10:48 - 0000000 ____D C:\Users\Fede\AppData\Roaming\Apple Computer
2012-02-17 15:26 - 2011-10-23 10:47 - 0000174 __ASH C:\Users\Fede\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-16 18:27 - 2010-05-20 10:38 - 0000000 ____D C:\Program Files (x86)\McAfee

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe
[2009-07-14 00:34] - [2009-07-14 02:14] - 0026112 ____A (Microsoft Corporation) 6DE80F60D7DE9CE6B8C2DDFDF79EF175

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 16%
Total physical RAM: 3950.1 MB
Available physical RAM: 3283.16 MB
Total Pagefile: 3948.25 MB
Available Pagefile: 3266.44 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:454.84 GB) (Free:380.45 GB) NTFS
2 Drive e: (Recovery) (Fixed) (Total:10.83 GB) (Free:0.8 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: (FEDE) (Removable) (Total:14.89 GB) (Free:14.81 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

N£m Disco Estado Tama¤o Disp Din Gpt
---------- ---------- ------- ------- --- ---
Disco 0 En l¡nea 465 GB 0 B
Disco 1 En l¡nea 14 GB 0 B

Saliendo de DiskPart...


==========================================================

Last Boot: 2012-05-09 16:49

======================= End Of Log ==========================

#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:07 PM

Posted 15 May 2012 - 05:04 PM

Copy and paste the following into Notepad (Start > All Programs > Accessories > Notepad):

start
SubSystems: [Windows] ==> ZeroAccess
cmd: bootrec /FixMbr
cmd: bootrec /fixboot
TDL4: custom:26000022 <===== ATTENTION!
2 msmpsvc; C:\Windows\System32\pdlnebas.dll [6656 2009-07-14] (Oak Technology Inc.)
NETSVC: msmpsvc
CMD: ren C:\Windows\System32\pdlnebas.dll pdlnebas.old
end

Save the file to your flashdrive as fixlist.txt
Enter the System Recovery Options as before, run FRST64 and click the Fix button just once and wait.
Once the tool has completed it will save a log on the flashdrive called Fixlog.txt - i'd like you to post the contents in your next reply.

So long, and thanks for all the fish.

 

 


#9 Axent

Axent
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 15 May 2012 - 05:18 PM

Heres the fix log

Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 13-05-2012
Ran by SYSTEM at 2012-05-16 00:09:34 Run:1
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.

========= bootrec /FixMbr =========

ÿþT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


========= bootrec /fixboot =========

ÿþT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========



msmpsvc service deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs msmpsvc Deleted successfully.

========= ren C:\Windows\System32\pdlnebas.dll pdlnebas.old =========


========= End of CMD: =========


==== End of Fixlog ====

#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:07 PM

Posted 15 May 2012 - 05:58 PM

How is the PC behaving now?

So long, and thanks for all the fish.

 

 


#11 Axent

Axent
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 16 May 2012 - 04:19 AM

To this point, it is working fine but i dont know if i install the antivirus again and it will cause to reboot and restore to a previous state where things were all the same

Edited by Axent, 16 May 2012 - 09:33 AM.


#12 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:07 PM

Posted 16 May 2012 - 02:40 PM

Good evening. :)

Don't try, won't know - give it a go and see how it behaves.

So long, and thanks for all the fish.

 

 


#13 Axent

Axent
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 16 May 2012 - 03:54 PM

Ok, i will. Working fine for now, no strange events

#14 Axent

Axent
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:02:07 PM

Posted 16 May 2012 - 04:50 PM

I got a msg from my ISP 5 minutes ago telling me i had a virus and i had to remove it. They did not say which was.

#15 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:07 PM

Posted 16 May 2012 - 04:59 PM

Did you install the same anti-virus that you had previously? If so, does it still detect an infection? If the answer to the first is Yes and the second is No i'd be inclined to think that your ISP is just a little behind the times and you can ignore their message - although if they were as abrupt as you indicate, i'd be inclined to find another ISP.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users