Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I may be infected, help needed


  • This topic is locked This topic is locked

#1
hcelizondo

hcelizondo

    Member

  • Member
  • PipPip
  • 32 posts
Hi there,
I just recently after a malware scan found a pup.password trojan in 1 file in my computer. After further review with tdsskiller it found a threath onit, so I'm not sure if i'm infected or not. PC seems to be working fine but here is the OTL log: Thanks so much in advance for your help.
OTL logfile created on: 13/09/2012 08:32:13 a.m. - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Hector\Documents\virus\Tools
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000080A | Country: México | Language: ESM | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.48 Gb Available Physical Memory | 24.23% Memory free
4.22 Gb Paging File | 2.35 Gb Available in Paging File | 55.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 17.76 Gb Free Space | 7.97% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.41 Gb Free Space | 64.07% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: CORREAH | User Name: Hector | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Archivos de programa\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Archivos de programa\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe ()
PRC - C:\Archivos de programa\AVG Secure Search\vprot.exe ()
PRC - C:\Users\Hector\Documents\virus\Tools\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe (Adobe Systems, Inc.)
PRC - C:\Archivos de programa\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Archivos de programa\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Archivos de programa\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Archivos de programa\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Archivos de programa\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Archivos de programa\McAfee Security Scan\3.0.271\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Archivos de programa\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Archivos de programa\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Archivos de programa\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Archivos de programa\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Archivos de programa\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Archivos de programa\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Archivos de programa\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Archivos de programa\Mozilla Firefox\mozjs.dll ()
MOD - C:\Archivos de programa\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll ()
MOD - C:\Archivos de programa\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll ()
MOD - C:\Archivos de programa\AVG Secure Search\vprot.exe ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
MOD - C:\Archivos de programa\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Archivos de programa\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Archivos de programa\WinRAR\RarExt.dll ()


========== Services (SafeList) ==========

SRV - (sprtsvc_dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter File not found
SRV - (MozillaMaintenance) -- C:\Archivos de programa\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (vToolbarUpdater12.2.6) -- C:\Archivos de programa\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Archivos de programa\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgfws) -- C:\Archivos de programa\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (McComponentHostService) -- C:\Archivos de programa\McAfee Security Scan\3.0.271\McCHSvc.exe (McAfee, Inc.)
SRV - (avgwd) -- C:\Archivos de programa\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SkypeUpdate) -- C:\Archivos de programa\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (odserv) -- C:\Archivos de programa\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (fsssvc) -- C:\Archivos de programa\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (wlcrasvc) -- C:\Archivos de programa\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Archivos de programa\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (rpcapd) -- C:\Archivos de programa\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (TeamViewer5) -- C:\Archivos de programa\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (ACDaemon) -- C:\Archivos de programa\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Archivos de programa\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (WinDefend) -- C:\Archivos de programa\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Archivos de programa\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (ose) -- C:\Archivos de programa\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (IntcAzAudAddService) -- system32\drivers\RTKVHDA.sys File not found
DRV - (cpuz134) -- C:\Users\Hector\AppData\Local\Temp\cpuz134\cpuz134_x32.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgfwfd) -- C:\Windows\System32\drivers\avgfwd6x.sys (AVG Technologies CZ, s.r.o.)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (pavboot) -- C:\Windows\System32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (Stlth317) -- C:\Windows\System32\drivers\stlth317.sys (Generic)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Archivos de programa\Zynga\tbZyn1.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {c434bc3f-1a2a-4e73-98bb-8f99e454897a} - C:\Archivos de programa\WebGoRadio\tbWeb0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DAMX
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1383636

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=mx&ibd=2080719
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Archivos de programa\Zynga\tbZyn1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {c434bc3f-1a2a-4e73-98bb-8f99e454897a} - C:\Archivos de programa\WebGoRadio\tbWeb0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGLL_es
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....pr&d=2012-08-26 11:18:38&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1383636
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: [email protected]:6.103.018.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16
FF - prefs.js..keyword.URL: "https://isearch.avg....8:38&sap=ku&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Hector\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Hector\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Hector\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/25 08:50:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\12.2.5.32\ [2012/09/04 08:37:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/09 08:03:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/02 10:03:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/10/30 19:55:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/01/23 00:08:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hector\AppData\Roaming\mozilla\Extensions
[2010/01/23 00:08:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hector\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/19 09:16:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hector\AppData\Roaming\mozilla\Extensions\[email protected]
[2012/08/22 09:02:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hector\AppData\Roaming\mozilla\Firefox\Profiles\mv60azpv.default\extensions
[2010/09/24 18:47:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hector\AppData\Roaming\mozilla\Firefox\Profiles\mv60azpv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/08/21 09:02:18 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Hector\AppData\Roaming\mozilla\Firefox\Profiles\mv60azpv.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2012/08/28 16:49:51 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
[2012/02/13 17:01:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Archivos de programa\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/09/09 08:03:42 | 000,000,000 | ---D | M] (Default) -- C:\Archivos de programa\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/09/04 08:37:56 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\12.2.5.32
[2012/09/09 08:03:42 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/07/02 10:03:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2012/07/02 10:03:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2012/07/02 10:03:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2012/07/02 10:03:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2012/07/02 10:03:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2012/07/02 10:03:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2012/07/02 10:03:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2012/09/09 08:03:36 | 000,001,607 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2012/09/04 08:35:50 | 000,003,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/09/09 08:03:36 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/09 08:03:35 | 000,001,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2012/09/09 08:03:35 | 000,003,581 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2012/09/09 08:03:35 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/09/09 08:03:35 | 000,001,391 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2012/09/09 08:03:35 | 000,001,309 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: No name found = C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/03/25 11:32:33 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Archivos de programa\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Archivos de programa\Zynga\tbZyn1.dll (Conduit Ltd.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Archivos de programa\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Archivos de programa\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (WebGoRadio Toolbar) - {c434bc3f-1a2a-4e73-98bb-8f99e454897a} - C:\Archivos de programa\WebGoRadio\tbWeb0.dll (Conduit Ltd.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Archivos de programa\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Archivos de programa\Zynga\tbZyn1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Archivos de programa\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (WebGoRadio Toolbar) - {c434bc3f-1a2a-4e73-98bb-8f99e454897a} - C:\Archivos de programa\WebGoRadio\tbWeb0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Archivos de programa\Zynga\tbZyn1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (WebGoRadio Toolbar) - {C434BC3F-1A2A-4E73-98BB-8F99E454897A} - C:\Archivos de programa\WebGoRadio\tbWeb0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Archivos de programa\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe ()
O4 - HKLM..\Run: [ROC_roc_ssl_v12] C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Users\Hector\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Archivos de programa\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Archivos de programa\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Archivos de programa\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Archivos de programa\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Archivos de programa\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Archivos de programa\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Intranet local)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5FE7818E-8FB5-40B9-AEC6-6284E7908EB3}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B414279D-79CC-49CE-8FFA-7BBA737A065C}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Archivos de programa\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Archivos de programa\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Archivos de programa\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Archivos de programa\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Archivos de programa\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Archivos de programa\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Archivos de programa\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Hector\Pictures\PHOTOfunSTUDIO wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Hector\Pictures\PHOTOfunSTUDIO wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/10 09:16:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/08/26 12:20:15 | 000,000,000 | ---D | C] -- C:\Users\Hector\AppData\Roaming\AVG
[2012/08/26 12:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2012/08/26 11:20:14 | 000,000,000 | ---D | C] -- C:\Users\Hector\AppData\Roaming\AVG2012
[2012/08/26 11:19:15 | 000,000,000 | ---D | C] -- C:\Users\Hector\AppData\Local\AVG Secure Search
[2012/08/26 11:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/08/26 11:18:34 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012/08/26 11:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/08/26 11:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/08/26 11:11:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/08/26 11:11:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2012/08/26 10:52:13 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/08/26 10:01:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/08/26 10:01:37 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012/08/26 10:01:24 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2012/08/24 15:43:18 | 000,301,920 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2012/08/23 10:52:35 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/08/23 10:52:34 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
[2012/08/16 09:33:27 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/08/16 09:33:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/08/16 09:33:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/08/16 09:33:25 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/08/16 09:33:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/08/16 09:33:25 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/08/16 09:33:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/08/16 09:33:14 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

========== Files - Modified Within 30 Days ==========

[2012/09/13 08:22:57 | 000,001,024 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/13 08:22:13 | 094,736,988 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/09/13 08:18:25 | 000,001,020 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/13 08:18:02 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/13 08:18:01 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/13 08:17:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/13 08:17:29 | 2136,133,632 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/12 09:09:08 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3990087816-3269341712-2415393594-1000UA.job
[2012/09/12 09:09:08 | 000,000,998 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3990087816-3269341712-2415393594-1000Core.job
[2012/09/12 09:08:15 | 000,000,838 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/12 08:34:38 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/10 09:16:04 | 000,000,844 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/09/09 10:46:08 | 000,143,541 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/07 13:30:25 | 000,717,686 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2012/09/07 13:30:24 | 000,634,440 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/07 13:30:24 | 000,154,004 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2012/09/07 13:30:24 | 000,120,004 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/04 08:37:46 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012/09/03 14:12:04 | 000,002,088 | ---- | M] () -- C:\Users\Hector\Desktop\Google Chrome.lnk
[2012/08/31 10:46:29 | 000,627,150 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2012/08/28 16:49:53 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/08/26 11:12:26 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjw.avm
[2012/08/26 10:01:37 | 000,001,951 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/08/24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2012/08/23 10:22:33 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/23 10:22:33 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/17 08:46:01 | 000,473,968 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/09/13 08:22:13 | 094,736,988 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/09/09 10:46:08 | 000,143,541 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/08/31 10:46:29 | 000,627,150 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2012/08/28 17:22:13 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/26 11:19:11 | 000,000,844 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/08/26 11:12:26 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjw.avm
[2012/08/26 10:01:25 | 000,001,951 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/05/28 09:19:12 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2011/03/19 00:51:35 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/03/18 12:37:20 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2010/07/19 22:49:24 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008/12/12 15:55:01 | 000,000,094 | ---- | C] () -- C:\Users\Hector\AppData\Local\fusioncache.dat
[2008/07/31 15:50:57 | 000,000,680 | ---- | C] () -- C:\Users\Hector\AppData\Local\d3d9caps.dat
[2008/07/28 19:43:41 | 000,121,856 | ---- | C] () -- C:\Users\Hector\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2012/08/26 12:34:25 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\AVG
[2012/08/26 11:20:14 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\AVG2012
[2012/02/20 17:12:46 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\AVG9
[2011/03/12 15:48:55 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\ChessBase
[2011/03/13 10:12:05 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\Ehlo
[2011/03/26 11:01:26 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\Foxit Software
[2012/08/29 21:03:11 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\KeePass
[2011/03/13 10:12:35 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\Onone
[2009/03/28 20:17:57 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\OpenOffice.org
[2009/03/01 16:29:24 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\Panasonic
[2010/12/15 21:11:35 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\PCDr
[2010/05/28 00:16:44 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\Research In Motion
[2010/06/17 19:07:21 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\TeamViewer
[2011/08/10 10:09:42 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\Thunderbird
[2012/09/12 09:49:14 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

< MD5 for: EXPLORER.DESIGNER.VB >
[2005/12/23 08:03:52 | 000,030,957 | ---- | M] () MD5=D9FA2ED52D2FB38CB548AC34B3BF40B9 -- C:\Users\Patty\AppData\Local\Temp\Temp1_Explorer.zip\explorer.designer.vb

< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/07/19 10:32:11 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/07/19 10:32:11 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 04:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 02:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: EXPLORER.EXE.MUI >
[2006/11/02 10:36:27 | 000,897,024 | ---- | M] (Microsoft Corporation) MD5=A3A1F5260341E9E70FBF0E82FE5DB8B7 -- C:\Windows\es-ES\explorer.exe.mui
[2006/11/02 10:36:27 | 000,897,024 | ---- | M] (Microsoft Corporation) MD5=A3A1F5260341E9E70FBF0E82FE5DB8B7 -- C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.0.6000.16386_es-es_0387220576ddabc5\explorer.exe.mui

< MD5 for: EXPLORER.RESX >
[2005/09/23 03:27:08 | 000,040,553 | ---- | M] () MD5=B1B3C02B970204A703854F13D66A0C79 -- C:\Users\Patty\AppData\Local\Temp\Temp1_Explorer.zip\explorer.resx

< MD5 for: EXPLORER.VB >
[2005/12/23 08:03:52 | 000,007,489 | ---- | M] () MD5=AEB47735815258D5B60E3F9BB919FD95 -- C:\Users\Patty\AppData\Local\Temp\Temp1_Explorer.zip\explorer.vb

< MD5 for: EXPLORER.VSTEMPLATE >
[2005/09/23 03:27:08 | 000,001,333 | ---- | M] () MD5=9DD77EB173C4F605676D53074C1FAF9A -- C:\Users\Patty\AppData\Local\Temp\Temp1_Explorer.zip\explorer.vstemplate

< MD5 for: EXPLORER.ZIP >
[2006/03/08 12:32:40 | 000,020,653 | ---- | M] () MD5=7B60FEB5337E1F2FDFBDCDA176E7D1FB -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\3082\Explorer.zip

< MD5 for: IEXPLORE.EXE >
[2012/05/17 18:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=0129BB16161C2FD9A6B19111AB047198 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16446_none_5898f8e3ebb5c47b\iexplore.exe
[2008/04/24 23:22:36 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=07ED775D6DB4BFA96D7CFB09EB228418 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16681_none_2d26424d1d17e8b7\iexplore.exe
[2009/01/14 23:14:36 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=0844F5B9CB3BB85A917D347EF1565B6C -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_2d84c7c91ccfce35\iexplore.exe
[2008/07/19 10:37:09 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=182CAF7403705ACCB51211A761080B8F -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\iexplore.exe
[2009/11/21 01:42:38 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=1B6362BB14FCEB9E76BCF9A953B04788 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18865_none_120f459f2ff7e1f8\iexplore.exe
[2010/02/23 10:06:13 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=25DB705A7DC85C208B3CF2D20F118AA7 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22995_none_127872a6492dd595\iexplore.exe
[2012/05/17 17:59:46 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=268982F1FD671A077C6A2AF41E351436 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20551_none_5912c45104e00183\iexplore.exe
[2009/04/11 01:27:44 | 000,636,080 | ---- | M] (Microsoft Corporation) MD5=2C5168C856455CC43C4B4E1CC1920001 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6002.18005_none_314d791517204c15\iexplore.exe
[2009/08/27 00:23:17 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=2E48756F12C21F46895036AC089AAD97 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18828_none_123d862d2fd4be39\iexplore.exe
[2012/06/02 04:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=34B01BBD8F00B6B9C9248DC4F1E3CD01 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16447_none_5899f92debb4ddd2\iexplore.exe
[2008/07/19 10:35:06 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=3C1B2AD79DBF750A15A8832AF8192DB4 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20663_none_2dc77d9e36238626\iexplore.exe
[2010/01/02 09:58:26 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=3D8DA00B028DEA9517066F1CECBFC4A2 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22973_none_128c11ea491f6b05\iexplore.exe
[2010/05/04 01:32:18 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=48A6109E8DF0365195298CC527B7426A -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23019_none_12d2cb5048e98eab\iexplore.exe
[2010/09/08 01:26:34 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=4A719476A6393B1DCACFEB4F3AC6599C -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23067_none_129abb204913e7b2\iexplore.exe
[2009/07/22 01:04:09 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=4B5AEA50CE77FBA4C2D169622DC9B489 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22903_none_12d7c15e48e6a76e\iexplore.exe
[2008/07/19 10:30:50 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=4C1528C481FFE6E4EFE4BAC7271CE251 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20697_none_2dab0f0236383f55\iexplore.exe
[2008/10/15 23:27:53 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=4CBA2F58668F2D5F3259CBE73E227F25 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20937_none_2debf43c36078f24\iexplore.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2010/11/02 01:03:13 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=5AB037B17F8A87D052F5A88E0D29A3C8 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18999_none_11f2d8e9300c984e\iexplore.exe
[2008/01/19 02:33:12 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=5B92133D3E7FB2644677686305E29E81 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_2f62000919fe80c9\iexplore.exe
[2010/05/04 01:00:35 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=5C9B1062EA7A44E8F6BFDE994B68C7AA -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18928_none_123d88132fd4bb60\iexplore.exe
[2008/07/19 10:30:50 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=7023BC3AF58F0C47856AF147E290D81A -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16575_none_2d35117b1d0c34fb\iexplore.exe
[2010/06/26 01:06:48 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=7420BE0E7D3D1320054F7ACA0594953D -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18943_none_1222e6c92fe9748f\iexplore.exe
[2010/12/18 02:19:44 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=7852371DA9EFBC17B645558E23780EAC -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23111_none_12cacae648f0c11a\iexplore.exe
[2009/08/27 08:31:08 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=7DD482E4A2E3CBB0A72F718C342F5B75 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22918_none_12d1f2e448ea4212\iexplore.exe
[2008/07/19 10:32:49 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=7F2693693511F7ECD2762081F2F19864 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20734_none_2de8ef92360a48d1\iexplore.exe
[2006/11/02 04:45:14 | 000,623,616 | ---- | M] (Microsoft Corporation) MD5=8308F01F27DF839E0010B0F72F855E35 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16386_none_2d2b3e0d1d136ff5\iexplore.exe
[2010/01/02 01:40:20 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=88BD42DAE7CFFEB256CA7145A15E4843 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18882_none_11f6a4e9300acdd5\iexplore.exe
[2011/04/26 21:32:57 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16421_none_58a99749ebaa0de6\iexplore.exe
[2008/07/19 10:32:50 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=9143C721DD6482374EFB35BC35944324 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16609_none_2d84c3fd1ccfd3e7\iexplore.exe
[2010/11/02 02:13:47 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=92A17B0A89D14815AACC62CD190B6CE3 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23091_none_127449a04931a37b\iexplore.exe
[2012/06/28 20:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=93569D46D79F9756ED077156496AFE23 -- C:\Program Files\Internet Explorer\iexplore.exe
[2012/06/28 20:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=93569D46D79F9756ED077156496AFE23 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16448_none_589af977ebb3f729\iexplore.exe
[2008/07/19 10:37:09 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=9437CA21CD48C9B6BFD6F5AC0143D251 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_2d5382911cf5aba1\iexplore.exe
[2011/02/22 02:18:28 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=9CE5543464432CA73134F170FA2BF823 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23143_none_12ac5bb64907479b\iexplore.exe
[2008/04/24 21:04:08 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=9F1427F203CA078005C9943800929640 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20823_none_2df2c11a360310b0\iexplore.exe
[2010/02/23 01:39:16 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=9F52FBE99C749E3F32C75124F09F1B03 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18904_none_124f26c32fc81e22\iexplore.exe
[2009/03/08 16:09:24 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\iexplore.exe
[2010/12/18 01:28:35 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=B988D7F127B94BD5BF8356FE81B985C4 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19019_none_1249306b2fcbec08\iexplore.exe
[2012/06/02 03:51:58 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=BE967C74B89577B78FB57C061E12B04C -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20553_none_5914c4e504de3431\iexplore.exe
[2011/02/22 01:21:12 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=C1D36A2CBE0CEC4DF593DB1288CF586E -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19048_none_1227c05d2fe52684\iexplore.exe
[2009/07/21 16:53:43 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=C33BD196A0301F9B23D9A003D30ED8B0 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18813_none_124354a72fd12395\iexplore.exe
[2010/09/08 01:02:42 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=D5A730DFDEAE005373E62BC2A866E3BB -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18975_none_120477992ffffb10\iexplore.exe
[2008/10/15 23:42:58 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=D762642A109433EEDCD332B0A9511137 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16764_none_2d3ee4e91d04fa01\iexplore.exe
[2009/11/21 10:05:17 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=E7F8DF50E483D165BB01F367D3519AA7 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22956_none_12a4b2a0490c7f28\iexplore.exe
[2012/06/28 18:35:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=EB4105348272018D096FEB655CD1608C -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20554_none_5915c52f04dd4d88\iexplore.exe
[2008/07/19 10:35:06 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=EDEE147E416398BB3DD5B0DD4F6F1D32 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16546_none_2d5681891cf2fa7f\iexplore.exe
[2010/06/26 01:52:42 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=F05B3A2C6CB319DD1377AD566CF5ECE5 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23040_none_12a958f24909fe6f\iexplore.exe
[2009/01/14 23:18:47 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=F0B1CA517977BA2FF6DA33F1B966C488 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20996_none_2daa146a36391d73\iexplore.exe

< MD5 for: IEXPLORE.EXE.MUI >
[2011/04/26 21:33:01 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2011/04/26 21:33:01 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.1.8112.16421_en-us_52562cc123574ecd\iexplore.exe.mui
[2006/11/02 10:36:16 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=90B81CFE689FF456504C717E193596E3 -- C:\Windows\winsxs\x86_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_6.0.6000.16386_es-es_3b210dfe58014735\iexplore.exe.mui
[2009/03/08 16:27:11 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Windows\winsxs\x86_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_8.0.6001.18702_en-us_207795706a90d6c1\iexplore.exe.mui
[2011/04/26 21:33:44 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=CF5D2D3D54DE91D2C66796D33E4D6431 -- C:\Program Files\Internet Explorer\es-ES\iexplore.exe.mui
[2011/04/26 21:33:44 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=CF5D2D3D54DE91D2C66796D33E4D6431 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.1.8112.16421_es-es_522189a5237e4072\iexplore.exe.mui
[2009/03/08 16:13:38 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=EA808DE2547B585255430B85F82CC1A0 -- C:\Windows\winsxs\x86_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_8.0.6001.18702_es-es_2042f2546ab7c866\iexplore.exe.mui

< MD5 for: SERVICES >
[2006/09/18 16:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 16:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.CNF >
[2003/09/17 18:50:02 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Users\Hector\Documents\My Documents\Mis Webs\Consys\_vti_pvt\services.cnf
[2002/04/04 10:40:04 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Users\Hector\Documents\My Documents\Mis Webs\miWeb\_vti_pvt\services.cnf
[2003/09/18 12:43:42 | 000,000,020 | ---- | M] () MD5=94F4E64EECBFEF42ADD8E1DFF3C389FC -- C:\Users\Hector\Documents\My Documents\Mis Webs\_vti_pvt\services.cnf

< MD5 for: SERVICES.EXE >
[2008/01/19 02:33:28 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2006/11/02 04:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 10:35:37 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=5D403ABBB21AFE941296CA659BA6134E -- C:\Windows\System32\es-ES\services.exe.mui
[2006/11/02 10:35:37 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=5D403ABBB21AFE941296CA659BA6134E -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_es-es_6791e1ff29310e92\services.exe.mui

< MD5 for: SERVICES.HTM >
[2003/10/02 17:43:04 | 000,001,608 | ---- | M] () MD5=56C7737F0E6B742DD7B58FCA30366976 -- C:\Users\Hector\Documents\My Documents\Mis Webs\Consys\_vti_cnf\services.htm
[2003/10/02 17:43:04 | 000,008,884 | ---- | M] () MD5=8F2FAB1967A9BCEF3429648C725E32E0 -- C:\Users\Hector\Documents\My Documents\Mis Webs\Consys\services.htm
[2002/04/04 10:46:20 | 000,001,464 | ---- | M] () MD5=D30257A5EBCEFE0100AC8B9D193BDEFD -- C:\Users\Hector\Documents\My Documents\Mis Webs\miWeb\_vti_cnf\services.htm
[2002/04/04 10:46:18 | 000,004,737 | ---- | M] () MD5=DC7C7E96C75CFE5AD55D2B85A2332C03 -- C:\Users\Hector\Documents\My Documents\Mis Webs\miWeb\services.htm

< MD5 for: SERVICES.HTM_CMP_CANVAS000_BNR.GIF >
[2002/04/04 10:46:20 | 000,000,307 | ---- | M] () MD5=A04DDAEB3F7E56D07312CBCB3769FBB8 -- C:\Users\Hector\Documents\My Documents\Mis Webs\miWeb\_derived\_vti_cnf\services.htm_cmp_canvas000_bnr.gif
[2002/04/04 10:46:20 | 000,002,380 | ---- | M] () MD5=B45E9192EB936B8549409BB74A114036 -- C:\Users\Hector\Documents\My Documents\Mis Webs\miWeb\_derived\services.htm_cmp_canvas000_bnr.gif

< MD5 for: SERVICES.HTM_CMP_CANVAS000_HBTN.GIF >
[2002/04/04 10:46:18 | 000,001,900 | ---- | M] () MD5=5FB9D66E7B4B17975C5E5EDB251C15EB -- C:\Users\Hector\Documents\My Documents\Mis Webs\miWeb\_derived\services.htm_cmp_canvas000_hbtn.gif
[2002/04/04 10:46:18 | 000,000,307 | ---- | M] () MD5=6B212B2C704B8324D9C3FA89D16E6D68 -- C:\Users\Hector\Documents\My Documents\Mis Webs\miWeb\_derived\_vti_cnf\services.htm_cmp_canvas000_hbtn.gif

< MD5 for: SERVICES.HTM_CMP_CANVAS000_HBTN_P.GIF >
[2002/04/04 10:46:20 | 000,001,705 | ---- | M] () MD5=50B50F2EB047E952FBE59D707E2B7A05 -- C:\Users\Hector\Documents\My Documents\Mis Webs\miWeb\_derived\services.htm_cmp_canvas000_hbtn_p.gif
[2002/04/04 10:46:20 | 000,000,307 | ---- | M] () MD5=A04DDAEB3F7E56D07312CBCB3769FBB8 -- C:\Users\Hector\Documents\My Documents\Mis Webs\miWeb\_derived\_vti_cnf\services.htm_cmp_canvas000_hbtn_p.gif

< MD5 for: SERVICES.HTM_CMP_CANVAS000_VBTN.GIF >
[2002/04/04 10:46:18 | 000,001,328 | ---- | M] () MD5=406BB7F98CB2D2CF4942D013BD5C4F3D -- C:\Users\Hector\Documents\My Documents\Mis Webs\miWeb\_derived\services.htm_cmp_canvas000_vbtn.gif
[2002/04/04 10:46:18 | 000,000,307 | ---- | M] () MD5=6B212B2C704B8324D9C3FA89D16E6D68 -- C:\Users\Hector\Documents\My Documents\Mis Webs\miWeb\_derived\_vti_cnf\services.htm_cmp_canvas000_vbtn.gif

< MD5 for: SERVICES.HTM_CMP_CLEARDAY000_BNR.GIF >
[2003/09/17 18:56:44 | 000,003,006 | ---- | M] () MD5=72620A610DC54D232EE3115D932CECCB -- C:\Users\Hector\Documents\My Documents\Mis Webs\Consys\_derived\services.htm_cmp_clearday000_bnr.gif
[2003/09/17 18:56:44 | 000,000,319 | ---- | M] () MD5=FF63AD95B28CAAA1ABA1EB169EE0EC8A -- C:\Users\Hector\Documents\My Documents\Mis Webs\Consys\_derived\_vti_cnf\services.htm_cmp_clearday000_bnr.gif

< MD5 for: SERVICES.HTM_CMP_CLEARDAY000_HBTN.GIF >
[2003/09/17 18:56:44 | 000,000,809 | ---- | M] () MD5=3212AE4693B750523B8B870A6AEACD18 -- C:\Users\Hector\Documents\My Documents\Mis Webs\Consys\_derived\services.htm_cmp_clearday000_hbtn.gif
[2003/09/17 18:56:44 | 000,000,319 | ---- | M] () MD5=FF63AD95B28CAAA1ABA1EB169EE0EC8A -- C:\Users\Hector\Documents\My Documents\Mis Webs\Consys\_derived\_vti_cnf\services.htm_cmp_clearday000_hbtn.gif

< MD5 for: SERVICES.HTM_CMP_CLEARDAY000_HBTN_P.GIF >
[2003/09/17 18:56:44 | 000,000,914 | ---- | M] () MD5=DB442E9E519EBE91C47081811A0C4C89 -- C:\Users\Hector\Documents\My Documents\Mis Webs\Consys\_derived\services.htm_cmp_clearday000_hbtn_p.gif
[2003/09/17 18:56:44 | 000,000,319 | ---- | M] () MD5=FF63AD95B28CAAA1ABA1EB169EE0EC8A -- C:\Users\Hector\Documents\My Documents\Mis Webs\Consys\_derived\_vti_cnf\services.htm_cmp_clearday000_hbtn_p.gif

< MD5 for: SERVICES.HTM_CMP_CLEARDAY000_VBTN.GIF >
[2003/09/17 18:56:44 | 000,000,809 | ---- | M] () MD5=AE6FD95F06AAB1D5994549CCC83EECFB -- C:\Users\Hector\Documents\My Documents\Mis Webs\Consys\_derived\services.htm_cmp_clearday000_vbtn.gif
[2003/09/17 18:56:44 | 000,000,319 | ---- | M] () MD5=FF63AD95B28CAAA1ABA1EB169EE0EC8A -- C:\Users\Hector\Documents\My Documents\Mis Webs\Consys\_derived\_vti_cnf\services.htm_cmp_clearday000_vbtn.gif

< MD5 for: SERVICES.HTM_NAV_CANVAS000_BNR.GIF >
[2002/04/04 10:46:20 | 000,000,425 | ---- | M] () MD5=181BD77746538A503F422AF8C75AC69E -- C:\Users\Hector\Documents\My Documents\Mis Webs\miWeb\_overlay\_vti_cnf\services.htm_nav_canvas000_bnr.gif
[2002/04/04 10:46:20 | 000,000,374 | ---- | M] () MD5=34B524F1EFF35BCFC573C4FB8FF14713 -- C:\Users\Hector\Documents\My Documents\Mis Webs\miWeb\_overlay\services.htm_nav_canvas000_bnr.gif

< MD5 for: SERVICES.HTM_NAV_CANVAS000_HBTN.GIF >
[2002/04/04 10:46:20 | 000,000,138 | ---- | M] () MD5=37899402463C5DC229F65DD830CA3440 -- C:\Users\Hector\Documents\My Documents\Mis Webs\miWeb\_overlay\services.htm_nav_canvas000_hbtn.gif
[2002/04/04 10:46:20 | 000,000,425 | ---- | M] () MD5=D10E3B90BCC4197F821E1BB455929706 -- C:\Users\Hector\Documents\My Documents\Mis Webs\miWeb\_overlay\_vti_cnf\services.htm_nav_canvas000_hbtn.gif

< MD5 for: SERVICES.HTM_NAV_CANVAS000_VBTN.GIF >
[2002/04/04 10:46:20 | 000,000,138 | ---- | M] () MD5=37899402463C5DC229F65DD830CA3440 -- C:\Users\Hector\Documents\My Documents\Mis Webs\miWeb\_overlay\services.htm_nav_canvas000_vbtn.gif
[2002/04/04 10:46:20 | 000,000,425 | ---- | M] () MD5=D10E3B90BCC4197F821E1BB455929706 -- C:\Users\Hector\Documents\My Documents\Mis Webs\miWeb\_overlay\_vti_cnf\services.htm_nav_canvas000_vbtn.gif

< MD5 for: SERVICES.HTM_NAV_CLEARDAY000_BNR.GIF >
[2003/09/17 18:56:44 | 000,000,437 | ---- | M] () MD5=CF259C648E22C08189DFE1323B21C9A8 -- C:\Users\Hector\Documents\My Documents\Mis Webs\Consys\_overlay\_vti_cnf\services.htm_nav_clearday000_bnr.gif
[2003/09/17 18:56:44 | 000,000,405 | ---- | M] () MD5=F5A82329A3F2C41667E5E1940D94F019 -- C:\Users\Hector\Documents\My Documents\Mis Webs\Consys\_overlay\services.htm_nav_clearday000_bnr.gif

< MD5 for: SERVICES.HTM_NAV_CLEARDAY000_HBTN.GIF >
[2003/09/17 18:56:44 | 000,000,135 | ---- | M] () MD5=8E49EEEEF84732F36C2A298F62AA91F7 -- C:\Users\Hector\Documents\My Documents\Mis Webs\Consys\_overlay\services.htm_nav_clearday000_hbtn.gif
[2003/09/17 18:56:44 | 000,000,437 | ---- | M] () MD5=F7361C914B61FC65AEEFCF11CD14D17B -- C:\Users\Hector\Documents\My Documents\Mis Webs\Consys\_overlay\_vti_cnf\services.htm_nav_clearday000_hbtn.gif

< MD5 for: SERVICES.HTM_NAV_CLEARDAY000_VBTN.GIF >
[2003/09/17 18:56:44 | 000,000,135 | ---- | M] () MD5=8E49EEEEF84732F36C2A298F62AA91F7 -- C:\Users\Hector\Documents\My Documents\Mis Webs\Consys\_overlay\services.htm_nav_clearday000_vbtn.gif
[2003/09/17 18:56:44 | 000,000,437 | ---- | M] () MD5=F7361C914B61FC65AEEFCF11CD14D17B -- C:\Users\Hector\Documents\My Documents\Mis Webs\Consys\_overlay\_vti_cnf\services.htm_nav_clearday000_vbtn.gif

< MD5 for: SERVICES.LNK >
[2008/07/28 23:42:59 | 000,001,688 | ---- | M] () MD5=8B1410D68DE51D9ED42AAFE7757E05E2 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/07/28 23:42:59 | 000,001,688 | ---- | M] () MD5=8B1410D68DE51D9ED42AAFE7757E05E2 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.mof
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/09/18 16:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/09/18 16:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6000.16386_none_cd2d20a848cfd40f\services.msc
[2006/09/18 16:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc
[2006/11/02 10:37:27 | 000,092,751 | ---- | M] () MD5=C7B99872B5170E37AF24905BEE772844 -- C:\Windows\System32\es-ES\services.msc
[2006/11/02 10:37:27 | 000,092,751 | ---- | M] () MD5=C7B99872B5170E37AF24905BEE772844 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_es-es_a1d3b1eaff9aa885\services.msc

< MD5 for: SERVICES.PNG >
[2012/08/17 16:27:50 | 000,001,509 | ---- | M] () MD5=F4EC3ABEAE15FA9BB42D721E9D543F44 -- C:\Program Files\Dell Support Center\Images\icons\png\24_24\services.png

< MD5 for: SERVICES.RDB >
[2011/01/17 20:15:14 | 000,237,568 | ---- | M] () MD5=507957679AE4579C15D57FA741EA6FFA -- C:\Program Files\OpenOffice.org 3\URE\misc\services.rdb
[2011/01/17 20:14:46 | 005,539,328 | ---- | M] () MD5=F2B666905F7FDAA80C86A101A7DE62F9 -- C:\Program Files\OpenOffice.org 3\Basis\program\services.rdb

< MD5 for: WINLOGON.EXE >
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 04:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 02:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WINLOGON.EXE.MUI >
[2009/04/11 01:27:21 | 000,032,768 | ---- | M] (Microsoft Corporation) MD5=6D75C5F6A901F57359FA5206266A8FF6 -- C:\Windows\System32\es-ES\winlogon.exe.mui
[2009/04/11 01:27:21 | 000,032,768 | ---- | M] (Microsoft Corporation) MD5=6D75C5F6A901F57359FA5206266A8FF6 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6002.18005_es-es_ccaf677b015f2f2b\winlogon.exe.mui
[2008/01/19 02:36:16 | 000,032,768 | ---- | M] (Microsoft Corporation) MD5=BF624F1AA6FBA598AD57E97CE001AADB -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6001.18000_es-es_cac3ee6f043d63df\winlogon.exe.mui
[2006/11/02 10:35:26 | 000,032,768 | ---- | M] (Microsoft Corporation) MD5=ECF03BD3967070C496A7E6ADE316797D -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6000.16386_es-es_c88d2c730752530b\winlogon.exe.mui

< MD5 for: WINLOGON.MOF >
[2006/09/18 16:41:56 | 000,002,794 | ---- | M] () MD5=545C578F290B9CDD280966939935B9EA -- C:\Windows\System32\wbem\winlogon.mof
[2006/09/18 16:41:56 | 000,002,794 | ---- | M] () MD5=545C578F290B9CDD280966939935B9EA -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.0.6000.16386_none_7e0207d478fccc94\winlogon.mof

< %SYSTEMDRIVE%\*.* >
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2010/07/16 18:20:41 | 000,001,605 | ---- | M] () -- C:\CD3rdPartyWrapper.log
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/07/19 10:46:28 | 000,004,355 | RH-- | M] () -- C:\dell.sdr
[2010/03/26 20:24:24 | 000,000,045 | ---- | M] () -- C:\error.log
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2012/09/13 08:17:29 | 2136,133,632 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2012/09/13 08:17:27 | 2449,948,672 | -HS- | M] () -- C:\pagefile.sys
[2012/08/29 09:26:32 | 000,128,332 | ---- | M] () -- C:\TDSSKiller.2.8.8.0_29.08.2012_09.24.59_log.txt
[2009/03/01 16:29:12 | 000,000,026 | ---- | M] () -- C:\UpdaterforApp.ini
[2007/11/07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\Fonts\*.com >
[2006/11/02 07:35:34 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:35:34 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:35:34 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/08/21 17:12:02 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/05/13 15:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/07/28 23:43:35 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/04/26 21:58:14 | 000,000,574 | -HS- | M] () -- C:\Users\Hector\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-09-12 14:48:47

========== Alternate Data Streams ==========

@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:466F9D5D
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:8331D35A
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:EBC2DB92

< End of report >

Extras log:
OTL logfile created on: 13/09/2012 08:32:13 a.m. - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Hector\Documents\virus\Tools
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000080A | Country: México | Language: ESM | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.48 Gb Available Physical Memory | 24.23% Memory free
4.22 Gb Paging File | 2.35 Gb Available in Paging File | 55.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 17.76 Gb Free Space | 7.97% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.41 Gb Free Space | 64.07% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: CORREAH | User Name: Hector | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Archivos de programa\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Archivos de programa\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe ()
PRC - C:\Archivos de programa\AVG Secure Search\vprot.exe ()
PRC - C:\Users\Hector\Documents\virus\Tools\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe (Adobe Systems, Inc.)
PRC - C:\Archivos de programa\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Archivos de programa\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Archivos de programa\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Archivos de programa\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Archivos de programa\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Archivos de programa\McAfee Security Scan\3.0.271\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Archivos de programa\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Archivos de programa\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Archivos de programa\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Archivos de programa\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Archivos de programa\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Archivos de programa\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Archivos de programa\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Archivos de programa\Mozilla Firefox\mozjs.dll ()
MOD - C:\Archivos de programa\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll ()
MOD - C:\Archivos de programa\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll ()
MOD - C:\Archivos de programa\AVG Secure Search\vprot.exe ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
MOD - C:\Archivos de programa\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Archivos de programa\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Archivos de programa\WinRAR\RarExt.dll ()


========== Services (SafeList) ==========

SRV - (sprtsvc_dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter File not found
SRV - (MozillaMaintenance) -- C:\Archivos de programa\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (vToolbarUpdater12.2.6) -- C:\Archivos de programa\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Archivos de programa\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgfws) -- C:\Archivos de programa\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (McComponentHostService) -- C:\Archivos de programa\McAfee Security Scan\3.0.271\McCHSvc.exe (McAfee, Inc.)
SRV - (avgwd) -- C:\Archivos de programa\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SkypeUpdate) -- C:\Archivos de programa\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (odserv) -- C:\Archivos de programa\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (fsssvc) -- C:\Archivos de programa\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (wlcrasvc) -- C:\Archivos de programa\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Archivos de programa\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (rpcapd) -- C:\Archivos de programa\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (TeamViewer5) -- C:\Archivos de programa\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (ACDaemon) -- C:\Archivos de programa\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Archivos de programa\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (WinDefend) -- C:\Archivos de programa\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Archivos de programa\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (ose) -- C:\Archivos de programa\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (IntcAzAudAddService) -- system32\drivers\RTKVHDA.sys File not found
DRV - (cpuz134) -- C:\Users\Hector\AppData\Local\Temp\cpuz134\cpuz134_x32.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgfwfd) -- C:\Windows\System32\drivers\avgfwd6x.sys (AVG Technologies CZ, s.r.o.)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (pavboot) -- C:\Windows\System32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (Stlth317) -- C:\Windows\System32\drivers\stlth317.sys (Generic)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Archivos de programa\Zynga\tbZyn1.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {c434bc3f-1a2a-4e73-98bb-8f99e454897a} - C:\Archivos de programa\WebGoRadio\tbWeb0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DAMX
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1383636

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=mx&ibd=2080719
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Archivos de programa\Zynga\tbZyn1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {c434bc3f-1a2a-4e73-98bb-8f99e454897a} - C:\Archivos de programa\WebGoRadio\tbWeb0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGLL_es
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....pr&d=2012-08-26 11:18:38&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1383636
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: [email protected]:6.103.018.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16
FF - prefs.js..keyword.URL: "https://isearch.avg....8:38&sap=ku&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Hector\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Hector\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Hector\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/25 08:50:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\12.2.5.32\ [2012/09/04 08:37:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/09 08:03:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/02 10:03:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/10/30 19:55:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/01/23 00:08:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hector\AppData\Roaming\mozilla\Extensions
[2010/01/23 00:08:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hector\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/19 09:16:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hector\AppData\Roaming\mozilla\Extensions\[email protected]
[2012/08/22 09:02:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hector\AppData\Roaming\mozilla\Firefox\Profiles\mv60azpv.default\extensions
[2010/09/24 18:47:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hector\AppData\Roaming\mozilla\Firefox\Profiles\mv60azpv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/08/21 09:02:18 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Hector\AppData\Roaming\mozilla\Firefox\Profiles\mv60azpv.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2012/08/28 16:49:51 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
[2012/02/13 17:01:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Archivos de programa\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/09/09 08:03:42 | 000,000,000 | ---D | M] (Default) -- C:\Archivos de programa\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/09/04 08:37:56 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\12.2.5.32
[2012/09/09 08:03:42 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/07/02 10:03:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2012/07/02 10:03:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2012/07/02 10:03:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2012/07/02 10:03:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2012/07/02 10:03:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2012/07/02 10:03:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2012/07/02 10:03:00 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2012/09/09 08:03:36 | 000,001,607 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2012/09/04 08:35:50 | 000,003,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/09/09 08:03:36 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/09 08:03:35 | 000,001,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2012/09/09 08:03:35 | 000,003,581 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2012/09/09 08:03:35 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/09/09 08:03:35 | 000,001,391 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2012/09/09 08:03:35 | 000,001,309 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: No name found = C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/03/25 11:32:33 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Archivos de programa\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Archivos de programa\Zynga\tbZyn1.dll (Conduit Ltd.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Archivos de programa\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Archivos de programa\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (WebGoRadio Toolbar) - {c434bc3f-1a2a-4e73-98bb-8f99e454897a} - C:\Archivos de programa\WebGoRadio\tbWeb0.dll (Conduit Ltd.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Archivos de programa\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Archivos de programa\Zynga\tbZyn1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Archivos de programa\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (WebGoRadio Toolbar) - {c434bc3f-1a2a-4e73-98bb-8f99e454897a} - C:\Archivos de programa\WebGoRadio\tbWeb0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Archivos de programa\Zynga\tbZyn1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (WebGoRadio Toolbar) - {C434BC3F-1A2A-4E73-98BB-8F99E454897A} - C:\Archivos de programa\WebGoRadio\tbWeb0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Archivos de programa\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe ()
O4 - HKLM..\Run: [ROC_roc_ssl_v12] C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Users\Hector\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Archivos de programa\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Archivos de programa\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Archivos de programa\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Archivos de programa\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Archivos de programa\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Archivos de programa\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Intranet local)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5FE7818E-8FB5-40B9-AEC6-6284E7908EB3}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B414279D-79CC-49CE-8FFA-7BBA737A065C}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Archivos de programa\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Archivos de programa\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Archivos de programa\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Archivos de programa\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Archivos de programa\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Archivos de programa\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Archivos de programa\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Hector\Pictures\PHOTOfunSTUDIO wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Hector\Pictures\PHOTOfunSTUDIO wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/10 09:16:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/08/26 12:20:15 | 000,000,000 | ---D | C] -- C:\Users\Hector\AppData\Roaming\AVG
[2012/08/26 12:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2012/08/26 11:20:14 | 000,000,000 | ---D | C] -- C:\Users\Hector\AppData\Roaming\AVG2012
[2012/08/26 11:19:15 | 000,000,000 | ---D | C] -- C:\Users\Hector\AppData\Local\AVG Secure Search
[2012/08/26 11:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/08/26 11:18:34 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012/08/26 11:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/08/26 11:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/08/26 11:11:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/08/26 11:11:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2012/08/26 10:52:13 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/08/26 10:01:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/08/26 10:01:37 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012/08/26 10:01:24 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2012/08/24 15:43:18 | 000,301,920 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2012/08/23 10:52:35 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/08/23 10:52:34 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
[2012/08/16 09:33:27 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/08/16 09:33:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/08/16 09:33:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/08/16 09:33:25 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/08/16 09:33:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/08/16 09:33:25 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/08/16 09:33:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/08/16 09:33:14 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

========== Files - Modified Within 30 Days ==========

[2012/09/13 08:22:57 | 000,001,024 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/13 08:22:13 | 094,736,988 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/09/13 08:18:25 | 000,001,020 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/13 08:18:02 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/13 08:18:01 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/13 08:17:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/13 08:17:29 | 2136,133,632 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/12 09:09:08 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3990087816-3269341712-2415393594-1000UA.job
[2012/09/12 09:09:08 | 000,000,998 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3990087816-3269341712-2415393594-1000Core.job
[2012/09/12 09:08:15 | 000,000,838 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/12 08:34:38 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/10 09:16:04 | 000,000,844 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/09/09 10:46:08 | 000,143,541 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/07 13:30:25 | 000,717,686 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2012/09/07 13:30:24 | 000,634,440 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/07 13:30:24 | 000,154,004 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2012/09/07 13:30:24 | 000,120,004 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/04 08:37:46 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012/09/03 14:12:04 | 000,002,088 | ---- | M] () -- C:\Users\Hector\Desktop\Google Chrome.lnk
[2012/08/31 10:46:29 | 000,627,150 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2012/08/28 16:49:53 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/08/26 11:12:26 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjw.avm
[2012/08/26 10:01:37 | 000,001,951 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/08/24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2012/08/23 10:22:33 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/23 10:22:33 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/17 08:46:01 | 000,473,968 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/09/13 08:22:13 | 094,736,988 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/09/09 10:46:08 | 000,143,541 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/08/31 10:46:29 | 000,627,150 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2012/08/28 17:22:13 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/26 11:19:11 | 000,000,844 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/08/26 11:12:26 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjw.avm
[2012/08/26 10:01:25 | 000,001,951 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/05/28 09:19:12 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2011/03/19 00:51:35 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/03/18 12:37:20 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2010/07/19 22:49:24 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008/12/12 15:55:01 | 000,000,094 | ---- | C] () -- C:\Users\Hector\AppData\Local\fusioncache.dat
[2008/07/31 15:50:57 | 000,000,680 | ---- | C] () -- C:\Users\Hector\AppData\Local\d3d9caps.dat
[2008/07/28 19:43:41 | 000,121,856 | ---- | C] () -- C:\Users\Hector\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2012/08/26 12:34:25 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\AVG
[2012/08/26 11:20:14 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\AVG2012
[2012/02/20 17:12:46 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\AVG9
[2011/03/12 15:48:55 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\ChessBase
[2011/03/13 10:12:05 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\Ehlo
[2011/03/26 11:01:26 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\Foxit Software
[2012/08/29 21:03:11 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\KeePass
[2011/03/13 10:12:35 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\Onone
[2009/03/28 20:17:57 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\OpenOffice.org
[2009/03/01 16:29:24 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\Panasonic
[2010/12/15 21:11:35 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\PCDr
[2010/05/28 00:16:44 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\Research In Motion
[2010/06/17 19:07:21 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\TeamViewer
[2011/08/10 10:09:42 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\Thunderbird
[2012/09/12 09:49:14 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

< MD5 for: EXPLORER.DESIGNER.VB >
[2005/12/23 08:03:52 | 000,030,957 | ---- | M] () MD5=D9FA2ED52D2FB38CB548AC34B3BF40B9 -- C:\Users\Patty\AppData\Local\Temp\Temp1_Explorer.zip\explorer.designer.vb

< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/07/19 10:32:11 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/07/19 10:32:11 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 04:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 02:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: EXPLORER.EXE.MUI >
[2006/11/02 10:36:27 | 000,897,024 | ---- | M] (Microsoft Corporation) MD5=A3A1F5260341E9E70FBF0E82FE5DB8B7 -- C:\Windows\es-ES\explorer.exe.mui
[2006/11/02 10:36:27 | 000,897,024 | ---- | M] (Microsoft Corporation) MD5=A3A1F5260341E9E70FBF0E82FE5DB8B7 -- C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.0.6000.16386_es-es_0387220576ddabc5\explorer.exe.mui

< MD5 for: EXPLORER.RESX >
[2005/09/23 03:27:08 | 000,040,553 | ---- | M] () MD5=B1B3C02B970204A703854F13D66A0C79 -- C:\Users\Patty\AppData\Local\Temp\Temp1_Explorer.zip\explorer.resx

< MD5 for: EXPLORER.VB >
[2005/12/23 08:03:52 | 000,007,489 | ---- | M] () MD5=AEB47735815258D5B60E3F9BB919FD95 -- C:\Users\Patty\AppData\Local\Temp\Temp1_Explorer.zip\explorer.vb

< MD5 for: EXPLORER.VSTEMPLATE >
[2005/09/23 03:27:08 | 000,001,333 | ---- | M] () MD5=9DD77EB173C4F605676D53074C1FAF9A -- C:\Users\Patty\AppData\Local\Temp\Temp1_Explorer.zip\explorer.vstemplate

< MD5 for: EXPLORER.ZIP >
[2006/03/08 12:32:40 | 000,020,653 | ---- | M] () MD5=7B60FEB5337E1F2FDFBDCDA176E7D1FB -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\3082\Explorer.zip

< MD5 for: IEXPLORE.EXE >
[2012/05/17 18:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=0129BB16161C2FD9A6B19111AB047198 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16446_none_5898f8e3ebb5c47b\iexplore.exe
[2008/04/24 23:22:36 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=07ED775D6DB4BFA96D7CFB09EB228418 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16681_none_2d26424d1d17e8b7\iexplore.exe
[2009/01/14 23:14:36 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=0844F5B9CB3BB85A917D347EF1565B6C -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_2d84c7c91ccfce35\iexplore.exe
[2008/07/19 10:37:09 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=182CAF7403705ACCB51211A761080B8F -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\iexplore.exe
[2009/11/21 01:42:38 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=1B6362BB14FCEB9E76BCF9A953B04788 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18865_none_120f459f2ff7e1f8\iexplore.exe
[2010/02/23 10:06:13 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=25DB705A7DC85C208B3CF2D20F118AA7 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22995_none_127872a6492dd595\iexplore.exe
[2012/05/17 17:59:46 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=268982F1FD671A077C6A2AF41E351436 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20551_none_5912c45104e00183\iexplore.exe
[2009/04/11 01:27:44 | 000,636,080 | ---- | M] (Microsoft Corporation) MD5=2C5168C856455CC43C4B4E1CC1920001 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6002.18005_none_314d791517204c15\iexplore.exe
[2009/08/27 00:23:17 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=2E48756F12C21F46895036AC089AAD97 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18828_none_123d862d2fd4be39\iexplore.exe
[2012/06/02 04:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=34B01BBD8F00B6B9C9248DC4F1E3CD01 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16447_none_5899f92debb4ddd2\iexplore.exe
[2008/07/19 10:35:06 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=3C1B2AD79DBF750A15A8832AF8192DB4 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20663_none_2dc77d9e36238626\iexplore.exe
[2010/01/02 09:58:26 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=3D8DA00B028DEA9517066F1CECBFC4A2 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22973_none_128c11ea491f6b05\iexplore.exe
[2010/05/04 01:32:18 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=48A6109E8DF0365195298CC527B7426A -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23019_none_12d2cb5048e98eab\iexplore.exe
[2010/09/08 01:26:34 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=4A719476A6393B1DCACFEB4F3AC6599C -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23067_none_129abb204913e7b2\iexplore.exe
[2009/07/22 01:04:09 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=4B5AEA50CE77FBA4C2D169622DC9B489 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22903_none_12d7c15e48e6a76e\iexplore.exe
[2008/07/19 10:30:50 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=4C1528C481FFE6E4EFE4BAC7271CE251 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20697_none_2dab0f0236383f55\iexplore.exe
[2008/10/15 23:27:53 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=4CBA2F58668F2D5F3259CBE73E227F25 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20937_none_2debf43c36078f24\iexplore.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2010/11/02 01:03:13 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=5AB037B17F8A87D052F5A88E0D29A3C8 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18999_none_11f2d8e9300c984e\iexplore.exe
[2008/01/19 02:33:12 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=5B92133D3E7FB2644677686305E29E81 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_2f62000919fe80c9\iexplore.exe
[2010/05/04 01:00:35 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=5C9B1062EA7A44E8F6BFDE994B68C7AA -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18928_none_123d88132fd4bb60\iexplore.exe
[2008/07/19 10:30:50 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=7023BC3AF58F0C47856AF147E290D81A -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16575_none_2d35117b1d0c34fb\iexplore.exe
[2010/06/26 01:06:48 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=7420BE0E7D3D1320054F7ACA0594953D -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18943_none_1222e6c92fe9748f\iexplore.exe
[2010/12/18 02:19:44 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=7852371DA9EFBC17B645558E23780EAC -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23111_none_12cacae648f0c11a\iexplore.exe
[2009/08/27 08:31:08 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=7DD482E4A2E3CBB0A72F718C342F5B75 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22918_none_12d1f2e448ea4212\iexplore.exe
[2008/07/19 10:32:49 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=7F2693693511F7ECD2762081F2F19864 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20734_none_2de8ef92360a48d1\iexplore.exe
[2006/11/02 04:45:14 | 000,623,616 | ---- | M] (Microsoft Corporation) MD5=8308F01F27DF839E0010B0F72F855E35 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16386_none_2d2b3e0d1d136ff5\iexplore.exe
[2010/01/02 01:40:20 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=88BD42DAE7CFFEB256CA7145A15E4843 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18882_none_11f6a4e9300acdd5\iexplore.exe
[2011/04/26 21:32:57 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16421_none_58a99749ebaa0de6\iexplore.exe
[2008/07/19 10:32:50 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=9143C721DD6482374EFB35BC35944324 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16609_none_2d84c3fd1ccfd3e7\iexplore.exe
[2010/11/02 02:13:47 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=92A17B0A89D14815AACC62CD190B6CE3 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23091_none_127449a04931a37b\iexplore.exe
[2012/06/28 20:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=93569D46D79F9756ED077156496AFE23 -- C:\Program Files\Internet Explorer\iexplore.exe
[2012/06/28 20:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=93569D46D79F9756ED077156496AFE23 -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16448_none_589af977ebb3f729\iexplore.exe
[2008/07/19 10:37:09 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=9437CA21CD48C9B6BFD6F5AC0143D251 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_2d5382911cf5aba1\iexplore.exe
[2011/02/22 02:18:28 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=9CE5543464432CA73134F170FA2BF823 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23143_none_12ac5bb64907479b\iexplore.exe
[2008/04/24 21:04:08 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=9F1427F203CA078005C9943800929640 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20823_none_2df2c11a360310b0\iexplore.exe
[2010/02/23 01:39:16 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=9F52FBE99C749E3F32C75124F09F1B03 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18904_none_124f26c32fc81e22\iexplore.exe
[2009/03/08 16:09:24 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\iexplore.exe
[2010/12/18 01:28:35 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=B988D7F127B94BD5BF8356FE81B985C4 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19019_none_1249306b2fcbec08\iexplore.exe
[2012/06/02 03:51:58 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=BE967C74B89577B78FB57C061E12B04C -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20553_none_5914c4e504de3431\iexplore.exe
[2011/02/22 01:21:12 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=C1D36A2CBE0CEC4DF593DB1288CF586E -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19048_none_1227c05d2fe52684\iexplore.exe
[2009/07/21 16:53:43 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=C33BD196A0301F9B23D9A003D30ED8B0 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18813_none_124354a72fd12395\iexplore.exe
[2010/09/08 01:02:42 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=D5A730DFDEAE005373E62BC2A866E3BB -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18975_none_120477992ffffb10\iexplore.exe
[2008/10/15 23:42:58 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=D762642A109433EEDCD332B0A9511137 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16764_none_2d3ee4e91d04fa01\iexplore.exe
[2009/11/21 10:05:17 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=E7F8DF50E483D165BB01F367D3519AA7 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22956_none_12a4b2a0490c7f28\iexplore.exe
[2012/06/28 18:35:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=EB4105348272018D096FEB655CD1608C -- C:\Windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.20554_none_5915c52f04dd4d88\iexplore.exe
[2008/07/19 10:35:06 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=EDEE147E416398BB3DD5B0DD4F6F1D32 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16546_none_2d5681891cf2fa7f\iexplore.exe
[2010/06/26 01:52:42 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=F05B3A2C6CB319DD1377AD566CF5ECE5 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23040_none_12a958f24909fe6f\iexplore.exe
[2009/01/14 23:18:47 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=F0B1CA517977BA2FF6DA33F1B966C488 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20996_none_2daa146a36391d73\iexplore.exe

< MD5 for: IEXPLORE.EXE.MUI >
[2011/04/26 21:33:01 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2011/04/26 21:33:01 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.1.8112.16421_en-us_52562cc123574ecd\iexplore.exe.mui
[2006/11/02 10:36:16 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=90B81CFE689FF456504C717E193596E3 -- C:\Windows\winsxs\x86_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_6.0.6000.16386_es-es_3b210dfe58014735\iexplore.exe.mui
[2009/03/08 16:27:11 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Windows\winsxs\x86_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_8.0.6001.18702_en-us_207795706a90d6c1\iexplore.exe.mui
[2011/04/26 21:33:44 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=CF5D2D3D54DE91D2C66796D33E4D6431 -- C:\Program Files\Internet Explorer\es-ES\iexplore.exe.mui
[2011/04/26 21:33:44 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=CF5D2D3D54DE91D2C66796D33E4D6431 -- C:\Windows\winsxs\x86_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.1.8112.16421_es-es_522189a5237e4072\iexplore.exe.mui
[2009/03/08 16:13:38 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=EA808DE2547B585255430B85F82CC1A0 -- C:\Windows\winsxs\x86_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_8.0.6001.18702_es-es_2042f2546ab7c866\iexplore.exe.mui

< MD5 for: SERVICES >
[2006/09/18 16:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 16:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.CNF >
[2003/09/17 18:50:02 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Users\Hector\Documents\My Documents\Mis Webs\Consys\_vti_pvt\services.cnf
[2002/04/04 10:40:04 | 000,000,003 | ---- | M] () MD5=864E46AD77EBE7A312EB11241A5114B6 -- C:\Users\Hector\Documents\My Documents\Mis Webs\miWeb\_vti_pvt\services.cnf
[2003/09/18 12:43:42 | 000,000,020 | ---- | M] () MD5=94F4E64EECBFEF42ADD8E1DFF3C389FC -- C:\Users\Hector\Documents\My Documents\Mis Webs\_vti_pvt\services.cnf

< MD5 for: SERVICES.EXE >
[2008/01/19 02:33:28 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2006/11/02 04:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 10:35:37 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=5D403ABBB21AFE941296CA659BA6134E -- C:\Windows\System32\es-ES\services.exe.mui
[2006/11/02 10:35:37 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=5D403ABBB21AFE941296CA659BA6134E -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_es-es_6791e1ff29310e92\services.exe.mui

< MD5 for: SERVICES.HTM >
[2003/10/02 17:43:04 | 000,001,608 | ---- | M] () MD5=56C7737F0E6B742DD7B58FCA30366976 -- C:\Users\Hector\Documents\My Documents\Mis Webs\Consys\_vti_cnf\services.htm
[2003/10/02 17:43:04 | 000,008,884 | ---- | M] () MD5=8F2FAB1967A9BCEF3429648C725E32E0 -- C:\Users\Hector\Documents\My Documents\Mis Webs\Consys\services.htm
[2002/04/04 10:46:20 | 000,001,464 | ---- | M] () MD5=D30257A5EBCEFE0100AC8B9D193BDEFD -- C:\Users\Hector\Documents\My Documents\Mis Webs\miWeb\_vti_cnf\services.htm
[2002/04/04 10:46:18 | 000,004,737 | ---- | M] () MD5=DC7C7E96C75CFE5AD55D2B85A2332C03 -- C:\Users\Hector\Documents\My Documents\Mis Webs\miWeb\services.htm

< MD5 for: SERVICES.HTM_CMP_CANVAS000_BNR.GIF >
[2002/04/04 10:46:20 | 000,000,307 | ---- | M] () MD5=A04DDAEB3F7E56D07312CBCB3769FBB8 -- C:\Users\Hector\Documents\My Documents\Mis Webs\miWeb\_derived\_vti_cnf\services.htm_cmp_canvas000_bnr.gif
[2002/04/04 10:46:20 | 000,002,380 | ---- | M] () MD5=B45E9192EB936B8549409BB74A114036 -- C:\Users\Hector\Documents\My Documents\Mis Webs\miWeb\_derived\services.htm_cmp_canvas000_bnr.gif

< MD5 for: SERVICES.HTM_CMP_CANVAS000_HBTN.GIF >
[2002/04/04 10:46:18 | 000,001,900 | ---- | M] () MD5=5FB9D66E7B4B17975C5E5EDB251C15EB -- C:\Users\Hector\Documents\My Documents\Mis Webs\miWeb\_derived\services.htm_cmp_canvas000_hbtn.gif
[2002/04/04 10:46:18 | 000,000,307 | ---- | M] () MD5=6B212B2C704B8324D9C3FA89D16E6D68 -- C:\Users\Hector\Documents\My Documents\Mis Webs\miWeb\_derived\_vti_cnf\services.htm_cmp_canvas000_hbtn.gif

< MD5 for: SERVICES.HTM_CMP_CANVAS000_HBTN_P.GIF >
[2002/04/04 10:46:20 | 000,001,705 | ---- | M] () MD5=50B50F2EB047E952FBE59D707E2B7A05 -- C:\Users\Hector\Documents\My Documents\Mis Webs\miWeb\_derived\services.htm_cmp_canvas000_hbtn_p.gif
[2002/04/04 10:46:20 | 000,000,307 | ---- | M] () MD5=A04DDAEB3F7E56D07312CBCB3769FBB8 -- C:\Users\Hector\Documents\My Documents\Mis Webs\miWeb\_derived\_vti_cnf\services.htm_cmp_canvas000_hbtn_p.gif

< MD5 for: SERVICES.HTM_CMP_CANVAS000_VBTN.GIF >
[2002/04/04 10:46:18 | 000,001,328 | ---- | M] () MD5=406BB7F98CB2D2CF4942D013BD5C4F3D -- C:\Users\Hector\Documents\My Documents\Mis Webs\miWeb\_derived\services.htm_cmp_canvas000_vbtn.gif
[2002/04/04 10:46:18 | 000,000,307 | ---- | M] () MD5=6B212B2C704B8324D9C3FA89D16E6D68 -- C:\Users\Hector\Documents\My Documents\Mis Webs\miWeb\_derived\_vti_cnf\services.htm_cmp_canvas000_vbtn.gif

< MD5 for: SERVICES.HTM_CMP_CLEARDAY000_BNR.GIF >
[2003/09/17 18:56:44 | 000,003,006 | ---- | M] () MD5=72620A610DC54D232EE3115D932CECCB -- C:\Users\Hector\Documents\My Documents\Mis Webs\Consys\_derived\services.htm_cmp_clearday000_bnr.gif
[2003/09/17 18:56:44 | 000,000,319 | ---- | M] () MD5=FF63AD95B28CAAA1ABA1EB169EE0EC8A -- C:\Users\Hector\Documents\My Documents\Mis Webs\Consys\_derived\_vti_cnf\services.htm_cmp_clearday000_bnr.gif

< MD5 for: SERVICES.HTM_CMP_CLEARDAY000_HBTN.GIF >
[2003/09/17 18:56:44 | 000,000,809 | ---- | M] () MD5=3212AE4693B750523B8B870A6AEACD18 -- C:\Users\Hector\Documents\My Documents\Mis Webs\Consys\_derived\services.htm_cmp_clearday000_hbtn.gif
[2003/09/17 18:56:44 | 000,000,319 | ---- | M] () MD5=FF63AD95B28CAAA1ABA1EB169EE0EC8A -- C:\Users\Hector\Documents\My Documents\Mis Webs\Consys\_derived\_vti_cnf\services.htm_cmp_clearday000_hbtn.gif

< MD5 for: SERVICES.HTM_CMP_CLEARDAY000_HBTN_P.GIF >
[2003/09/17 18:56:44 | 000,000,914 | ---- | M] () MD5=DB442E9E519EBE91C47081811A0C4C89 -- C:\Users\Hector\Documents\My Documents\Mis Webs\Consys\_derived\services.htm_cmp_clearday000_hbtn_p.gif
[2003/09/17 18:56:44 | 000,000,319 | ---- | M] () MD5=FF63AD95B28CAAA1ABA1EB169EE0EC8A -- C:\Users\Hector\Documents\My Documents\Mis Webs\Consys\_derived\_vti_cnf\services.htm_cmp_clearday000_hbtn_p.gif

< MD5 for: SERVICES.HTM_CMP_CLEARDAY000_VBTN.GIF >
[2003/09/17 18:56:44 | 000,000,809 | ---- | M] () MD5=AE6FD95F06AAB1D5994549CCC83EECFB -- C:\Users\Hector\Documents\My Documents\Mis Webs\Consys\_derived\services.htm_cmp_clearday000_vbtn.gif
[2003/09/17 18:56:44 | 000,000,319 | ---- | M] () MD5=FF63AD95B28CAAA1ABA1EB169EE0EC8A -- C:\Users\Hector\Documents\My Documents\Mis Webs\Consys\_derived\_vti_cnf\services.htm_cmp_clearday000_vbtn.gif

< MD5 for: SERVICES.HTM_NAV_CANVAS000_BNR.GIF >
[2002/04/04 10:46:20 | 000,000,425 | ---- | M] () MD5=181BD77746538A503F422AF8C75AC69E -- C:\Users\Hector\Documents\My Documents\Mis Webs\miWeb\_overlay\_vti_cnf\services.htm_nav_canvas000_bnr.gif
[2002/04/04 10:46:20 | 000,000,374 | ---- | M] () MD5=34B524F1EFF35BCFC573C4FB8FF14713 -- C:\Users\Hector\Documents\My Documents\Mis Webs\miWeb\_overlay\services.htm_nav_canvas000_bnr.gif

< MD5 for: SERVICES.HTM_NAV_CANVAS000_HBTN.GIF >
[2002/04/04 10:46:20 | 000,000,138 | ---- | M] () MD5=37899402463C5DC229F65DD830CA3440 -- C:\Users\Hector\Documents\My Documents\Mis Webs\miWeb\_overlay\services.htm_nav_canvas000_hbtn.gif
[2002/04/04 10:46:20 | 000,000,425 | ---- | M] () MD5=D10E3B90BCC4197F821E1BB455929706 -- C:\Users\Hector\Documents\My Documents\Mis Webs\miWeb\_overlay\_vti_cnf\services.htm_nav_canvas000_hbtn.gif

< MD5 for: SERVICES.HTM_NAV_CANVAS000_VBTN.GIF >
[2002/04/04 10:46:20 | 000,000,138 | ---- | M] () MD5=37899402463C5DC229F65DD830CA3440 -- C:\Users\Hector\Documents\My Documents\Mis Webs\miWeb\_overlay\services.htm_nav_canvas000_vbtn.gif
[2002/04/04 10:46:20 | 000,000,425 | ---- | M] () MD5=D10E3B90BCC4197F821E1BB455929706 -- C:\Users\Hector\Documents\My Documents\Mis Webs\miWeb\_overlay\_vti_cnf\services.htm_nav_canvas000_vbtn.gif

< MD5 for: SERVICES.HTM_NAV_CLEARDAY000_BNR.GIF >
[2003/09/17 18:56:44 | 000,000,437 | ---- | M] () MD5=CF259C648E22C08189DFE1323B21C9A8 -- C:\Users\Hector\Documents\My Documents\Mis Webs\Consys\_overlay\_vti_cnf\services.htm_nav_clearday000_bnr.gif
[2003/09/17 18:56:44 | 000,000,405 | ---- | M] () MD5=F5A82329A3F2C41667E5E1940D94F019 -- C:\Users\Hector\Documents\My Documents\Mis Webs\Consys\_overlay\services.htm_nav_clearday000_bnr.gif

< MD5 for: SERVICES.HTM_NAV_CLEARDAY000_HBTN.GIF >
[2003/09/17 18:56:44 | 000,000,135 | ---- | M] () MD5=8E49EEEEF84732F36C2A298F62AA91F7 -- C:\Users\Hector\Documents\My Documents\Mis Webs\Consys\_overlay\services.htm_nav_clearday000_hbtn.gif
[2003/09/17 18:56:44 | 000,000,437 | ---- | M] () MD5=F7361C914B61FC65AEEFCF11CD14D17B -- C:\Users\Hector\Documents\My Documents\Mis Webs\Consys\_overlay\_vti_cnf\services.htm_nav_clearday000_hbtn.gif

< MD5 for: SERVICES.HTM_NAV_CLEARDAY000_VBTN.GIF >
[2003/09/17 18:56:44 | 000,000,135 | ---- | M] () MD5=8E49EEEEF84732F36C2A298F62AA91F7 -- C:\Users\Hector\Documents\My Documents\Mis Webs\Consys\_overlay\services.htm_nav_clearday000_vbtn.gif
[2003/09/17 18:56:44 | 000,000,437 | ---- | M] () MD5=F7361C914B61FC65AEEFCF11CD14D17B -- C:\Users\Hector\Documents\My Documents\Mis Webs\Consys\_overlay\_vti_cnf\services.htm_nav_clearday000_vbtn.gif

< MD5 for: SERVICES.LNK >
[2008/07/28 23:42:59 | 000,001,688 | ---- | M] () MD5=8B1410D68DE51D9ED42AAFE7757E05E2 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/07/28 23:42:59 | 000,001,688 | ---- | M] () MD5=8B1410D68DE51D9ED42AAFE7757E05E2 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.mof
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/09/18 16:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/09/18 16:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6000.16386_none_cd2d20a848cfd40f\services.msc
[2006/09/18 16:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc
[2006/11/02 10:37:27 | 000,092,751 | ---- | M] () MD5=C7B99872B5170E37AF24905BEE772844 -- C:\Windows\System32\es-ES\services.msc
[2006/11/02 10:37:27 | 000,092,751 | ---- | M] () MD5=C7B99872B5170E37AF24905BEE772844 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_es-es_a1d3b1eaff9aa885\services.msc

< MD5 for: SERVICES.PNG >
[2012/08/17 16:27:50 | 000,001,509 | ---- | M] () MD5=F4EC3ABEAE15FA9BB42D721E9D543F44 -- C:\Program Files\Dell Support Center\Images\icons\png\24_24\services.png

< MD5 for: SERVICES.RDB >
[2011/01/17 20:15:14 | 000,237,568 | ---- | M] () MD5=507957679AE4579C15D57FA741EA6FFA -- C:\Program Files\OpenOffice.org 3\URE\misc\services.rdb
[2011/01/17 20:14:46 | 005,539,328 | ---- | M] () MD5=F2B666905F7FDAA80C86A101A7DE62F9 -- C:\Program Files\OpenOffice.org 3\Basis\program\services.rdb

< MD5 for: WINLOGON.EXE >
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 04:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 02:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WINLOGON.EXE.MUI >
[2009/04/11 01:27:21 | 000,032,768 | ---- | M] (Microsoft Corporation) MD5=6D75C5F6A901F57359FA5206266A8FF6 -- C:\Windows\System32\es-ES\winlogon.exe.mui
[2009/04/11 01:27:21 | 000,032,768 | ---- | M] (Microsoft Corporation) MD5=6D75C5F6A901F57359FA5206266A8FF6 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6002.18005_es-es_ccaf677b015f2f2b\winlogon.exe.mui
[2008/01/19 02:36:16 | 000,032,768 | ---- | M] (Microsoft Corporation) MD5=BF624F1AA6FBA598AD57E97CE001AADB -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6001.18000_es-es_cac3ee6f043d63df\winlogon.exe.mui
[2006/11/02 10:35:26 | 000,032,768 | ---- | M] (Microsoft Corporation) MD5=ECF03BD3967070C496A7E6ADE316797D -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6000.16386_es-es_c88d2c730752530b\winlogon.exe.mui

< MD5 for: WINLOGON.MOF >
[2006/09/18 16:41:56 | 000,002,794 | ---- | M] () MD5=545C578F290B9CDD280966939935B9EA -- C:\Windows\System32\wbem\winlogon.mof
[2006/09/18 16:41:56 | 000,002,794 | ---- | M] () MD5=545C578F290B9CDD280966939935B9EA -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.0.6000.16386_none_7e0207d478fccc94\winlogon.mof

< %SYSTEMDRIVE%\*.* >
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2010/07/16 18:20:41 | 000,001,605 | ---- | M] () -- C:\CD3rdPartyWrapper.log
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/07/19 10:46:28 | 000,004,355 | RH-- | M] () -- C:\dell.sdr
[2010/03/26 20:24:24 | 000,000,045 | ---- | M] () -- C:\error.log
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2012/09/13 08:17:29 | 2136,133,632 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2012/09/13 08:17:27 | 2449,948,672 | -HS- | M] () -- C:\pagefile.sys
[2012/08/29 09:26:32 | 000,128,332 | ---- | M] () -- C:\TDSSKiller.2.8.8.0_29.08.2012_09.24.59_log.txt
[2009/03/01 16:29:12 | 000,000,026 | ---- | M] () -- C:\UpdaterforApp.ini
[2007/11/07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\Fonts\*.com >
[2006/11/02 07:35:34 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:35:34 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:35:34 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/08/21 17:12:02 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/05/13 15:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/07/28 23:43:35 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/04/26 21:58:14 | 000,000,574 | -HS- | M] () -- C:\Users\Hector\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-09-12 14:48:47

========== Alternate Data Streams ==========

@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:466F9D5D
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:8331D35A
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:EBC2DB92

< End of report >

And here is the TDSkiller report just in case is needed:
09:12:53.0270 5808 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
09:12:54.0210 5808 ============================================================
09:12:54.0210 5808 Current date / time: 2012/09/13 09:12:54.0210
09:12:54.0210 5808 SystemInfo:
09:12:54.0210 5808
09:12:54.0210 5808 OS Version: 6.0.6002 ServicePack: 2.0
09:12:54.0210 5808 Product type: Workstation
09:12:54.0210 5808 ComputerName: CORREAH
09:12:54.0210 5808 UserName: Hector
09:12:54.0210 5808 Windows directory: C:\Windows
09:12:54.0210 5808 System windows directory: C:\Windows
09:12:54.0210 5808 Processor architecture: Intel x86
09:12:54.0210 5808 Number of processors: 2
09:12:54.0210 5808 Page size: 0x1000
09:12:54.0210 5808 Boot type: Normal boot
09:12:54.0210 5808 ============================================================
09:12:55.0886 5808 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:12:55.0886 5808 ============================================================
09:12:55.0886 5808 \Device\Harddisk0\DR0:
09:12:55.0886 5808 MBR partitions:
09:12:55.0886 5808 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1400000
09:12:55.0886 5808 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x141B800, BlocksNum 0x1BD8D000
09:12:55.0886 5808 ============================================================
09:12:55.0917 5808 C: <-> \Device\Harddisk0\DR0\Partition2
09:12:55.0995 5808 D: <-> \Device\Harddisk0\DR0\Partition1
09:12:55.0995 5808 ============================================================
09:12:55.0995 5808 Initialize success
09:12:55.0995 5808 ============================================================
09:14:29.0503 5296 ============================================================
09:14:29.0503 5296 Scan started
09:14:29.0503 5296 Mode: Manual;
09:14:29.0503 5296 ============================================================
09:14:34.0598 5296 ================ Scan system memory ========================
09:14:34.0598 5296 System memory - ok
09:14:34.0598 5296 ================ Scan services =============================
09:14:35.0502 5296 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
09:14:35.0515 5296 ACDaemon - ok
09:14:39.0114 5296 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
09:14:39.0246 5296 ACPI - ok
09:14:39.0362 5296 [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
09:14:39.0462 5296 Adobe LM Service - ok
09:14:39.0710 5296 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:14:39.0783 5296 AdobeFlashPlayerUpdateSvc - ok
09:14:40.0073 5296 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
09:14:40.0489 5296 adp94xx - ok
09:14:40.0639 5296 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
09:14:40.0898 5296 adpahci - ok
09:14:41.0058 5296 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
09:14:41.0130 5296 adpu160m - ok
09:14:41.0202 5296 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
09:14:41.0391 5296 adpu320 - ok
09:14:41.0534 5296 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:14:41.0557 5296 AeLookupSvc - ok
09:14:41.0624 5296 [ A7B8A3A79D35215D798A300DF49ED23F ] Afc C:\Windows\system32\drivers\Afc.sys
09:14:41.0721 5296 Afc - ok
09:14:42.0065 5296 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
09:14:42.0213 5296 AFD - ok
09:14:42.0327 5296 [ 8B10CE1C1F9F1D47E4DEB1A547A00CD4 ] agp440 C:\Windows\system32\drivers\agp440.sys
09:14:42.0328 5296 agp440 - ok
09:14:42.0396 5296 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
09:14:42.0424 5296 aic78xx - ok
09:14:42.0489 5296 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
09:14:42.0525 5296 ALG - ok
09:14:42.0559 5296 [ E32A92E1574A467F7C762922F6162D76 ] aliide C:\Windows\system32\drivers\aliide.sys
09:14:42.0585 5296 aliide - ok
09:14:42.0673 5296 [ 848F27E5B27C1C253F6CEFDC1A5D8F21 ] amdagp C:\Windows\system32\drivers\amdagp.sys
09:14:42.0690 5296 amdagp - ok
09:14:42.0720 5296 [ B52B576CB0099A62F87214F371031561 ] amdide C:\Windows\system32\drivers\amdide.sys
09:14:42.0727 5296 amdide - ok
09:14:42.0766 5296 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
09:14:42.0776 5296 AmdK7 - ok
09:14:42.0837 5296 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
09:14:42.0839 5296 AmdK8 - ok
09:14:42.0978 5296 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
09:14:42.0981 5296 Appinfo - ok
09:14:43.0526 5296 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:14:43.0535 5296 Apple Mobile Device - ok
09:14:43.0567 5296 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
09:14:43.0578 5296 arc - ok
09:14:43.0643 5296 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
09:14:43.0648 5296 arcsas - ok
09:14:44.0042 5296 [ 40C145F12FF461A0220303BDA134F598 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
09:14:44.0053 5296 aspnet_state - ok
09:14:44.0176 5296 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:14:44.0211 5296 AsyncMac - ok
09:14:44.0310 5296 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
09:14:44.0311 5296 atapi - ok
09:14:44.0553 5296 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:14:44.0587 5296 AudioEndpointBuilder - ok
09:14:44.0644 5296 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
09:14:44.0647 5296 Audiosrv - ok
09:14:44.0917 5296 [ C46BA2C177DF0B84F9C0BFC1E4574DC7 ] Avgfwfd C:\Windows\system32\DRIVERS\avgfwd6x.sys
09:14:45.0084 5296 Avgfwfd - ok
09:14:45.0851 5296 [ BD5D11CEDBCDE4FA97D2387E7069B1FF ] avgfws C:\Program Files\AVG\AVG2012\avgfws.exe
09:14:46.0849 5296 avgfws - ok
09:14:48.0232 5296 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files\AVG\AVG2012\avgidsagent.exe
09:14:50.0680 5296 AVGIDSAgent - ok
09:14:50.0757 5296 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
09:14:50.0760 5296 AVGIDSDriver - ok
09:14:50.0811 5296 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfilterx.sys
09:14:50.0813 5296 AVGIDSFilter - ok
09:14:50.0864 5296 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
09:14:50.0866 5296 AVGIDSHX - ok
09:14:50.0912 5296 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
09:14:50.0916 5296 AVGIDSShim - ok
09:14:51.0006 5296 [ DCB09125C8B4766A88C86914B65487C1 ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
09:14:51.0030 5296 Avgldx86 - ok
09:14:51.0088 5296 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
09:14:51.0096 5296 Avgmfx86 - ok
09:14:51.0170 5296 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
09:14:51.0176 5296 Avgrkx86 - ok
09:14:51.0295 5296 [ C0BC3B2E3FD625E7F55E1FF863E94592 ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
09:14:51.0375 5296 Avgtdix - ok
09:14:51.0498 5296 [ 6F76908F065C3C151C4BFCA7DFD86979 ] avgtp C:\Windows\system32\drivers\avgtpx86.sys
09:14:51.0512 5296 avgtp - ok
09:14:51.0581 5296 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
09:14:51.0610 5296 avgwd - ok
09:14:51.0725 5296 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
09:14:51.0737 5296 Beep - ok
09:14:51.0967 5296 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
09:14:52.0172 5296 BFE - ok
09:14:52.0432 5296 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
09:14:53.0022 5296 BITS - ok
09:14:53.0029 5296 blbdrive - ok
09:14:53.0437 5296 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:14:53.0760 5296 Bonjour Service - ok
09:14:53.0826 5296 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:14:53.0843 5296 bowser - ok
09:14:53.0924 5296 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
09:14:53.0943 5296 BrFiltLo - ok
09:14:53.0964 5296 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
09:14:53.0980 5296 BrFiltUp - ok
09:14:54.0053 5296 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
09:14:54.0079 5296 Browser - ok
09:14:54.0143 5296 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
09:14:54.0175 5296 Brserid - ok
09:14:54.0224 5296 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
09:14:54.0234 5296 BrSerWdm - ok
09:14:54.0293 5296 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
09:14:54.0313 5296 BrUsbMdm - ok
09:14:54.0348 5296 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
09:14:54.0355 5296 BrUsbSer - ok
09:14:54.0427 5296 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
09:14:54.0444 5296 BTHMODEM - ok
09:14:54.0569 5296 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:14:54.0595 5296 cdfs - ok
09:14:54.0661 5296 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:14:54.0752 5296 cdrom - ok
09:14:54.0910 5296 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
09:14:54.0952 5296 CertPropSvc - ok
09:14:55.0017 5296 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
09:14:55.0036 5296 circlass - ok
09:14:55.0225 5296 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
09:14:55.0383 5296 CLFS - ok
09:14:55.0701 5296 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:14:55.0724 5296 clr_optimization_v2.0.50727_32 - ok
09:14:56.0279 5296 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:14:56.0309 5296 clr_optimization_v4.0.30319_32 - ok
09:14:56.0340 5296 [ C177DD90B5DC1DCAA96CCECE752E6F0F ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:14:56.0343 5296 cmdide - ok
09:14:56.0408 5296 [ 722936AFB75A7F509662B69B5632F48A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
09:14:56.0415 5296 Compbatt - ok
09:14:56.0429 5296 COMSysApp - ok
09:14:59.0897 5296 cpuz134 - ok
09:15:01.0172 5296 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
09:15:01.0186 5296 crcdisk - ok
09:15:01.0291 5296 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
09:15:01.0305 5296 Crusoe - ok
09:15:01.0477 5296 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:15:01.0546 5296 CryptSvc - ok
09:15:01.0722 5296 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
09:15:01.0756 5296 DcomLaunch - ok
09:15:01.0822 5296 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:15:01.0836 5296 DfsC - ok
09:15:02.0131 5296 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
09:15:02.0350 5296 DFSR - ok
09:15:02.0432 5296 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
09:15:02.0456 5296 Dhcp - ok
09:15:02.0546 5296 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
09:15:02.0548 5296 disk - ok
09:15:02.0635 5296 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:15:02.0732 5296 Dnscache - ok
09:15:02.0857 5296 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
09:15:02.0894 5296 dot3svc - ok
09:15:02.0973 5296 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
09:15:03.0001 5296 DPS - ok
09:15:03.0104 5296 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:15:03.0119 5296 drmkaud - ok
09:15:03.0242 5296 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:15:03.0271 5296 DXGKrnl - ok
09:15:03.0402 5296 [ 04944F4FC4F0477185F5D26AE0DDB90E ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
09:15:03.0502 5296 e1express - ok
09:15:03.0594 5296 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
09:15:03.0609 5296 E1G60 - ok
09:15:03.0804 5296 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
09:15:03.0811 5296 EapHost - ok
09:15:03.0959 5296 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
09:15:04.0068 5296 Ecache - ok
09:15:04.0155 5296 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
09:15:04.0177 5296 elxstor - ok
09:15:04.0302 5296 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
09:15:04.0363 5296 EMDMgmt - ok
09:15:04.0476 5296 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
09:15:04.0481 5296 EventSystem - ok
09:15:04.0563 5296 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
09:15:04.0567 5296 exfat - ok
09:15:04.0619 5296 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:15:04.0658 5296 fastfat - ok
09:15:04.0746 5296 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:15:04.0771 5296 fdc - ok
09:15:04.0839 5296 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
09:15:04.0866 5296 fdPHost - ok
09:15:04.0907 5296 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
09:15:04.0936 5296 FDResPub - ok
09:15:05.0067 5296 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:15:05.0098 5296 FileInfo - ok
09:15:05.0138 5296 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:15:05.0148 5296 Filetrace - ok
09:15:05.0209 5296 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:15:05.0225 5296 flpydisk - ok
09:15:05.0312 5296 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:15:05.0377 5296 FltMgr - ok
09:15:05.0501 5296 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
09:15:05.0564 5296 FontCache - ok
09:15:05.0790 5296 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:15:05.0793 5296 FontCache3.0.0.0 - ok
09:15:05.0877 5296 [ D909075FA72C090F27AA926C32CB4612 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
09:15:05.0958 5296 fssfltr - ok
09:15:07.0047 5296 [ 40CDFAD174B3D5E80F95DDA003C0B97F ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
09:15:07.0883 5296 fsssvc - ok
09:15:07.0923 5296 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:15:08.0013 5296 Fs_Rec - ok
09:15:08.0046 5296 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
09:15:08.0099 5296 gagp30kx - ok
09:15:08.0162 5296 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
09:15:08.0196 5296 GEARAspiWDM - ok
09:15:08.0286 5296 [ 007AEA2E06E7CEF7372E40C277163959 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
09:15:08.0346 5296 ggflt - ok
09:15:08.0410 5296 [ C73DE35960CA75C5AB4AE636B127C64E ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys
09:15:08.0421 5296 ggsemc - ok
09:15:08.0653 5296 [ FF0E0E6E5768B82BEAD44BFBCB9BDFE6 ] GoogleDesktopManager-010708-104812 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
09:15:08.0671 5296 GoogleDesktopManager-010708-104812 - ok
09:15:08.0780 5296 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
09:15:08.0795 5296 GoToAssist - ok
09:15:08.0953 5296 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
09:15:09.0041 5296 gpsvc - ok
09:15:09.0629 5296 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
09:15:09.0672 5296 gupdate - ok
09:15:09.0703 5296 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
09:15:09.0704 5296 gupdatem - ok
09:15:09.0941 5296 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
09:15:10.0062 5296 gusvc - ok
09:15:10.0171 5296 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:15:10.0236 5296 HdAudAddService - ok
09:15:10.0294 5296 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
09:15:10.0332 5296 HDAudBus - ok
09:15:10.0390 5296 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
09:15:10.0405 5296 HidBth - ok
09:15:10.0440 5296 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
09:15:10.0450 5296 HidIr - ok
09:15:10.0538 5296 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
09:15:10.0557 5296 hidserv - ok
09:15:10.0656 5296 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:15:10.0665 5296 HidUsb - ok
09:15:10.0741 5296 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:15:10.0779 5296 hkmsvc - ok
09:15:11.0049 5296 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
09:15:11.0061 5296 HpCISSs - ok
09:15:11.0359 5296 [ 53229DCF431D76434816CD29251168A0 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
09:15:11.0711 5296 HSF_DPV - ok
09:15:11.0856 5296 [ ED98350ECD4A5A9C9F1E641C09872BB2 ] HSXHWBS2 C:\Windows\system32\DRIVERS\HSXHWBS2.sys
09:15:11.0863 5296 HSXHWBS2 - ok
09:15:11.0993 5296 [ 0EEECA26C8D4BDE2A4664DB058A81937 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:15:12.0220 5296 HTTP - ok
09:15:12.0279 5296 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
09:15:12.0283 5296 i2omp - ok
09:15:12.0418 5296 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
09:15:12.0440 5296 i8042prt - ok
09:15:12.0626 5296 [ 997E8F5939F2D12CD9F2E6B395724C16 ] iaStor C:\Windows\system32\drivers\iastor.sys
09:15:12.0726 5296 iaStor - ok
09:15:12.0876 5296 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
09:15:13.0212 5296 iaStorV - ok
09:15:13.0593 5296 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
09:15:13.0708 5296 IDriverT - ok
09:15:14.0211 5296 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:15:15.0104 5296 idsvc - ok
09:15:16.0079 5296 [ 9378D57E2B96C0A185D844770AD49948 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
09:15:17.0315 5296 igfx - ok
09:15:17.0346 5296 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
09:15:17.0361 5296 iirsp - ok
09:15:17.0575 5296 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
09:15:17.0892 5296 IKEEXT - ok
09:15:17.0927 5296 IntcAzAudAddService - ok
09:15:18.0018 5296 [ 59B00EFB24EAD979BECF413703BB1FAC ] intelide C:\Windows\system32\DRIVERS\intelide.sys
09:15:18.0048 5296 intelide - ok
09:15:18.0158 5296 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:15:18.0222 5296 intelppm - ok
09:15:18.0303 5296 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:15:18.0333 5296 IPBusEnum - ok
09:15:18.0442 5296 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:15:18.0460 5296 IpFilterDriver - ok
09:15:18.0554 5296 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
09:15:18.0581 5296 iphlpsvc - ok
09:15:18.0650 5296 IpInIp - ok
09:15:18.0753 5296 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
09:15:18.0756 5296 IPMIDRV - ok
09:15:18.0806 5296 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
09:15:18.0829 5296 IPNAT - ok
09:15:19.0175 5296 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:15:19.0459 5296 iPod Service - ok
09:15:19.0486 5296 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:15:19.0489 5296 IRENUM - ok
09:15:19.0650 5296 [ 2F8ECE2699E7E2070545E9B0960A8ED2 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:15:19.0652 5296 isapnp - ok
09:15:19.0791 5296 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
09:15:19.0797 5296 iScsiPrt - ok
09:15:19.0816 5296 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
09:15:19.0823 5296 iteatapi - ok
09:15:19.0853 5296 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
09:15:19.0855 5296 iteraid - ok
09:15:19.0922 5296 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:15:19.0950 5296 kbdclass - ok
09:15:20.0042 5296 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
09:15:20.0055 5296 kbdhid - ok
09:15:20.0118 5296 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
09:15:20.0133 5296 KeyIso - ok
09:15:20.0288 5296 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:15:20.0650 5296 KSecDD - ok
09:15:20.0826 5296 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
09:15:20.0921 5296 KtmRm - ok
09:15:20.0979 5296 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
09:15:21.0016 5296 LanmanServer - ok
09:15:21.0129 5296 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:15:21.0144 5296 LanmanWorkstation - ok
09:15:21.0219 5296 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:15:21.0506 5296 lltdio - ok
09:15:21.0592 5296 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:15:21.0614 5296 lltdsvc - ok
09:15:21.0700 5296 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
09:15:21.0780 5296 lmhosts - ok
09:15:21.0908 5296 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
09:15:22.0006 5296 LSI_FC - ok
09:15:22.0051 5296 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
09:15:22.0101 5296 LSI_SAS - ok
09:15:22.0211 5296 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
09:15:22.0265 5296 LSI_SCSI - ok
09:15:22.0370 5296 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
09:15:22.0456 5296 luafv - ok
09:15:22.0690 5296 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
09:15:22.0732 5296 MBAMProtector - ok
09:15:23.0091 5296 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
09:15:23.0392 5296 MBAMScheduler - ok
09:15:23.0715 5296 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
09:15:24.0131 5296 MBAMService - ok
09:15:24.0753 5296 [ 485405DE203E88B3FE4294A2EA48D7EE ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.271\McCHSvc.exe
09:15:24.0969 5296 McComponentHostService - ok
09:15:25.0200 5296 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
09:15:25.0232 5296 mdmxsdk - ok
09:15:25.0438 5296 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
09:15:25.0474 5296 megasas - ok
09:15:26.0944 5296 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
09:15:26.0973 5296 Microsoft Office Groove Audit Service - ok
09:15:27.0119 5296 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
09:15:27.0162 5296 MMCSS - ok
09:15:27.0280 5296 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
09:15:27.0345 5296 Modem - ok
09:15:27.0528 5296 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:15:27.0632 5296 monitor - ok
09:15:27.0733 5296 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:15:27.0907 5296 mouclass - ok
09:15:27.0956 5296 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:15:27.0979 5296 mouhid - ok
09:15:28.0123 5296 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
09:15:28.0150 5296 MountMgr - ok
09:15:28.0367 5296 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:15:28.0491 5296 MozillaMaintenance - ok
09:15:28.0604 5296 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
09:15:28.0635 5296 mpio - ok
09:15:28.0770 5296 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:15:28.0834 5296 mpsdrv - ok
09:15:29.0104 5296 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
09:15:29.0590 5296 MpsSvc - ok
09:15:29.0669 5296 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
09:15:29.0678 5296 Mraid35x - ok
09:15:29.0750 5296 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:15:29.0769 5296 MRxDAV - ok
09:15:29.0863 5296 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:15:29.0935 5296 mrxsmb - ok
09:15:30.0149 5296 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:15:30.0407 5296 mrxsmb10 - ok
09:15:30.0549 5296 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:15:30.0623 5296 mrxsmb20 - ok
09:15:30.0685 5296 [ 2681302B63B318CBEA6C82902AC5428C ] msahci C:\Windows\system32\drivers\msahci.sys
09:15:30.0706 5296 msahci - ok
09:15:30.0791 5296 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:15:30.0819 5296 msdsm - ok
09:15:30.0913 5296 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
09:15:30.0972 5296 MSDTC - ok
09:15:31.0133 5296 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:15:31.0158 5296 Msfs - ok
09:15:31.0316 5296 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:15:31.0335 5296 msisadrv - ok
09:15:31.0399 5296 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:15:31.0419 5296 MSiSCSI - ok
09:15:31.0428 5296 msiserver - ok
09:15:31.0550 5296 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:15:31.0572 5296 MSKSSRV - ok
09:15:31.0636 5296 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:15:31.0669 5296 MSPCLOCK - ok
09:15:31.0714 5296 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:15:31.0755 5296 MSPQM - ok
09:15:31.0843 5296 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:15:31.0899 5296 MsRPC - ok
09:15:31.0986 5296 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
09:15:32.0014 5296 mssmbios - ok
09:15:32.0105 5296 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:15:32.0136 5296 MSTEE - ok
09:15:32.0195 5296 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
09:15:32.0222 5296 Mup - ok
09:15:32.0328 5296 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
09:15:32.0402 5296 napagent - ok
09:15:32.0523 5296 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:15:32.0554 5296 NativeWifiP - ok
09:15:33.0092 5296 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:15:33.0684 5296 NDIS - ok
09:15:33.0762 5296 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:15:33.0791 5296 NdisTapi - ok
09:15:33.0899 5296 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:15:33.0930 5296 Ndisuio - ok
09:15:34.0072 5296 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:15:34.0109 5296 NdisWan - ok
09:15:34.0221 5296 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:15:34.0245 5296 NDProxy - ok
09:15:34.0333 5296 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:15:34.0355 5296 NetBIOS - ok
09:15:34.0507 5296 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
09:15:34.0566 5296 netbt - ok
09:15:34.0853 5296 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
09:15:34.0856 5296 Netlogon - ok
09:15:34.0955 5296 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
09:15:35.0235 5296 Netman - ok
09:15:35.0426 5296 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
09:15:35.0512 5296 netprofm - ok
09:15:36.0273 5296 [ 51250D5632DDFFEB87546DD17401D61E ] netr28u C:\Windows\system32\DRIVERS\netr28u.sys
09:15:36.0937 5296 netr28u - ok
09:15:37.0810 5296 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:15:37.0899 5296 NetTcpPortSharing - ok
09:15:37.0946 5296 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
09:15:37.0968 5296 nfrd960 - ok
09:15:38.0070 5296 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
09:15:38.0120 5296 NlaSvc - ok
09:15:38.0201 5296 [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF C:\Windows\system32\drivers\npf.sys
09:15:38.0249 5296 NPF - ok
09:15:38.0311 5296 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:15:38.0323 5296 Npfs - ok
09:15:38.0353 5296 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
09:15:38.0365 5296 nsi - ok
09:15:38.0400 5296 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:15:38.0406 5296 nsiproxy - ok
09:15:38.0710 5296 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:15:38.0969 5296 Ntfs - ok
09:15:39.0007 5296 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
09:15:39.0009 5296 ntrigdigi - ok
09:15:39.0040 5296 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
09:15:39.0051 5296 Null - ok
09:15:39.0099 5296 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:15:39.0124 5296 nvraid - ok
09:15:39.0144 5296 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:15:39.0167 5296 nvstor - ok
09:15:39.0208 5296 [ 055081FD5076401C1EE1BCAB08D81911 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:15:39.0250 5296 nv_agp - ok
09:15:39.0255 5296 NwlnkFlt - ok
09:15:39.0263 5296 NwlnkFwd - ok
09:15:39.0548 5296 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:15:39.0685 5296 odserv - ok
09:15:39.0729 5296 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:15:39.0768 5296 ohci1394 - ok
09:15:39.0910 5296 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:15:40.0022 5296 ose - ok
09:15:40.0212 5296 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
09:15:40.0512 5296 p2pimsvc - ok
09:15:40.0562 5296 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
09:15:40.0573 5296 p2psvc - ok
09:15:40.0627 5296 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
09:15:40.0674 5296 Parport - ok
09:15:40.0723 5296 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:15:40.0735 5296 partmgr - ok
09:15:40.0789 5296 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
09:15:40.0817 5296 Parvdm - ok
09:15:41.0064 5296 [ 3ADB8BD6154A3EF87496E8FCE9C22493 ] pavboot C:\Windows\system32\drivers\pavboot.sys
09:15:41.0090 5296 pavboot - ok
09:15:41.0158 5296 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
09:15:41.0186 5296 PcaSvc - ok
09:15:41.0312 5296 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
09:15:41.0391 5296 pci - ok
09:15:41.0529 5296 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
09:15:41.0541 5296 pciide - ok
09:15:41.0608 5296 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
09:15:41.0669 5296 pcmcia - ok
09:15:41.0827 5296 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:15:42.0374 5296 PEAUTH - ok
09:15:42.0673 5296 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
09:15:43.0321 5296 pla - ok
09:15:43.0500 5296 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:15:43.0586 5296 PlugPlay - ok
09:15:43.0710 5296 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
09:15:43.0721 5296 PNRPAutoReg - ok
09:15:43.0815 5296 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
09:15:43.0826 5296 PNRPsvc - ok
09:15:44.0009 5296 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:15:44.0124 5296 PolicyAgent - ok
09:15:44.0208 5296 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:15:44.0251 5296 PptpMiniport - ok
09:15:44.0327 5296 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
09:15:44.0357 5296 Processor - ok
09:15:44.0460 5296 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
09:15:44.0521 5296 ProfSvc - ok
09:15:44.0539 5296 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
09:15:44.0542 5296 ProtectedStorage - ok
09:15:44.0659 5296 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
09:15:44.0707 5296 PSched - ok
09:15:44.0801 5296 [ 03E0FE281823BA64B3782F5B38950E73 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
09:15:44.0881 5296 PxHelp20 - ok
09:15:45.0233 5296 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
09:15:45.0801 5296 ql2300 - ok
09:15:45.0900 5296 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
09:15:45.0922 5296 ql40xx - ok
09:15:46.0034 5296 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
09:15:46.0157 5296 QWAVE - ok
09:15:46.0352 5296 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:15:46.0373 5296 QWAVEdrv - ok
09:15:47.0438 5296 [ E642B131FB74CAF4BB8A014F31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
09:15:49.0088 5296 R300 - ok
09:15:49.0125 5296 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:15:49.0148 5296 RasAcd - ok
09:15:49.0203 5296 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
09:15:49.0247 5296 RasAuto - ok
09:15:49.0342 5296 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:15:49.0356 5296 Rasl2tp - ok
09:15:49.0489 5296 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
09:15:49.0593 5296 RasMan - ok
09:15:49.0685 5296 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:15:49.0714 5296 RasPppoe - ok
09:15:49.0807 5296 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:15:49.0849 5296 RasSstp - ok
09:15:50.0011 5296 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:15:50.0092 5296 rdbss - ok
09:15:50.0157 5296 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:15:50.0172 5296 RDPCDD - ok
09:15:50.0214 5296 [ 0245418224CFA77BF4B41C2FE0622258 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
09:15:50.0284 5296 rdpdr - ok
09:15:50.0315 5296 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:15:50.0341 5296 RDPENCDD - ok
09:15:50.0442 5296 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:15:50.0516 5296 RDPWD - ok
09:15:50.0586 5296 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
09:15:50.0619 5296 RemoteAccess - ok
09:15:50.0686 5296 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:15:50.0712 5296 RemoteRegistry - ok
09:15:50.0794 5296 [ F17713D108ACA124A139FDE877EEF68A ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys
09:15:50.0817 5296 RimUsb - ok
09:15:50.0864 5296 [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial.sys
09:15:50.0895 5296 RimVSerPort - ok
09:15:51.0009 5296 [ 75E8A6BFA7374ABA833AE92BF41AE4E6 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
09:15:51.0037 5296 ROOTMODEM - ok
09:15:51.0244 5296 [ AFD61A7C48A3E15C86A6FADF0B69A2E4 ] Roxio UPnP Renderer 9 C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
09:15:51.0295 5296 Roxio UPnP Renderer 9 - ok
09:15:51.0382 5296 [ EFBB36E2BB02169D26E9980778FC20D3 ] Roxio Upnp Server 9 C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
09:15:51.0584 5296 Roxio Upnp Server 9 - ok
09:15:51.0953 5296 [ 78E680A105F47B6AA0003BD23ED9FA51 ] RoxLiveShare9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
09:15:52.0150 5296 RoxLiveShare9 - ok
09:15:52.0714 5296 [ 9D5C024170C376D7CC66ED853FDA9068 ] RoxMediaDB9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
09:15:53.0470 5296 RoxMediaDB9 - ok
09:15:53.0579 5296 [ 87F175539DBBA297018AA7FCDD563FF7 ] RoxWatch9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
09:15:53.0594 5296 RoxWatch9 - ok
09:15:53.0626 5296 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe
09:15:53.0719 5296 rpcapd - ok
09:15:53.0782 5296 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
09:15:53.0813 5296 RpcLocator - ok
09:15:54.0031 5296 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
09:15:54.0031 5296 RpcSs - ok
09:15:54.0218 5296 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:15:54.0265 5296 rspndr - ok
09:15:54.0671 5296 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
09:15:54.0671 5296 SamSs - ok
09:15:54.0796 5296 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:15:54.0858 5296 sbp2port - ok
09:15:55.0123 5296 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:15:55.0237 5296 SCardSvr - ok
09:15:55.0507 5296 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
09:15:56.0045 5296 Schedule - ok
09:15:56.0107 5296 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
09:15:56.0107 5296 SCPolicySvc - ok
09:15:56.0232 5296 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:15:56.0326 5296 SDRSVC - ok
09:15:56.0856 5296 [ 16A252022535B680046F6E34E136D378 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
09:15:56.0934 5296 SeaPort - ok
09:15:56.0950 5296 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:15:56.0965 5296 secdrv - ok
09:15:57.0028 5296 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
09:15:57.0059 5296 seclogon - ok
09:15:57.0293 5296 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
09:15:57.0324 5296 SENS - ok
09:15:57.0386 5296 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
09:15:57.0418 5296 Serenum - ok
09:15:57.0464 5296 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
09:15:57.0511 5296 Serial - ok
09:15:57.0558 5296 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
09:15:57.0574 5296 sermouse - ok
09:15:57.0667 5296 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
09:15:57.0714 5296 SessionEnv - ok
09:15:57.0808 5296 [ 51CF56AA8BCC241F134B420B8F850406 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:15:57.0870 5296 sffdisk - ok
09:15:57.0901 5296 [ 96DED8B20C734AC41641CE275250E55D ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:15:57.0948 5296 sffp_mmc - ok
09:15:57.0995 5296 [ 8B08CAB1267B2C377883FC9E56981F90 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:15:58.0026 5296 sffp_sd - ok
09:15:58.0073 5296 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
09:15:58.0104 5296 sfloppy - ok
09:15:58.0213 5296 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
09:15:58.0416 5296 SharedAccess - ok
09:15:58.0556 5296 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:15:58.0603 5296 ShellHWDetection - ok
09:15:58.0712 5296 [ 08072B2FB92477FC813271A84B3A8698 ] sisagp C:\Windows\system32\drivers\sisagp.sys
09:15:58.0728 5296 sisagp - ok
09:15:58.0759 5296 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
09:15:58.0775 5296 SiSRaid2 - ok
09:15:58.0806 5296 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
09:15:58.0837 5296 SiSRaid4 - ok
09:15:59.0165 5296 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
09:15:59.0165 5296 SkypeUpdate - ok
09:16:00.0259 5296 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
09:16:02.0225 5296 slsvc - ok
09:16:02.0250 5296 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
09:16:02.0287 5296 SLUINotify - ok
09:16:02.0397 5296 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:16:02.0489 5296 Smb - ok
09:16:02.0837 5296 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:16:02.0902 5296 SNMPTRAP - ok
09:16:03.0028 5296 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
09:16:03.0067 5296 spldr - ok
09:16:03.0156 5296 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
09:16:03.0222 5296 Spooler - ok
09:16:04.0561 5296 sprtsvc_dellsupportcenter - ok
09:16:04.0855 5296 [ 73205BD9A388639C210636793FE3FD61 ] sptd C:\Windows\system32\Drivers\sptd.sys
09:16:04.0856 5296 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 73205BD9A388639C210636793FE3FD61
09:16:04.0859 5296 sptd ( LockedFile.Multi.Generic ) - warning
09:16:04.0859 5296 sptd - detected LockedFile.Multi.Generic (1)
09:16:04.0974 5296 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
09:16:04.0993 5296 srv - ok
09:16:05.0087 5296 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:16:05.0223 5296 srv2 - ok
09:16:05.0302 5296 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:16:05.0340 5296 srvnet - ok
09:16:05.0437 5296 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:16:05.0499 5296 SSDPSRV - ok
09:16:05.0597 5296 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:16:05.0649 5296 SstpSvc - ok
09:16:05.0884 5296 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
09:16:06.0109 5296 stisvc - ok
09:16:06.0307 5296 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
09:16:06.0325 5296 stllssvr - ok
09:16:06.0420 5296 [ B427200207110E4C38EF3D616C0244F5 ] Stlth317 C:\Windows\system32\DRIVERS\stlth317.sys
09:16:06.0479 5296 Stlth317 - ok
09:16:06.0509 5296 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
09:16:06.0527 5296 swenum - ok
09:16:06.0639 5296 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
09:16:06.0785 5296 swprv - ok
09:16:06.0828 5296 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
09:16:06.0856 5296 Symc8xx - ok
09:16:06.0884 5296 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
09:16:06.0919 5296 Sym_hi - ok
09:16:06.0990 5296 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
09:16:07.0017 5296 Sym_u3 - ok
09:16:07.0192 5296 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
09:16:07.0310 5296 SysMain - ok
09:16:07.0355 5296 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:16:07.0377 5296 TabletInputService - ok
09:16:07.0492 5296 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
09:16:07.0587 5296 TapiSrv - ok
09:16:07.0627 5296 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
09:16:07.0656 5296 TBS - ok
09:16:08.0027 5296 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:16:08.0565 5296 Tcpip - ok
09:16:08.0737 5296 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
09:16:08.0744 5296 Tcpip6 - ok
09:16:08.0826 5296 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:16:08.0866 5296 tcpipreg - ok
09:16:09.0001 5296 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:16:09.0038 5296 TDPIPE - ok
09:16:09.0104 5296 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:16:09.0126 5296 TDTCP - ok
09:16:09.0221 5296 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:16:09.0289 5296 tdx - ok
09:16:09.0555 5296 [ 2A96C8FA665C02E6AD596C321B583112 ] TeamViewer5 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
09:16:09.0627 5296 TeamViewer5 - ok
09:16:09.0691 5296 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
09:16:09.0721 5296 TermDD - ok
09:16:10.0176 5296 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
09:16:10.0412 5296 TermService - ok
09:16:10.0530 5296 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
09:16:10.0590 5296 Themes - ok
09:16:10.0615 5296 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
09:16:10.0640 5296 THREADORDER - ok
09:16:10.0783 5296 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
09:16:10.0845 5296 TrkWks - ok
09:16:10.0966 5296 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:16:10.0991 5296 TrustedInstaller - ok
09:16:11.0068 5296 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:16:11.0125 5296 tssecsrv - ok
09:16:11.0236 5296 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
09:16:11.0269 5296 tunmp - ok
09:16:11.0385 5296 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:16:11.0405 5296 tunnel - ok
09:16:11.0458 5296 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
09:16:11.0468 5296 uagp35 - ok
09:16:11.0563 5296 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:16:11.0604 5296 udfs - ok
09:16:11.0893 5296 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:16:11.0906 5296 UI0Detect - ok
09:16:11.0972 5296 [ 6D72EF05921ABDF59FC45C7EBFE7E8DD ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:16:11.0982 5296 uliagpkx - ok
09:16:12.0028 5296 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
09:16:12.0111 5296 uliahci - ok
09:16:12.0164 5296 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
09:16:12.0204 5296 UlSata - ok
09:16:12.0232 5296 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
09:16:12.0260 5296 ulsata2 - ok
09:16:12.0320 5296 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
09:16:12.0343 5296 umbus - ok
09:16:12.0465 5296 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
09:16:12.0563 5296 upnphost - ok
09:16:12.0703 5296 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
09:16:12.0718 5296 USBAAPL - ok
09:16:12.0820 5296 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:16:12.0917 5296 usbccgp - ok
09:16:12.0970 5296 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:16:12.0985 5296 usbcir - ok
09:16:13.0059 5296 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:16:13.0070 5296 usbehci - ok
09:16:13.0120 5296 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:16:13.0188 5296 usbhub - ok
09:16:13.0229 5296 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
09:16:13.0256 5296 usbohci - ok
09:16:13.0296 5296 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
09:16:13.0309 5296 usbprint - ok
09:16:13.0406 5296 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:16:13.0427 5296 USBSTOR - ok
09:16:13.0477 5296 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
09:16:13.0507 5296 usbuhci - ok
09:16:13.0591 5296 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
09:16:13.0620 5296 UxSms - ok
09:16:13.0752 5296 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
09:16:13.0876 5296 vds - ok
09:16:13.0998 5296 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:16:14.0009 5296 vga - ok
09:16:14.0074 5296 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
09:16:14.0085 5296 VgaSave - ok
09:16:14.0123 5296 [ D5929A28BDFF4367A12CAF06AF901971 ] viaagp C:\Windows\system32\drivers\viaagp.sys
09:16:14.0135 5296 viaagp - ok
09:16:14.0161 5296 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
09:16:14.0179 5296 ViaC7 - ok
09:16:14.0198 5296 [ 689547CE911998D1E0DA7A5992E025FC ] viaide C:\Windows\system32\drivers\viaide.sys
09:16:14.0200 5296 viaide - ok
09:16:14.0221 5296 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:16:14.0224 5296 volmgr - ok
09:16:14.0305 5296 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:16:14.0312 5296 volmgrx - ok
09:16:14.0410 5296 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:16:14.0418 5296 volsnap - ok
09:16:14.0453 5296 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
09:16:14.0456 5296 vsmraid - ok
09:16:14.0550 5296 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
09:16:14.0684 5296 VSS - ok
09:16:14.0893 5296 [ CBA3F6EF1E70167DB376B4013F71A62B ] vToolbarUpdater12.2.6 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
09:16:15.0004 5296 vToolbarUpdater12.2.6 - ok
09:16:15.0129 5296 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
09:16:15.0243 5296 W32Time - ok
09:16:15.0275 5296 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
09:16:15.0297 5296 WacomPen - ok
09:16:15.0372 5296 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
09:16:15.0428 5296 Wanarp - ok
09:16:15.0449 5296 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:16:15.0450 5296 Wanarpv6 - ok
09:16:15.0739 5296 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:16:16.0037 5296 wcncsvc - ok
09:16:16.0339 5296 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:16:16.0428 5296 WcsPlugInService - ok
09:16:16.0547 5296 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
09:16:16.0584 5296 Wd - ok
09:16:16.0898 5296 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:16:17.0315 5296 Wdf01000 - ok
09:16:17.0443 5296 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:16:17.0494 5296 WdiServiceHost - ok
09:16:17.0515 5296 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:16:17.0520 5296 WdiSystemHost - ok
09:16:17.0570 5296 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
09:16:17.0682 5296 WebClient - ok
09:16:17.0753 5296 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:16:17.0909 5296 Wecsvc - ok
09:16:18.0044 5296 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:16:18.0067 5296 wercplsupport - ok
09:16:18.0232 5296 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
09:16:18.0266 5296 WerSvc - ok
09:16:18.0538 5296 [ 6D2350BB6E77E800FC4BE4E5B7A2E89A ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
09:16:18.0920 5296 winachsf - ok
09:16:19.0224 5296 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
09:16:19.0477 5296 WinDefend - ok
09:16:19.0489 5296 WinHttpAutoProxySvc - ok
09:16:20.0028 5296 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:16:20.0129 5296 Winmgmt - ok
09:16:20.0640 5296 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
09:16:21.0638 5296 WinRM - ok
09:16:21.0949 5296 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
09:16:22.0325 5296 Wlansvc - ok
09:16:22.0976 5296 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
09:16:23.0009 5296 wlcrasvc - ok
09:16:23.0892 5296 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:16:24.0923 5296 wlidsvc - ok
09:16:25.0043 5296 [ 17EAC0D023A65FA9B02114CC2BAACAD5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:16:25.0055 5296 WmiAcpi - ok
09:16:25.0152 5296 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:16:25.0166 5296 wmiApSrv - ok
09:16:25.0500 5296 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
09:16:25.0825 5296 WMPNetworkSvc - ok
09:16:25.0935 5296 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:16:25.0968 5296 WPCSvc - ok
09:16:26.0010 5296 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:16:26.0030 5296 WPDBusEnum - ok
09:16:26.0196 5296 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
09:16:26.0238 5296 WpdUsb - ok
09:16:26.0666 5296 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:16:26.0856 5296 WPFFontCache_v0400 - ok
09:16:26.0914 5296 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:16:26.0928 5296 ws2ifsl - ok
09:16:27.0041 5296 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
09:16:27.0052 5296 wscsvc - ok
09:16:27.0057 5296 WSearch - ok
09:16:27.0371 5296 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
09:16:27.0822 5296 wuauserv - ok
09:16:27.0978 5296 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:16:28.0061 5296 WUDFRd - ok
09:16:28.0120 5296 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:16:28.0134 5296 wudfsvc - ok
09:16:28.0168 5296 [ 5A7FF9A18FF6D7E0527FE3ABF9204EF8 ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
09:16:28.0201 5296 XAudio - ok
09:16:28.0231 5296 [ 28DC5D626E036A75A572556F0A6EB1F6 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
09:16:28.0277 5296 XAudioService - ok
09:16:28.0308 5296 ================ Scan global ===============================
09:16:28.0369 5296 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
09:16:28.0476 5296 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
09:16:28.0536 5296 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
09:16:28.0770 5296 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
09:16:28.0777 5296 [Global] - ok
09:16:28.0778 5296 ================ Scan MBR ==================================
09:16:28.0817 5296 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
09:16:31.0215 5296 \Device\Harddisk0\DR0 - ok
09:16:31.0215 5296 ================ Scan VBR ==================================
09:16:31.0275 5296 [ D9E55790F7AFA38DEA7430F26880C40E ] \Device\Harddisk0\DR0\Partition1
09:16:31.0288 5296 \Device\Harddisk0\DR0\Partition1 - ok
09:16:31.0307 5296 [ 02C4E1E3B1CB8F6C1418C7A206F19159 ] \Device\Harddisk0\DR0\Partition2
09:16:31.0310 5296 \Device\Harddisk0\DR0\Partition2 - ok
09:16:31.0311 5296 ============================================================
09:16:31.0311 5296 Scan finished
09:16:31.0311 5296 ============================================================
09:16:31.0336 4500 Detected object count: 1
09:16:31.0336 4500 Actual detected object count: 1
09:16:44.0820 4500 sptd ( LockedFile.Multi.Generic ) - skipped by user
09:16:44.0821 4500 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Right click on TDSSKiller.exe and select Run As Administrator to start the program.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow



(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Download ESET's Service Repair http://kb.eset.com/l...vicesRepair.exe and Save it then right click on it and Run As Admin.

If it doesn't do it for you:
Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Please post your Extras Log. If you did not get one then:

Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron
  • 0

#3
hcelizondo

hcelizondo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Hi Ron,
First of all thank you so much for your reply.Your help is so much appreciated.

aswMBR log:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-14 13:48:46
-----------------------------
13:48:46.571 OS Version: Windows 6.0.6002 Service Pack 2
13:48:46.571 Number of processors: 2 586 0xF0D
13:48:46.571 ComputerName: CORREAH UserName: Hector
13:48:47.913 Initialize success
13:49:00.122 AVAST engine defs: 12091400
13:49:15.870 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:49:15.873 Disk 0 Vendor: ST3250310AS 3.ADA Size: 238418MB BusType: 3
13:49:15.889 Disk 0 MBR read successfully
13:49:15.893 Disk 0 MBR scan
13:49:15.899 Disk 0 Windows VISTA default MBR code
13:49:15.903 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
13:49:15.923 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 112640
13:49:15.946 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 228122 MB offset 21084160
13:49:15.956 Disk 0 scanning sectors +488278016
13:49:16.024 Disk 0 scanning C:\Windows\system32\drivers
13:49:28.337 Service scanning
13:49:53.333 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
13:50:01.523 Modules scanning
13:50:09.848 AVAST engine scan C:\Windows
13:50:12.713 AVAST engine scan C:\Windows\system32
13:54:11.695 AVAST engine scan C:\Windows\system32\drivers
13:54:26.890 AVAST engine scan C:\Users\Hector
14:20:23.743 AVAST engine scan C:\ProgramData
14:32:43.492 Scan finished successfully
14:41:12.709 Disk 0 MBR has been saved successfully to "C:\Users\Hector\Documents\virus\Sep14-2012\MBR.dat"
14:41:12.717 The log file has been saved successfully to "C:\Users\Hector\Documents\virus\Sep14-2012\aswMBR.txt"
  • 0

#4
hcelizondo

hcelizondo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Combofix log:
ComboFix 12-09-14.03 - Hector 14/09/2012 14:56:22.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.52.3082.18.2036.1111 [GMT -5:00]
Running from: c:\users\Hector\Documents\virus\Tools\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Hector\AppData\Roaming\Ehlo
c:\users\Hector\AppData\Roaming\Ehlo\ezwom.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-14 to 2012-09-14 )))))))))))))))))))))))))))))))
.
.
2012-09-14 20:05 . 2012-09-14 20:06 -------- d-----w- c:\users\Hector\AppData\Local\temp
2012-09-14 20:05 . 2012-09-14 20:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-14 20:05 . 2012-09-14 20:05 -------- d-----w- c:\users\Patty\AppData\Local\temp
2012-09-14 20:04 . 2012-09-14 20:04 -------- d-----w- c:\users\Invitado\AppData\Local\temp
2012-09-09 13:03 . 2012-09-09 13:03 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-08-28 21:49 . 2012-09-09 13:03 266720 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-08-26 17:20 . 2012-08-26 17:34 -------- d-----w- c:\users\Hector\AppData\Roaming\AVG
2012-08-26 16:19 . 2012-09-04 13:37 -------- d-----w- c:\users\Hector\AppData\Local\AVG Secure Search
2012-08-26 16:18 . 2012-09-04 13:37 -------- d-----w- c:\programdata\AVG Secure Search
2012-08-26 16:18 . 2012-09-04 13:37 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-26 16:18 . 2012-09-04 13:37 -------- d-----w- c:\program files\AVG Secure Search
2012-08-26 16:18 . 2012-08-26 16:18 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-08-26 16:11 . 2012-09-14 13:54 -------- d-----w- c:\windows\system32\drivers\AVG
2012-08-26 16:11 . 2012-08-26 16:36 -------- d-----w- c:\programdata\AVG2012
2012-08-26 15:52 . 2012-09-14 18:42 -------- d-----w- c:\programdata\MFAData
2012-08-26 15:01 . 2012-08-26 15:01 -------- d-----w- c:\programdata\McAfee Security Scan
2012-08-26 15:01 . 2012-08-26 15:01 -------- d-----w- c:\program files\McAfee Security Scan
2012-08-24 20:43 . 2012-08-24 20:43 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-08-23 15:52 . 2012-08-23 15:52 -------- d-----w- c:\programdata\PC-Doctor for Windows
2012-08-16 14:11 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-07 22:04 . 2011-02-01 02:33 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-23 15:22 . 2012-07-31 02:47 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-23 15:22 . 2011-05-14 20:20 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-26 08:21 . 2012-07-26 08:21 237408 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2012-09-09 13:03 . 2012-08-28 21:49 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c434bc3f-1a2a-4e73-98bb-8f99e454897a}"= "c:\program files\WebGoRadio\tbWeb0.dll" [2009-10-30 2215960]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn1.dll" [2010-03-01 2349592]
.
[HKEY_CLASSES_ROOT\clsid\{c434bc3f-1a2a-4e73-98bb-8f99e454897a}]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2010-03-01 01:29 2349592 ----a-w- c:\program files\Zynga\tbZyn1.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-09-04 13:35 1734240 ----a-w- c:\program files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c434bc3f-1a2a-4e73-98bb-8f99e454897a}]
2009-10-30 14:42 2215960 ----a-w- c:\program files\WebGoRadio\tbWeb0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c434bc3f-1a2a-4e73-98bb-8f99e454897a}"= "c:\program files\WebGoRadio\tbWeb0.dll" [2009-10-30 2215960]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\tbZyn1.dll" [2010-03-01 2349592]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll" [2012-09-04 1734240]
.
[HKEY_CLASSES_ROOT\clsid\{c434bc3f-1a2a-4e73-98bb-8f99e454897a}]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C434BC3F-1A2A-4E73-98BB-8F99E454897A}"= "c:\program files\WebGoRadio\tbWeb0.dll" [2009-10-30 2215960]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\tbZyn1.dll" [2010-03-01 2349592]
.
[HKEY_CLASSES_ROOT\clsid\{c434bc3f-1a2a-4e73-98bb-8f99e454897a}]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-19 68856]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"KeePass 2 PreLoad"="c:\program files\KeePass Password Safe 2\KeePass.exe" [2011-01-02 1670656]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-09-04 947808]
"ROC_roc_ssl_v12"="c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe" [2012-08-26 1020512]
"ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-09-04 1022048]
.
c:\users\Patty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
Recorte de pantalla e Inicio rápido de OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.271\SSScheduler.exe [2012-3-13 274328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-07-19 08:16 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO -viewer-.lnk]
backup=c:\windows\pss\PHOTOfunSTUDIO -viewer-.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Hector^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Hector^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Recorte de pantalla e Inicio rápido de OneNote 2007.lnk]
backup=c:\windows\pss\Recorte de pantalla e Inicio rápido de OneNote 2007.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-06 07:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 17:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2010-03-11 03:32 648536 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
2002-06-22 20:04 73728 ----a-w- c:\program files\D-Tools\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2008-02-29 04:18 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2008-07-19 08:09 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-27 00:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2008-10-24 14:14 206112 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-08 00:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2011-05-13 21:03 4283256 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2007-09-17 15:56 124200 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 01:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 20:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-07-19 08:09 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-31 15:22]
.
2012-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 03:05]
.
2012-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 03:05]
.
2012-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3990087816-3269341712-2415393594-1000Core.job
- c:\users\Hector\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-27 18:26]
.
2012-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3990087816-3269341712-2415393594-1000UA.job
- c:\users\Hector\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-27 18:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.mx/ig/dell?hl=es&client=dell-row&channel=mx&ibd=2080719
uInternet Settings,ProxyOverride = *.local
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
FF - ProfilePath - c:\users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\mv60azpv.default\
FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B5ee928b8-65ac-4502-8e01-1c294405fcec%7D&mid=b4bbc3c5a5dae8ec51f82e7f566194cf-8655961fdef1fd7e4b36210986fde64fb23fdacc&ds=AVG&v=12.2.5.32&lang=en&pr=pr&d=2012-08-26%2011%3A18%3A38&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-CyberDefender Registry Cleaner - c:\program files\cyberdefender\registry cleaner\Startcdrc.exe
MSConfigStartUp-dscactivate - c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
MSConfigStartUp-Sony Ericsson PC Suite - c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-14 15:06
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\Hector\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b6,d4,35,96,21,25,33,4e,92,16,be,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b6,d4,35,96,21,25,33,4e,92,16,be,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-09-14 15:10:22
ComboFix-quarantined-files.txt 2012-09-14 20:10
.
Pre-Run: 24,514,187,264 bytes libres
Post-Run: 24,464,842,752 bytes libres
.
- - End Of File - - F833005914F7003EEB59061498C3ECA6

*************************************************************

TDSSKiller log:
15:17:03.0802 5804 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
15:17:04.0430 5804 ============================================================
15:17:04.0430 5804 Current date / time: 2012/09/14 15:17:04.0430
15:17:04.0430 5804 SystemInfo:
15:17:04.0430 5804
15:17:04.0430 5804 OS Version: 6.0.6002 ServicePack: 2.0
15:17:04.0430 5804 Product type: Workstation
15:17:04.0430 5804 ComputerName: CORREAH
15:17:04.0430 5804 UserName: Hector
15:17:04.0430 5804 Windows directory: C:\Windows
15:17:04.0431 5804 System windows directory: C:\Windows
15:17:04.0431 5804 Processor architecture: Intel x86
15:17:04.0431 5804 Number of processors: 2
15:17:04.0431 5804 Page size: 0x1000
15:17:04.0431 5804 Boot type: Normal boot
15:17:04.0431 5804 ============================================================
15:17:05.0262 5804 Drive \Device\Harddisk0\DR0 - Size: 0x3A35294400 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:17:05.0264 5804 ============================================================
15:17:05.0264 5804 \Device\Harddisk0\DR0:
15:17:05.0279 5804 MBR partitions:
15:17:05.0279 5804 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1400000
15:17:05.0279 5804 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x141B800, BlocksNum 0x1BD8D000
15:17:05.0279 5804 ============================================================
15:17:05.0311 5804 C: <-> \Device\Harddisk0\DR0\Partition2
15:17:05.0338 5804 D: <-> \Device\Harddisk0\DR0\Partition1
15:17:05.0338 5804 ============================================================
15:17:05.0338 5804 Initialize success
15:17:05.0338 5804 ============================================================
15:18:01.0362 4464 ============================================================
15:18:01.0362 4464 Scan started
15:18:01.0362 4464 Mode: Manual; SigCheck; TDLFS;
15:18:01.0362 4464 ============================================================
15:18:02.0126 4464 ================ Scan system memory ========================
15:18:02.0126 4464 System memory - ok
15:18:02.0127 4464 ================ Scan services =============================
15:18:02.0264 4464 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
15:18:02.0419 4464 ACDaemon - ok
15:18:02.0568 4464 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
15:18:02.0589 4464 ACPI - ok
15:18:02.0628 4464 [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
15:18:02.0650 4464 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
15:18:02.0651 4464 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
15:18:02.0757 4464 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:18:02.0769 4464 AdobeFlashPlayerUpdateSvc - ok
15:18:02.0807 4464 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
15:18:02.0848 4464 adp94xx - ok
15:18:02.0901 4464 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
15:18:02.0920 4464 adpahci - ok
15:18:02.0963 4464 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
15:18:02.0978 4464 adpu160m - ok
15:18:02.0996 4464 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
15:18:03.0012 4464 adpu320 - ok
15:18:03.0056 4464 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:18:03.0124 4464 AeLookupSvc - ok
15:18:03.0147 4464 [ A7B8A3A79D35215D798A300DF49ED23F ] Afc C:\Windows\system32\drivers\Afc.sys
15:18:03.0157 4464 Afc ( UnsignedFile.Multi.Generic ) - warning
15:18:03.0157 4464 Afc - detected UnsignedFile.Multi.Generic (1)
15:18:03.0217 4464 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
15:18:03.0260 4464 AFD - ok
15:18:03.0291 4464 [ 8B10CE1C1F9F1D47E4DEB1A547A00CD4 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:18:03.0306 4464 agp440 - ok
15:18:03.0334 4464 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
15:18:03.0351 4464 aic78xx - ok
15:18:03.0378 4464 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
15:18:03.0446 4464 ALG - ok
15:18:03.0457 4464 [ E32A92E1574A467F7C762922F6162D76 ] aliide C:\Windows\system32\drivers\aliide.sys
15:18:03.0474 4464 aliide - ok
15:18:03.0496 4464 [ 848F27E5B27C1C253F6CEFDC1A5D8F21 ] amdagp C:\Windows\system32\drivers\amdagp.sys
15:18:03.0513 4464 amdagp - ok
15:18:03.0529 4464 [ B52B576CB0099A62F87214F371031561 ] amdide C:\Windows\system32\drivers\amdide.sys
15:18:03.0541 4464 amdide - ok
15:18:03.0555 4464 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
15:18:03.0610 4464 AmdK7 - ok
15:18:03.0635 4464 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
15:18:03.0682 4464 AmdK8 - ok
15:18:03.0717 4464 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
15:18:03.0745 4464 Appinfo - ok
15:18:03.0806 4464 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:18:03.0816 4464 Apple Mobile Device - ok
15:18:03.0857 4464 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
15:18:03.0870 4464 arc - ok
15:18:03.0899 4464 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
15:18:03.0911 4464 arcsas - ok
15:18:03.0998 4464 [ 40C145F12FF461A0220303BDA134F598 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:18:04.0009 4464 aspnet_state - ok
15:18:04.0041 4464 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:18:04.0063 4464 AsyncMac - ok
15:18:04.0107 4464 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
15:18:04.0119 4464 atapi - ok
15:18:04.0187 4464 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:18:04.0225 4464 AudioEndpointBuilder - ok
15:18:04.0254 4464 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
15:18:04.0273 4464 Audiosrv - ok
15:18:04.0307 4464 [ C46BA2C177DF0B84F9C0BFC1E4574DC7 ] Avgfwfd C:\Windows\system32\DRIVERS\avgfwd6x.sys
15:18:04.0318 4464 Avgfwfd - ok
15:18:04.0429 4464 [ BD5D11CEDBCDE4FA97D2387E7069B1FF ] avgfws C:\Program Files\AVG\AVG2012\avgfws.exe
15:18:04.0492 4464 avgfws - ok
15:18:04.0643 4464 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files\AVG\AVG2012\avgidsagent.exe
15:18:04.0811 4464 AVGIDSAgent - ok
15:18:04.0849 4464 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
15:18:04.0863 4464 AVGIDSDriver - ok
15:18:04.0878 4464 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfilterx.sys
15:18:04.0891 4464 AVGIDSFilter - ok
15:18:04.0907 4464 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
15:18:04.0921 4464 AVGIDSHX - ok
15:18:04.0938 4464 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
15:18:04.0951 4464 AVGIDSShim - ok
15:18:05.0004 4464 [ DCB09125C8B4766A88C86914B65487C1 ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
15:18:05.0020 4464 Avgldx86 - ok
15:18:05.0055 4464 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
15:18:05.0076 4464 Avgmfx86 - ok
15:18:05.0088 4464 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
15:18:05.0099 4464 Avgrkx86 - ok
15:18:05.0146 4464 [ C0BC3B2E3FD625E7F55E1FF863E94592 ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
15:18:05.0162 4464 Avgtdix - ok
15:18:05.0191 4464 [ 6F76908F065C3C151C4BFCA7DFD86979 ] avgtp C:\Windows\system32\drivers\avgtpx86.sys
15:18:05.0201 4464 avgtp - ok
15:18:05.0226 4464 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
15:18:05.0239 4464 avgwd - ok
15:18:05.0277 4464 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
15:18:05.0299 4464 Beep - ok
15:18:05.0368 4464 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
15:18:05.0440 4464 BFE - ok
15:18:05.0531 4464 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
15:18:05.0566 4464 BITS - ok
15:18:05.0572 4464 blbdrive - ok
15:18:05.0654 4464 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:18:05.0671 4464 Bonjour Service - ok
15:18:05.0728 4464 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:18:05.0773 4464 bowser - ok
15:18:05.0800 4464 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
15:18:05.0845 4464 BrFiltLo - ok
15:18:05.0869 4464 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
15:18:05.0895 4464 BrFiltUp - ok
15:18:05.0930 4464 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
15:18:05.0962 4464 Browser - ok
15:18:06.0003 4464 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
15:18:06.0080 4464 Brserid - ok
15:18:06.0098 4464 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
15:18:06.0154 4464 BrSerWdm - ok
15:18:06.0173 4464 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
15:18:06.0235 4464 BrUsbMdm - ok
15:18:06.0245 4464 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
15:18:06.0318 4464 BrUsbSer - ok
15:18:06.0365 4464 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
15:18:06.0421 4464 BTHMODEM - ok
15:18:06.0517 4464 catchme - ok
15:18:06.0554 4464 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:18:06.0590 4464 cdfs - ok
15:18:06.0654 4464 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:18:06.0673 4464 cdrom - ok
15:18:06.0738 4464 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
15:18:06.0773 4464 CertPropSvc - ok
15:18:06.0802 4464 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
15:18:06.0855 4464 circlass - ok
15:18:06.0910 4464 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
15:18:06.0929 4464 CLFS - ok
15:18:06.0974 4464 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:18:06.0987 4464 clr_optimization_v2.0.50727_32 - ok
15:18:07.0098 4464 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:18:07.0113 4464 clr_optimization_v4.0.30319_32 - ok
15:18:07.0128 4464 [ C177DD90B5DC1DCAA96CCECE752E6F0F ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:18:07.0141 4464 cmdide - ok
15:18:07.0153 4464 [ 722936AFB75A7F509662B69B5632F48A ] Compbatt C:\Windows\system32\drivers\compbatt.sys
15:18:07.0167 4464 Compbatt - ok
15:18:07.0172 4464 COMSysApp - ok
15:18:07.0185 4464 cpuz134 - ok
15:18:07.0202 4464 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
15:18:07.0215 4464 crcdisk - ok
15:18:07.0227 4464 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
15:18:07.0280 4464 Crusoe - ok
15:18:07.0320 4464 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:18:07.0347 4464 CryptSvc - ok
15:18:07.0421 4464 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:18:07.0446 4464 DcomLaunch - ok
15:18:07.0503 4464 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:18:07.0578 4464 DfsC - ok
15:18:07.0689 4464 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
15:18:07.0831 4464 DFSR - ok
15:18:07.0904 4464 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
15:18:07.0942 4464 Dhcp - ok
15:18:08.0019 4464 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
15:18:08.0032 4464 disk - ok
15:18:08.0097 4464 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:18:08.0124 4464 Dnscache - ok
15:18:08.0174 4464 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:18:08.0221 4464 dot3svc - ok
15:18:08.0260 4464 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
15:18:08.0291 4464 DPS - ok
15:18:08.0326 4464 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:18:08.0368 4464 drmkaud - ok
15:18:08.0440 4464 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:18:08.0474 4464 DXGKrnl - ok
15:18:08.0508 4464 [ 04944F4FC4F0477185F5D26AE0DDB90E ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
15:18:08.0525 4464 e1express - ok
15:18:08.0551 4464 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
15:18:08.0603 4464 E1G60 - ok
15:18:08.0626 4464 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
15:18:08.0645 4464 EapHost - ok
15:18:08.0700 4464 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
15:18:08.0715 4464 Ecache - ok
15:18:08.0746 4464 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
15:18:08.0763 4464 elxstor - ok
15:18:08.0842 4464 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
15:18:08.0900 4464 EMDMgmt - ok
15:18:08.0990 4464 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
15:18:09.0010 4464 EventSystem - ok
15:18:09.0067 4464 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
15:18:09.0115 4464 exfat - ok
15:18:09.0167 4464 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:18:09.0208 4464 fastfat - ok
15:18:09.0244 4464 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:18:09.0284 4464 fdc - ok
15:18:09.0320 4464 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
15:18:09.0369 4464 fdPHost - ok
15:18:09.0405 4464 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
15:18:09.0489 4464 FDResPub - ok
15:18:09.0556 4464 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:18:09.0572 4464 FileInfo - ok
15:18:09.0611 4464 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:18:09.0660 4464 Filetrace - ok
15:18:09.0698 4464 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:18:09.0801 4464 flpydisk - ok
15:18:09.0884 4464 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:18:09.0917 4464 FltMgr - ok
15:18:09.0980 4464 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
15:18:10.0087 4464 FontCache - ok
15:18:10.0163 4464 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:18:10.0197 4464 FontCache3.0.0.0 - ok
15:18:10.0254 4464 [ D909075FA72C090F27AA926C32CB4612 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
15:18:10.0291 4464 fssfltr - ok
15:18:10.0581 4464 [ 40CDFAD174B3D5E80F95DDA003C0B97F ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
15:18:10.0684 4464 fsssvc - ok
15:18:10.0721 4464 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:18:10.0785 4464 Fs_Rec - ok
15:18:10.0819 4464 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
15:18:10.0840 4464 gagp30kx - ok
15:18:10.0902 4464 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
15:18:10.0923 4464 GEARAspiWDM - ok
15:18:10.0976 4464 [ 007AEA2E06E7CEF7372E40C277163959 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
15:18:11.0003 4464 ggflt - ok
15:18:11.0024 4464 [ C73DE35960CA75C5AB4AE636B127C64E ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys
15:18:11.0040 4464 ggsemc - ok
15:18:11.0108 4464 [ FF0E0E6E5768B82BEAD44BFBCB9BDFE6 ] GoogleDesktopManager-010708-104812 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
15:18:11.0125 4464 GoogleDesktopManager-010708-104812 - ok
15:18:11.0149 4464 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
15:18:11.0166 4464 GoToAssist - ok
15:18:11.0244 4464 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
15:18:11.0290 4464 gpsvc - ok
15:18:11.0419 4464 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
15:18:11.0441 4464 gupdate - ok
15:18:11.0459 4464 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
15:18:11.0480 4464 gupdatem - ok
15:18:11.0521 4464 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:18:11.0542 4464 gusvc - ok
15:18:11.0596 4464 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:18:11.0640 4464 HdAudAddService - ok
15:18:11.0702 4464 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:18:11.0781 4464 HDAudBus - ok
15:18:11.0821 4464 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
15:18:11.0893 4464 HidBth - ok
15:18:11.0912 4464 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
15:18:12.0003 4464 HidIr - ok
15:18:12.0054 4464 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
15:18:12.0075 4464 hidserv - ok
15:18:12.0122 4464 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:18:12.0157 4464 HidUsb - ok
15:18:12.0190 4464 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:18:12.0213 4464 hkmsvc - ok
15:18:12.0236 4464 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
15:18:12.0248 4464 HpCISSs - ok
15:18:12.0294 4464 [ 53229DCF431D76434816CD29251168A0 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
15:18:12.0387 4464 HSF_DPV - ok
15:18:12.0437 4464 [ ED98350ECD4A5A9C9F1E641C09872BB2 ] HSXHWBS2 C:\Windows\system32\DRIVERS\HSXHWBS2.sys
15:18:12.0497 4464 HSXHWBS2 - ok
15:18:12.0549 4464 [ 0EEECA26C8D4BDE2A4664DB058A81937 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:18:12.0697 4464 HTTP - ok
15:18:12.0713 4464 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
15:18:12.0729 4464 i2omp - ok
15:18:12.0765 4464 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:18:12.0791 4464 i8042prt - ok
15:18:12.0822 4464 [ 997E8F5939F2D12CD9F2E6B395724C16 ] iaStor C:\Windows\system32\drivers\iastor.sys
15:18:12.0841 4464 iaStor - ok
15:18:12.0875 4464 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
15:18:12.0897 4464 iaStorV - ok
15:18:13.0044 4464 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
15:18:13.0072 4464 IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:18:13.0072 4464 IDriverT - detected UnsignedFile.Multi.Generic (1)
15:18:13.0241 4464 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:18:13.0306 4464 idsvc - ok
15:18:13.0704 4464 [ 9378D57E2B96C0A185D844770AD49948 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
15:18:13.0848 4464 igfx ( UnsignedFile.Multi.Generic ) - warning
15:18:13.0848 4464 igfx - detected UnsignedFile.Multi.Generic (1)
15:18:13.0872 4464 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
15:18:13.0892 4464 iirsp - ok
15:18:14.0018 4464 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
15:18:14.0141 4464 IKEEXT - ok
15:18:14.0173 4464 IntcAzAudAddService - ok
15:18:14.0211 4464 [ 59B00EFB24EAD979BECF413703BB1FAC ] intelide C:\Windows\system32\DRIVERS\intelide.sys
15:18:14.0232 4464 intelide - ok
15:18:14.0268 4464 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:18:14.0339 4464 intelppm - ok
15:18:14.0379 4464 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:18:14.0450 4464 IPBusEnum - ok
15:18:14.0482 4464 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:18:14.0541 4464 IpFilterDriver - ok
15:18:14.0647 4464 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:18:14.0683 4464 iphlpsvc - ok
15:18:14.0690 4464 IpInIp - ok
15:18:14.0721 4464 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
15:18:14.0812 4464 IPMIDRV - ok
15:18:14.0841 4464 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
15:18:14.0897 4464 IPNAT - ok
15:18:14.0978 4464 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:18:15.0029 4464 iPod Service - ok
15:18:15.0095 4464 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:18:15.0170 4464 IRENUM - ok
15:18:15.0204 4464 [ 2F8ECE2699E7E2070545E9B0960A8ED2 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:18:15.0224 4464 isapnp - ok
15:18:15.0322 4464 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
15:18:15.0388 4464 iScsiPrt - ok
15:18:15.0436 4464 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
15:18:15.0456 4464 iteatapi - ok
15:18:15.0473 4464 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
15:18:15.0493 4464 iteraid - ok
15:18:15.0541 4464 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:18:15.0562 4464 kbdclass - ok
15:18:15.0636 4464 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:18:15.0713 4464 kbdhid - ok
15:18:15.0753 4464 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
15:18:15.0787 4464 KeyIso - ok
15:18:15.0894 4464 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:18:15.0949 4464 KSecDD - ok
15:18:15.0999 4464 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
15:18:16.0081 4464 KtmRm - ok
15:18:16.0154 4464 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
15:18:16.0201 4464 LanmanServer - ok
15:18:16.0274 4464 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:18:16.0323 4464 LanmanWorkstation - ok
15:18:16.0354 4464 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:18:16.0409 4464 lltdio - ok
15:18:16.0451 4464 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:18:16.0516 4464 lltdsvc - ok
15:18:16.0551 4464 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:18:16.0623 4464 lmhosts - ok
15:18:16.0651 4464 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
15:18:16.0663 4464 LSI_FC - ok
15:18:16.0676 4464 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
15:18:16.0688 4464 LSI_SAS - ok
15:18:16.0695 4464 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
15:18:16.0708 4464 LSI_SCSI - ok
15:18:16.0731 4464 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
15:18:16.0755 4464 luafv - ok
15:18:16.0801 4464 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
15:18:16.0812 4464 MBAMProtector - ok
15:18:16.0872 4464 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:18:16.0909 4464 MBAMScheduler - ok
15:18:17.0020 4464 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:18:17.0044 4464 MBAMService - ok
15:18:17.0098 4464 [ 485405DE203E88B3FE4294A2EA48D7EE ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.271\McCHSvc.exe
15:18:17.0113 4464 McComponentHostService - ok
15:18:17.0196 4464 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:18:17.0211 4464 mdmxsdk - ok
15:18:17.0230 4464 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
15:18:17.0242 4464 megasas - ok
15:18:17.0320 4464 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
15:18:17.0334 4464 Microsoft Office Groove Audit Service - ok
15:18:17.0357 4464 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
15:18:17.0398 4464 MMCSS - ok
15:18:17.0426 4464 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
15:18:17.0459 4464 Modem - ok
15:18:17.0499 4464 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:18:17.0531 4464 monitor - ok
15:18:17.0562 4464 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:18:17.0588 4464 mouclass - ok
15:18:17.0603 4464 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:18:17.0634 4464 mouhid - ok
15:18:17.0662 4464 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
15:18:17.0705 4464 MountMgr - ok
15:18:17.0781 4464 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:18:17.0800 4464 MozillaMaintenance - ok
15:18:17.0841 4464 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
15:18:17.0863 4464 mpio - ok
15:18:17.0926 4464 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:18:17.0990 4464 mpsdrv - ok
15:18:18.0059 4464 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
15:18:18.0135 4464 MpsSvc - ok
15:18:18.0157 4464 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
15:18:18.0187 4464 Mraid35x - ok
15:18:18.0239 4464 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:18:18.0283 4464 MRxDAV - ok
15:18:18.0344 4464 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:18:18.0389 4464 mrxsmb - ok
15:18:18.0480 4464 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:18:18.0548 4464 mrxsmb10 - ok
15:18:18.0613 4464 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:18:18.0664 4464 mrxsmb20 - ok
15:18:18.0707 4464 [ 2681302B63B318CBEA6C82902AC5428C ] msahci C:\Windows\system32\drivers\msahci.sys
15:18:18.0738 4464 msahci - ok
15:18:18.0755 4464 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:18:18.0776 4464 msdsm - ok
15:18:18.0816 4464 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
15:18:18.0879 4464 MSDTC - ok
15:18:18.0939 4464 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:18:19.0000 4464 Msfs - ok
15:18:19.0043 4464 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:18:19.0066 4464 msisadrv - ok
15:18:19.0103 4464 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:18:19.0163 4464 MSiSCSI - ok
15:18:19.0170 4464 msiserver - ok
15:18:19.0206 4464 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:18:19.0269 4464 MSKSSRV - ok
15:18:19.0297 4464 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:18:19.0363 4464 MSPCLOCK - ok
15:18:19.0387 4464 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:18:19.0447 4464 MSPQM - ok
15:18:19.0507 4464 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:18:19.0533 4464 MsRPC - ok
15:18:19.0567 4464 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:18:19.0588 4464 mssmbios - ok
15:18:19.0619 4464 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:18:19.0673 4464 MSTEE - ok
15:18:19.0726 4464 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
15:18:19.0750 4464 Mup - ok
15:18:19.0811 4464 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
15:18:19.0868 4464 napagent - ok
15:18:19.0916 4464 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:18:19.0943 4464 NativeWifiP - ok
15:18:20.0023 4464 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:18:20.0060 4464 NDIS - ok
15:18:20.0119 4464 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:18:20.0181 4464 NdisTapi - ok
15:18:20.0229 4464 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:18:20.0279 4464 Ndisuio - ok
15:18:20.0345 4464 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:18:20.0387 4464 NdisWan - ok
15:18:20.0426 4464 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:18:20.0460 4464 NDProxy - ok
15:18:20.0482 4464 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:18:20.0569 4464 NetBIOS - ok
15:18:20.0620 4464 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
15:18:20.0680 4464 netbt - ok
15:18:20.0701 4464 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
15:18:20.0724 4464 Netlogon - ok
15:18:20.0760 4464 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
15:18:20.0809 4464 Netman - ok
15:18:20.0850 4464 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
15:18:20.0917 4464 netprofm - ok
15:18:20.0986 4464 [ 51250D5632DDFFEB87546DD17401D61E ] netr28u C:\Windows\system32\DRIVERS\netr28u.sys
15:18:21.0027 4464 netr28u - ok
15:18:21.0082 4464 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:18:21.0092 4464 NetTcpPortSharing - ok
15:18:21.0113 4464 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:18:21.0124 4464 nfrd960 - ok
15:18:21.0173 4464 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:18:21.0199 4464 NlaSvc - ok
15:18:21.0251 4464 [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF C:\Windows\system32\drivers\npf.sys
15:18:21.0267 4464 NPF - ok
15:18:21.0319 4464 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:18:21.0341 4464 Npfs - ok
15:18:21.0369 4464 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
15:18:21.0416 4464 nsi - ok
15:18:21.0458 4464 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:18:21.0484 4464 nsiproxy - ok
15:18:21.0671 4464 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:18:21.0715 4464 Ntfs - ok
15:18:21.0736 4464 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
15:18:21.0812 4464 ntrigdigi - ok
15:18:21.0849 4464 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
15:18:21.0880 4464 Null - ok
15:18:21.0895 4464 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:18:21.0912 4464 nvraid - ok
15:18:21.0926 4464 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:18:21.0943 4464 nvstor - ok
15:18:21.0959 4464 [ 055081FD5076401C1EE1BCAB08D81911 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:18:21.0977 4464 nv_agp - ok
15:18:21.0983 4464 NwlnkFlt - ok
15:18:21.0990 4464 NwlnkFwd - ok
15:18:22.0127 4464 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:18:22.0172 4464 odserv - ok
15:18:22.0197 4464 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:18:22.0239 4464 ohci1394 - ok
15:18:22.0294 4464 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:18:22.0305 4464 ose - ok
15:18:22.0460 4464 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
15:18:22.0548 4464 p2pimsvc - ok
15:18:22.0594 4464 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
15:18:22.0617 4464 p2psvc - ok
15:18:22.0680 4464 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
15:18:22.0737 4464 Parport - ok
15:18:22.0798 4464 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:18:22.0833 4464 partmgr - ok
15:18:22.0861 4464 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
15:18:22.0931 4464 Parvdm - ok
15:18:22.0973 4464 [ 3ADB8BD6154A3EF87496E8FCE9C22493 ] pavboot C:\Windows\system32\drivers\pavboot.sys
15:18:22.0986 4464 pavboot - ok
15:18:23.0017 4464 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
15:18:23.0065 4464 PcaSvc - ok
15:18:23.0120 4464 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
15:18:23.0140 4464 pci - ok
15:18:23.0154 4464 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
15:18:23.0172 4464 pciide - ok
15:18:23.0197 4464 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:18:23.0218 4464 pcmcia - ok
15:18:23.0262 4464 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:18:23.0407 4464 PEAUTH - ok
15:18:23.0488 4464 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
15:18:23.0572 4464 pla - ok
15:18:23.0633 4464 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:18:23.0684 4464 PlugPlay - ok
15:18:23.0718 4464 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
15:18:23.0742 4464 PNRPAutoReg - ok
15:18:23.0859 4464 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
15:18:23.0888 4464 PNRPsvc - ok
15:18:23.0976 4464 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:18:24.0041 4464 PolicyAgent - ok
15:18:24.0084 4464 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:18:24.0133 4464 PptpMiniport - ok
15:18:24.0172 4464 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
15:18:24.0243 4464 Processor - ok
15:18:24.0301 4464 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
15:18:24.0351 4464 ProfSvc - ok
15:18:24.0374 4464 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
15:18:24.0392 4464 ProtectedStorage - ok
15:18:24.0452 4464 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
15:18:24.0499 4464 PSched - ok
15:18:24.0542 4464 [ 03E0FE281823BA64B3782F5B38950E73 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
15:18:24.0560 4464 PxHelp20 - ok
15:18:24.0604 4464 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:18:24.0696 4464 ql2300 - ok
15:18:24.0753 4464 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:18:24.0787 4464 ql40xx - ok
15:18:24.0835 4464 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
15:18:24.0878 4464 QWAVE - ok
15:18:24.0905 4464 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:18:24.0933 4464 QWAVEdrv - ok
15:18:25.0039 4464 [ E642B131FB74CAF4BB8A014F31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
15:18:25.0123 4464 R300 - ok
15:18:25.0178 4464 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:18:25.0213 4464 RasAcd - ok
15:18:25.0240 4464 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
15:18:25.0268 4464 RasAuto - ok
15:18:25.0304 4464 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:18:25.0354 4464 Rasl2tp - ok
15:18:25.0442 4464 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
15:18:25.0467 4464 RasMan - ok
15:18:25.0543 4464 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:18:25.0596 4464 RasPppoe - ok
15:18:25.0636 4464 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:18:25.0674 4464 RasSstp - ok
15:18:25.0718 4464 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:18:25.0748 4464 rdbss - ok
15:18:25.0777 4464 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:18:25.0840 4464 RDPCDD - ok
15:18:25.0917 4464 [ 0245418224CFA77BF4B41C2FE0622258 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
15:18:25.0990 4464 rdpdr - ok
15:18:26.0011 4464 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:18:26.0053 4464 RDPENCDD - ok
15:18:26.0087 4464 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:18:26.0122 4464 RDPWD - ok
15:18:26.0173 4464 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:18:26.0202 4464 RemoteAccess - ok
15:18:26.0281 4464 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:18:26.0300 4464 RemoteRegistry - ok
15:18:26.0366 4464 [ F17713D108ACA124A139FDE877EEF68A ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys
15:18:26.0411 4464 RimUsb - ok
15:18:26.0443 4464 [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial.sys
15:18:26.0463 4464 RimVSerPort - ok
15:18:26.0488 4464 [ 75E8A6BFA7374ABA833AE92BF41AE4E6 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
15:18:26.0535 4464 ROOTMODEM - ok
15:18:26.0614 4464 [ AFD61A7C48A3E15C86A6FADF0B69A2E4 ] Roxio UPnP Renderer 9 C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
15:18:26.0631 4464 Roxio UPnP Renderer 9 - ok
15:18:26.0653 4464 [ EFBB36E2BB02169D26E9980778FC20D3 ] Roxio Upnp Server 9 C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
15:18:26.0674 4464 Roxio Upnp Server 9 - ok
15:18:26.0924 4464 [ 78E680A105F47B6AA0003BD23ED9FA51 ] RoxLiveShare9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
15:18:26.0953 4464 RoxLiveShare9 - ok
15:18:27.0143 4464 [ 9D5C024170C376D7CC66ED853FDA9068 ] RoxMediaDB9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
15:18:27.0200 4464 RoxMediaDB9 - ok
15:18:27.0249 4464 [ 87F175539DBBA297018AA7FCDD563FF7 ] RoxWatch9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
15:18:27.0271 4464 RoxWatch9 - ok
15:18:27.0293 4464 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe
15:18:27.0313 4464 rpcapd - ok
15:18:27.0338 4464 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
15:18:27.0373 4464 RpcLocator - ok
15:18:27.0424 4464 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\System32\rpcss.dll
15:18:27.0475 4464 RpcSs - ok
15:18:27.0508 4464 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:18:27.0571 4464 rspndr - ok
15:18:27.0589 4464 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
15:18:27.0613 4464 SamSs - ok
15:18:27.0641 4464 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:18:27.0672 4464 sbp2port - ok
15:18:27.0735 4464 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:18:27.0792 4464 SCardSvr - ok
15:18:27.0855 4464 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
15:18:27.0944 4464 Schedule - ok
15:18:27.0994 4464 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
15:18:28.0027 4464 SCPolicySvc - ok
15:18:28.0058 4464 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:18:28.0128 4464 SDRSVC - ok
15:18:28.0249 4464 [ 16A252022535B680046F6E34E136D378 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
15:18:28.0278 4464 SeaPort - ok
15:18:28.0304 4464 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:18:28.0385 4464 secdrv - ok
15:18:28.0442 4464 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
15:18:28.0486 4464 seclogon - ok
15:18:28.0520 4464 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
15:18:28.0565 4464 SENS - ok
15:18:28.0591 4464 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
15:18:28.0683 4464 Serenum - ok
15:18:28.0756 4464 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
15:18:28.0815 4464 Serial - ok
15:18:28.0835 4464 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:18:28.0856 4464 sermouse - ok
15:18:28.0898 4464 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
15:18:28.0955 4464 SessionEnv - ok
15:18:29.0006 4464 [ 51CF56AA8BCC241F134B420B8F850406 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:18:29.0037 4464 sffdisk - ok
15:18:29.0051 4464 [ 96DED8B20C734AC41641CE275250E55D ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:18:29.0067 4464 sffp_mmc - ok
15:18:29.0078 4464 [ 8B08CAB1267B2C377883FC9E56981F90 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:18:29.0111 4464 sffp_sd - ok
15:18:29.0139 4464 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:18:29.0205 4464 sfloppy - ok
15:18:29.0237 4464 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:18:29.0268 4464 SharedAccess - ok
15:18:29.0346 4464 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:18:29.0379 4464 ShellHWDetection - ok
15:18:29.0400 4464 [ 08072B2FB92477FC813271A84B3A8698 ] sisagp C:\Windows\system32\drivers\sisagp.sys
15:18:29.0412 4464 sisagp - ok
15:18:29.0429 4464 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
15:18:29.0444 4464 SiSRaid2 - ok
15:18:29.0461 4464 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:18:29.0478 4464 SiSRaid4 - ok
15:18:29.0571 4464 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
15:18:29.0588 4464 SkypeUpdate - ok
15:18:29.0916 4464 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
15:18:30.0146 4464 slsvc - ok
15:18:30.0174 4464 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
15:18:30.0215 4464 SLUINotify - ok
15:18:30.0271 4464 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:18:30.0290 4464 Smb - ok
15:18:30.0319 4464 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:18:30.0331 4464 SNMPTRAP - ok
15:18:30.0360 4464 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
15:18:30.0372 4464 spldr - ok
15:18:30.0413 4464 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
15:18:30.0433 4464 Spooler - ok
15:18:30.0469 4464 sprtsvc_dellsupportcenter - ok
15:18:30.0585 4464 [ 73205BD9A388639C210636793FE3FD61 ] sptd C:\Windows\system32\Drivers\sptd.sys
15:18:30.0585 4464 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 73205BD9A388639C210636793FE3FD61
15:18:30.0587 4464 sptd ( LockedFile.Multi.Generic ) - warning
15:18:30.0587 4464 sptd - detected LockedFile.Multi.Generic (1)
15:18:30.0679 4464 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:18:30.0728 4464 srv - ok
15:18:30.0785 4464 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:18:30.0835 4464 srv2 - ok
15:18:30.0885 4464 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:18:30.0912 4464 srvnet - ok
15:18:30.0942 4464 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:18:30.0979 4464 SSDPSRV - ok
15:18:31.0022 4464 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:18:31.0062 4464 SstpSvc - ok
15:18:31.0157 4464 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
15:18:31.0206 4464 stisvc - ok
15:18:31.0343 4464 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
15:18:31.0359 4464 stllssvr - ok
15:18:31.0425 4464 [ B427200207110E4C38EF3D616C0244F5 ] Stlth317 C:\Windows\system32\DRIVERS\stlth317.sys
15:18:31.0457 4464 Stlth317 ( UnsignedFile.Multi.Generic ) - warning
15:18:31.0457 4464 Stlth317 - detected UnsignedFile.Multi.Generic (1)
15:18:31.0493 4464 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:18:31.0520 4464 swenum - ok
15:18:31.0646 4464 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
15:18:31.0758 4464 swprv - ok
15:18:31.0861 4464 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
15:18:31.0929 4464 Symc8xx - ok
15:18:31.0945 4464 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
15:18:31.0966 4464 Sym_hi - ok
15:18:32.0018 4464 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
15:18:32.0051 4464 Sym_u3 - ok
15:18:32.0215 4464 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
15:18:32.0302 4464 SysMain - ok
15:18:32.0360 4464 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:18:32.0407 4464 TabletInputService - ok
15:18:32.0461 4464 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:18:32.0502 4464 TapiSrv - ok
15:18:32.0577 4464 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
15:18:32.0665 4464 TBS - ok
15:18:32.0819 4464 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:18:32.0906 4464 Tcpip - ok
15:18:33.0012 4464 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
15:18:33.0162 4464 Tcpip6 - ok
15:18:33.0210 4464 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:18:33.0281 4464 tcpipreg - ok
15:18:33.0328 4464 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:18:33.0375 4464 TDPIPE - ok
15:18:33.0404 4464 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:18:33.0449 4464 TDTCP - ok
15:18:33.0505 4464 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:18:33.0539 4464 tdx - ok
15:18:33.0656 4464 [ 2A96C8FA665C02E6AD596C321B583112 ] TeamViewer5 C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
15:18:33.0684 4464 TeamViewer5 - ok
15:18:33.0734 4464 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:18:33.0759 4464 TermDD - ok
15:18:33.0785 4464 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
15:18:33.0833 4464 TermService - ok
15:18:33.0877 4464 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
15:18:33.0906 4464 Themes - ok
15:18:33.0924 4464 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
15:18:33.0967 4464 THREADORDER - ok
15:18:34.0001 4464 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
15:18:34.0067 4464 TrkWks - ok
15:18:34.0158 4464 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:18:34.0210 4464 TrustedInstaller - ok
15:18:34.0260 4464 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:18:34.0309 4464 tssecsrv - ok
15:18:34.0346 4464 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
15:18:34.0405 4464 tunmp - ok
15:18:34.0452 4464 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:18:34.0502 4464 tunnel - ok
15:18:34.0543 4464 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:18:34.0570 4464 uagp35 - ok
15:18:34.0667 4464 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:18:34.0711 4464 udfs - ok
15:18:34.0761 4464 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:18:34.0826 4464 UI0Detect - ok
15:18:34.0848 4464 [ 6D72EF05921ABDF59FC45C7EBFE7E8DD ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:18:34.0871 4464 uliagpkx - ok
15:18:34.0908 4464 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
15:18:34.0940 4464 uliahci - ok
15:18:34.0965 4464 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
15:18:34.0989 4464 UlSata - ok
15:18:35.0002 4464 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
15:18:35.0026 4464 ulsata2 - ok
15:18:35.0063 4464 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:18:35.0119 4464 umbus - ok
15:18:35.0156 4464 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
15:18:35.0205 4464 upnphost - ok
15:18:35.0292 4464 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
15:18:35.0329 4464 USBAAPL - ok
15:18:35.0377 4464 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:18:35.0411 4464 usbccgp - ok
15:18:35.0434 4464 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:18:35.0525 4464 usbcir - ok
15:18:35.0586 4464 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:18:35.0618 4464 usbehci - ok
15:18:35.0672 4464 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:18:35.0718 4464 usbhub - ok
15:18:35.0744 4464 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:18:35.0820 4464 usbohci - ok
15:18:35.0858 4464 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
15:18:35.0954 4464 usbprint - ok
15:18:36.0005 4464 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:18:36.0036 4464 USBSTOR - ok
15:18:36.0053 4464 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:18:36.0087 4464 usbuhci - ok
15:18:36.0134 4464 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
15:18:36.0166 4464 UxSms - ok
15:18:36.0226 4464 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
15:18:36.0265 4464 vds - ok
15:18:36.0291 4464 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:18:36.0346 4464 vga - ok
15:18:36.0383 4464 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
15:18:36.0406 4464 VgaSave - ok
15:18:36.0415 4464 [ D5929A28BDFF4367A12CAF06AF901971 ] viaagp C:\Windows\system32\drivers\viaagp.sys
15:18:36.0428 4464 viaagp - ok
15:18:36.0439 4464 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
15:18:36.0506 4464 ViaC7 - ok
15:18:36.0528 4464 [ 689547CE911998D1E0DA7A5992E025FC ] viaide C:\Windows\system32\drivers\viaide.sys
15:18:36.0542 4464 viaide - ok
15:18:36.0556 4464 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:18:36.0570 4464 volmgr - ok
15:18:36.0623 4464 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:18:36.0641 4464 volmgrx - ok
15:18:36.0677 4464 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:18:36.0694 4464 volsnap - ok
15:18:36.0713 4464 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:18:36.0732 4464 vsmraid - ok
15:18:36.0804 4464 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
15:18:36.0885 4464 VSS - ok
15:18:36.0989 4464 [ CBA3F6EF1E70167DB376B4013F71A62B ] vToolbarUpdater12.2.6 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
15:18:37.0084 4464 vToolbarUpdater12.2.6 - ok
15:18:37.0139 4464 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
15:18:37.0180 4464 W32Time - ok
15:18:37.0204 4464 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:18:37.0287 4464 WacomPen - ok
15:18:37.0316 4464 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
15:18:37.0387 4464 Wanarp - ok
15:18:37.0395 4464 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:18:37.0435 4464 Wanarpv6 - ok
15:18:37.0503 4464 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:18:37.0547 4464 wcncsvc - ok
15:18:37.0574 4464 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:18:37.0611 4464 WcsPlugInService - ok
15:18:37.0635 4464 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
15:18:37.0655 4464 Wd - ok
15:18:37.0687 4464 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:18:37.0721 4464 Wdf01000 - ok
15:18:37.0755 4464 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:18:37.0801 4464 WdiServiceHost - ok
15:18:37.0813 4464 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:18:37.0859 4464 WdiSystemHost - ok
15:18:37.0873 4464 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
15:18:37.0919 4464 WebClient - ok
15:18:37.0971 4464 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:18:38.0013 4464 Wecsvc - ok
15:18:38.0046 4464 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:18:38.0091 4464 wercplsupport - ok
15:18:38.0152 4464 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
15:18:38.0193 4464 WerSvc - ok
15:18:38.0241 4464 [ 6D2350BB6E77E800FC4BE4E5B7A2E89A ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
15:18:38.0284 4464 winachsf - ok
15:18:38.0343 4464 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
15:18:38.0372 4464 WinDefend - ok
15:18:38.0382 4464 WinHttpAutoProxySvc - ok
15:18:38.0425 4464 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:18:38.0463 4464 Winmgmt - ok
15:18:38.0544 4464 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
15:18:38.0679 4464 WinRM - ok
15:18:38.0745 4464 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
15:18:38.0829 4464 Wlansvc - ok
15:18:38.0936 4464 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:18:38.0954 4464 wlcrasvc - ok
15:18:39.0064 4464 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:18:39.0123 4464 wlidsvc - ok
15:18:39.0168 4464 [ 17EAC0D023A65FA9B02114CC2BAACAD5 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:18:39.0190 4464 WmiAcpi - ok
15:18:39.0243 4464 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:18:39.0284 4464 wmiApSrv - ok
15:18:39.0346 4464 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
15:18:39.0421 4464 WMPNetworkSvc - ok
15:18:39.0476 4464 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:18:39.0512 4464 WPCSvc - ok
15:18:39.0533 4464 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:18:39.0555 4464 WPDBusEnum - ok
15:18:39.0603 4464 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
15:18:39.0617 4464 WpdUsb - ok
15:18:39.0772 4464 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:18:39.0801 4464 WPFFontCache_v0400 - ok
15:18:39.0830 4464 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:18:39.0875 4464 ws2ifsl - ok
15:18:39.0929 4464 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
15:18:39.0975 4464 wscsvc - ok
15:18:39.0981 4464 WSearch - ok
15:18:40.0092 4464 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
15:18:40.0237 4464 wuauserv - ok
15:18:40.0282 4464 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:18:40.0363 4464 WUDFRd - ok
15:18:40.0387 4464 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:18:40.0458 4464 wudfsvc - ok
15:18:40.0490 4464 [ 5A7FF9A18FF6D7E0527FE3ABF9204EF8 ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
15:18:40.0532 4464 XAudio - ok
15:18:40.0564 4464 [ 28DC5D626E036A75A572556F0A6EB1F6 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
15:18:40.0614 4464 XAudioService - ok
15:18:40.0653 4464 ================ Scan global ===============================
15:18:40.0675 4464 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
15:18:40.0709 4464 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
15:18:40.0723 4464 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
15:18:40.0769 4464 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
15:18:40.0773 4464 [Global] - ok
15:18:40.0773 4464 ================ Scan MBR ==================================
15:18:40.0790 4464 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
15:18:40.0956 4464 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
15:18:40.0956 4464 \Device\Harddisk0\DR0 - detected TDSS File System (1)
15:18:40.0956 4464 ================ Scan VBR ==================================
15:18:40.0982 4464 [ D9E55790F7AFA38DEA7430F26880C40E ] \Device\Harddisk0\DR0\Partition1
15:18:40.0984 4464 \Device\Harddisk0\DR0\Partition1 - ok
15:18:40.0987 4464 [ 02C4E1E3B1CB8F6C1418C7A206F19159 ] \Device\Harddisk0\DR0\Partition2
15:18:40.0988 4464 \Device\Harddisk0\DR0\Partition2 - ok
15:18:40.0989 4464 ============================================================
15:18:40.0989 4464 Scan finished
15:18:40.0989 4464 ============================================================
15:18:41.0002 4080 Detected object count: 7
15:18:41.0002 4080 Actual detected object count: 7
15:19:04.0187 4080 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:19:04.0187 4080 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:19:04.0191 4080 Afc ( UnsignedFile.Multi.Generic ) - skipped by user
15:19:04.0191 4080 Afc ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:19:04.0193 4080 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:19:04.0193 4080 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:19:04.0196 4080 igfx ( UnsignedFile.Multi.Generic ) - skipped by user
15:19:04.0196 4080 igfx ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:19:04.0199 4080 sptd ( LockedFile.Multi.Generic ) - skipped by user
15:19:04.0199 4080 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
15:19:04.0201 4080 Stlth317 ( UnsignedFile.Multi.Generic ) - skipped by user
15:19:04.0201 4080 Stlth317 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:19:04.0204 4080 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
15:19:04.0207 4080 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Edited by hcelizondo, 14 September 2012 - 02:20 PM.

  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
Run TDSSKiller again and have it delete this entry:

\Device\Harddisk0\DR0 ( TDSS File System )
  • 0

#6
hcelizondo

hcelizondo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Mbam log:
Malwarebytes Anti-Malware (Versión de Prueba) 1.65.0.1400
www.malwarebytes.org

Versión de la Base de Datos: v2012.09.14.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Hector :: CORREAH [administrador]

Protección: Personas de movilidad reducida

14/09/2012 03:38:05 p.m.
mbam-log-2012-09-14 (15-38-05).txt

Tipos de Análisis: Análisis Rápido
Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opciones de análisis desactivados: P2P
Objetos examinados: 255452
Tiempo transcurrido: 10 minuto(s), 12 segundo(s)

Procesos en Memoria Detectados: 0
(No se han detectado elementos maliciosos)

Módulos de Memoria Detectados: 0
(No se han detectado elementos maliciosos)

Claves del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Valores del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Carpetas Detectadas: 0
(No se han detectado elementos maliciosos)

Archivos Detectados: 0
(No se han detectado elementos maliciosos)

fin)
  • 0

#7
hcelizondo

hcelizondo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Everything is completed but vino's event viewer. I received an error message telling me that is not coded for my language (Spanish). I have also removed the line that you indicated me to using TDSSKiller

FSS Log:
Farbar Service Scanner Version: 06-08-2012
Ran by Hector (administrator) on 14-09-2012 at 17:14:52
Running from "C:\Users\Hector\Documents\virus\Tools"
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll
[2008-07-28 17:46] - [2008-01-19 02:34] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#8
hcelizondo

hcelizondo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
OTL Extras:
OTL Extras logfile created on: 14/09/2012 05:20:34 p.m. - Run 2
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Hector\Documents\virus\Tools
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000080A | Country: México | Language: ESM | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 46.06% Memory free
4.22 Gb Paging File | 2.91 Gb Available in Paging File | 69.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 22.44 Gb Free Space | 10.07% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.41 Gb Free Space | 64.07% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: CORREAH | User Name: Hector | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09ECCCA2-1614-46F7-985E-1F53BE8BB070}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{50A502F7-AF9E-4237-B88E-CF9B86BE3E3F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5419025B-5FEA-4B41-A763-53656A3611A4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5DB54F40-0132-4D37-BEAF-03D429E8696E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A1B0E9E9-9716-47D6-9258-43FC4498A432}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06843710-2804-4F86-8E50-189777DB0D89}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{0CFA2E26-C58A-4CE5-B428-BFCBA126648B}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{10DD0D09-BA88-4616-B5BA-C16BF4EFE27B}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{12A0D135-EDFE-4D98-A11D-AA3CB4F0B68A}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{1DF26D37-BE57-4027-8C57-0A6F4A6E23AA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{27E73876-57B2-41F5-9494-F4E58D7ABC20}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{30327E2C-D0DC-4429-8E3F-D05109391433}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{4777628B-7637-4D6C-ADC9-C4B55B37E5D8}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{4D683DFE-70E4-49CC-9361-7F7B4B7A51AD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{58DFD3CE-5DE1-4311-ABAE-1CA789EE7FED}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{6151743F-1B33-4233-ADC1-DCEF27085B2C}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{67DDAE40-312E-43D4-91E9-BB9B9E7D85BF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{70FBF593-F57D-4C4E-BFA1-28ACA9A63441}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{73231F50-048B-4AB6-9A2B-4443EBB7173D}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{76FBA253-AA02-4475-8737-A68020F3C636}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{95BD2AB7-249B-442A-A704-21907714FB03}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{B3C83778-7D70-4D1D-B380-D5895F71A19C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B54A5BE8-6E75-4ABC-B18F-D5853E1DF945}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{B9632CA6-EA6F-4CCC-9B87-BCD87DAC52D0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BAD1A051-A0CC-442D-8CDF-58449927E572}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{BF0FD619-2E38-40B5-AD6B-FFF4AE45C78E}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{C2D29B09-F7E8-46D3-BB7B-4C2F3C22598F}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{D180E276-31C5-4BB5-9F93-79498219C2EF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{DC094C2D-76D0-4291-B542-0AEFD74E01D4}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{F8DFD4A4-7B81-432C-B543-CC0387FCB0C9}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0A1651F1-7E0F-4613-93FE-967F5BC3C1B7}" = Windows Live Remote Service Resources
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0C0A-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 24
"{27614800-84A9-484E-9CCB-43ED2F1205F5}" = Chessmaster Grandmaster Edition
"{286033D3-C1C2-458A-B42B-0AC9C4E62B90}" = Scid
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{38BB21D5-B0D1-41DA-A0B0-1EFB5EF4AAC2}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry® Media Sync
"{44134B23-012F-473B-A5CB-9AFB59405E3A}" = Guía de introducción de Dell
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B930AE3-61C6-4D02-A9D4-84F4ACBCEC25}" = OpenOffice.org 3.3
"{4F4182DA-3D58-41E3-913D-480F8DA5C863}" = Fritz 12
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{5C8BC258-A629-4DF2-97D0-E106C2A9B1BD}" = Windows Live Remote Client Resources
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.11.0
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86286ABC-4081-4BD3-B710-190B314BCE18}" = ChessBase Reader
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EDBA74D-0686-4C99-BFDD-F894678E5103}" = Adobe Common File Installer
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007
"{90120000-0015-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007
"{90120000-0019-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007
"{90120000-001A-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_ENTERPRISE_{BEADB115-DB47-4BD0-A9EC-AE585AFAB2D8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-042D-0000-0000000FF1CE}_ENTERPRISE_{017A6981-5E03-4A97-830A-35FE0927BB7F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0456-0000-0000000FF1CE}_ENTERPRISE_{A3A03B41-14EA-4E50-97D8-FCF429AE0CCB}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0C0A-0000-0000000FF1CE}" = Paquete de compatibilidad para 2007 Office system
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0C0A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Spanish) 2007
"{90120000-0044-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}_ENTERPRISE_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
"{90120000-00A1-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0C0A-0000-0000000FF1CE}" = Complemento Guardar como PDF o XPS de Microsoft para programas de Microsoft Office 2007
"{90120000-00BA-0C0A-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Spanish) 2007
"{90120000-00BA-0C0A-0000-0000000FF1CE}_ENTERPRISE_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92E4A65F-7007-3357-A69A-167F71A337BD}" = Microsoft .NET Framework 3.5 Language Pack SP1 - esn
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion
"{95120000-00AF-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Spanish)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{953D4586-9A16-495E-BA1F-EE5AA66604DB}" = Windows Live Sync
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A05C7AF7-8F89-42EF-BC3A-8F3D2B5E319B}" = DAEMON Tools
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9B223FF-25A5-4302-BE10-2FC7603C4220}" = Windows Live Family Safety
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B69C390B-826F-473C-86EB-7AD4950818C3}" = AVG 2012
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6330700-4083-48DD-A03C-E209674E7836}" = ChessBase Reader
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DB55D872-A96B-4434-8110-CA7B755AD914}" = Fritz 12
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9787678-551D-4478-9682-DBB587257110}" = Adobe Help Center 1.0
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Herramienta de diagnóstico del módem
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"Arena 3.0_is1" = Arena 3.0
"AVG" = AVG 2012
"AviSynth" = AviSynth 2.5
"BlackBerry_{CE86E2F5-850C-4207-94A3-A58D647B1733}" = BlackBerry Desktop Software 5.0.1
"Cain & Abel v4.9.43" = Cain & Abel v4.9.43
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"CutePDF Writer Installation" = CutePDF Writer 2.8
"DFX for Winamp" = DFX for Winamp
"eMule" = eMule
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Foxit Reader" = Foxit Reader
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"HDMI" = Intel® Graphics Media Accelerator Driver
"iDFX" = iDFX
"InstallShield_{27614800-84A9-484E-9CCB-43ED2F1205F5}" = Chessmaster Grandmaster Edition
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.14
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - esn" = Paquete de idioma de Microsoft .NET Framework 3.5 SP1 - esn
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"Mozilla Thunderbird (5.0)" = Mozilla Thunderbird (5.0)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PC-Doctor for Windows" = Dell Support Center
"Peshka_is1" = Peshka Training Courses
"PokerStars.net" = PokerStars.net
"PROSetDX" = Intel® PRO Network Connections 12.1.11.0
"PSP Video 9" = PSP Video 9 6
"Security Task Manager" = Security Task Manager 1.8c
"Tag&Rename_is1" = Tag&Rename 3.5.6
"TeamViewer 5" = TeamViewer 5
"WebGoRadio Toolbar" = WebGoRadio Toolbar
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR archiver
"Zortam Mp3 Media Studio_is1" = Zortam Mp3 Media Studio 11.15
"Zynga Toolbar" = Zynga Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ OSession Events ]
Error - 06/08/2010 04:42:24 p.m. | Computer Name = correah | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 1461
seconds with 1380 seconds of active time. This session ended with a crash.

Error - 21/11/2010 01:34:51 p.m. | Computer Name = correah | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1228
seconds with 180 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 14/09/2012 06:05:45 p.m. | Computer Name = correah | Source = Service Control Manager | ID = 7009
Description =

Error - 14/09/2012 06:05:45 p.m. | Computer Name = correah | Source = Service Control Manager | ID = 7000
Description =


< End of report >

******************************************
and OTL:
OTL logfile created on: 14/09/2012 05:20:34 p.m. - Run 2
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Hector\Documents\virus\Tools
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000080A | Country: México | Language: ESM | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 46.06% Memory free
4.22 Gb Paging File | 2.91 Gb Available in Paging File | 69.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 22.44 Gb Free Space | 10.07% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.41 Gb Free Space | 64.07% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: CORREAH | User Name: Hector | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Archivos de programa\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Archivos de programa\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe ()
PRC - C:\Archivos de programa\AVG Secure Search\vprot.exe ()
PRC - C:\Users\Hector\Documents\virus\Tools\OTL.exe (OldTimer Tools)
PRC - C:\Archivos de programa\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Archivos de programa\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Archivos de programa\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Archivos de programa\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Archivos de programa\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Archivos de programa\McAfee Security Scan\3.0.271\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Archivos de programa\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Archivos de programa\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Archivos de programa\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Archivos de programa\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Archivos de programa\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Archivos de programa\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Archivos de programa\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Archivos de programa\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Archivos de programa\Mozilla Firefox\mozjs.dll ()
MOD - C:\Archivos de programa\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll ()
MOD - C:\Archivos de programa\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll ()
MOD - C:\Archivos de programa\AVG Secure Search\vprot.exe ()
MOD - C:\Archivos de programa\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Archivos de programa\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Archivos de programa\WinRAR\RarExt.dll ()


========== Services (SafeList) ==========

SRV - (sprtsvc_dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter File not found
SRV - (MozillaMaintenance) -- C:\Archivos de programa\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (vToolbarUpdater12.2.6) -- C:\Archivos de programa\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Archivos de programa\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (SkypeUpdate) -- C:\Archivos de programa\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (avgfws) -- C:\Archivos de programa\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (McComponentHostService) -- C:\Archivos de programa\McAfee Security Scan\3.0.271\McCHSvc.exe (McAfee, Inc.)
SRV - (avgwd) -- C:\Archivos de programa\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (odserv) -- C:\Archivos de programa\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (fsssvc) -- C:\Archivos de programa\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (wlcrasvc) -- C:\Archivos de programa\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Archivos de programa\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (rpcapd) -- C:\Archivos de programa\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (TeamViewer5) -- C:\Archivos de programa\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (ACDaemon) -- C:\Archivos de programa\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Archivos de programa\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (WinDefend) -- C:\Archivos de programa\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Archivos de programa\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (ose) -- C:\Archivos de programa\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (IntcAzAudAddService) -- system32\drivers\RTKVHDA.sys File not found
DRV - (cpuz134) -- C:\Users\Hector\AppData\Local\Temp\cpuz134\cpuz134_x32.sys File not found
DRV - (catchme) -- C:\Users\Hector\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgfwfd) -- C:\Windows\System32\drivers\avgfwd6x.sys (AVG Technologies CZ, s.r.o.)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (pavboot) -- C:\Windows\System32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (Stlth317) -- C:\Windows\System32\drivers\stlth317.sys (Generic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Archivos de programa\Zynga\tbZyn1.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {c434bc3f-1a2a-4e73-98bb-8f99e454897a} - C:\Archivos de programa\WebGoRadio\tbWeb0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DAMX
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1383636

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=mx&ibd=2080719
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Archivos de programa\Zynga\tbZyn1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {c434bc3f-1a2a-4e73-98bb-8f99e454897a} - C:\Archivos de programa\WebGoRadio\tbWeb0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGLL_es
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....pr&d=2012-08-26 11:18:38&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1383636
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: [email protected]:6.103.018.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "https://isearch.avg....8:38&sap=ku&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Hector\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Hector\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Hector\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\12.2.5.32\ [2012/09/04 08:37:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/09 08:03:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/02 10:03:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/10/30 19:55:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/01/23 00:08:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hector\AppData\Roaming\mozilla\Extensions
[2009/05/19 09:16:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hector\AppData\Roaming\mozilla\Extensions\[email protected]
[2012/08/22 09:02:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hector\AppData\Roaming\mozilla\Firefox\Profiles\mv60azpv.default\extensions
[2010/09/24 18:47:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Hector\AppData\Roaming\mozilla\Firefox\Profiles\mv60azpv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/08/21 09:02:18 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Hector\AppData\Roaming\mozilla\Firefox\Profiles\mv60azpv.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2012/08/28 16:49:51 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\extensions
[2012/02/13 17:01:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Archivos de programa\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/09/04 08:37:56 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\12.2.5.32
[2012/09/09 08:03:42 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/09/04 08:35:50 | 000,003,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/09/09 08:03:36 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/09 08:03:35 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: No name found = C:\Users\Hector\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/09/14 15:06:18 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Archivos de programa\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Archivos de programa\Zynga\tbZyn1.dll (Conduit Ltd.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Archivos de programa\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Archivos de programa\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (WebGoRadio Toolbar) - {c434bc3f-1a2a-4e73-98bb-8f99e454897a} - C:\Archivos de programa\WebGoRadio\tbWeb0.dll (Conduit Ltd.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Archivos de programa\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Archivos de programa\Zynga\tbZyn1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Archivos de programa\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (WebGoRadio Toolbar) - {c434bc3f-1a2a-4e73-98bb-8f99e454897a} - C:\Archivos de programa\WebGoRadio\tbWeb0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Archivos de programa\Zynga\tbZyn1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (WebGoRadio Toolbar) - {C434BC3F-1A2A-4E73-98BB-8F99E454897A} - C:\Archivos de programa\WebGoRadio\tbWeb0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe ()
O4 - HKLM..\Run: [ROC_roc_ssl_v12] C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [MobileDocuments] C:\Archivos de programa\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Archivos de programa\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Archivos de programa\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Archivos de programa\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Archivos de programa\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Archivos de programa\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Archivos de programa\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: GD ([http] in Intranet local)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5FE7818E-8FB5-40B9-AEC6-6284E7908EB3}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B414279D-79CC-49CE-8FFA-7BBA737A065C}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Archivos de programa\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Archivos de programa\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Archivos de programa\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Archivos de programa\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Archivos de programa\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Archivos de programa\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Archivos de programa\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Archivos de programa\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Hector\Pictures\PHOTOfunSTUDIO wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Hector\Pictures\PHOTOfunSTUDIO wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk - C:\Archivos de programa\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\Archivos de programa\Digital Line Detect\DLG.exe - (Avanquest Software )
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO -viewer-.lnk - C:\Archivos de programa\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe - (Matsushita Electric Industrial Co., Ltd.)
MsConfig - StartUpFolder: C:^Users^Hector^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk - C:\Archivos de programa\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpFolder: C:^Users^Hector^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Recorte de pantalla e Inicio rápido de OneNote 2007.lnk - C:\Archivos de programa\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Archivos de programa\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Archivos de programa\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
MsConfig - StartUpReg: BlackBerryAutoUpdate - hkey= - key= - C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
MsConfig - StartUpReg: DAEMON Tools-1033 - hkey= - key= - C:\Program Files\D-Tools\daemon.exe (VeNoM386 and SwENSkE)
MsConfig - StartUpReg: ECenter - hkey= - key= - C:\DELL\E-Center\EULALauncher.exe ( )
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: ISUSPM - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: PDVDDXSrv - hkey= - key= - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Archivos de programa\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Archivos de programa\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: hitmanpro35 - Reg Error: Value error.
SafeBootNet: hitmanpro35.sys - Reg Error: Value error.
SafeBootNet: HitmanPro35Crusader - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Archivos de programa\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {CE4BC71D-A88B-4943-BB3D-AF9C0E7D4387} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/14 17:01:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
[2012/09/14 15:51:20 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/09/14 15:37:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/14 15:37:01 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/14 15:37:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/14 15:10:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/14 15:10:23 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/14 15:10:23 | 000,000,000 | ---D | C] -- C:\Users\Hector\AppData\Local\temp
[2012/09/14 14:52:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/14 14:52:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/14 14:52:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/14 14:52:06 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/09/14 14:51:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/14 14:51:27 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/10 09:16:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/08/26 12:20:15 | 000,000,000 | ---D | C] -- C:\Users\Hector\AppData\Roaming\AVG
[2012/08/26 12:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2012/08/26 11:20:14 | 000,000,000 | ---D | C] -- C:\Users\Hector\AppData\Roaming\AVG2012
[2012/08/26 11:19:15 | 000,000,000 | ---D | C] -- C:\Users\Hector\AppData\Local\AVG Secure Search
[2012/08/26 11:18:57 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/08/26 11:18:34 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012/08/26 11:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/08/26 11:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/08/26 11:11:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/08/26 11:11:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2012/08/26 10:52:13 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/08/26 10:01:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/08/26 10:01:37 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012/08/26 10:01:24 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2012/08/24 15:43:18 | 000,301,920 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2012/08/23 10:52:35 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/08/23 10:52:34 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
[2012/08/16 09:33:27 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/08/16 09:33:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/08/16 09:33:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/08/16 09:33:25 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/08/16 09:33:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/08/16 09:33:25 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/08/16 09:33:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/08/16 09:33:14 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

========== Files - Modified Within 30 Days ==========

[2012/09/14 17:18:00 | 000,001,024 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/14 17:09:00 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3990087816-3269341712-2415393594-1000UA.job
[2012/09/14 17:08:15 | 000,000,838 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/14 17:04:36 | 000,001,020 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/14 17:04:20 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/14 17:04:20 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/14 17:04:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/14 17:04:09 | 2134,048,768 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/14 15:37:03 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/14 15:06:18 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/09/14 09:09:00 | 000,000,998 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3990087816-3269341712-2415393594-1000Core.job
[2012/09/14 08:54:08 | 094,810,240 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/09/13 10:46:38 | 000,172,764 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/09/10 09:16:04 | 000,000,844 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/07 13:30:25 | 000,717,686 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2012/09/07 13:30:24 | 000,634,440 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/07 13:30:24 | 000,154,004 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2012/09/07 13:30:24 | 000,120,004 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/04 08:37:46 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012/09/03 14:12:04 | 000,002,088 | ---- | M] () -- C:\Users\Hector\Desktop\Google Chrome.lnk
[2012/08/31 10:46:29 | 000,627,150 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2012/08/28 16:49:53 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/08/26 11:12:26 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjw.avm
[2012/08/26 10:01:37 | 000,001,951 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/08/24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2012/08/23 10:22:33 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/23 10:22:33 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/17 08:46:01 | 000,473,968 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/09/14 15:37:03 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/14 14:52:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/14 14:52:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/14 14:52:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/14 14:52:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/14 14:52:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/14 08:54:08 | 094,810,240 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/09/13 10:46:38 | 000,172,764 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/08/31 10:46:29 | 000,627,150 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2012/08/26 11:19:11 | 000,000,844 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/08/26 11:12:26 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjw.avm
[2012/08/26 10:01:25 | 000,001,951 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/05/28 09:19:12 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2011/03/19 00:51:35 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/03/18 12:37:20 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2010/07/19 22:49:24 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008/12/12 15:55:01 | 000,000,094 | ---- | C] () -- C:\Users\Hector\AppData\Local\fusioncache.dat
[2008/07/31 15:50:57 | 000,000,680 | ---- | C] () -- C:\Users\Hector\AppData\Local\d3d9caps.dat
[2008/07/28 19:43:41 | 000,121,856 | ---- | C] () -- C:\Users\Hector\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2012/08/26 12:34:25 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\AVG
[2012/08/26 11:20:14 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\AVG2012
[2012/02/20 17:12:46 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\AVG9
[2011/03/12 15:48:55 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\ChessBase
[2011/03/26 11:01:26 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\Foxit Software
[2012/09/13 09:42:45 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\KeePass
[2011/03/13 10:12:35 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\Onone
[2009/03/28 20:17:57 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\OpenOffice.org
[2009/03/01 16:29:24 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\Panasonic
[2010/12/15 21:11:35 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\PCDr
[2010/05/28 00:16:44 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\Research In Motion
[2010/06/17 19:07:21 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\TeamViewer
[2011/08/10 10:09:42 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\Thunderbird
[2012/09/14 17:03:14 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST3250310AS ATA Device
Partitions: 3
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 0.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 10.00GB
Starting Offset: 57671680
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 223.00GB
Starting Offset: 10795089920
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2009/02/08 22:19:37 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\Adobe
[2012/03/08 14:53:44 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\Apple Computer
[2009/05/09 10:44:18 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\ArcSoft
[2012/08/26 12:34:25 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\AVG
[2012/08/26 11:20:14 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\AVG2012
[2012/02/20 17:12:46 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\AVG9
[2011/03/12 15:48:55 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\ChessBase
[2008/09/05 00:33:42 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\CyberLink
[2011/05/24 17:47:11 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\Dell
[2011/03/26 11:01:26 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\Foxit Software
[2008/07/30 22:53:37 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\Google
[2008/07/28 15:24:14 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\Identities
[2010/06/02 19:42:31 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\InstallShield
[2012/09/13 09:42:45 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\KeePass
[2008/07/28 15:38:12 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\Macromedia
[2011/01/31 21:33:48 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\Malwarebytes
[2012/08/01 09:41:01 | 000,000,000 | --SD | M] -- C:\Users\Hector\AppData\Roaming\Microsoft
[2009/08/05 17:00:36 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\Move Networks
[2010/01/23 00:06:09 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\Mozilla
[2011/03/13 10:12:35 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\Onone
[2009/03/28 20:17:57 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\OpenOffice.org
[2009/03/01 16:29:24 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\Panasonic
[2010/12/15 21:11:35 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\PCDr
[2010/05/28 00:16:44 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\Research In Motion
[2010/07/19 22:24:08 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\Roxio
[2012/09/13 09:25:01 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\Skype
[2010/06/17 19:07:21 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\TeamViewer
[2011/08/10 10:09:42 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\Thunderbird
[2009/03/07 17:40:36 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\Winamp
[2010/08/06 09:46:39 | 000,000,000 | ---D | M] -- C:\Users\Hector\AppData\Roaming\WinRAR

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\erdnt\cache\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/07/19 10:29:13 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2008/07/19 10:45:54 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=61CA2C1E145809813C28752298CF9843 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5da5d093\atapi.sys
[2008/07/19 10:45:54 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=61CA2C1E145809813C28752298CF9843 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20580_none_db8503133dc1c2af\atapi.sys
[2008/07/19 10:45:54 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=7EB55F6BEFB392BD312CD0CD5263305D -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_6c3af7d3\atapi.sys
[2008/07/19 10:45:54 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=7EB55F6BEFB392BD312CD0CD5263305D -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16470_none_db063634249c06f4\atapi.sys
[2008/07/19 10:28:45 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys
[2008/07/19 10:28:45 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys
[2008/07/19 10:29:12 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2008/07/19 10:29:12 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2008/07/19 10:40:57 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/07/19 10:40:57 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/07/19 10:40:57 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008/07/19 10:40:57 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CSRSS.EXE >
[2006/11/02 04:45:00 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=117B7C8A8B026A5DCE5E3180ED05E823 -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6000.16386_none_56ad21dbe72a9d78\csrss.exe
[2008/01/19 02:33:05 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\System32\csrss.exe
[2008/01/19 02:33:05 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_58e3e3d7e415ae4c\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/07/19 10:32:11 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/07/19 10:32:11 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\erdnt\cache\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 04:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 02:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2006/11/02 04:46:10 | 000,227,328 | ---- | M] (Microsoft Corporation) MD5=54E9576169A248AD62A1EB9773225826 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6000.16386_none_b61c950a3060adba\mswsock.dll
[2009/04/11 01:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\erdnt\cache\mswsock.dll
[2009/04/11 01:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\System32\mswsock.dll
[2009/04/11 01:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008/01/19 02:35:15 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2006/11/02 04:46:11 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=5E72DCFF9FB2374642043899A1C2E446 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6000.16386_none_a9e67ecc9245d5ec\NapiNSP.dll
[2008/01/19 02:35:35 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\System32\NapiNSP.dll
[2008/01/19 02:35:35 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_ac1d40c88f30e6c0\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2006/11/02 04:46:11 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=0F0DA05C44E911301028D9CEC6294EBB -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6000.16386_none_654f33cb0dff3491\nlaapi.dll
[2008/01/19 02:35:38 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\System32\nlaapi.dll
[2008/01/19 02:35:38 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_6785f5c70aea4565\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2008/01/19 02:36:07 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\System32\pnrpnsp.dll
[2008/01/19 02:36:07 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_717f15b322749509\pnrpnsp.dll
[2006/11/02 07:34:46 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=C0DC476E89558242848572F9ADE1D685 -- C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6000.16386_none_6f4853b725898435\pnrpnsp.dll

< MD5 for: SERVICES.EXE >
[2008/01/19 02:33:28 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2006/11/02 04:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\erdnt\cache\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 04:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 02:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\erdnt\cache\svchost.exe
[2008/01/19 02:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 02:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 02:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\erdnt\cache\userinit.exe
[2008/01/19 02:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 02:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 04:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\erdnt\cache\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 04:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 02:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/04/11 01:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\System32\winrnr.dll
[2009/04/11 01:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_5b39cbfb4d3802b6\winrnr.dll
[2006/11/02 04:46:14 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=FF78B8E67EDCE9FEED651D7858D77A04 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6000.16386_none_571790f3532b2696\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2006/11/02 04:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\System32\wshelper.dll
[2006/11/02 04:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\wshelper.dll

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/09/09 08:03:35 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/09/09 08:03:35 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/09/09 08:03:35 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/09/09 08:03:41 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/09/09 08:03:41 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/09/09 08:03:41 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/26 21:32:56 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/26 21:32:56 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/26 21:32:56 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/06/28 20:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/06/28 20:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/09/09 08:03:35 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/09/09 08:03:35 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/09/09 08:03:35 | 000,883,896 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/09/09 08:03:41 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/09/09 08:03:41 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/09/09 08:03:41 | 000,917,984 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/26 21:32:56 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/26 21:32:56 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/26 21:32:56 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/06/28 20:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/06/28 20:00:47 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2012/04/25 10:36:36 | 002,388,336 | ---- | M] (Apple Inc.)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemdrive%\$Recycle.Bin|@;true;true;true >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008/08/03 12:57:22 | 000,639,224 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:466F9D5D
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:8331D35A
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:EBC2DB92

< End of report >
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,797 posts
  • MVP
You do not have the latest Java.
First go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java™ 6 Update 24

Get the latest Java at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware.

Can you verify that you installed the following?

WinPcap 4.1.2
TeamViewer 5
GoToAssist 8.0.0.514

The first is used to exam packet traffic and is sometimes installed without your knowledge by malware. It has legitimate uses so if you installed it there is no problem. But if you did not install it then uninstall it.
The other two are remote control software that can be used to control your PC remotely. Again no problem if you installed them but they should be removed if you didn't install them or do not need them any more.

Adobe Flash Player 10 ActiveX -obsolete. This is the flash player used with IE. Uninstall it. If you ever use IE to look at flash then you will need to go to adobe.com using IE in order to download the latest flash for IE.

Uninstall any toolbars you don't use. They slow your browsing down.

Zynga Toolbar
WebGoRadio Toolbar
Google Toolbar for Internet Explorer

Uninstall McAfee Security Scan Plus. It's foistware and doesn't make your PC any safer.

sptd.sys which shows up in several scans is not malware and

is a legitimate driver component of programs like DAEMON Tools and Alcohol tho I think newer versions use a different driver. The driver is not removed when you uninstall them.

The standalone installer for sptd http://www.duplexsec...om/en/downloads has an option to uninstall it if you want to get rid of it.

We can clean up some garbage using OTL:



Copy the text in the code box by highlighting and Ctrl + c


:OTL
SRV - (sprtsvc_dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter File not found
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1383636
IE - HKCU\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Archivos de programa\Zynga\tbZyn1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {c434bc3f-1a2a-4e73-98bb-8f99e454897a} - C:\Archivos de programa\WebGoRadio\tbWeb0.dll (Conduit Ltd.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Archivos de programa\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Archivos de programa\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Archivos de programa\Dell\BAE\BAE.dll (Dell Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
     
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

The only malware we found was the TDSSKiller remnant in TDSSKiller.

I think your PC is clean.

We need to cleanup System Restore:

Copy the following:

:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Special note on Java. Currently there is an exploit out that works on all Java Version 7 software so we are recommending that if you do not visit websites that absolutely require Java that you turn it off in your browser per the instructions in http://www.geekstogo...ur-web-browser/
If you use websites that require Java and you trust them then we recommend that you use either Firefox with the NoScript add-on or Chrome with the ScriptNo add-on and avoid IE. NoScript/ScriptNo will turn off Java and Javascript on all websites you visit except for those that you specifically approve. More info on the exploit is here: http://krebsonsecuri...y-java-exploit/
A new Java 7 Version 7 was released on an emergency basis to fix the exploit but apparently actually makes things worse.


Ron
  • 0

#10
hcelizondo

hcelizondo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Done :) I have followed most of your recommendations, and uninstalled all the SW I don't use any more. Ron, I really want to thank you for the prompt response and help on my issue, very much appreciated.If there's nothing else to do I think you can close this topic now :) Thanks again
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP