View Full Version : Infected by malware
dperezfa
2013-03-08, 15:07
On every site i enter a frame (iframe) with ad is injected in my browser. The frame is in every browser (IE, FF, CHROME) and it is placed in the bottom-left corner of each page. I have had this infection for 3 months :sad:
DDS LOG:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514
Run by dperezfadon at 14:36:48 on 2013-03-08
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.34.3082.18.8142.5288 [GMT 1:00]
.
AV: Antivirus de Trend Micro OfficeScan *Enabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Antispyware de Trend Micro OfficeScan *Enabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files (x86)\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Wacom_Tablet.exe
C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\SysWOW64\CCM\CcmExec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\aetcrss1.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\PrintScreen\PrintScreen.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe
C:\Program Files (x86)\SAP\SapSetup\setup\Updater\NwSapSetupUserNotificationTool.exe
C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Users\dperezfadon\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Microsoft Lync\communicator.exe
C:\Program Files (x86)\Microsoft Lync\UcMapi.exe
C:\xampp\xampp-control.exe
C:\xampp\apache\bin\httpd.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files (x86)\EditPlus 3\editplus.exe
C:\Users\dperezfadon\AppData\Roaming\Juniper Networks\Host Checker\dsHostChecker.exe
C:\Program Files (x86)\Juniper Networks\Network Connect 7.3.1\dsNetworkConnect.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
C:\Users\dperezfadon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dperezfadon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dperezfadon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
uSearch Bar = Preserve
mStart Page = www.google.com
uProxyServer = proxy.indra.es:8080
uProxyOverride = *indra.es;*.indrabmb.es;*.indra.es;10.*;172.*;192.168.*;ux.ssrl-mov;ux.ssrl-mov-cliente;ux.ssrl-pantallas;<local>
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: dynaTrace AJAX Edition Agent: {54CCF170-0056-48d1-B959-055C5B98DC88} - C:\Program Files (x86)\dynaTrace AJAX Edition 4.0\client\lib\dtieagent.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Aplicación auxiliar de inicio de sesión de Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: IE Developer Toolbar BHO: {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
TB: dynaTrace AJAX Edition Toolbar: {42EC68EF-4494-4041-9993-A5789BF7750B} - C:\Program Files (x86)\dynaTrace AJAX Edition 4.0\client\lib\dtieagent.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
EB: IE Developer Toolbar: {A202B231-EF71-4a08-BDB9-4CE5AE8BDE0A} - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
uRun: [Gadwin PrintScreen] C:\Program Files (x86)\PrintScreen\PrintScreen.exe /nosplash
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [AdobeBridge] <no file>
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
mRun: [SAP_WUS_UNT] "C:\Program Files (x86)\SAP\SAPsetup\setup\Updater\NwSapSetupUserNotificationTool.exe"
mRun: [Supervisor de OfficeScanNT] "C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [OrderReminder] C:\Program Files (x86)\Hewlett-Packard\OrderReminder\OrderReminder.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\DPEREZ~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\dperezfadon\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\DPEREZ~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RECORT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Bluetooth Software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Windows\System: UseOemBackground = dword:1
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
IE: {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - {CC962137-2E78-4F94-975E-FC0C07DBD78F} - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Bluetooth Software\btsendto_ie.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://madansantvir01.indra.es:4343/officescan/console/html/ClientInstall/WinNTChk.cab
DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} - hxxps://madansantvir01.indra.es:4343/officescan/console/html/ClientInstall/setupini.cab
DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://madansantvir01.indra.es:4343/officescan/console/html/ClientInstall/setup.cab
DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} - hxxps://madansantvir01.indra.es:4343/officescan/console/html/root/AtxEnc.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://194.140.78.1/CACHE/webvpn/stc/1/binaries/vpnweb.cab
DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} - hxxps://madansantvir01.indra.es:4343/officescan/console/html/ClientInstall/RemoveCtrl.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://miproyecto.indra.es/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 172.22.204.219 172.22.204.220
TCP: Interfaces\{1D41A6DC-2C14-4E37-9243-12EE66732604} : DHCPNameServer = 80.58.61.250 80.58.61.254
TCP: Interfaces\{36C3762B-C596-4FCF-8757-51A5C8236527} : DHCPNameServer = 172.22.204.219 172.22.204.220
TCP: Interfaces\{8D862ABB-E784-4AB3-ADDD-7C46F788C188} : DHCPNameServer = 192.168.10.2 192.168.10.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: aetsprov - C:\Windows\SysWOW64\regsvr32.exe /s C:\Windows\SysWOW64\aetsprov.dll
x64-mStart Page = www.google.com
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [CertificateRegistration] aetcrss1.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Bluetooth Software\btsendto_ie.htm
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc64.cab
x64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
x64-DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - <orphaned>
x64-Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 149.5.18.172 www.google-analytics.com.
Hosts: 149.5.18.172 ad-emea.doubleclick.net.
Hosts: 149.5.18.172 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\dperezfadon\AppData\Roaming\Mozilla\Firefox\Profiles\zmdxyoi7.default\
FF - prefs.js: browser.search.defaulturl - www.Google.com
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: keyword.URL - hxxps://www.google.com/search?q=
FF - prefs.js: network.proxy.ftp - proxy.indra.es
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - proxy.indra.es
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - proxy.indra.es
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - proxy.indra.es
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.50826.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Users\dperezfadon\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Users\dperezfadon\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - ExtSQL: 2013-02-26 09:08; aeffagent@dynatrace.com; C:\Program Files (x86)\dynaTrace AJAX Edition 4.0\client\lib\aeffagent@dynatrace.com
.
============= SERVICES / DRIVERS ===============
.
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2010-7-14 87600]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-11-16 270912]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-7-4 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-7-4 203776]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 hpHotkeyMonitor;hpHotkeyMonitor;C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2011-1-28 281656]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-1-26 30520]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-7-4 13336]
R2 NWSAPAutoWorkstationUpdateSvc;SAPSetup Automatic Workstation Update Service;C:\Program Files (x86)\SAP\SapSetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe [2011-7-12 251248]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-3-8 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-3-8 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-3-8 168384]
R2 TabletServiceWacom;TabletServiceWacom;C:\Windows\System32\Wacom_Tablet.exe [2012-1-9 3580712]
R2 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2012-10-10 65872]
R2 TmFilter;Trend Micro Filter;C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmxpflt.sys [2011-7-12 344376]
R2 TmPreFilter;Trend Micro PreFilter;C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmpreflt.sys [2011-7-12 42808]
R2 uArcCapture;ArcCapture;C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe [2011-7-5 502464]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-7-5 2656280]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2011-1-21 3154224]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2011-5-23 465872]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;C:\Windows\System32\drivers\ArcSoftVCapture.sys [2011-7-5 32192]
R3 GKUPRO2D;GKUPRO2D;C:\Windows\System32\drivers\GKUPRO2D.sys [2005-2-18 120704]
R3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-4-5 1094712]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2011-7-4 174168]
R3 johci;JMicron 1394 Filter Driver;C:\Windows\System32\drivers\johci.sys [2011-7-4 26712]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 OpenSSHd;OpenSSH Server;C:\Program Files (x86)\OpenSSH\bin\cygrunsrv.exe [2004-4-18 36864]
S3 acsock;acsock;C:\Windows\System32\drivers\acsock64.sys [2011-5-23 94864]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2011-7-4 344616]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-7-4 39464]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-7-30 102240]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-1 33736]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\System32\drivers\nmwcdnsux64.sys [2012-1-9 171008]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-7-5 20992]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-7-30 203104]
S3 StorSvc;Servicio de almacenamiento;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TmProxy;OfficeScan NT Proxy Service;C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [2013-2-12 918064]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-5 59392]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2012-1-9 18216]
S3 WatAdminSvc;Servicio de tecnologías de activación de Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-5 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\editplus.exe=C:\PROGRA~2\EDITPL~1\EDITPLUS.EXE "%1" [UserChoice]
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-03-08 08:07:36 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2013-03-08 08:07:32 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-03-08 08:06:50 -------- d-----w- C:\Users\dperezfadon\AppData\Local\Programs
2013-02-26 08:09:26 -------- d-----w- C:\Users\dperezfadon\.dynaTrace
2013-02-26 08:08:28 -------- d-----w- C:\Program Files (x86)\dynaTrace AJAX Edition 4.0
2013-02-15 14:08:20 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-02-15 14:08:19 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-02-15 14:08:19 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-02-15 14:07:43 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-15 14:03:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-02-15 14:03:52 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-02-15 14:03:52 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-02-15 14:03:52 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-02-15 14:03:52 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-02-15 14:03:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-02-15 14:03:48 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-02-15 14:03:48 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-02-15 14:03:43 760320 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-15 14:03:43 1111040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-07 09:34:48 -------- d-----w- C:\Program Files (x86)\Opera Mobile Emulator
.
==================== Find3M ====================
.
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-12-20 13:59:36 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-12-20 12:53:51 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-12-20 12:02:26 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-12-20 11:20:29 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-01-26 09:11:08 444283 ----a-w- C:\Program Files (x86)\Common Files\WinPcapNmap.exe
.
============= FINISH: 14:37:17,09 ===============
aswMBR LOG :
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-03-08 14:39:08
-----------------------------
14:39:08.065 OS Version: Windows x64 6.1.7601 Service Pack 1
14:39:08.065 Number of processors: 4 586 0x2A07
14:39:08.066 ComputerName: DPEREZFADONPW7 UserName: dperezfadon
14:39:08.761 Initialize success
14:42:10.745 AVAST engine defs: 13030800
14:43:00.286 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:43:00.288 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
14:43:00.326 Disk 0 MBR read successfully
14:43:00.332 Disk 0 MBR scan
14:43:00.351 Disk 0 Windows 7 default MBR code
14:43:00.356 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 101 MB offset 2048
14:43:00.389 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 102900 MB offset 208896
14:43:00.412 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 202242 MB offset 210948096
14:43:00.447 Disk 0 scanning C:\Windows\system32\drivers
14:43:13.411 Service scanning
14:43:37.272 Service TmFilter C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys **LOCKED** 32
14:43:37.453 Service TmPreFilter C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys **LOCKED** 32
14:43:41.262 Service VSApiNt C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys **LOCKED** 32
14:43:44.644 Modules scanning
14:43:44.668 Disk 0 trace - called modules:
14:43:44.688 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys iaStor.sys hal.dll
14:43:44.696 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80096df060]
14:43:44.702 3 CLASSPNP.SYS[fffff88001a6843f] -> nt!IofCallDriver -> [0xfffffa8007902890]
14:43:44.709 5 hpdskflt.sys[fffff88001438361] -> nt!IofCallDriver -> [0xfffffa800777e800]
14:43:44.719 7 ACPI.sys[fffff88000d627a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007784050]
14:43:45.226 AVAST engine scan C:\Windows
14:43:48.951 AVAST engine scan C:\Windows\system32
14:48:22.050 AVAST engine scan C:\Windows\system32\drivers
14:48:49.023 AVAST engine scan C:\Users\dperezfadon
14:50:37.590 Disk 0 MBR has been saved successfully to "D:\BIBLIOTECA\MALWARE_REMOVAL\MBR.dat"
14:50:37.595 The log file has been saved successfully to "D:\BIBLIOTECA\MALWARE_REMOVAL\aswMBR.txt"
Hello and welcome to Safer-Networking
I am currently assessing your situation and will be back with a fix for your problem as soon as possible.
Please subscribe to this thread to get immediate notification of replies as soon as they are posted.
To do this, click Thread Tools, then click Subscribe to this Thread. Under the Notification Type: title, make sure it is set to Instant notification by email, then click Add Subscription.
Please be patient with me during this time.
dperezfa
2013-03-11, 13:02
Thanks!
subscribed...
Hi and Welcome!! dperezfa :)
My name is Robybel.
I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.
Vista and Windows 7 users:
These tools MUST be run from the executable. (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")
Stay with this topic until I give you the all clean post.
Having said that....Let's get going!! ;)
========================================
P2P Programs:
P2P programs are a major source of Malware infections.
From your log I see you have uTorrent and jDownloader We do not pass judgment on file-sharing, however we must inform you that engaging in this activity and having this kind of software installed on your system will always make you more susceptible to Malware infections.
The use of P2P programs may be contributing to your current situation, and you would certainly be doing yourself a favour by removing them.
If you wish to keep the program(s), please do not use them until your computer is cleaned.
Information regarding the risk of using these programs can be found from here (http://malwareremoval.com/p2pindex.php) and here (http://www.internetworldstats.com/articles/art053.htm)
==========================
AdwCleaner
Please download AdwCleaner (http://general-changelog-team.fr/en/tools/15-adwcleaner) by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
============ Next ==============
http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
On your next reply please post :
AdwCleaner log
JRT.txt
Let me know if you have any problems in performing with the steps above or any questions you may have.
Good Day!
dperezfa
2013-03-14, 08:59
Ok, thanks Robybel!!
Gmail was treating Safer-Networking Forums mails as spam so i didnt know you reply ...
i ran AdwCleaner and JRT. AdwCleaner log has been created in spanish (because i'm spanish and my computer language is set in spanish i suppose). I hope this does not bring you too much trouble.
The ads frame at the bottom left in every browser are still there.
------------------------------------------------- AdwCleaner[S1].txt :
# AdwCleaner v2.114 - Fichero creado el 14/03/2013 a 08:31:38
# Actualizado el 05/03/2013 por Xplode
# Sistema operativo : Windows 7 Enterprise Service Pack 1 (64 bits)
# Usuario : dperezfadon - DPEREZFADONPW7
# Modo de inicio : Normal
# Ejecutado desde : D:\BIBLIOTECA\MALWARE_REMOVAL\adwcleaner.exe
# Opción [Supresión]
***** [Servicios] *****
***** [Ficheros / Carpetas] *****
Carpeta Suprimido : C:\Users\dperezfadon\AppData\Local\APN
Fichero Suprimido : C:\Users\dperezfadon\AppData\Roaming\Mozilla\Firefox\Profiles\zmdxyoi7.default\searchplugins\Askcom.xml
***** [Registro] *****
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Valor Supprimida : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [Navegadores] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] El registro no contiene ninguna entrada ilegítima.
-\\ Mozilla Firefox v13.0.1 (es-ES)
Fichero : C:\Users\dperezfadon\AppData\Roaming\Mozilla\Firefox\Profiles\zmdxyoi7.default\prefs.js
[OK] El fichero no contiene ninguna entrada ilegítima.
-\\ Google Chrome v25.0.1364.172
Fichero : C:\Users\dperezfadon\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] El fichero no contiene ninguna entrada ilegítima.
-\\ Opera v [Imposible obtener la versión]
Fichero : C:\Users\dperezfadon\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] El fichero no contiene ninguna entrada ilegítima.
*************************
AdwCleaner[R1].txt - [2516 octets] - [14/03/2013 08:31:05]
AdwCleaner[S1].txt - [2472 octets] - [14/03/2013 08:31:38]
########## EOF - C:\AdwCleaner[S1].txt - [2532 octets] ##########
------------------------------------------------- JRT.txt :
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.1 (03.12.2013:1)
OS: Windows 7 Enterprise x64
Ran by dperezfadon on 14/03/2013 at 8:40:30,87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14/03/2013 at 8:47:49,42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Hi dperezfa ;)
Gmail was treating Safer-Networking Forums mails as spam so i didnt know you reply ... This is very strange if you have subscribed to this thread.
Let me know if Gmai still treat Safer Networking as Spam
i ran AdwCleaner and JRT. AdwCleaner log has been created in spanish (because i'm spanish and my computer language is set in spanish i suppose) Of course!! :crowned:
I hope this does not bring you too much trouble. Do not worry, I will work to adapt me to the situation :bigthumb:
The ads frame at the bottom left in every browser are still there. Still stay with me :police:
Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or here (http://screen317.changelog.fr/SecurityCheck.exe).
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
============ Next ==============
Download RogueKiller (http://www.sur-la-toile.com/RogueKiller/) and save it to your desktop.
Quit all other programs
Start RogueKiller.exe
Wait until the Prescan has finished ...
Click on Scan
http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRScan.png
Wait for the end of the scan
A report will be created on your desktop.
Click on the Delete button
http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRDelete.png
Next click on the ShortcutsFix
http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRShortcutsFix.png
another report will be created on your desktop.
Please post: All RKreport.txt text files located on your desktop.
dperezfa
2013-03-14, 14:29
Of course!! :crowned:
--> lol
-------------- checkup.txt :
UNSUPPORTED OPERATING SYSTEM! ABORTED!
------------- RKreport[1]_S_03142013_02d1409.txt
RogueKiller V8.5.3 _x64_ [Mar 13 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : dperezfadon [Admin rights]
Mode : Scan -- Date : 03/14/2013 14:09:38
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 10 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (proxy.indra.es:8080) -> FOUND
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
127.0.0.1 ux.ssrl-mov
127.0.0.1 ux.ssrl-mov-cliente
127.0.0.1 ux.ssrl-pantallas
127.0.0.1 ux.ssrl-mov-test
127.0.0.1 ux.EntrevistaFinAsignacionWeb
149.5.18.172 www.google-analytics.com.
149.5.18.172 ad-emea.doubleclick.net.
149.5.18.172 www.statcounter.com.
108.163.215.51 www.google-analytics.com.
108.163.215.51 ad-emea.doubleclick.net.
108.163.215.51 www.statcounter.com.
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
[...]
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEKT-60PVMT0 +++++
--- User ---
[MBR] 76b8c01b0112762377ef7f778af1b059
[BSP] cd27ed3eb96aab5c994ff939e1f9cca6 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 101 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 208896 | Size: 102900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 210948096 | Size: 202242 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_03142013_02d1409.txt >>
RKreport[1]_S_03142013_02d1409.txt
------------- RKreport[2]_D_03142013_02d1410.txt
RogueKiller V8.5.3 _x64_ [Mar 13 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : dperezfadon [Admin rights]
Mode : Remove -- Date : 03/14/2013 14:10:53
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 8 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (proxy.indra.es:8080) -> NOT REMOVED, USE PROXYFIX
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
127.0.0.1 ux.ssrl-mov
127.0.0.1 ux.ssrl-mov-cliente
127.0.0.1 ux.ssrl-pantallas
127.0.0.1 ux.ssrl-mov-test
127.0.0.1 ux.EntrevistaFinAsignacionWeb
149.5.18.172 www.google-analytics.com.
149.5.18.172 ad-emea.doubleclick.net.
149.5.18.172 www.statcounter.com.
108.163.215.51 www.google-analytics.com.
108.163.215.51 ad-emea.doubleclick.net.
108.163.215.51 www.statcounter.com.
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
[...]
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEKT-60PVMT0 +++++
--- User ---
[MBR] 76b8c01b0112762377ef7f778af1b059
[BSP] cd27ed3eb96aab5c994ff939e1f9cca6 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 101 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 208896 | Size: 102900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 210948096 | Size: 202242 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2]_D_03142013_02d1410.txt >>
RKreport[1]_S_03142013_02d1409.txt ; RKreport[2]_D_03142013_02d1410.txt
------------- RKreport[3]_SC_03142013_02d1419.txt
RogueKiller V8.5.3 _x64_ [Mar 13 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : dperezfadon [Admin rights]
Mode : Shortcuts HJfix -- Date : 03/14/2013 14:19:28
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 43 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 122 / Fail 0
My documents: Success 3 / Fail 3
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 308 / Fail 0
Backup: [NOT FOUND]
Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\CdRom1 -- 0x5 --> Skipped
Finished : << RKreport[3]_SC_03142013_02d1419.txt >>
RKreport[1]_S_03142013_02d1409.txt ; RKreport[2]_D_03142013_02d1410.txt ; RKreport[3]_SC_03142013_02d1419.txt
Hi dperezfa ;)
Good job
Please read through these instructions to familarize yourself with what to expect when this tool runs
Refer to the ComboFix User's Guide (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)
* IMPORTANT- Save ComboFix.exe to your Desktop
====================================================
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs (http://forums.whatthetech.com/How_to_Disable_your_Security_Programs_t96260.html)
====================================================
Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
dperezfa
2013-03-15, 16:15
I'm having trouble trying to disable trend micro officescan... i'm still investigating how to do it.
Hi dperezfa ;)
I'm having trouble trying to disable trend micro officescan... i'm still investigating how to do it.
Right click on Trend Micro Antivirus icon near the clock.
Select Unload OfficeScan. :D:
dperezfa
2013-03-19, 08:32
I think it's not the same version, i have no options to deactivate it... :confused:
Now i'm trying this with no luck :
Due to inactivity this topic will be closed.
If you need help please start a new thread
dperezfa
2013-03-31, 10:54
Sorry... i tried a lot of things but i was not able to disable trend micro officescan .I'm on vacation now but I'm back tomorrow and I'll keep trying.
dperezfa
2013-04-01, 10:50
¿maybe i can tun combofix without disabling the antivirus (trend micro officescan) or restarting in safe mode :confused:?
Hi dperezfa ;)
Welcome back ;)
Clean up with OTL:
Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.
NEXT
Scan with OTL
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under Custom Scan paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /rp /s
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
DRIVES
CREATERESTOREPOINT
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
You may need two posts to fit them both in.
Next
Please read carefully and follow these steps.
Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillermain.png
If an infected file is detected, the default action will be Cure, click on Continue.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerMal-1.png
If a suspicious file is detected, the default action will be Skip, click on Continue.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerSuspicious.png
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillerCompleted.png
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
dperezfa
2013-04-02, 10:08
--------------------------------------------------- OTL.txt (1)
OTL logfile created on: 02/04/2013 9:36:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\dperezfadon\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy
7,95 Gb Total Physical Memory | 5,38 Gb Available Physical Memory | 67,64% Memory free
15,90 Gb Paging File | 12,98 Gb Available in Paging File | 81,61% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,49 Gb Total Space | 27,46 Gb Free Space | 27,33% Space Free | Partition Type: NTFS
Drive D: | 197,50 Gb Total Space | 106,06 Gb Free Space | 53,70% Space Free | Partition Type: NTFS
Computer Name: DPEREZFADONPW7 | User Name: dperezfadon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\dperezfadon\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\dperezfadon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe (Trend Micro Inc.)
PRC - C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe (ArcSoft, Inc.)
PRC - C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
PRC - C:\Program Files (x86)\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
PRC - C:\Windows\SysWOW64\CCM\CcmExec.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe (SAP AG)
PRC - C:\Program Files (x86)\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)
========== Modules (No Company Name) ==========
MOD - C:\Users\dperezfadon\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\dperezfadon\AppData\Local\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\dperezfadon\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll ()
MOD - C:\Users\dperezfadon\AppData\Local\Google\Chrome\Application\25.0.1364.172\libglesv2.dll ()
MOD - C:\Users\dperezfadon\AppData\Local\Google\Chrome\Application\25.0.1364.172\libegl.dll ()
MOD - C:\Users\dperezfadon\AppData\Local\Google\Chrome\Application\25.0.1364.172\ffmpegsumo.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\27649bdc3da750e2e072dedbff56cc0b\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\09a468fb987e5a5f345346b0910c89ca\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files\TortoiseSVN\bin\libsasl32.dll ()
MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync 3.0\HtcDetect.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_es_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
========== Services (SafeList) ==========
SRV:[b]64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (TabletServiceWacom) -- C:\Windows\SysNative\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV - (tmlisten) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe (Trend Micro Inc.)
SRV - (ntrtscan) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe (Trend Micro Inc.)
SRV - (TMBMServer) -- C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV - (dsNcService) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
SRV - (TmProxy) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe (Trend Micro Inc.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (hpCMSrv) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (hpHotkeyMonitor) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (uArcCapture) -- C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe (ArcSoft, Inc.)
SRV - (btwdins) -- C:\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (CcmExec) -- C:\Windows\SysWOW64\CCM\CcmExec.exe (Microsoft Corporation)
SRV - (smstsmgr) -- C:\Windows\SysWOW64\CCM\TSManager.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (NWSAPAutoWorkstationUpdateSvc) -- C:\Program Files (x86)\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe (SAP AG)
SRV - (OpenSSHd) -- C:\Program Files (x86)\OpenSSH\bin\cygrunsrv.exe ()
========== Driver Services (SafeList) ==========
DRV:64bit: - (tmcomm) -- C:\Windows\SysNative\drivers\tmcomm.sys (Trend Micro Inc.)
DRV:64bit: - (tmactmon) -- C:\Windows\SysNative\drivers\tmactmon.sys (Trend Micro Inc.)
DRV:64bit: - (tmevtmgr) -- C:\Windows\SysNative\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV:64bit: - (dsNcAdpt) -- C:\Windows\SysNative\drivers\dsNcAdpt.sys (Juniper Networks)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (acsock) -- C:\Windows\SysNative\drivers\acsock64.sys (Cisco Systems, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (johci) -- C:\Windows\SysNative\drivers\johci.sys (JMicron Technology Corp.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\drivers\tmtdi.sys (Trend Micro Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Company)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (ARCVCAM) -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys (ArcSoft, Inc.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (npf) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
DRV:64bit: - (WacomVKHid) -- C:\Windows\SysNative\drivers\WacomVKHid.sys (Wacom Technology)
DRV:64bit: - (GKUPRO2D) -- C:\Windows\SysNative\drivers\GKUPRO2D.sys (Gemplus)
DRV - (TmFilter) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys (Trend Micro Inc.)
DRV - (TmPreFilter) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys (Trend Micro Inc.)
DRV - (VSApiNt) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys (Trend Micro Inc.)
DRV - (prepdrvr) -- C:\Windows\SysWOW64\CCM\PrepDrv.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://es.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es
IE - HKCU\..\SearchScopes,DefaultScope = {48972B32-3ED0-445C-A980-DAA3752C6CFD}
IE - HKCU\..\SearchScopes\{48972B32-3ED0-445C-A980-DAA3752C6CFD}: "URL" = http://www.google.com/search?hl=es&q={searchTerms}&lr=
IE - HKCU\..\SearchScopes\{CF507E8B-F4A7-44AA-941E-D093473C8414}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *indra.es;*.indrabmb.es;*.indra.es;10.*;172.*;192.168.*;ux.ssrl-mov;ux.ssrl-mov-cliente;ux.ssrl-pantallas;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.indra.es:8080
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "(Google)"
FF - prefs.js..browser.search.defaulturl: "www.Google.com"
FF - prefs.js..browser.search.order.1: "(Google)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://google.com"
FF - prefs.js..extensions.enabledAddons: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.98.31
FF - prefs.js..keyword.URL: "https://www.google.com/search?q="
FF - prefs.js..network.proxy.backup.ftp: "proxy.indra.es"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.socks: "proxy.indra.es"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "proxy.indra.es"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "proxy.indra.es"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "proxy.indra.es"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "*.indrabmb.es,*.indra.es,10.*,172.*,192.168.*,localhost,127.0.0.1"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy.indra.es"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "proxy.indra.es"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50826.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\dperezfadon\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\dperezfadon\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\dperezfadon\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2012/08/29 08:42:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\aeffagent@dynatrace.com: C:\Program Files (x86)\dynaTrace AJAX Edition 4.0\client\lib\aeffagent@dynatrace.com [2013/02/26 10:08:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/04 09:25:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/04 09:25:28 | 000,000,000 | ---D | M]
[2011/11/08 13:28:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dperezfadon\AppData\Roaming\mozilla\Extensions
[2013/02/26 13:40:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dperezfadon\AppData\Roaming\mozilla\Firefox\Profiles\zmdxyoi7.default\extensions
[2013/02/26 13:40:27 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\dperezfadon\AppData\Roaming\mozilla\Firefox\Profiles\zmdxyoi7.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2012/11/14 14:24:02 | 002,042,908 | ---- | M] () (No name found) -- C:\Users\dperezfadon\AppData\Roaming\mozilla\firefox\profiles\zmdxyoi7.default\extensions\firebug@software.joehewitt.com.xpi
[2012/07/10 10:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/06/15 00:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/27 22:37:30 | 000,031,848 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2012/06/15 01:41:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/15 01:41:16 | 000,003,996 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\drae.xml
[2012/06/15 01:41:16 | 000,001,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-es.xml
[2012/06/15 01:41:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/06/15 01:41:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-es.xml
[2012/06/15 01:41:15 | 000,001,102 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-es.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\dperezfadon\AppData\Local\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\dperezfadon\AppData\Local\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\dperezfadon\AppData\Local\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Lync 2010 Meeting Join Plug-in (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50826.0\npctrl.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\dperezfadon\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\dperezfadon\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
O1 HOSTS File: ([2013/03/08 11:17:16 | 000,446,467 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 ux.ssrl-mov
O1 - Hosts: 127.0.0.1 ux.ssrl-mov-cliente
O1 - Hosts: 127.0.0.1 ux.ssrl-pantallas
O1 - Hosts: 127.0.0.1 ux.ssrl-mov-test
O1 - Hosts: 127.0.0.1 ux.EntrevistaFinAsignacionWeb
O1 - Hosts: 149.5.18.172 www.google-analytics.com.
O1 - Hosts: 149.5.18.172 ad-emea.doubleclick.net.
O1 - Hosts: 149.5.18.172 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 15320 more lines...
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (dynaTrace AJAX Edition Agent) - {54CCF170-0056-48d1-B959-055C5B98DC88} - C:\Program Files (x86)\dynaTrace AJAX Edition 4.0\client\lib\dtieagent.dll (Compuware Corporation)
O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (dynaTrace AJAX Edition Toolbar) - {42EC68EF-4494-4041-9993-A5789BF7750B} - C:\Program Files (x86)\dynaTrace AJAX Edition 4.0\client\lib\dtieagent.dll (Compuware Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CertificateRegistration] C:\Windows\SysNative\aetcrss1.exe (A.E.T. Europe B.V.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [Communicator] C:\Program Files (x86)\Microsoft Lync\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [OrderReminder] C:\Program Files (x86)\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SAP_WUS_UNT] C:\Program Files (x86)\SAP\SAPsetup\setup\Updater\NwSapSetupUserNotificationTool.exe (SAP AG)
O4 - HKLM..\Run: [Supervisor de OfficeScanNT] C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O4 - Startup: C:\Users\dperezfadon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\dperezfadon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: @C:\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Complemento de Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Complemento de Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files (x86)\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Enviar a Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Enviar a &Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: indra.es ([indraweb] https in Sitios de confianza)
O15 - HKCU\..Trusted Domains: indra.es ([miproyecto] https in Sitios de confianza)
O15 - HKCU\..Trusted Domains: sofia-community.com ([]https in Sitios de confianza)
O16:64bit: - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc64.cab (Microsoft Office Template and Media Control)
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16:64bit: - DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab (JuniperSetupClientControl64 Class)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} https://madansantvir01.indra.es:4343/officescan/console/html/ClientInstall/WinNTChk.cab (ObjWinNTCheck Class)
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} https://madansantvir01.indra.es:4343/officescan/console/html/ClientInstall/setupini.cab (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class)
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} https://madansantvir01.indra.es:4343/officescan/console/html/ClientInstall/setup.cab (OfficeScan Corp Edition Web-Deployment SetupCtrl Class)
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} https://madansantvir01.indra.es:4343/officescan/console/html/root/AtxEnc.cab (Encrypt Class)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://194.140.78.1/CACHE/webvpn/stc/1/binaries/vpnweb.cab (Cisco AnyConnect Secure Mobility Client Web Control)
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} https://madansantvir01.indra.es:4343/officescan/console/html/ClientInstall/RemoveCtrl.cab (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://miproyecto.indra.es/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = indra.es
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D41A6DC-2C14-4E37-9243-12EE66732604}: DhcpNameServer = 80.58.61.250 80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D862ABB-E784-4AB3-ADDD-7C46F788C188}: DhcpNameServer = 192.168.10.2 192.168.10.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found
O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP AG, Walldorf)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
dperezfa
2013-04-02, 10:08
--------------------------------------------------- OTL.txt (2)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2013/04/02 09:34:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\dperezfadon\Desktop\OTL.exe
[2013/04/01 10:16:48 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/03/15 09:09:27 | 000,000,000 | ---D | C] -- C:\Users\dperezfadon\AppData\Local\VirtualStore
[2013/03/14 18:36:49 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/03/14 18:36:49 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/03/14 18:36:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/03/14 18:36:49 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/03/14 18:36:49 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/03/14 18:36:48 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/03/14 18:36:48 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/03/14 18:36:24 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2013/03/14 18:36:00 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/03/14 09:40:26 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/03/14 09:40:17 | 000,000,000 | ---D | C] -- C:\JRT
[2013/03/08 15:03:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/03/08 15:02:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/03/08 15:02:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/03/08 10:07:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/03/08 10:07:36 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/03/08 10:07:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/03/08 10:06:50 | 000,000,000 | ---D | C] -- C:\Users\dperezfadon\AppData\Local\Programs
[2013/03/04 09:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
========== Files - Modified Within 30 Days ==========
[2013/04/02 09:39:59 | 001,852,904 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/02 09:39:59 | 000,821,128 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2013/04/02 09:39:59 | 000,714,226 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/02 09:39:59 | 000,178,850 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2013/04/02 09:39:59 | 000,141,652 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/02 09:39:05 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/02 09:39:05 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/02 09:34:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\dperezfadon\Desktop\OTL.exe
[2013/04/02 09:33:06 | 000,000,475 | ---- | M] () -- C:\Windows\SMSCFG.ini
[2013/04/02 09:31:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/02 09:31:38 | 2108,444,671 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/02 09:09:19 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1506503333-1133455874-5522801-10636UA.job
[2013/04/01 09:46:24 | 000,000,478 | ---- | M] () -- C:\Users\dperezfadon\AppData\Roaming\editplus_u.ini
[2013/04/01 09:46:22 | 000,000,546 | ---- | M] () -- C:\Users\dperezfadon\AppData\Roaming\combobox_u.ini
[2013/04/01 09:34:17 | 000,001,017 | ---- | M] () -- C:\Users\dperezfadon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/04/01 09:34:12 | 000,000,997 | ---- | M] () -- C:\Users\dperezfadon\Desktop\Dropbox.lnk
[2013/03/22 15:09:01 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1506503333-1133455874-5522801-10636Core.job
[2013/03/22 14:54:09 | 000,009,218 | ---- | M] () -- C:\Windows\cfgall.ini
[2013/03/15 09:39:22 | 000,001,456 | ---- | M] () -- C:\Users\dperezfadon\AppData\Local\Adobe Guardar para Web 12.0 Prefs
[2013/03/14 09:10:22 | 000,002,356 | ---- | M] () -- C:\Users\dperezfadon\Desktop\Google Chrome.lnk
[2013/03/13 13:59:53 | 000,000,600 | ---- | M] () -- C:\Users\dperezfadon\AppData\Local\PUTTY.RND
[2013/03/12 16:14:59 | 000,145,574 | ---- | M] () -- C:\Users\dperezfadon\Desktop\elistara-windows-malavida.exe
[2013/03/08 15:02:21 | 000,000,905 | ---- | M] () -- C:\Users\dperezfadon\Desktop\ERUNT.lnk
[2013/03/08 11:17:16 | 000,446,467 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/03/08 11:12:10 | 000,001,549 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130308-101716.backup
[2013/03/08 10:07:41 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/03/04 09:25:23 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
========== Files Created - No Company Name ==========
[2013/03/15 15:35:26 | 000,000,478 | ---- | C] () -- C:\Users\dperezfadon\AppData\Roaming\editplus_u.ini
[2013/03/15 09:28:36 | 000,000,546 | ---- | C] () -- C:\Users\dperezfadon\AppData\Roaming\combobox_u.ini
[2013/03/12 16:14:53 | 000,145,574 | ---- | C] () -- C:\Users\dperezfadon\Desktop\elistara-windows-malavida.exe
[2013/03/08 15:02:21 | 000,000,905 | ---- | C] () -- C:\Users\dperezfadon\Desktop\ERUNT.lnk
[2013/03/08 10:07:41 | 000,002,185 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/03/08 10:07:41 | 000,002,173 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/03/04 09:25:23 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/10/15 14:25:54 | 000,013,793 | ---- | C] () -- C:\Users\dperezfadon\.spring_roo_pgp.bpg
[2012/09/05 15:52:23 | 000,000,000 | ---- | C] () -- C:\Users\dperezfadon\.mongorc.js
[2012/08/06 09:01:02 | 000,148,648 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/07/30 14:16:20 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/07/30 14:16:18 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/07/30 14:16:18 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/07/30 14:16:18 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/07/30 14:16:18 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/07/10 08:53:15 | 000,004,764 | ---- | C] () -- C:\Windows\SysWow64\CcmFramework.ini
[2012/07/09 13:25:32 | 000,000,475 | ---- | C] () -- C:\Windows\SMSCFG.ini
[2012/06/05 11:47:44 | 000,102,400 | ---- | C] () -- C:\Windows\RegBootClean.exe
[2012/05/21 10:59:51 | 000,000,000 | ---- | C] () -- C:\ProgramData\-pS6u0BzUmyzuI3
[2012/03/21 09:47:28 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe
[2012/02/21 23:36:26 | 006,525,303 | ---- | C] () -- C:\Windows\stbuild.exe
[2012/02/08 17:35:39 | 000,004,608 | ---- | C] () -- C:\Users\dperezfadon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/07 15:37:42 | 000,007,603 | ---- | C] () -- C:\Users\dperezfadon\AppData\Local\Resmon.ResmonCfg
[2012/02/01 13:13:33 | 000,000,132 | ---- | C] () -- C:\Users\dperezfadon\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/11/17 13:12:36 | 000,000,275 | ---- | C] () -- C:\Users\dperezfadon\AppData\Local\HamsterVideoConverterSettings.cfg
[2011/11/15 17:50:38 | 000,446,464 | R--- | C] () -- C:\Windows\SysWow64\zshp1020.exe
[2011/11/15 17:50:38 | 000,106,496 | R--- | C] () -- C:\Windows\SysWow64\vshp1020.dll
[2011/11/15 13:03:55 | 000,000,600 | ---- | C] () -- C:\Users\dperezfadon\AppData\Local\PUTTY.RND
[2011/11/15 09:59:23 | 000,001,456 | ---- | C] () -- C:\Users\dperezfadon\AppData\Local\Adobe Guardar para Web 12.0 Prefs
[2011/11/08 15:49:24 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/11/08 12:45:04 | 001,797,112 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/08 12:43:06 | 000,000,432 | R-S- | C] () -- C:\Users\dperezfadon\ntuser.pol
[2011/11/02 18:18:47 | 000,009,218 | ---- | C] () -- C:\Windows\cfgall.ini
[2011/11/02 18:12:07 | 000,013,968 | R-S- | C] () -- C:\ProgramData\ntuser.pol
[2011/07/12 12:47:41 | 000,000,722 | ---- | C] () -- C:\Windows\SapLogon.ini
[2011/07/12 12:47:29 | 001,064,960 | ---- | C] () -- C:\Windows\SysWow64\h5krnl32.dll
[2011/07/12 12:47:29 | 000,188,928 | ---- | C] () -- C:\Windows\SysWow64\h5icon32.dll
[2011/07/12 12:47:29 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\h5menu32.dll
[2011/07/12 12:47:29 | 000,095,744 | ---- | C] () -- C:\Windows\SysWow64\h5rtf32.dll
[2011/07/12 12:47:29 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\h5tool32.dll
[2011/07/12 12:47:25 | 000,015,872 | ---- | C] () -- C:\Windows\SysWow64\vtssm32.dll
[2011/07/04 11:53:33 | 000,025,984 | ---- | C] () -- C:\Windows\snuvcdsm.exe
[2011/07/04 11:53:32 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2011/07/04 11:37:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/07/04 11:26:02 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/07/04 11:23:55 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
========== ZeroAccess Check ==========
[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012/05/29 12:03:05 | 000,000,000 | ---D | M] -- C:\Users\dperezfadon\AppData\Roaming\Ad-Aware Antivirus
[2011/11/17 13:42:47 | 000,000,000 | ---D | M] -- C:\Users\dperezfadon\AppData\Roaming\AnvSoft
[2012/05/21 13:17:15 | 000,000,000 | ---D | M] -- C:\Users\dperezfadon\AppData\Roaming\Audacity
[2012/04/09 10:12:22 | 000,000,000 | ---D | M] -- C:\Users\dperezfadon\AppData\Roaming\Blender Foundation
[2012/06/19 16:07:59 | 000,000,000 | ---D | M] -- C:\Users\dperezfadon\AppData\Roaming\calibre
[2011/11/18 10:59:45 | 000,000,000 | ---D | M] -- C:\Users\dperezfadon\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/11/14 12:57:17 | 000,000,000 | ---D | M] -- C:\Users\dperezfadon\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/07/03 17:15:48 | 000,000,000 | ---D | M] -- C:\Users\dperezfadon\AppData\Roaming\cYo
[2012/06/08 08:57:49 | 000,000,000 | ---D | M] -- C:\Users\dperezfadon\AppData\Roaming\DAEMON Tools Lite
[2012/05/21 13:07:40 | 000,000,000 | ---D | M] -- C:\Users\dperezfadon\AppData\Roaming\Disruptive Innovations SARL
[2013/04/02 09:52:31 | 000,000,000 | ---D | M] -- C:\Users\dperezfadon\AppData\Roaming\Dropbox
[2012/02/10 09:43:06 | 000,000,000 | ---D | M] -- C:\Users\dperezfadon\AppData\Roaming\DVDVideoSoft
[2013/03/22 10:30:31 | 000,000,000 | ---D | M] -- C:\Users\dperezfadon\AppData\Roaming\FileZilla
[2011/11/18 15:35:45 | 000,000,000 | ---D | M] -- C:\Users\dperezfadon\AppData\Roaming\FireShot
[2012/09/20 08:44:56 | 000,000,000 | ---D | M] -- C:\Users\dperezfadon\AppData\Roaming\Foxit Software
[2011/11/15 10:14:09 | 000,000,000 | ---D | M] -- C:\Users\dperezfadon\AppData\Roaming\FSL
[2012/05/21 13:17:15 | 000,000,000 | ---D | M] -- C:\Users\dperezfadon\AppData\Roaming\GHISLER
[2012/07/23 09:15:37 | 000,000,000 | ---D | M] -- C:\Users\dperezfadon\AppData\Roaming\HTC
[2012/05/21 13:17:15 | 000,000,000 | ---D | M] -- C:\Users\dperezfadon\AppData\Roaming\ICAClient
[2012/11/26 09:36:19 | 000,000,000 | ---D | M] -- C:\Users\dperezfadon\AppData\Roaming\Juniper Networks
[2012/05/21 13:07:48 | 000,000,000 | ---D | M] -- C:\Users\dperezfadon\AppData\Roaming\MonoDevelop-Unity-2.8
[2012/08/29 08:44:19 | 000,000,000 | ---D | M] -- C:\Users\dperezfadon\AppData\Roaming\Nokia
[2012/05/21 13:07:49 | 000,000,000 | ---D | M] -- C:\Users\dperezfadon\AppData\Roaming\Notepad++
[2012/09/04 08:49:12 | 000,000,000 | ---D | M] -- C:\Users\dperezfadon\AppData\Roaming\npm
[2012/09/27 12:08:12 | 000,000,000 | ---D | M] -- C:\Users\dperezfadon\AppData\Roaming\npm-cache
[2012/05/21 13:07:49 | 000,000,000 | ---D | M] -- C:\Users\dperezfadon\AppData\Roaming\Opera
[2012/03/29 17:20:48 | 000,000,000 | ---D | M] -- C:\Users\dperezfadon\AppData\Roaming\PACE Anti-Piracy
[2012/08/29 08:44:19 | 000,000,000 | ---D | M] -- C:\Users\dperezfadon\AppData\Roaming\PC Suite
[2011/07/05 11:30:42 | 000,000,000 | ---D | M] -- C:\Users\dperezfadon\AppData\Roaming\Sierra Wireless
[2011/11/15 10:52:09 | 000,000,000 | ---D | M] -- C:\Users\dperezfadon\AppData\Roaming\Subversion
[2011/07/05 12:08:44 | 000,000,000 | ---D | M] -- C:\Users\dperezfadon\AppData\Roaming\Synaptics
[2012/08/28 10:10:19 | 000,000,000 | ---D | M] -- C:\Users\dperezfadon\AppData\Roaming\TopQuadrant
[2012/03/29 17:21:03 | 000,000,000 | ---D | M] -- C:\Users\dperezfadon\AppData\Roaming\Unity
[2012/10/19 15:36:06 | 000,000,000 | ---D | M] -- C:\Users\dperezfadon\AppData\Roaming\uTorrent
[2012/03/22 09:04:40 | 000,000,000 | ---D | M] -- C:\Users\dperezfadon\AppData\Roaming\VDownloader
[2012/07/25 16:35:35 | 000,000,000 | ---D | M] -- C:\Users\dperezfadon\AppData\Roaming\WebStripper
[2012/04/13 09:32:00 | 000,000,000 | ---D | M] -- C:\Users\dperezfadon\AppData\Roaming\Wings3D
[2012/08/08 13:02:32 | 000,000,000 | ---D | M] -- C:\Users\dperezfadon\AppData\Roaming\www.adobe.com.Wallaby
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2011/02/26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 04:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 05:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011/02/26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2012/11/13 15:07:52 | 003,906,584 | ---- | M] (Safer-Networking Ltd.) MD5=E4A0900CF535888DDD85B10040CA3E34 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe
< MD5 for: SERVICES.EXE >
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: USERINIT.EXE >
[2010/11/20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010/11/20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
< %systemroot%\*. /rp /s >
< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >
========== Drive Information ==========
Physical Drives
---------------
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD3200BEKT-60PVMT0
Partitions: 3
Status: OK
Status Info: 0
Partitions
---------------
DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 101,00MB
Starting Offset: 1048576
Hidden sectors: 0
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 100,00GB
Starting Offset: 106954752
Hidden sectors: 0
DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 198,00GB
Starting Offset: 108005425152
Hidden sectors: 0
========== Alternate Data Streams ==========
@Alternate Data Stream - 1077 bytes -> C:\ProgramData\Microsoft:TBXZAfprE1N3yMTlCs3bRqVjiJe
@Alternate Data Stream - 1033 bytes -> C:\ProgramData\Microsoft:nrUSg800GX3oLNPvyfgZZiZguPqe
< End of report >
dperezfa
2013-04-02, 10:09
--------------------------------------------------- Extras.txt
OTL Extras logfile created on: 02/04/2013 9:36:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\dperezfadon\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy
7,95 Gb Total Physical Memory | 5,38 Gb Available Physical Memory | 67,64% Memory free
15,90 Gb Paging File | 12,98 Gb Available in Paging File | 81,61% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,49 Gb Total Space | 27,46 Gb Free Space | 27,33% Space Free | Partition Type: NTFS
Drive D: | 197,50 Gb Total Space | 106,06 Gb Free Space | 53,70% Space Free | Partition Type: NTFS
Computer Name: DPEREZFADONPW7 | User Name: dperezfadon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [grepWin...] -- C:\Program Files\grepWin\grepWin.exe /searchpath:"%1" (http://tools.tortoisesvn.net)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [grepWin...] -- C:\Program Files\grepWin\grepWin.exe /searchpath:"%1" (http://tools.tortoisesvn.net)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"Enabled" = 1
"AllowUserPrefMerge" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"2071:TCP:*:enabled:MSFTSCCM " = 2071:TCP:*:enabled:MSFTSCCM
"2072:TCP:*:enabled:MSFTSCCM" = 2072:TCP:*:enabled:MSFTSCCM
"443:TCP:enabled:MSFTSCCM " = 443:TCP:enabled:MSFTSCCM
"5003:TCP:*:enabled:Centennial " = 5003:TCP:*:enabled:Centennial
"6129:TCP:*:enabled:DameWare " = 6129:TCP:*:enabled:DameWare
"67:UDP:*:enabled:MSFTSCCM" = 67:UDP:*:enabled:MSFTSCCM
"68:UDP:*:enabled:MSFTSCCM" = 68:UDP:*:enabled:MSFTSCCM
"80:TCP:*:enabled:MSFTSCCM" = 80:TCP:*:enabled:MSFTSCCM
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" =
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" =
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1
"Enabled" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts\List]
"2071:TCP:*:enabled:MSFTSCCM" = 2071:TCP:*:enabled:MSFTSCCM
"2072:TCP:*:enabled:MSFTSCCM" = 2072:TCP:*:enabled:MSFTSCCM
"443:TCP:enabled:MSFTSCCM" = 443:TCP:enabled:MSFTSCCM
"5003:TCP:*:enabled:Centennial" = 5003:TCP:*:enabled:Centennial
"6129:TCP:*:enabled:DameWare" = 6129:TCP:*:enabled:DameWare
"67:UDP:*:enabled:MSFTSCCM" = 67:UDP:*:enabled:MSFTSCCM
"68:UDP:*:enabled:MSFTSCCM" = 68:UDP:*:enabled:MSFTSCCM
"80:TCP:*:enabled:MSFTSCCM" = 80:TCP:*:enabled:MSFTSCCM
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" =
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"Enabled" = 1
"AllowUserPrefMerge" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"2071:TCP:*:enabled:MSFTSCCM " = 2071:TCP:*:enabled:MSFTSCCM
"2072:TCP:*:enabled:MSFTSCCM" = 2072:TCP:*:enabled:MSFTSCCM
"443:TCP:enabled:MSFTSCCM " = 443:TCP:enabled:MSFTSCCM
"5003:TCP:*:enabled:Centennial " = 5003:TCP:*:enabled:Centennial
"6129:TCP:*:enabled:DameWare " = 6129:TCP:*:enabled:DameWare
"67:UDP:*:enabled:MSFTSCCM" = 67:UDP:*:enabled:MSFTSCCM
"68:UDP:*:enabled:MSFTSCCM" = 68:UDP:*:enabled:MSFTSCCM
"80:TCP:*:enabled:MSFTSCCM" = 80:TCP:*:enabled:MSFTSCCM
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1
"Enabled" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts\List]
"2071:TCP:*:enabled:MSFTSCCM" = 2071:TCP:*:enabled:MSFTSCCM
"2072:TCP:*:enabled:MSFTSCCM" = 2072:TCP:*:enabled:MSFTSCCM
"443:TCP:enabled:MSFTSCCM" = 443:TCP:enabled:MSFTSCCM
"5003:TCP:*:enabled:Centennial" = 5003:TCP:*:enabled:Centennial
"6129:TCP:*:enabled:DameWare" = 6129:TCP:*:enabled:DameWare
"67:UDP:*:enabled:MSFTSCCM" = 67:UDP:*:enabled:MSFTSCCM
"68:UDP:*:enabled:MSFTSCCM" = 68:UDP:*:enabled:MSFTSCCM
"80:TCP:*:enabled:MSFTSCCM" = 80:TCP:*:enabled:MSFTSCCM
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" =
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B62C5AD-72B3-40BE-AE37-6D0367E0B5FA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{2C2A9F47-8B90-424A-B9A2-ECD674912895}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |
"{3FAE14EB-AD43-45CD-9A04-BCB750817A4E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{4F75F6C3-4BAE-47D3-85C8-7CDCF19DF3DA}" = lport=15000 | protocol=6 | dir=in | name=trend micro officescan listener |
"{66E3C507-34A5-44CC-A7D9-BA6733BEA99F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{ED893F7E-1778-486A-B6E1-47E500BFEB27}" = lport=3389 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{079AA26B-4C2F-4219-96BF-DCAFFCDA44F1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office communicator\communicator.exe |
"{1D2AF02F-4CD1-4E31-A610-97C5EE0D1816}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{280B356D-BBA3-4AA7-9F88-68D877C85221}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{3FC8E392-C3EF-4602-B90F-44E4463EDB43}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{4A91DB3D-D4EF-43C3-97F9-15D93B744E89}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office communicator\communicator.exe |
"{4BC0B1E1-0B91-41EA-A0A1-06A7214682D8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"{627932FE-1021-4D1E-9CB9-43BDB64ECE77}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office communicator\communicator.exe |
"{94E2C54D-863E-4A6F-905E-3A323CA1BBAA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office communicator\communicator.exe |
"{98A7ED3D-4CC5-46E9-96C1-133BD88483AC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"{9A00949F-FDFE-41BA-A999-215CAC3FB017}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{B8DC6AA9-032A-4B28-8A19-092BAA45FF69}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C3D44B35-9F58-49A6-9F02-CA5FBD3828A2}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{D3EED0B3-D94C-4CC4-AFA1-AE6AFC19E90B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D7354A0B-CB4F-4EA6-916A-C298CCA3097E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E29CD7E0-69CB-455E-91A4-55266B1E3147}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{EA2D483E-E187-4E17-B6BE-24F8FB18F70F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"{FDBDDDC8-B1E6-4D37-BC81-2CA3A4C4E993}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |
"TCP Query User{1894B16C-F0F8-4563-AB3D-75EC8CF97D36}C:\program files (x86)\vlc-1.1.11\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vlc-1.1.11\vlc.exe |
"TCP Query User{6052E59A-8C49-4361-8E4F-3DC544276A45}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{AEFF39D6-0AC2-40FA-B1D8-305066889E79}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{EC1D3990-D7D1-484F-B810-2C2CDC43A902}D:\eclipse\ganymede2\eclipse.exe" = protocol=6 | dir=in | app=d:\eclipse\ganymede2\eclipse.exe |
"UDP Query User{1223C851-3C36-4D66-8261-D3C105A025C0}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{95841BDE-9008-4F6E-8F1E-95A65560CDAF}C:\program files (x86)\vlc-1.1.11\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vlc-1.1.11\vlc.exe |
"UDP Query User{A0D1DFFB-C535-44B0-AEFC-70F63338D669}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{CB29744F-1E32-44A4-9141-6AF1B386BA6C}D:\eclipse\ganymede2\eclipse.exe" = protocol=17 | dir=in | app=d:\eclipse\ganymede2\eclipse.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1111706F-666A-4037-7777-210648764D10}" = JavaFX 2.1.0 (64-bit)
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2222706F-666A-4037-7777-210648764D10}" = JavaFX 2.1.0 SDK (64-bit)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java(TM) 7 Update 4 (64-bit)
"{3815B6C6-4A09-48AF-83D8-B8A0508BF1D6}" = HP HotKey Support
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6347401C-C260-4B30-9816-8F5A1419CC49}" = SafeSign 64-bits
"{64A3A4F4-B792-11D6-A78A-00B0D0170040}" = Java SE Development Kit 7 Update 4 (64-bit)
"{75FD346F-7B66-4A24-9619-8DD3559A6FEE}" = mocha Pro V2.5.1-3297
"{7D7EBB90-6B19-4001-BC85-DC1DDCC72463}" = grepWin x64
"{7D9109C3-58A9-4AFD-A1D3-47E7D811726E}" = Microsoft Lync 2010
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B6003757-0F89-43AC-ADC7-4180D7A3D97F}" = mocha AE V2.5.1-3297
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D27C0273-30B5-4CFC-8491-9F12D1AC19E2}" = DisplayInfoWMIProvider
"{D6A2D5B1-0804-48CB-9599-8074C00E4DA9}" = TortoiseSVN 1.7.8.23174 (64 bit)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF1445AC-106C-4A8F-B344-11870D57413C}" = Node.js
"{FFC3E41D-2C2B-45B7-9AD9-5EA19572DD26}" = Validity Fingerprint Sensor Driver
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Paquete de controladores de Windows - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Paquete de controladores de Windows - Nokia Modem (02/25/2011 7.01.0.9)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Blender" = Blender
"CameraTracker for AE_is1" = CameraTracker 1.0v1 (64 bit) for AE
"CCleaner" = CCleaner
"ComicRack" = ComicRack v0.9.155
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Paquete de controladores de Windows - Nokia Modem (02/25/2011 4.7)
"FileMenu Tools_is1" = FileMenu Tools
"Juniper_Setup_Client Activex Control" = Juniper Networks, Inc. Setup Client 64-bit Activex Control
"KLiteCodecPack64_is1" = K-Lite Codec Pack 5.4.0 (64-bit)
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PROSet" = Intel(R) Network Connections Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.46-1 (x64)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{022F89ED-6959-340D-9E4B-87F3372594C6}" = Wallaby Technology Preview
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08C03529-BE36-4C70-AFE9-FE4598A633A5}" = Sistemas de Información
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1826D0CA-F479-4430-9EFE-86E8E783505B}_is1" = Opera Mobile Emulator
"{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}" = ArcSoft Webcam Sharing Manager
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix online plug-in (Web)
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23C733DA-5D10-4CFC-8431-BF0CB6FA6E04}" = dynaTrace AJAX Edition 4.0
"{2609EDF1-34C4-4B03-B634-55F3B3BC4931}" = Configuration Manager Client
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam Driver
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3ECCB578-504E-4F7A-A8B4-CF4F3B939B44}" = Citrix online plug-in (USB)
"{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}" = MSXML4.0 redistributable
"{4B21E4B2-89B8-499D-803A-34ABF929401E}" = HP Connection Manager
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{644F4910-E812-49AD-93EC-86828CB81A0D}" = PC Connectivity Solution
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{678094A1-6250-476B-9AFF-4376E48F135C}" = Citrix online plug-in (DV)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69167B67-2AD1-4BF0-8AE3-987E98A7823E}" = Google SketchUp 8
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A79B4C-0473-4DEC-A9B8-D1848494D934}" = stbuild
"{72FF4EEF-3F83-4579-8389-8C85FCE5C977}" = Symantec Enterprise Vault Outlook Add-In
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1" = Hamster Free Video Converter
"{813B302C-2014-4166-B5D2-8C211AE4F22E}" = Complemento Microsoft Conferencing para Microsoft Office Outlook
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}" = Nokia PC Suite
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007
"{90120000-0015-0C0A-0000-0000000FF1CE}_ENTERPRISE_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}_ENTERPRISE_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}_ENTERPRISE_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007
"{90120000-0019-0C0A-0000-0000000FF1CE}_ENTERPRISE_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007
"{90120000-001A-0C0A-0000-0000000FF1CE}_ENTERPRISE_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}_ENTERPRISE_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_ENTERPRISE_{4B47C31E-46B0-462B-BEE4-DC383B6A1F2A}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-042D-0000-0000000FF1CE}_ENTERPRISE_{E62E1AA9-F2F1-4230-8EC7-5D90ECCDFE1A}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0456-0000-0000000FF1CE}_ENTERPRISE_{D93B4372-B042-4AB2-A657-C5C5C25F8BAC}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0C0A-1000-0000000FF1CE}_ENTERPRISE_{6113C11D-BACA-4D8E-8002-03C8D06FD5E6}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0044-0C0A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Spanish) 2007
"{90120000-0044-0C0A-0000-0000000FF1CE}_ENTERPRISE_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}_ENTERPRISE_{6113C11D-BACA-4D8E-8002-03C8D06FD5E6}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
"{90120000-00A1-0C0A-0000-0000000FF1CE}_ENTERPRISE_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00B2-0C0A-0000-0000000FF1CE}" = Complemento Guardar como PDF o XPS de Microsoft para programas de Microsoft Office 2007
"{90120000-00BA-0C0A-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Spanish) 2007
"{90120000-00BA-0C0A-0000-0000000FF1CE}_ENTERPRISE_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92D8437A-9070-43EC-B9D6-9CCD47F981BA}" = calibre
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A4ED5E53-7AA0-11E1-BF04-B2D4D4A5360E}" = Adobe Dreamweaver CS6
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.9.990
"{A9015334-10BE-4D64-A776-203336EFE806}_is1" = BlueGriffon version 1.5.2
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1034-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Español
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B50289E4-36DB-4FEA-AC5D-043EF7F6DAE3}" = Cisco AnyConnect Secure Mobility Client
"{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA1B174B-4297-467C-9EF8-0AB8D4D5171E}" = Adobe After Effects CS5
"{DB249302-FB94-4578-84FE-7B856C315779}" = HTC Sync
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3CD4EA8-68BB-46E8-9E79-20A417A82C53}" = Microsoft Office Live Meeting 2007
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7081891-BC7F-43F9-9CE6-B5DD2F497156}" = Internet Explorer Developer Toolbar
"{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}" = Adobe Widget Browser
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Compatibilidad con Aplicaciones de Apple
"{FA365307-1963-4D16-BD44-113C8F037AAD}" = Citrix online plug-in (HDX)
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Android SDK Tools" = Android SDK Tools
"Any Video Converter_is1" = Any Video Converter 3.3.0
"Aptana Studio 3" = Aptana Studio 3
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.WidgetBrowser" = Adobe Widget Browser
"DAEMON Tools Lite" = DAEMON Tools Lite
"e-Counter_is1" = e-Counter
"EditPlus 3" = EditPlus 3
"eMule" = eMule
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.5.1
"FormatFactory" = FormatFactory 2.90
"Foxit Reader_is1" = Foxit Reader 5.1
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.14
"Gadwin PrintScreen" = Gadwin PrintScreen
"Git_is1" = Git version 1.7.11-preview20120620
"HP-LaserJet 1020 series" = LaserJet 1020 series
"IconRestorer Free_is1" = IconRestorer 1.0.8.1 SR1
"iecollection_is1" = Utilu IE Collection 1.7.2.1
"IETester" = IETester v0.4.11 (remove only)
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"Juniper Network Connect 6.5.0" = Juniper Networks Network Connect 6.5.0
"Juniper Network Connect 7.3.1" = Juniper Networks Network Connect 7.3.1
"LAME_is1" = LAME v3.99.3 (for Windows)
"Mozilla Firefox 13.0.1 (x86 es-ES)" = Mozilla Firefox 13.0.1 (x86 es-ES)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia PC Suite" = Nokia PC Suite
"Notepad++" = Notepad++
"OfficeScanNT" = Cliente de Trend Micro OfficeScan
"OpenSSH" = OpenSSH for Windows (remove only)
"OrderReminder HP LaserJet 1020" = OrderReminder HP LaserJet 1020
"PageNest_is1" = PageNest
"SAP_WUS" = SAPSetup Automatic Workstation Update Service
"SAPGUI710" = SAP GUI 7.10
"Sencha Cmd 3.0.0.181" = Sencha Cmd
"Sencha SDK Tools 2.0.0-beta3" = Sencha SDK Tools
"Totalcmd" = Total Commander (Remove or Repair)
"Uninstall_is1" = Uninstall 1.0.0.1
"Unity" = Unity
"uTorrent" = µTorrent
"VideoLightBox" = VideoLightBox
"Wacom Tablet Driver" = Tableta Wacom
"Website Extractor_is1" = Website Extractor 10.52
"Wget-1.11.4-1_is1" = GnuWin32: Wget-1.11.4-1
"Wings 3D 1.4.1" = Wings 3D 1.4.1
"WinLiveSuite" = Windows Live Essentials
"WinMerge_is1" = WinMerge 2.12.4
"WinPcapInst" = WinPcap 4.1.1
"www.adobe.com.Wallaby" = Wallaby Technology Preview
"Your Free Video Converter_is1" = Your Free Video Converter 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{17E73B15-62D2-43FD-B851-ACF86A8C9D25}_is1" = Ruby 1.9.3-p194
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Juniper_Networks_Cache_Cleaner 6.5.0" = Juniper Networks Cache Cleaner 6.5.0
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20/03/2013 6:33:14 | Computer Name = DPEREZFADONPW7.indra.es | Source = SideBySide | ID = 16842832
Description = Error al generar el contexto de activación para "c:\program files
(x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Error en el archivo de manifiesto
o directiva "" en la línea . Una versión de componente requerida por la aplicación
está en conflicto con la versión de otro componente activo. Los componentes en conflicto
son:. Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Componente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 21/03/2013 3:08:39 | Computer Name = DPEREZFADONPW7.indra.es | Source = Application Error | ID = 1000
Description = Nombre de la aplicación con errores: cygrunsrv.exe, versión: 0.0.0.0,
marca de tiempo: 0x40826252 Nombre del módulo con errores: ntdll.dll, versión: 6.1.7601.17725,
marca de tiempo: 0x4ec49b8f Código de excepción: 0xc0000005 Desplazamiento de errores:
0x00033de8 Id. del proceso con errores: 0x98c Hora de inicio de la aplicación con
errores: 0x01ce2602e4492623 Ruta de acceso de la aplicación con errores: C:\Program
Files (x86)\OpenSSH\bin\cygrunsrv.exe Ruta de acceso del módulo con errores: C:\Windows\SysWOW64\ntdll.dll
Id.
del informe: 27a9f30d-91f6-11e2-9ccd-a088b4ce3528
Error - 21/03/2013 6:59:36 | Computer Name = DPEREZFADONPW7.indra.es | Source = SideBySide | ID = 16842832
Description = Error al generar el contexto de activación para "c:\program files
(x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Error en el archivo de manifiesto
o directiva "" en la línea . Una versión de componente requerida por la aplicación
está en conflicto con la versión de otro componente activo. Los componentes en conflicto
son:. Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Componente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 22/03/2013 3:11:19 | Computer Name = DPEREZFADONPW7.indra.es | Source = Application Error | ID = 1000
Description = Nombre de la aplicación con errores: cygrunsrv.exe, versión: 0.0.0.0,
marca de tiempo: 0x40826252 Nombre del módulo con errores: ntdll.dll, versión: 6.1.7601.17725,
marca de tiempo: 0x4ec49b8f Código de excepción: 0xc0000005 Desplazamiento de errores:
0x00033de8 Id. del proceso con errores: 0x990 Hora de inicio de la aplicación con
errores: 0x01ce26cc70b867b5 Ruta de acceso de la aplicación con errores: C:\Program
Files (x86)\OpenSSH\bin\cygrunsrv.exe Ruta de acceso del módulo con errores: C:\Windows\SysWOW64\ntdll.dll
Id.
del informe: b16fdc95-92bf-11e2-bcbc-a088b4ce3528
Error - 22/03/2013 6:36:19 | Computer Name = DPEREZFADONPW7.indra.es | Source = SideBySide | ID = 16842832
Description = Error al generar el contexto de activación para "c:\program files
(x86)\ESET\eset online scanner\ESETSmartInstaller.exe". Error en el archivo de manifiesto
o directiva "" en la línea . Una versión de componente requerida por la aplicación
está en conflicto con la versión de otro componente activo. Los componentes en conflicto
son:. Componente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Componente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 01/04/2013 3:30:53 | Computer Name = DPEREZFADONPW7.indra.es | Source = Application Error | ID = 1000
Description = Nombre de la aplicación con errores: cygrunsrv.exe, versión: 0.0.0.0,
marca de tiempo: 0x40826252 Nombre del módulo con errores: ntdll.dll, versión: 6.1.7601.17725,
marca de tiempo: 0x4ec49b8f Código de excepción: 0xc0000005 Desplazamiento de errores:
0x00033de8 Id. del proceso con errores: 0x9b4 Hora de inicio de la aplicación con
errores: 0x01ce2eaad36bf35c Ruta de acceso de la aplicación con errores: C:\Program
Files (x86)\OpenSSH\bin\cygrunsrv.exe Ruta de acceso del módulo con errores: C:\Windows\SysWOW64\ntdll.dll
Id.
del informe: 14e2c369-9a9e-11e2-a058-a088b4ce3528
Error - 01/04/2013 4:07:22 | Computer Name = DPEREZFADONPW7.indra.es | Source = Application Error | ID = 1000
Description = Nombre de la aplicación con errores: cygrunsrv.exe, versión: 0.0.0.0,
marca de tiempo: 0x40826252 Nombre del módulo con errores: ntdll.dll, versión: 6.1.7601.17725,
marca de tiempo: 0x4ec49b8f Código de excepción: 0xc0000005 Desplazamiento de errores:
0x00033de8 Id. del proceso con errores: 0x9ac Hora de inicio de la aplicación con
errores: 0x01ce2eafedb64a1d Ruta de acceso de la aplicación con errores: C:\Program
Files (x86)\OpenSSH\bin\cygrunsrv.exe Ruta de acceso del módulo con errores: C:\Windows\SysWOW64\ntdll.dll
Id.
del informe: 2db4a577-9aa3-11e2-9fef-a088b4ce3528
Error - 01/04/2013 4:18:24 | Computer Name = DPEREZFADONPW7.indra.es | Source = Application Error | ID = 1000
Description = Nombre de la aplicación con errores: cygrunsrv.exe, versión: 0.0.0.0,
marca de tiempo: 0x40826252 Nombre del módulo con errores: ntdll.dll, versión: 6.1.7601.17725,
marca de tiempo: 0x4ec49b8f Código de excepción: 0xc0000005 Desplazamiento de errores:
0x00033de8 Id. del proceso con errores: 0x9ac Hora de inicio de la aplicación con
errores: 0x01ce2eb1783b5c56 Ruta de acceso de la aplicación con errores: C:\Program
Files (x86)\OpenSSH\bin\cygrunsrv.exe Ruta de acceso del módulo con errores: C:\Windows\SysWOW64\ntdll.dll
Id.
del informe: b8aa072e-9aa4-11e2-8638-2c41381777f1
Error - 02/04/2013 3:08:20 | Computer Name = DPEREZFADONPW7.indra.es | Source = Application Error | ID = 1000
Description = Nombre de la aplicación con errores: cygrunsrv.exe, versión: 0.0.0.0,
marca de tiempo: 0x40826252 Nombre del módulo con errores: ntdll.dll, versión: 6.1.7601.17725,
marca de tiempo: 0x4ec49b8f Código de excepción: 0xc0000005 Desplazamiento de errores:
0x00033de8 Id. del proceso con errores: 0x9a8 Hora de inicio de la aplicación con
errores: 0x01ce2f70d9ac1978 Ruta de acceso de la aplicación con errores: C:\Program
Files (x86)\OpenSSH\bin\cygrunsrv.exe Ruta de acceso del módulo con errores: C:\Windows\SysWOW64\ntdll.dll
Id.
del informe: 195e9da6-9b64-11e2-9cad-a088b4ce3528
Error - 02/04/2013 3:31:51 | Computer Name = DPEREZFADONPW7.indra.es | Source = Application Error | ID = 1000
Description = Nombre de la aplicación con errores: cygrunsrv.exe, versión: 0.0.0.0,
marca de tiempo: 0x40826252 Nombre del módulo con errores: ntdll.dll, versión: 6.1.7601.17725,
marca de tiempo: 0x4ec49b8f Código de excepción: 0xc0000005 Desplazamiento de errores:
0x00033de8 Id. del proceso con errores: 0x98c Hora de inicio de la aplicación con
errores: 0x01ce2f741efbf798 Ruta de acceso de la aplicación con errores: C:\Program
Files (x86)\OpenSSH\bin\cygrunsrv.exe Ruta de acceso del módulo con errores: C:\Windows\SysWOW64\ntdll.dll
Id.
del informe: 61f01e6b-9b67-11e2-9b61-2c41381777f1
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 02/04/2013 3:33:13 | Computer Name = DPEREZFADONPW7.indra.es | Source = acvpnui | ID = 67108866
Description = Function: CMainFrame::getDARTInstallDir File: .\mainfrm.cpp Line: 4176
Invoked
Function: MsiEnumProductsExW Return Code: 259 (0x00000103) Description: No se dispone
de más datos.
Error - 02/04/2013 3:33:15 | Computer Name = DPEREZFADONPW7.indra.es | Source = acvpnui | ID = 67108865
Description = Function: ConnectMgr::activateConnectEvent File: .\ConnectMgr.cpp Line:
1008 NULL object. Cannot establish a connection at this time.
Error - 02/04/2013 3:33:24 | Computer Name = DPEREZFADONPW7.indra.es | Source = acvpnagent | ID = 67108866
Description = Function: CDNSRequest::OnSocketReadComplete File: .\IP\DNSRequest.cpp
Line:
1069 Invoked Function: CDNSRequest::processResponse Return Code: -29229043 (0xFE42000D)
Description:
DNSREQUEST_ERROR_NO_SUCH_NAME Failed to resolve 1.78.140.194.in-addr.arpa via DNS
server 80.58.61.250
Error - 02/04/2013 3:33:26 | Computer Name = DPEREZFADONPW7.indra.es | Source = acvpnagent | ID = 67108866
Description = Function: CTlsTransport::OnSocketReadComplete File: .\IP\TlsTransport.cpp
Line:
505 Invoked Function: ISocketTransportCB::OnSocketReadComplete Return Code: -31522800
(0xFE1F0010) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_SHUTDOWN
Error - 02/04/2013 3:33:26 | Computer Name = DPEREZFADONPW7.indra.es | Source = acvpnagent | ID = 67108866
Description = Function: CHttpSessionAsync::OnSocketReadComplete File: .\IP\HttpSessionAsync.cpp
Line:
1430 Invoked Function: CSocketTransport::readSocket Return Code: -31522800 (0xFE1F0010)
Description:
SOCKETTRANSPORT_ERROR_TRANSPORT_SHUTDOWN
Error - 02/04/2013 3:33:26 | Computer Name = DPEREZFADONPW7.indra.es | Source = acvpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnSendRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
324 Invoked Function: CHttpSessionAsync::OnSendRequestComplete Return Code: -31522800
(0xFE1F0010) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_SHUTDOWN
Error - 02/04/2013 3:33:34 | Computer Name = DPEREZFADONPW7.indra.es | Source = acvpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
254 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31522780
(0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
Error - 02/04/2013 3:33:34 | Computer Name = DPEREZFADONPW7.indra.es | Source = acvpnagent | ID = 67108866
Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp
Line:
1194 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31522780
(0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT
Error - 02/04/2013 3:33:34 | Computer Name = DPEREZFADONPW7.indra.es | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
1023 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28901363
(0xFE47000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
not contact target
Error - 02/04/2013 3:33:34 | Computer Name = DPEREZFADONPW7.indra.es | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
859 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28901363 (0xFE47000D)
Description:
NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target
[ HP Connection Manager Events ]
Error - 19/10/2012 9:31:03 | Computer Name = DPEREZFADONPW7.indra.es | Source = hpCMSrv | ID = 5
Description = 2012/10/19 15:31:03.151|00000DE0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 19/10/2012 9:42:14 | Computer Name = DPEREZFADONPW7.indra.es | Source = hpCMSrv | ID = 5
Description = 2012/10/19 15:42:14.093|00001638|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 20/10/2012 9:53:29 | Computer Name = DPEREZFADONPW7.indra.es | Source = hpCMSrv | ID = 5
Description = 2012/10/20 15:53:29.463|00001B58|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 22/10/2012 3:54:48 | Computer Name = DPEREZFADONPW7.indra.es | Source = hpMobile | ID = 5
Description = 2012/10/22 09:54:48.324|0000152C|Error |[HP.Mobile]Wlan::a{void()}|Datos
no válidos. (Excepción de HRESULT: 0x8007000D)
Error - 22/10/2012 12:07:43 | Computer Name = DPEREZFADONPW7.indra.es | Source = hpCMSrv | ID = 5
Description = 2012/10/22 18:07:43.440|000018D4|Error |CWLAN::StateChanged|Fire_StateChanged
failed [hr:0x800706BA]
Error - 22/10/2012 12:07:43 | Computer Name = DPEREZFADONPW7.indra.es | Source = hpCMSrv | ID = 5
Description = 2012/10/22 18:07:43.440|000018D4|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 22/10/2012 12:07:43 | Computer Name = DPEREZFADONPW7.indra.es | Source = hpCMSrv | ID = 5
Description = 2012/10/22 18:07:43.440|000018D4|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 22/10/2012 12:07:44 | Computer Name = DPEREZFADONPW7.indra.es | Source = hpCMSrv | ID = 5
Description = 2012/10/22 18:07:44.360|000018D4|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 23/10/2012 13:59:08 | Computer Name = DPEREZFADONPW7.indra.es | Source = hpCMSrv | ID = 5
Description = 2012/10/23 19:59:08.771|00001B08|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 23/10/2012 13:59:16 | Computer Name = DPEREZFADONPW7.indra.es | Source = hpCMSrv | ID = 5
Description = 2012/10/23 19:59:16.479|00001B08|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
[ OSession Events ]
Error - 05/01/2012 19:59:44 | Computer Name = DPEREZFADONPW7.indra.es | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 25
seconds with 0 seconds of active time. This session ended with a crash.
Error - 09/10/2012 3:59:42 | Computer Name = DPEREZFADONPW7.indra.es | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6661.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1717
seconds with 60 seconds of active time. This session ended with a crash.
Error - 12/11/2012 11:23:06 | Computer Name = DPEREZFADONPW7.indra.es | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6661.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 26551
seconds with 4500 seconds of active time. This session ended with a crash.
Error - 28/02/2013 12:37:26 | Computer Name = DPEREZFADONPW7.indra.es | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 65
seconds with 60 seconds of active time. This session ended with a crash.
Error - 01/03/2013 8:27:51 | Computer Name = DPEREZFADONPW7.indra.es | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2395
seconds with 240 seconds of active time. This session ended with a crash.
Error - 01/03/2013 8:53:41 | Computer Name = DPEREZFADONPW7.indra.es | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1542
seconds with 60 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 02/04/2013 3:31:42 | Computer Name = DPEREZFADONPW7.indra.es | Source = Service Control Manager | ID = 7023
Description = El servicio Security Center se cerró con el siguiente error: %%2
Error - 02/04/2013 3:31:43 | Computer Name = DPEREZFADONPW7.indra.es | Source = Service Control Manager | ID = 7001
Description = El servicio Spybot-S&D 2 Security Center Service depende del servicio
Security Center, el cual no pudo iniciarse debido al siguiente error: %%2
Error - 02/04/2013 3:31:44 | Computer Name = DPEREZFADONPW7.indra.es | Source = Service Control Manager | ID = 7023
Description = El servicio Examinador de equipos se cerró con el siguiente error:
%%1060
Error - 02/04/2013 3:31:45 | Computer Name = DPEREZFADONPW7.indra.es | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = No se puede procesar la directiva de grupo debido a que no se puede
conectar a un controlador de dominio a través de la red. Esta condición puede ser
temporal. Se podría generar un mensaje de operación correcta una vez que el equipo
se conecte al controlador de dominio y la directiva de grupo se procese correctamente.
Póngase en contacto con el administrador si no ve un mensaje de operación correcta
en un algún par de horas.
Error - 02/04/2013 3:31:48 | Computer Name = DPEREZFADONPW7.indra.es | Source = Service Control Manager | ID = 7026
Description = El siguiente controlador de inicio del sistema o de inicio del arranque
no se cargó correctamente: SBRE
Error - 02/04/2013 3:32:20 | Computer Name = DPEREZFADONPW7.indra.es | Source = Microsoft-Windows-GroupPolicy | ID = 1129
Description = No se puede procesar la directiva de grupo debido a que no se puede
conectar a un controlador de dominio a través de la red. Esta condición puede ser
temporal. Se podría generar un mensaje de operación correcta una vez que el equipo
se conecte al controlador de dominio y la directiva de grupo se procese correctamente.
Póngase en contacto con el administrador si no ve un mensaje de operación correcta
en un algún par de horas.
Error - 02/04/2013 3:33:26 | Computer Name = DPEREZFADONPW7.indra.es | Source = DCOM | ID = 10016
Description =
Error - 02/04/2013 3:33:54 | Computer Name = DPEREZFADONPW7.indra.es | Source = TermService | ID = 1067
Description =
Error - 02/04/2013 3:45:33 | Computer Name = DPEREZFADONPW7.indra.es | Source = SCardSvr | ID = 615
Description =
Error - 02/04/2013 3:45:33 | Computer Name = DPEREZFADONPW7.indra.es | Source = SCardSvr | ID = 616
Description =
< End of report >
dperezfa
2013-04-02, 10:14
TDSskiller didnt found anything
--------------------------------------------------- TDSskiller report (1)
10:11:25.0979 4776 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:11:27.0336 4776 ============================================================
10:11:27.0336 4776 Current date / time: 2013/04/02 10:11:27.0336
10:11:27.0336 4776 SystemInfo:
10:11:27.0336 4776
10:11:27.0337 4776 OS Version: 6.1.7601 ServicePack: 1.0
10:11:27.0337 4776 Product type: Workstation
10:11:27.0337 4776 ComputerName: DPEREZFADONPW7
10:11:27.0337 4776 UserName: dperezfadon
10:11:27.0337 4776 Windows directory: C:\Windows
10:11:27.0337 4776 System windows directory: C:\Windows
10:11:27.0337 4776 Running under WOW64
10:11:27.0337 4776 Processor architecture: Intel x64
10:11:27.0338 4776 Number of processors: 4
10:11:27.0338 4776 Page size: 0x1000
10:11:27.0338 4776 Boot type: Normal boot
10:11:27.0338 4776 ============================================================
10:11:28.0271 4776 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:11:28.0280 4776 ============================================================
10:11:28.0280 4776 \Device\Harddisk0\DR0:
10:11:28.0280 4776 MBR partitions:
10:11:28.0280 4776 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32800
10:11:28.0280 4776 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x33000, BlocksNum 0xC8FA000
10:11:28.0280 4776 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC92D000, BlocksNum 0x18B012B0
10:11:28.0280 4776 ============================================================
10:11:28.0324 4776 C: <-> \Device\Harddisk0\DR0\Partition2
10:11:28.0427 4776 D: <-> \Device\Harddisk0\DR0\Partition3
10:11:28.0427 4776 ============================================================
10:11:28.0428 4776 Initialize success
10:11:28.0428 4776 ============================================================
10:11:33.0980 1552 ============================================================
10:11:33.0980 1552 Scan started
10:11:33.0980 1552 Mode: Manual;
10:11:33.0980 1552 ============================================================
10:11:34.0763 1552 ================ Scan system memory ========================
10:11:34.0763 1552 System memory - ok
10:11:34.0764 1552 ================ Scan services =============================
10:11:35.0147 1552 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:11:35.0179 1552 1394ohci - ok
10:11:35.0209 1552 [ 7A330A42870EB1FA81F88BE514D2D566 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
10:11:35.0222 1552 Accelerometer - ok
10:11:35.0263 1552 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:11:35.0313 1552 ACPI - ok
10:11:35.0347 1552 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:11:35.0357 1552 AcpiPmi - ok
10:11:35.0389 1552 [ 0EC911D24F14C969E980E92E4371464D ] acsock C:\Windows\system32\DRIVERS\acsock64.sys
10:11:35.0404 1552 acsock - ok
10:11:35.0530 1552 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:11:35.0564 1552 AdobeARMservice - ok
10:11:35.0609 1552 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:11:35.0633 1552 adp94xx - ok
10:11:35.0664 1552 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:11:35.0711 1552 adpahci - ok
10:11:35.0719 1552 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:11:35.0740 1552 adpu320 - ok
10:11:35.0758 1552 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:11:35.0759 1552 AeLookupSvc - ok
10:11:35.0867 1552 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
10:11:35.0887 1552 AESTFilters - ok
10:11:35.0914 1552 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
10:11:35.0938 1552 AFD - ok
10:11:35.0995 1552 [ 48008D4EA73C1058F36D323A644410D4 ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
10:11:36.0018 1552 AgereModemAudio - ok
10:11:36.0065 1552 [ DDF52C4C92D831A4CDB7788B37585E36 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
10:11:36.0127 1552 AgereSoftModem - ok
10:11:36.0177 1552 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:11:36.0202 1552 agp440 - ok
10:11:36.0249 1552 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:11:36.0265 1552 ALG - ok
10:11:36.0297 1552 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
10:11:36.0309 1552 aliide - ok
10:11:36.0337 1552 [ CFB48BC8B4A5A43075F8363D8B8E34C0 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:11:36.0357 1552 AMD External Events Utility - ok
10:11:36.0371 1552 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
10:11:36.0383 1552 amdide - ok
10:11:36.0413 1552 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:11:36.0426 1552 AmdK8 - ok
10:11:36.0619 1552 [ E4ADB0BFC3F2F878FA1BAA3187A48F42 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
10:11:36.0767 1552 amdkmdag - ok
10:11:36.0783 1552 [ 6B68035CEA83015C055E6621669C1CAA ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
10:11:36.0794 1552 amdkmdap - ok
10:11:36.0803 1552 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:11:36.0812 1552 AmdPPM - ok
10:11:36.0840 1552 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:11:36.0850 1552 amdsata - ok
10:11:36.0893 1552 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:11:36.0930 1552 amdsbs - ok
10:11:36.0951 1552 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:11:36.0977 1552 amdxata - ok
10:11:37.0032 1552 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
10:11:37.0051 1552 AppID - ok
10:11:37.0076 1552 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:11:37.0091 1552 AppIDSvc - ok
10:11:37.0110 1552 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
10:11:37.0128 1552 Appinfo - ok
10:11:37.0190 1552 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
10:11:37.0221 1552 AppMgmt - ok
10:11:37.0266 1552 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
10:11:37.0281 1552 arc - ok
10:11:37.0286 1552 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:11:37.0302 1552 arcsas - ok
10:11:37.0337 1552 [ 357635F16D28558C50870F4EF8AA4712 ] ARCVCAM C:\Windows\system32\DRIVERS\ArcSoftVCapture.sys
10:11:37.0351 1552 ARCVCAM - ok
10:11:37.0443 1552 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:11:37.0469 1552 aspnet_state - ok
10:11:37.0508 1552 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:11:37.0534 1552 AsyncMac - ok
10:11:37.0584 1552 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
10:11:37.0597 1552 atapi - ok
10:11:37.0676 1552 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:11:37.0703 1552 AudioEndpointBuilder - ok
10:11:37.0737 1552 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:11:37.0740 1552 AudioSrv - ok
10:11:37.0774 1552 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:11:37.0784 1552 AxInstSV - ok
10:11:37.0816 1552 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
10:11:37.0828 1552 b06bdrv - ok
10:11:37.0855 1552 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:11:37.0868 1552 b57nd60a - ok
10:11:37.0906 1552 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:11:37.0917 1552 BDESVC - ok
10:11:37.0945 1552 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:11:37.0952 1552 Beep - ok
10:11:38.0007 1552 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
10:11:38.0039 1552 BITS - ok
10:11:38.0070 1552 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:11:38.0095 1552 blbdrive - ok
10:11:38.0149 1552 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:11:38.0169 1552 bowser - ok
10:11:38.0214 1552 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:11:38.0238 1552 BrFiltLo - ok
10:11:38.0285 1552 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:11:38.0298 1552 BrFiltUp - ok
10:11:38.0342 1552 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
10:11:38.0362 1552 Browser - ok
10:11:38.0370 1552 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:11:38.0393 1552 Brserid - ok
10:11:38.0396 1552 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:11:38.0406 1552 BrSerWdm - ok
10:11:38.0436 1552 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:11:38.0443 1552 BrUsbMdm - ok
10:11:38.0445 1552 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:11:38.0452 1552 BrUsbSer - ok
10:11:38.0533 1552 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
10:11:38.0558 1552 BthEnum - ok
10:11:38.0566 1552 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:11:38.0578 1552 BTHMODEM - ok
10:11:38.0599 1552 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
10:11:38.0611 1552 BthPan - ok
10:11:38.0634 1552 [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
10:11:38.0659 1552 BTHPORT - ok
10:11:38.0687 1552 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:11:38.0697 1552 bthserv - ok
10:11:38.0711 1552 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
10:11:38.0724 1552 BTHUSB - ok
10:11:38.0765 1552 [ 7A2CE8C1BF4DAA1F2766E21E9CA11078 ] btwampfl C:\Windows\system32\drivers\btwampfl.sys
10:11:38.0780 1552 btwampfl - ok
10:11:38.0818 1552 [ A75BF6802A967F5AACECC3C67FEBDF55 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
10:11:38.0841 1552 btwaudio - ok
10:11:38.0876 1552 [ D895DC213EDBDA5FCC53AAD1F1E0E63B ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
10:11:38.0889 1552 btwavdt - ok
10:11:38.0958 1552 [ 692F8648D7686D91E34A65AC698019D8 ] btwdins C:\Bluetooth Software\btwdins.exe
10:11:39.0002 1552 btwdins - ok
10:11:39.0016 1552 [ 07096D2BC22CCB6CEA5A532DF0BE8A75 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
10:11:39.0029 1552 btwl2cap - ok
10:11:39.0043 1552 [ 6D7AA2BDE0135599C5F230D69DB3B420 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
10:11:39.0056 1552 btwrchid - ok
10:11:39.0196 1552 [ A454A9BAA25B8C8E76735DD86BD4B017 ] CcmExec C:\Windows\SysWOW64\CCM\CcmExec.exe
10:11:39.0247 1552 CcmExec - ok
10:11:39.0279 1552 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:11:39.0288 1552 cdfs - ok
10:11:39.0339 1552 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:11:39.0359 1552 cdrom - ok
10:11:39.0404 1552 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
10:11:39.0432 1552 CertPropSvc - ok
10:11:39.0460 1552 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:11:39.0473 1552 circlass - ok
10:11:39.0513 1552 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:11:39.0534 1552 CLFS - ok
10:11:39.0605 1552 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:11:39.0639 1552 clr_optimization_v2.0.50727_32 - ok
10:11:39.0701 1552 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:11:39.0717 1552 clr_optimization_v2.0.50727_64 - ok
10:11:39.0795 1552 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:11:39.0837 1552 clr_optimization_v4.0.30319_32 - ok
10:11:39.0908 1552 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:11:39.0912 1552 clr_optimization_v4.0.30319_64 - ok
10:11:39.0938 1552 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:11:39.0960 1552 CmBatt - ok
10:11:39.0997 1552 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:11:40.0007 1552 cmdide - ok
10:11:40.0067 1552 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
10:11:40.0134 1552 CNG - ok
10:11:40.0186 1552 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:11:40.0208 1552 Compbatt - ok
10:11:40.0247 1552 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:11:40.0270 1552 CompositeBus - ok
10:11:40.0304 1552 COMSysApp - ok
10:11:40.0339 1552 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:11:40.0360 1552 crcdisk - ok
10:11:40.0424 1552 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:11:40.0458 1552 CryptSvc - ok
10:11:40.0487 1552 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
10:11:40.0517 1552 CSC - ok
10:11:40.0558 1552 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
10:11:40.0579 1552 CscService - ok
10:11:40.0615 1552 [ BA8E5B2291C01EF71CA80E25F0C79D55 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
10:11:40.0638 1552 ctxusbm - ok
10:11:40.0682 1552 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:11:40.0689 1552 DcomLaunch - ok
10:11:40.0733 1552 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:11:40.0772 1552 defragsvc - ok
10:11:40.0803 1552 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:11:40.0826 1552 DfsC - ok
10:11:40.0857 1552 [ 105373D52E71D2D1355AD3ACD18259C3 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
10:11:40.0887 1552 dg_ssudbus - ok
10:11:40.0916 1552 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
10:11:40.0929 1552 Dhcp - ok
10:11:40.0956 1552 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:11:40.0966 1552 discache - ok
10:11:40.0989 1552 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:11:40.0999 1552 Disk - ok
10:11:41.0023 1552 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:11:41.0035 1552 Dnscache - ok
10:11:41.0057 1552 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:11:41.0069 1552 dot3svc - ok
10:11:41.0089 1552 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
10:11:41.0090 1552 DPS - ok
10:11:41.0127 1552 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:11:41.0172 1552 drmkaud - ok
10:11:41.0244 1552 [ 0040A0132AAC1004E50055F8FBB14C08 ] dsNcAdpt C:\Windows\system32\DRIVERS\dsNcAdpt.sys
10:11:41.0261 1552 dsNcAdpt - ok
10:11:41.0384 1552 [ 004CE5DE82780E617639466180AE75E9 ] dsNcService C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
10:11:41.0426 1552 dsNcService - ok
10:11:41.0467 1552 [ D3D64CF7B2BCEAA34A270F45A3FFFB36 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
10:11:41.0480 1552 dtsoftbus01 - ok
10:11:41.0530 1552 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:11:41.0549 1552 DXGKrnl - ok
10:11:41.0577 1552 [ DC1776D086AA9733B1929A3D979D9FDD ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
10:11:41.0591 1552 e1cexpress - ok
10:11:41.0624 1552 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:11:41.0633 1552 EapHost - ok
10:11:41.0732 1552 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
10:11:41.0813 1552 ebdrv - ok
10:11:41.0842 1552 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
10:11:41.0851 1552 EFS - ok
10:11:41.0913 1552 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:11:41.0957 1552 ehRecvr - ok
10:11:42.0014 1552 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:11:42.0049 1552 ehSched - ok
10:11:42.0090 1552 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:11:42.0113 1552 elxstor - ok
10:11:42.0136 1552 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:11:42.0145 1552 ErrDev - ok
10:11:42.0186 1552 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:11:42.0201 1552 EventSystem - ok
10:11:42.0227 1552 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:11:42.0244 1552 exfat - ok
10:11:42.0265 1552 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:11:42.0277 1552 fastfat - ok
10:11:42.0314 1552 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
10:11:42.0354 1552 Fax - ok
10:11:42.0371 1552 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:11:42.0381 1552 fdc - ok
10:11:42.0420 1552 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:11:42.0429 1552 fdPHost - ok
10:11:42.0439 1552 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:11:42.0448 1552 FDResPub - ok
10:11:42.0460 1552 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:11:42.0472 1552 FileInfo - ok
10:11:42.0487 1552 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:11:42.0498 1552 Filetrace - ok
10:11:42.0512 1552 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:11:42.0522 1552 flpydisk - ok
10:11:42.0576 1552 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:11:42.0613 1552 FltMgr - ok
10:11:42.0659 1552 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
10:11:42.0702 1552 FontCache - ok
10:11:42.0787 1552 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:11:42.0819 1552 FontCache3.0.0.0 - ok
10:11:42.0843 1552 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:11:42.0853 1552 FsDepends - ok
10:11:42.0879 1552 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:11:42.0888 1552 Fs_Rec - ok
10:11:42.0919 1552 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:11:42.0950 1552 fvevol - ok
10:11:42.0990 1552 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:11:43.0016 1552 gagp30kx - ok
10:11:43.0045 1552 [ 78DF6B481A14C0C6532BCC9E6BD3B259 ] GKUPRO2D C:\Windows\system32\Drivers\GKUPRO2D.sys
10:11:43.0047 1552 GKUPRO2D - ok
10:11:43.0103 1552 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
10:11:43.0156 1552 gpsvc - ok
10:11:43.0195 1552 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:11:43.0218 1552 hcw85cir - ok
10:11:43.0278 1552 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:11:43.0335 1552 HdAudAddService - ok
10:11:43.0366 1552 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
10:11:43.0393 1552 HDAudBus - ok
10:11:43.0398 1552 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:11:43.0408 1552 HidBatt - ok
10:11:43.0412 1552 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:11:43.0424 1552 HidBth - ok
10:11:43.0427 1552 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:11:43.0436 1552 HidIr - ok
10:11:43.0465 1552 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
10:11:43.0473 1552 hidserv - ok
10:11:43.0508 1552 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:11:43.0509 1552 HidUsb - ok
10:11:43.0540 1552 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:11:43.0549 1552 hkmsvc - ok
10:11:43.0597 1552 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:11:43.0607 1552 HomeGroupListener - ok
10:11:43.0627 1552 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:11:43.0637 1552 HomeGroupProvider - ok
10:11:43.0756 1552 [ D4B198E9B3CE6D05771E116D2D560F2F ] hpCMSrv C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
10:11:43.0762 1552 hpCMSrv - ok
10:11:43.0790 1552 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
10:11:43.0804 1552 HPDrvMntSvc.exe - ok
10:11:43.0838 1552 [ A4BE23C451ADEB252CD17A0532CAE220 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
10:11:43.0847 1552 hpdskflt - ok
10:11:43.0879 1552 [ 0ADC6AFAB2B17FFC9C6E24DD1583F888 ] hpHotkeyMonitor C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
10:11:43.0943 1552 hpHotkeyMonitor - ok
10:11:43.0986 1552 [ B98EE5D4535A685634B90F7E04DE0DF7 ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
10:11:43.0998 1552 HpqKbFiltr - ok
10:11:44.0040 1552 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
10:11:44.0090 1552 hpqwmiex - ok
10:11:44.0129 1552 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:11:44.0143 1552 HpSAMD - ok
10:11:44.0157 1552 [ A88A45E82BC54BFFB49C63973010226A ] hpsrv C:\Windows\system32\Hpservice.exe
10:11:44.0172 1552 hpsrv - ok
10:11:44.0215 1552 [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64 C:\Windows\system32\Drivers\ANDROIDUSB.sys
10:11:44.0237 1552 HTCAND64 - ok
10:11:44.0275 1552 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:11:44.0315 1552 HTTP - ok
10:11:44.0347 1552 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:11:44.0369 1552 hwpolicy - ok
10:11:44.0393 1552 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:11:44.0422 1552 i8042prt - ok
10:11:44.0456 1552 [ D469B77687E12FE43E344806740B624D ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
10:11:44.0460 1552 iaStor - ok
10:11:44.0517 1552 [ 117FF657E0D9BBD61B5C3E71E63D3919 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
10:11:44.0519 1552 IAStorDataMgrSvc - ok
10:11:44.0574 1552 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:11:44.0606 1552 iaStorV - ok
10:11:44.0662 1552 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:11:44.0699 1552 idsvc - ok
10:11:44.0733 1552 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:11:44.0756 1552 iirsp - ok
10:11:44.0819 1552 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
10:11:44.0848 1552 IKEEXT - ok
10:11:44.0876 1552 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
10:11:44.0887 1552 intelide - ok
10:11:44.0914 1552 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:11:44.0927 1552 intelppm - ok
10:11:44.0961 1552 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:11:44.0976 1552 IPBusEnum - ok
10:11:45.0010 1552 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:11:45.0026 1552 IpFilterDriver - ok
10:11:45.0047 1552 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:11:45.0064 1552 IPMIDRV - ok
10:11:45.0119 1552 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:11:45.0153 1552 IPNAT - ok
10:11:45.0193 1552 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:11:45.0214 1552 IRENUM - ok
10:11:45.0240 1552 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:11:45.0250 1552 isapnp - ok
10:11:45.0281 1552 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:11:45.0301 1552 iScsiPrt - ok
10:11:45.0334 1552 [ 0B44199365A69696109AB9A5855E0841 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
10:11:45.0344 1552 JMCR - ok
10:11:45.0386 1552 [ C6A3593D397B111C1DBBC1BE6384B548 ] johci C:\Windows\system32\DRIVERS\johci.sys
10:11:45.0394 1552 johci - ok
10:11:45.0419 1552 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:11:45.0428 1552 kbdclass - ok
10:11:45.0440 1552 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:11:45.0448 1552 kbdhid - ok
10:11:45.0475 1552 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
10:11:45.0476 1552 KeyIso - ok
10:11:45.0492 1552 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:11:45.0501 1552 KSecDD - ok
10:11:45.0510 1552 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:11:45.0521 1552 KSecPkg - ok
10:11:45.0539 1552 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:11:45.0546 1552 ksthunk - ok
10:11:45.0579 1552 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:11:45.0590 1552 KtmRm - ok
10:11:45.0619 1552 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
10:11:45.0630 1552 LanmanServer - ok
10:11:45.0659 1552 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:11:45.0668 1552 LanmanWorkstation - ok
10:11:45.0701 1552 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:11:45.0710 1552 lltdio - ok
10:11:45.0733 1552 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:11:45.0748 1552 lltdsvc - ok
10:11:45.0762 1552 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:11:45.0770 1552 lmhosts - ok
10:11:45.0842 1552 [ DE75F2EA497DA4B3A764D4EAC43135E9 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
10:11:45.0879 1552 LMS - ok
10:11:45.0915 1552 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:11:45.0949 1552 LSI_FC - ok
10:11:45.0983 1552 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:11:46.0006 1552 LSI_SAS - ok
10:11:46.0009 1552 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:11:46.0020 1552 LSI_SAS2 - ok
10:11:46.0024 1552 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:11:46.0035 1552 LSI_SCSI - ok
10:11:46.0058 1552 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:11:46.0068 1552 luafv - ok
10:11:46.0087 1552 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:11:46.0096 1552 Mcx2Svc - ok
10:11:46.0179 1552 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
10:11:46.0228 1552 MDM - ok
10:11:46.0231 1552 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:11:46.0239 1552 megasas - ok
10:11:46.0244 1552 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:11:46.0256 1552 MegaSR - ok
10:11:46.0295 1552 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
10:11:46.0303 1552 MEIx64 - ok
10:11:46.0364 1552 [ 7C4C76B39D5525C4A465E0BE32528E19 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
10:11:46.0378 1552 Microsoft Office Groove Audit Service - ok
10:11:46.0417 1552 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:11:46.0418 1552 MMCSS - ok
10:11:46.0445 1552 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:11:46.0456 1552 Modem - ok
10:11:46.0476 1552 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:11:46.0485 1552 monitor - ok
10:11:46.0513 1552 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:11:46.0525 1552 mouclass - ok
10:11:46.0540 1552 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:11:46.0550 1552 mouhid - ok
10:11:46.0585 1552 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:11:46.0596 1552 mountmgr - ok
10:11:46.0649 1552 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:11:46.0688 1552 MozillaMaintenance - ok
10:11:46.0721 1552 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
10:11:46.0742 1552 mpio - ok
10:11:46.0757 1552 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:11:46.0767 1552 mpsdrv - ok
10:11:46.0799 1552 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:11:46.0810 1552 MRxDAV - ok
10:11:46.0833 1552 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:11:46.0845 1552 mrxsmb - ok
10:11:46.0857 1552 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:11:46.0869 1552 mrxsmb10 - ok
10:11:46.0905 1552 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:11:46.0939 1552 mrxsmb20 - ok
10:11:46.0973 1552 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
10:11:46.0987 1552 msahci - ok
10:11:47.0004 1552 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:11:47.0014 1552 msdsm - ok
dperezfa
2013-04-02, 10:15
--------------------------------------------------- TDSskiller report (2)
10:11:47.0042 1552 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:11:47.0053 1552 MSDTC - ok
10:11:47.0095 1552 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:11:47.0103 1552 Msfs - ok
10:11:47.0145 1552 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:11:47.0167 1552 mshidkmdf - ok
10:11:47.0203 1552 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:11:47.0226 1552 msisadrv - ok
10:11:47.0256 1552 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:11:47.0271 1552 MSiSCSI - ok
10:11:47.0274 1552 msiserver - ok
10:11:47.0311 1552 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:11:47.0321 1552 MSKSSRV - ok
10:11:47.0344 1552 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:11:47.0352 1552 MSPCLOCK - ok
10:11:47.0363 1552 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:11:47.0371 1552 MSPQM - ok
10:11:47.0393 1552 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:11:47.0427 1552 MsRPC - ok
10:11:47.0455 1552 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:11:47.0467 1552 mssmbios - ok
10:11:47.0483 1552 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:11:47.0491 1552 MSTEE - ok
10:11:47.0501 1552 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:11:47.0511 1552 MTConfig - ok
10:11:47.0526 1552 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:11:47.0536 1552 Mup - ok
10:11:47.0563 1552 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
10:11:47.0575 1552 napagent - ok
10:11:47.0617 1552 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:11:47.0640 1552 NativeWifiP - ok
10:11:47.0694 1552 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
10:11:47.0759 1552 NDIS - ok
10:11:47.0785 1552 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:11:47.0799 1552 NdisCap - ok
10:11:47.0830 1552 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:11:47.0843 1552 NdisTapi - ok
10:11:47.0873 1552 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:11:47.0888 1552 Ndisuio - ok
10:11:47.0914 1552 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:11:47.0926 1552 NdisWan - ok
10:11:47.0946 1552 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:11:47.0954 1552 NDProxy - ok
10:11:47.0965 1552 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:11:47.0974 1552 NetBIOS - ok
10:11:48.0002 1552 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:11:48.0013 1552 NetBT - ok
10:11:48.0024 1552 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
10:11:48.0025 1552 Netlogon - ok
10:11:48.0061 1552 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:11:48.0071 1552 Netman - ok
10:11:48.0118 1552 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:11:48.0151 1552 NetMsmqActivator - ok
10:11:48.0156 1552 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:11:48.0158 1552 NetPipeActivator - ok
10:11:48.0181 1552 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:11:48.0196 1552 netprofm - ok
10:11:48.0199 1552 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:11:48.0200 1552 NetTcpActivator - ok
10:11:48.0204 1552 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:11:48.0205 1552 NetTcpPortSharing - ok
10:11:48.0377 1552 [ 5D262402B0634C998F8CBCEAD7DD8676 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
10:11:48.0518 1552 NETwNs64 - ok
10:11:48.0561 1552 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:11:48.0584 1552 nfrd960 - ok
10:11:48.0616 1552 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:11:48.0635 1552 NlaSvc - ok
10:11:48.0701 1552 [ 5FE6F8C05F0769BBB74AFAC11453B182 ] nmwcd C:\Windows\system32\drivers\ccdcmbx64.sys
10:11:48.0726 1552 nmwcd - ok
10:11:48.0741 1552 [ 73C929945C0850B8D1FE2FEA05FDF05D ] nmwcdc C:\Windows\system32\drivers\ccdcmbox64.sys
10:11:48.0753 1552 nmwcdc - ok
10:11:48.0786 1552 [ 292DDF13F91F2CB2482B57AACD6AEB9B ] nmwcdnsux64 C:\Windows\system32\drivers\nmwcdnsux64.sys
10:11:48.0808 1552 nmwcdnsux64 - ok
10:11:48.0862 1552 [ C31FA031335EFF434B2D94278E74BCCE ] npf C:\Windows\system32\drivers\npf.sys
10:11:48.0888 1552 npf - ok
10:11:48.0903 1552 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:11:48.0918 1552 Npfs - ok
10:11:48.0951 1552 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:11:48.0958 1552 nsi - ok
10:11:48.0974 1552 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:11:48.0982 1552 nsiproxy - ok
10:11:49.0024 1552 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:11:49.0094 1552 Ntfs - ok
10:11:49.0238 1552 [ A2BEAF0E75F7C14744BC084091517363 ] ntrtscan C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe
10:11:49.0269 1552 ntrtscan - ok
10:11:49.0302 1552 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:11:49.0312 1552 Null - ok
10:11:49.0336 1552 [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
10:11:49.0357 1552 nusb3hub - ok
10:11:49.0393 1552 [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
10:11:49.0429 1552 nusb3xhc - ok
10:11:49.0488 1552 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:11:49.0521 1552 nvraid - ok
10:11:49.0559 1552 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:11:49.0572 1552 nvstor - ok
10:11:49.0603 1552 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:11:49.0632 1552 nv_agp - ok
10:11:49.0729 1552 [ C9262F14883A07F104C14D1F9501786B ] NWSAPAutoWorkstationUpdateSvc C:\Program Files (x86)\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe
10:11:49.0768 1552 NWSAPAutoWorkstationUpdateSvc - ok
10:11:49.0858 1552 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:11:49.0899 1552 odserv - ok
10:11:49.0935 1552 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:11:49.0968 1552 ohci1394 - ok
10:11:50.0048 1552 [ 3D70B0630342132EBC1FF5CFF483E6C0 ] OpenSSHd C:\Program Files (x86)\OpenSSH\bin\cygrunsrv.exe
10:11:50.0116 1552 OpenSSHd - ok
10:11:50.0166 1552 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:11:50.0180 1552 ose - ok
10:11:50.0225 1552 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:11:50.0241 1552 p2pimsvc - ok
10:11:50.0265 1552 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:11:50.0280 1552 p2psvc - ok
10:11:50.0312 1552 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:11:50.0323 1552 Parport - ok
10:11:50.0356 1552 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:11:50.0388 1552 partmgr - ok
10:11:50.0399 1552 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:11:50.0415 1552 PcaSvc - ok
10:11:50.0473 1552 [ 3FDE033DFB0D07F8B7D5C9A3044AA121 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
10:11:50.0499 1552 pccsmcfd - ok
10:11:50.0527 1552 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
10:11:50.0529 1552 pci - ok
10:11:50.0558 1552 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
10:11:50.0565 1552 pciide - ok
10:11:50.0600 1552 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:11:50.0666 1552 pcmcia - ok
10:11:50.0681 1552 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:11:50.0699 1552 pcw - ok
10:11:50.0748 1552 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:11:50.0804 1552 PEAUTH - ok
10:11:50.0869 1552 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
10:11:50.0928 1552 PeerDistSvc - ok
10:11:51.0003 1552 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:11:51.0033 1552 PerfHost - ok
10:11:51.0097 1552 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
10:11:51.0149 1552 pla - ok
10:11:51.0202 1552 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:11:51.0226 1552 PlugPlay - ok
10:11:51.0270 1552 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:11:51.0283 1552 PNRPAutoReg - ok
10:11:51.0309 1552 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:11:51.0313 1552 PNRPsvc - ok
10:11:51.0345 1552 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:11:51.0369 1552 PolicyAgent - ok
10:11:51.0412 1552 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:11:51.0442 1552 Power - ok
10:11:51.0487 1552 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:11:51.0505 1552 PptpMiniport - ok
10:11:51.0596 1552 [ 3A603DD6466569970BD99DFB4C63BBC7 ] prepdrvr C:\Windows\SysWOW64\CCM\prepdrv.sys
10:11:51.0620 1552 prepdrvr - ok
10:11:51.0655 1552 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:11:51.0672 1552 Processor - ok
10:11:51.0704 1552 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
10:11:51.0717 1552 ProfSvc - ok
10:11:51.0724 1552 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:11:51.0725 1552 ProtectedStorage - ok
10:11:51.0756 1552 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:11:51.0769 1552 Psched - ok
10:11:51.0812 1552 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
10:11:51.0855 1552 ql2300 - ok
10:11:51.0859 1552 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:11:51.0869 1552 ql40xx - ok
10:11:51.0898 1552 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:11:51.0908 1552 QWAVE - ok
10:11:51.0921 1552 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:11:51.0930 1552 QWAVEdrv - ok
10:11:51.0944 1552 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:11:51.0952 1552 RasAcd - ok
10:11:51.0984 1552 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:11:51.0993 1552 RasAgileVpn - ok
10:11:52.0000 1552 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:11:52.0010 1552 RasAuto - ok
10:11:52.0033 1552 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:11:52.0044 1552 Rasl2tp - ok
10:11:52.0074 1552 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
10:11:52.0085 1552 RasMan - ok
10:11:52.0119 1552 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:11:52.0137 1552 RasPppoe - ok
10:11:52.0186 1552 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:11:52.0220 1552 RasSstp - ok
10:11:52.0245 1552 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:11:52.0284 1552 rdbss - ok
10:11:52.0293 1552 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:11:52.0304 1552 rdpbus - ok
10:11:52.0311 1552 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:11:52.0318 1552 RDPCDD - ok
10:11:52.0343 1552 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
10:11:52.0359 1552 RDPDR - ok
10:11:52.0394 1552 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:11:52.0416 1552 RDPENCDD - ok
10:11:52.0426 1552 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:11:52.0435 1552 RDPREFMP - ok
10:11:52.0486 1552 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:11:52.0514 1552 RdpVideoMiniport - ok
10:11:52.0542 1552 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:11:52.0558 1552 RDPWD - ok
10:11:52.0598 1552 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:11:52.0628 1552 rdyboost - ok
10:11:52.0669 1552 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:11:52.0700 1552 RemoteAccess - ok
10:11:52.0734 1552 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:11:52.0756 1552 RemoteRegistry - ok
10:11:52.0797 1552 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
10:11:52.0810 1552 RFCOMM - ok
10:11:52.0820 1552 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:11:52.0830 1552 RpcEptMapper - ok
10:11:52.0854 1552 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:11:52.0862 1552 RpcLocator - ok
10:11:52.0888 1552 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
10:11:52.0892 1552 RpcSs - ok
10:11:52.0937 1552 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:11:52.0967 1552 rspndr - ok
10:11:52.0990 1552 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
10:11:52.0995 1552 s3cap - ok
10:11:53.0007 1552 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
10:11:53.0008 1552 SamSs - ok
10:11:53.0034 1552 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:11:53.0044 1552 sbp2port - ok
10:11:53.0062 1552 SBRE - ok
10:11:53.0082 1552 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:11:53.0092 1552 SCardSvr - ok
10:11:53.0117 1552 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:11:53.0118 1552 scfilter - ok
10:11:53.0144 1552 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
10:11:53.0177 1552 Schedule - ok
10:11:53.0211 1552 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:11:53.0211 1552 SCPolicySvc - ok
10:11:53.0230 1552 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
10:11:53.0241 1552 sdbus - ok
10:11:53.0273 1552 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:11:53.0285 1552 SDRSVC - ok
10:11:53.0378 1552 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
10:11:53.0486 1552 SDScannerService - ok
10:11:53.0558 1552 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
10:11:53.0682 1552 SDUpdateService - ok
10:11:53.0703 1552 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
10:11:53.0716 1552 SDWSCService - ok
10:11:53.0761 1552 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:11:53.0784 1552 secdrv - ok
10:11:53.0811 1552 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
10:11:53.0833 1552 seclogon - ok
10:11:53.0861 1552 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
10:11:53.0874 1552 SENS - ok
10:11:53.0886 1552 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:11:53.0897 1552 SensrSvc - ok
10:11:53.0924 1552 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:11:53.0933 1552 Serenum - ok
10:11:53.0962 1552 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:11:53.0973 1552 Serial - ok
10:11:54.0009 1552 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:11:54.0017 1552 sermouse - ok
10:11:54.0112 1552 [ C3BB6CF8F9EE199005A2AAE2815AD756 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
10:11:54.0191 1552 ServiceLayer - ok
10:11:54.0225 1552 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
10:11:54.0234 1552 SessionEnv - ok
10:11:54.0255 1552 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:11:54.0262 1552 sffdisk - ok
10:11:54.0271 1552 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:11:54.0278 1552 sffp_mmc - ok
10:11:54.0289 1552 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:11:54.0297 1552 sffp_sd - ok
10:11:54.0325 1552 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:11:54.0332 1552 sfloppy - ok
10:11:54.0368 1552 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:11:54.0383 1552 SharedAccess - ok
10:11:54.0411 1552 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:11:54.0427 1552 ShellHWDetection - ok
10:11:54.0444 1552 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:11:54.0452 1552 SiSRaid2 - ok
10:11:54.0460 1552 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:11:54.0469 1552 SiSRaid4 - ok
10:11:54.0495 1552 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:11:54.0505 1552 Smb - ok
10:11:54.0507 1552 smstsmgr - ok
10:11:54.0549 1552 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:11:54.0557 1552 SNMPTRAP - ok
10:11:54.0643 1552 [ 43FBAA2C9E6B01B6AFC40B69019C27EC ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
10:11:54.0663 1552 SNP2UVC - ok
10:11:54.0690 1552 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:11:54.0697 1552 spldr - ok
10:11:54.0729 1552 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
10:11:54.0753 1552 Spooler - ok
10:11:54.0836 1552 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
10:11:54.0878 1552 sppsvc - ok
10:11:54.0920 1552 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:11:54.0948 1552 sppuinotify - ok
10:11:54.0978 1552 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
10:11:55.0017 1552 srv - ok
10:11:55.0032 1552 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:11:55.0056 1552 srv2 - ok
10:11:55.0084 1552 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:11:55.0096 1552 srvnet - ok
10:11:55.0121 1552 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:11:55.0133 1552 SSDPSRV - ok
10:11:55.0142 1552 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:11:55.0151 1552 SstpSvc - ok
10:11:55.0196 1552 [ 74425FFA11C133D045E1C3BE2EAD481D ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
10:11:55.0234 1552 ssudmdm - ok
10:11:55.0335 1552 [ 0CDEA5ACBB69C45F642E96D81E906CCD ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
10:11:55.0367 1552 STacSV - ok
10:11:55.0391 1552 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:11:55.0399 1552 stexstor - ok
10:11:55.0433 1552 [ 5C8D6072D1D09F11789C6A014688048A ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
10:11:55.0465 1552 STHDA - ok
10:11:55.0502 1552 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
10:11:55.0525 1552 stisvc - ok
10:11:55.0548 1552 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
10:11:55.0558 1552 storflt - ok
10:11:55.0578 1552 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
10:11:55.0587 1552 StorSvc - ok
10:11:55.0605 1552 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
10:11:55.0614 1552 storvsc - ok
10:11:55.0628 1552 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
10:11:55.0637 1552 swenum - ok
10:11:55.0711 1552 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
10:11:55.0766 1552 SwitchBoard - ok
10:11:55.0793 1552 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:11:55.0809 1552 swprv - ok
10:11:55.0819 1552 Synth3dVsc - ok
10:11:55.0874 1552 [ B25C79B3348D539B9DBFB6C15637D13C ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
10:11:55.0890 1552 SynTP - ok
10:11:55.0967 1552 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
10:11:56.0046 1552 SysMain - ok
10:11:56.0090 1552 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:11:56.0100 1552 TabletInputService - ok
10:11:56.0199 1552 [ FAAB3E5CE56EDC0769B3387383570839 ] TabletServiceWacom C:\Windows\system32\Wacom_Tablet.exe
10:11:56.0260 1552 TabletServiceWacom - ok
10:11:56.0291 1552 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:11:56.0307 1552 TapiSrv - ok
10:11:56.0332 1552 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:11:56.0340 1552 TBS - ok
10:11:56.0419 1552 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:11:56.0490 1552 Tcpip - ok
10:11:56.0536 1552 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:11:56.0550 1552 TCPIP6 - ok
10:11:56.0596 1552 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:11:56.0621 1552 tcpipreg - ok
10:11:56.0655 1552 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:11:56.0662 1552 TDPIPE - ok
10:11:56.0682 1552 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:11:56.0691 1552 TDTCP - ok
10:11:56.0712 1552 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:11:56.0723 1552 tdx - ok
10:11:56.0750 1552 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
10:11:56.0758 1552 TermDD - ok
10:11:56.0788 1552 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
10:11:56.0793 1552 TermService - ok
10:11:56.0813 1552 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:11:56.0821 1552 Themes - ok
10:11:56.0831 1552 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:11:56.0832 1552 THREADORDER - ok
10:11:56.0871 1552 [ 505DB66467DF7658CC156B1704C7582C ] tmactmon C:\Windows\system32\DRIVERS\tmactmon.sys
10:11:56.0898 1552 tmactmon - ok
10:11:56.0974 1552 [ EFB980D4F0A565ECEA8BEFB22C620698 ] TMBMServer C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
10:11:57.0010 1552 TMBMServer - ok
10:11:57.0043 1552 [ 46EDB648C1B5C3ABD76BD5E912DAC026 ] tmcomm C:\Windows\system32\DRIVERS\tmcomm.sys
10:11:57.0057 1552 tmcomm - ok
10:11:57.0093 1552 [ 30CF571B3320221E331D2D887CB8552B ] tmevtmgr C:\Windows\system32\DRIVERS\tmevtmgr.sys
10:11:57.0103 1552 tmevtmgr - ok
10:11:57.0158 1552 [ 55283E1FC92021AEBA8E1E5B7EBAD9D1 ] TmFilter C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys
10:11:57.0200 1552 TmFilter - ok
10:11:57.0309 1552 [ 245DB19AF7252BBB77E9B7E9D93CB69D ] tmlisten C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe
10:11:57.0340 1552 tmlisten - ok
10:11:57.0371 1552 [ 8F82EF40FA762354530236ABE302FA35 ] TmPreFilter C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys
10:11:57.0386 1552 TmPreFilter - ok
10:11:57.0467 1552 [ EB689B4C0FCA28A7BA881BA31A9224D4 ] TmProxy C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe
10:11:57.0500 1552 TmProxy - ok
10:11:57.0543 1552 [ A42E6780C52B248AF54C6010A9A93384 ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys
10:11:57.0552 1552 tmtdi - ok
10:11:57.0585 1552 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
10:11:57.0612 1552 TPM - ok
10:11:57.0660 1552 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:11:57.0676 1552 TrkWks - ok
10:11:57.0723 1552 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:11:57.0725 1552 TrustedInstaller - ok
10:11:57.0737 1552 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:11:57.0748 1552 tssecsrv - ok
10:11:57.0758 1552 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:11:57.0768 1552 TsUsbFlt - ok
10:11:57.0771 1552 tsusbhub - ok
10:11:57.0797 1552 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:11:57.0808 1552 tunnel - ok
10:11:57.0843 1552 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:11:57.0852 1552 uagp35 - ok
10:11:57.0929 1552 [ D5994AB5C2B2D72D6320A7004D52617C ] uArcCapture C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe
10:11:58.0065 1552 uArcCapture - ok
10:11:58.0081 1552 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:11:58.0097 1552 udfs - ok
10:11:58.0129 1552 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:11:58.0138 1552 UI0Detect - ok
10:11:58.0157 1552 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:11:58.0166 1552 uliagpkx - ok
10:11:58.0196 1552 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:11:58.0204 1552 umbus - ok
10:11:58.0238 1552 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:11:58.0245 1552 UmPass - ok
10:11:58.0268 1552 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
10:11:58.0280 1552 UmRdpService - ok
10:11:58.0429 1552 [ 2955A9ADBC618B6A09E3D3BECC3CCB3D ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
10:11:58.0467 1552 UNS - ok
10:11:58.0496 1552 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:11:58.0511 1552 upnphost - ok
10:11:58.0544 1552 [ 34AFB83C7BBA370E404E52CC2290350C ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
10:11:58.0551 1552 upperdev - ok
10:11:58.0583 1552 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
10:11:58.0594 1552 usbaudio - ok
10:11:58.0644 1552 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:11:58.0678 1552 usbccgp - ok
10:11:58.0720 1552 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:11:58.0749 1552 usbcir - ok
10:11:58.0769 1552 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
10:11:58.0780 1552 usbehci - ok
10:11:58.0825 1552 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:11:58.0855 1552 usbhub - ok
10:11:58.0874 1552 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:11:58.0884 1552 usbohci - ok
10:11:58.0911 1552 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:11:58.0921 1552 usbprint - ok
10:11:58.0953 1552 [ AA75E1EFBEE7186B4CBAAACF1F15E6CA ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
10:11:58.0960 1552 UsbserFilt - ok
10:11:58.0987 1552 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:11:59.0000 1552 USBSTOR - ok
10:11:59.0028 1552 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
10:11:59.0038 1552 usbuhci - ok
10:11:59.0067 1552 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
10:11:59.0080 1552 usbvideo - ok
10:11:59.0104 1552 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:11:59.0112 1552 UxSms - ok
10:11:59.0132 1552 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
10:11:59.0133 1552 VaultSvc - ok
10:11:59.0240 1552 [ 41EEF971DD82A3674D07F275A4DEF702 ] vcsFPService C:\Windows\system32\vcsFPService.exe
10:11:59.0332 1552 vcsFPService - ok
10:11:59.0358 1552 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:11:59.0368 1552 vdrvroot - ok
10:11:59.0401 1552 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
10:11:59.0455 1552 vds - ok
10:11:59.0493 1552 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:11:59.0503 1552 vga - ok
10:11:59.0517 1552 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:11:59.0526 1552 VgaSave - ok
10:11:59.0528 1552 VGPU - ok
10:11:59.0553 1552 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:11:59.0566 1552 vhdmp - ok
10:11:59.0597 1552 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
10:11:59.0614 1552 viaide - ok
10:11:59.0632 1552 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
10:11:59.0649 1552 vmbus - ok
10:11:59.0680 1552 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
10:11:59.0704 1552 VMBusHID - ok
10:11:59.0731 1552 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:11:59.0744 1552 volmgr - ok
10:11:59.0769 1552 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:11:59.0794 1552 volmgrx - ok
10:11:59.0828 1552 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:11:59.0869 1552 volsnap - ok
10:11:59.0924 1552 [ 8811748190D194EAE2E2155DA3E2B022 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
10:11:59.0970 1552 vpnagent - ok
10:12:00.0003 1552 [ 845DAE50510383B7F6ACA73CE2099048 ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys
10:12:00.0015 1552 vpnva - ok
10:12:00.0105 1552 [ BF63E3F8F1CED65F4F5AD22E0735B2E4 ] VSApiNt C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys
10:12:00.0131 1552 VSApiNt - ok
10:12:00.0161 1552 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:12:00.0171 1552 vsmraid - ok
10:12:00.0215 1552 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
10:12:00.0233 1552 VSS - ok
10:12:00.0249 1552 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
10:12:00.0257 1552 vwifibus - ok
10:12:00.0279 1552 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
10:12:00.0289 1552 vwififlt - ok
10:12:00.0315 1552 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:12:00.0330 1552 W32Time - ok
10:12:00.0366 1552 [ F39FC224758290A3193C68C091E6F11A ] wacmoumonitor C:\Windows\system32\DRIVERS\wacmoumonitor.sys
10:12:00.0373 1552 wacmoumonitor - ok
10:12:00.0393 1552 [ E04D43C7D1641E95D35CAE6086C7E350 ] wacommousefilter C:\Windows\system32\DRIVERS\wacommousefilter.sys
10:12:00.0400 1552 wacommousefilter - ok
10:12:00.0417 1552 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:12:00.0426 1552 WacomPen - ok
10:12:00.0447 1552 [ BB9D431C8D025BA13E60ADDDCFF04F1A ] wacomvhid C:\Windows\system32\DRIVERS\wacomvhid.sys
10:12:00.0454 1552 wacomvhid - ok
10:12:00.0484 1552 [ 8B4255329EDFBA3ECFBD0714476FAD38 ] WacomVKHid C:\Windows\system32\DRIVERS\WacomVKHid.sys
10:12:00.0491 1552 WacomVKHid - ok
10:12:00.0529 1552 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:12:00.0558 1552 WANARP - ok
10:12:00.0562 1552 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:12:00.0563 1552 Wanarpv6 - ok
10:12:00.0663 1552 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
10:12:00.0707 1552 WatAdminSvc - ok
10:12:00.0759 1552 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
10:12:00.0817 1552 wbengine - ok
10:12:00.0842 1552 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:12:00.0853 1552 WbioSrvc - ok
10:12:00.0878 1552 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:12:00.0893 1552 wcncsvc - ok
10:12:00.0899 1552 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:12:00.0907 1552 WcsPlugInService - ok
10:12:00.0927 1552 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:12:00.0936 1552 Wd - ok
10:12:00.0954 1552 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:12:00.0978 1552 Wdf01000 - ok
10:12:00.0985 1552 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:12:00.0994 1552 WdiServiceHost - ok
10:12:00.0996 1552 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:12:00.0998 1552 WdiSystemHost - ok
10:12:01.0028 1552 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
10:12:01.0038 1552 WebClient - ok
10:12:01.0053 1552 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:12:01.0064 1552 Wecsvc - ok
10:12:01.0070 1552 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:12:01.0079 1552 wercplsupport - ok
10:12:01.0096 1552 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:12:01.0106 1552 WerSvc - ok
10:12:01.0130 1552 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:12:01.0137 1552 WfpLwf - ok
10:12:01.0150 1552 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:12:01.0158 1552 WIMMount - ok
10:12:01.0227 1552 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:12:01.0255 1552 Winmgmt - ok
10:12:01.0304 1552 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
10:12:01.0371 1552 WinRM - ok
10:12:01.0459 1552 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
10:12:01.0482 1552 WinUSB - ok
10:12:01.0527 1552 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:12:01.0571 1552 Wlansvc - ok
10:12:01.0700 1552 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:12:01.0796 1552 wlidsvc - ok
10:12:01.0852 1552 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:12:01.0877 1552 WmiAcpi - ok
10:12:01.0912 1552 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:12:01.0934 1552 wmiApSrv - ok
10:12:01.0956 1552 WMPNetworkSvc - ok
10:12:01.0994 1552 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:12:02.0012 1552 WPCSvc - ok
10:12:02.0056 1552 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:12:02.0087 1552 WPDBusEnum - ok
10:12:02.0125 1552 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:12:02.0144 1552 ws2ifsl - ok
10:12:02.0206 1552 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
10:12:02.0232 1552 wscsvc - ok
10:12:02.0237 1552 WSearch - ok
10:12:02.0299 1552 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
10:12:02.0350 1552 wuauserv - ok
10:12:02.0385 1552 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:12:02.0418 1552 WudfPf - ok
10:12:02.0446 1552 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:12:02.0464 1552 WUDFRd - ok
10:12:02.0486 1552 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:12:02.0495 1552 wudfsvc - ok
10:12:02.0520 1552 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
10:12:02.0531 1552 WwanSvc - ok
10:12:02.0563 1552 ================ Scan global ===============================
10:12:02.0575 1552 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:12:02.0615 1552 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
10:12:02.0631 1552 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
10:12:02.0660 1552 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:12:02.0693 1552 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:12:02.0696 1552 [Global] - ok
10:12:02.0696 1552 ================ Scan MBR ==================================
10:12:02.0711 1552 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:12:03.0033 1552 \Device\Harddisk0\DR0 - ok
10:12:03.0035 1552 ================ Scan VBR ==================================
10:12:03.0040 1552 [ 6D1A2C0B871EABE7FC96FD0B555A9BCB ] \Device\Harddisk0\DR0\Partition1
10:12:03.0042 1552 \Device\Harddisk0\DR0\Partition1 - ok
10:12:03.0059 1552 [ 80A4445866A5B3FB22FB496BA6B83521 ] \Device\Harddisk0\DR0\Partition2
10:12:03.0060 1552 \Device\Harddisk0\DR0\Partition2 - ok
10:12:03.0082 1552 [ 9E0D760F1D78C07BC5D4FEF0ABFB4A52 ] \Device\Harddisk0\DR0\Partition3
10:12:03.0084 1552 \Device\Harddisk0\DR0\Partition3 - ok
10:12:03.0084 1552 ============================================================
10:12:03.0084 1552 Scan finished
10:12:03.0084 1552 ============================================================
10:12:03.0096 6572 Detected object count: 0
10:12:03.0096 6572 Actual detected object count: 0
Hi dperezfa
P2P Programs:
P2P programs are a major source of Malware infections.
From your log I see you have uTorrent and vDownloader We do not pass judgment on file-sharing, however we must inform you that engaging in this activity and having this kind of software installed on your system will always make you more susceptible to Malware infections.
The use of P2P programs may be contributing to your current situation, and you would certainly be doing yourself a favour by removing them.
If you wish to keep the program(s), please do not use them until your computer is cleaned.
Information regarding the risk of using these programs can be found from here (http://malwareremoval.com/p2pindex.php) and here (http://www.internetworldstats.com/articles/art053.htm)
Run OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
[2012/10/19 15:36:06 | 000,000,000 | ---D | M] -- C:\Users\dperezfadon\AppData\Roaming\uTorrent
[2012/03/22 09:04:40 | 000,000,000 | ---D | M] -- C:\Users\dperezfadon\AppData\Roaming\VDownloader
@Alternate Data Stream - 1077 bytes -> C:\ProgramData\Microsoft:TBXZAfprE1N3yMTlCs3bRqVjiJe
@Alternate Data Stream - 1033 bytes -> C:\ProgramData\Microsoft:nrUSg800GX3oLNPvyfgZZiZguPqe
:Files
ipconfig /flushdns /c
:Commands
[EMPTYFLASH]
[REBOOT]
[RESETHOSTS]
[CREATERESTOREPOINT]
Then click the Run Fix button at the top
Let the program run unhindered.
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
NEXT
AdwCleaner
Please download AdwCleaner (http://general-changelog-team.fr/en/tools/15-adwcleaner) by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
NEXT
Download RogueKiller (http://www.sur-la-toile.com/RogueKiller/) and save it to your desktop.
Quit all other programs
Start RogueKiller.exe
Wait until the Prescan has finished ...
Click on Scan
http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRScan.png
Wait for the end of the scan
A report will be created on your desktop.
Click on the Delete button
http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRDelete.png
Next click on the ShortcutsFix
http://i1224.photobucket.com/albums/ee362/Essexboy3/RogueKiller/RGKRShortcutsFix.png
another report will be created on your desktop.
Please post: All RKreport.txt text files located on your desktop.
On your next reply please post :
New OTL log after fix
AdwCleaner log
All RKreport.txt
Let me know if you have any problems in performing with the steps above or any questions you may have.
Good Day!
dperezfa
2013-04-03, 14:31
--------------------------------------- OTL log --> I HAVE NO OTL LOG. It ran and reboot my computer and then ... no log.
---------------------------------------- AdwCleaner[S2].txt :
# AdwCleaner v2.200 - Fichero creado el 03/04/2013 a 13:56:48
# Actualizado el 02/04/2013 por Xplode
# Sistema operativo : Windows 7 Enterprise Service Pack 1 (64 bits)
# Usuario : dperezfadon - DPEREZFADONPW7
# Modo de inicio : Normal
# Ejecutado desde : D:\BIBLIOTECA\MALWARE_REMOVAL\AdwCleaner.exe
# Opción [Supresión]
***** [Servicios] *****
***** [Ficheros / Carpetas] *****
***** [Registro] *****
***** [Navegadores] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] El registro no contiene ninguna entrada ilegítima.
-\\ Mozilla Firefox v13.0.1 (es-ES)
Fichero : C:\Users\dperezfadon\AppData\Roaming\Mozilla\Firefox\Profiles\zmdxyoi7.default\prefs.js
[OK] El fichero no contiene ninguna entrada ilegítima.
-\\ Google Chrome v26.0.1410.43
Fichero : C:\Users\dperezfadon\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] El fichero no contiene ninguna entrada ilegítima.
-\\ Opera v [Imposible obtener la versión]
Fichero : C:\Users\dperezfadon\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] El fichero no contiene ninguna entrada ilegítima.
*************************
AdwCleaner[R1].txt - [2516 octets] - [14/03/2013 09:31:05]
AdwCleaner[S1].txt - [2599 octets] - [14/03/2013 09:31:38]
AdwCleaner[S2].txt - [1271 octets] - [03/04/2013 13:56:48]
########## EOF - C:\AdwCleaner[S2].txt - [1331 octets] ##########
-------------------------------- RKreport[1]_S_04032013_02d1410.txt
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : dperezfadon [Admin rights]
Mode : Scan -- Date : 04/03/2013 14:10:26
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 1 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (proxy.indra.es:8080) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
ÿþ1
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEKT-60PVMT0 +++++
--- User ---
[MBR] 76b8c01b0112762377ef7f778af1b059
[BSP] cd27ed3eb96aab5c994ff939e1f9cca6 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 101 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 208896 | Size: 102900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 210948096 | Size: 202242 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_04032013_02d1410.txt >>
RKreport[1]_S_04032013_02d1410.txt
------------------------------- RKreport[2]_D_04032013_02d1413.txt
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : dperezfadon [Admin rights]
Mode : Remove -- Date : 04/03/2013 14:13:33
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 1 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (proxy.indra.es:8080) -> NOT REMOVED, USE PROXYFIX
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
ÿþ1
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEKT-60PVMT0 +++++
--- User ---
[MBR] 76b8c01b0112762377ef7f778af1b059
[BSP] cd27ed3eb96aab5c994ff939e1f9cca6 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 101 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 208896 | Size: 102900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 210948096 | Size: 202242 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2]_D_04032013_02d1413.txt >>
RKreport[1]_S_04032013_02d1410.txt ; RKreport[2]_D_04032013_02d1413.txt
------------------------ RKreport[3]_SC_04032013_02d1422.txt
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : dperezfadon [Admin rights]
Mode : Shortcuts HJfix -- Date : 04/03/2013 14:22:58
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 2 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 23 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 3 / Fail 0
Backup: [NOT FOUND]
Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\CdRom1 -- 0x5 --> Skipped
Finished : << RKreport[3]_SC_04032013_02d1422.txt >>
RKreport[1]_S_04032013_02d1410.txt ; RKreport[2]_D_04032013_02d1413.txt ; RKreport[3]_SC_04032013_02d1422.txt
dperezfa
2013-04-03, 15:56
i'm rebooting and browsing some URL's and YESS!!! it seems that the ad frame no longer appears
:wav: Give me an "R"! Give me an "O" ... Roobybel! Roobybel!
Thank you very much! :thanks:
Hi dperezfa
I'm very happy
OK please, follow this:
Please download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/products/malwarebytes_free/) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://whatthetech.com/ldtate/Images/MBAM.PNG
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
=============================== Next =======================================
ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan
Note: If you are using Windows Vista/7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://www.eset.com/online-scanner-popup/)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
Push the Back button.
Select Uninstall application on close check box and push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please let me know how your machine is running and if there are any outstanding issues
On your next reply please post :
MBAM log
Eset report
Let me know if you have any problems in performing with the steps above or any questions you may have.
Good Day!
dperezfa
2013-04-08, 08:58
Yes, scanning with mbam ...
dperezfa
2013-04-08, 12:38
i've scanning with ESET for hours and it is 30%. I´m stopping it because now i have to use the computer. I will scan with ESET later...
dperezfa
2013-04-09, 08:33
18 hours after start scanning ESET has closed without warning or log. It were at 90%. :confused:
Maybe my antivirus (trend micro officescan) has interfered. I'm not able to disable it.
Here is the mbam log:
-------------------------------------- MBAM log (in spanish sorry)
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Versión de la Base de Datos: v2013.04.08.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
dperezfadon :: DPEREZFADONPW7 [administrador]
08/04/2013 8:50:13
mbam-log-2013-04-08 (08-50-13).txt
Tipos de Análisis: Análisis Rápido
Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opciones de análisis desactivados: P2P
Objetos examinados: 259926
Tiempo transcurrido: 14 minuto(s), 14 segundo(s)
Procesos en Memoria Detectados: 0
(No se han detectado elementos maliciosos)
Módulos de Memoria Detectados: 0
(No se han detectado elementos maliciosos)
Claves del Registro Detectados: 0
(No se han detectado elementos maliciosos)
Valores del Registro Detectados: 0
(No se han detectado elementos maliciosos)
Elementos de Datos del Registro Detectados: 0
(No se han detectado elementos maliciosos)
Carpetas Detectadas: 0
(No se han detectado elementos maliciosos)
Archivos Detectados: 0
(No se han detectado elementos maliciosos)
fin)
Hi dperezfa
Try this now
Please download Windows Repair (all in one) from here (http://www.tweaking.com/files/setups/tweaking.com_windows_repair_aio_setup.exe)
Install the program then run it
Go to step 2 and allow it to run Disk check
http://i1224.photobucket.com/albums/ee362/Essexboy3/Capture3.gif
Once that is done then go to step 3 and allow it to run SFC
http://i1224.photobucket.com/albums/ee362/Essexboy3/Capture.gif
On the the Start Repairs tab => Click the Start
http://i.imgur.com/7fthj.png
Click on the select all check box and then click on Start
DON'T use the computer while each scan is in progress.
Restart may be needed to finish the repair procedure
dperezfa
2013-04-13, 09:32
I'm a little worried about the "set windows services to default startup". I work from my home 250km away from my job (teleworking) so I have to solve all the problems by myself if i can. I have the computer configured to work with and I don't want to remove the configuration of something important. :blink:
Hi dperezfa
Ok!
No problem, you can not run this tool.
Please let me know how your machine is running and if there are any outstanding issues
dperezfa
2013-04-15, 08:31
Thank you Robybel.
The machine seems to run OK now. :)
dperezfa
2013-04-15, 08:35
One last thing... Maybe I have to uninstall something?
Hi dperezfa ;)
IT APPEARS THAT YOUR LOGS ARE NOW CLEAN :) SO LETS DO A COUPLE OF THINGS TO WRAP THIS UP!! :)
This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.
Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.
http://i526.photobucket.com/albums/cc345/MPKwings/CF-Uninstall.png
Clean up with OTL:
Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.
Unistall AdwCleaner
Double click on adwcleaner.exe to run the tool.
Click on Uninstall.
Confirm with yes.
Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.
MOST IMPORTANT: You Need to Update Windows and IE to get all the Latest Security Patches to protect your computer from the malware that is around on the internet.
Here are some tips to reduce the potential for spyware infection in the future:
1. Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Make your Mozilla Firefox more secure - This can be done by adding these add-ons:
NoScript (https://addons.mozilla.org/en-US/firefox/addon/noscript/?src=ss)
AdBlockPlus (https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/)
2. Enable Protected Mode in Internet Explorer. This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:
Open Internet Explorer
Click on Tools > Internet Options
Press Security tab
Select Internet zone then place check next to Enable Protected Mode if not already done
Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.
3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.
4. Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here (http://www.bleepingcomputer.com/forums/tutorial60.html). **There are firewalls listed in this tutorial that could be downloaded and used but I would personally only recommend using one of the following two below:
Online Armor Free (http://download.cnet.com/Online-Armor-Free/3000-10435_4-10426782.html)
Agnitum Outpost Firewall Free (http://download.cnet.com/Agnitum-Outpost-Firewall-Free/3000-10435_4-10913746.html)
5.SPYWARE PREVENTION
This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles:
How Did I Get Infected In The First Place? (http://forums.whatthetech.com/So_how_did_I_get_infected_first_place_t57817.html) by TonyKlein
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)by miekiemoes
PC Safety and Security--What Do I Need? (http://www.techsupportforum.com/forums/f112/pc-safety-and-security-what-do-i-need-525915.html)
6. Consider a custom hosts file such as MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.htm). This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002 (http://www.mvps.org/winhelp2002/hosts.htm)
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.
7. WOT (http://www.mywot.com/) (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.
8.Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place? (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
dperezfa
2013-04-16, 09:00
Ok. I followed all the steps.
I'm satisfied and we can mark the problem as solved.
Thank you!
Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.