Infected by malware

[dperezfa]

TDSskiller didnt found anything

--------------------------------------------------- TDSskiller report (1)


10:11:25.0979 4776 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:11:27.0336 4776 ============================================================
10:11:27.0336 4776 Current date / time: 2013/04/02 10:11:27.0336
10:11:27.0336 4776 SystemInfo:
10:11:27.0336 4776
10:11:27.0337 4776 OS Version: 6.1.7601 ServicePack: 1.0
10:11:27.0337 4776 Product type: Workstation
10:11:27.0337 4776 ComputerName: DPEREZFADONPW7
10:11:27.0337 4776 UserName: dperezfadon
10:11:27.0337 4776 Windows directory: C:\Windows
10:11:27.0337 4776 System windows directory: C:\Windows
10:11:27.0337 4776 Running under WOW64
10:11:27.0337 4776 Processor architecture: Intel x64
10:11:27.0338 4776 Number of processors: 4
10:11:27.0338 4776 Page size: 0x1000
10:11:27.0338 4776 Boot type: Normal boot
10:11:27.0338 4776 ============================================================
10:11:28.0271 4776 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:11:28.0280 4776 ============================================================
10:11:28.0280 4776 \Device\Harddisk0\DR0:
10:11:28.0280 4776 MBR partitions:
10:11:28.0280 4776 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32800
10:11:28.0280 4776 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x33000, BlocksNum 0xC8FA000
10:11:28.0280 4776 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xC92D000, BlocksNum 0x18B012B0
10:11:28.0280 4776 ============================================================
10:11:28.0324 4776 C: <-> \Device\Harddisk0\DR0\Partition2
10:11:28.0427 4776 D: <-> \Device\Harddisk0\DR0\Partition3
10:11:28.0427 4776 ============================================================
10:11:28.0428 4776 Initialize success
10:11:28.0428 4776 ============================================================
10:11:33.0980 1552 ============================================================
10:11:33.0980 1552 Scan started
10:11:33.0980 1552 Mode: Manual;
10:11:33.0980 1552 ============================================================
10:11:34.0763 1552 ================ Scan system memory ========================
10:11:34.0763 1552 System memory - ok
10:11:34.0764 1552 ================ Scan services =============================
10:11:35.0147 1552 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:11:35.0179 1552 1394ohci - ok
10:11:35.0209 1552 [ 7A330A42870EB1FA81F88BE514D2D566 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
10:11:35.0222 1552 Accelerometer - ok
10:11:35.0263 1552 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:11:35.0313 1552 ACPI - ok
10:11:35.0347 1552 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:11:35.0357 1552 AcpiPmi - ok
10:11:35.0389 1552 [ 0EC911D24F14C969E980E92E4371464D ] acsock C:\Windows\system32\DRIVERS\acsock64.sys
10:11:35.0404 1552 acsock - ok
10:11:35.0530 1552 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:11:35.0564 1552 AdobeARMservice - ok
10:11:35.0609 1552 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
10:11:35.0633 1552 adp94xx - ok
10:11:35.0664 1552 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
10:11:35.0711 1552 adpahci - ok
10:11:35.0719 1552 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
10:11:35.0740 1552 adpu320 - ok
10:11:35.0758 1552 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:11:35.0759 1552 AeLookupSvc - ok
10:11:35.0867 1552 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
10:11:35.0887 1552 AESTFilters - ok
10:11:35.0914 1552 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
10:11:35.0938 1552 AFD - ok
10:11:35.0995 1552 [ 48008D4EA73C1058F36D323A644410D4 ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
10:11:36.0018 1552 AgereModemAudio - ok
10:11:36.0065 1552 [ DDF52C4C92D831A4CDB7788B37585E36 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
10:11:36.0127 1552 AgereSoftModem - ok
10:11:36.0177 1552 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:11:36.0202 1552 agp440 - ok
10:11:36.0249 1552 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:11:36.0265 1552 ALG - ok
10:11:36.0297 1552 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
10:11:36.0309 1552 aliide - ok
10:11:36.0337 1552 [ CFB48BC8B4A5A43075F8363D8B8E34C0 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
10:11:36.0357 1552 AMD External Events Utility - ok
10:11:36.0371 1552 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
10:11:36.0383 1552 amdide - ok
10:11:36.0413 1552 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
10:11:36.0426 1552 AmdK8 - ok
10:11:36.0619 1552 [ E4ADB0BFC3F2F878FA1BAA3187A48F42 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
10:11:36.0767 1552 amdkmdag - ok
10:11:36.0783 1552 [ 6B68035CEA83015C055E6621669C1CAA ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
10:11:36.0794 1552 amdkmdap - ok
10:11:36.0803 1552 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
10:11:36.0812 1552 AmdPPM - ok
10:11:36.0840 1552 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:11:36.0850 1552 amdsata - ok
10:11:36.0893 1552 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
10:11:36.0930 1552 amdsbs - ok
10:11:36.0951 1552 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:11:36.0977 1552 amdxata - ok
10:11:37.0032 1552 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
10:11:37.0051 1552 AppID - ok
10:11:37.0076 1552 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:11:37.0091 1552 AppIDSvc - ok
10:11:37.0110 1552 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
10:11:37.0128 1552 Appinfo - ok
10:11:37.0190 1552 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
10:11:37.0221 1552 AppMgmt - ok
10:11:37.0266 1552 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
10:11:37.0281 1552 arc - ok
10:11:37.0286 1552 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
10:11:37.0302 1552 arcsas - ok
10:11:37.0337 1552 [ 357635F16D28558C50870F4EF8AA4712 ] ARCVCAM C:\Windows\system32\DRIVERS\ArcSoftVCapture.sys
10:11:37.0351 1552 ARCVCAM - ok
10:11:37.0443 1552 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:11:37.0469 1552 aspnet_state - ok
10:11:37.0508 1552 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:11:37.0534 1552 AsyncMac - ok
10:11:37.0584 1552 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
10:11:37.0597 1552 atapi - ok
10:11:37.0676 1552 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:11:37.0703 1552 AudioEndpointBuilder - ok
10:11:37.0737 1552 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:11:37.0740 1552 AudioSrv - ok
10:11:37.0774 1552 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:11:37.0784 1552 AxInstSV - ok
10:11:37.0816 1552 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
10:11:37.0828 1552 b06bdrv - ok
10:11:37.0855 1552 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:11:37.0868 1552 b57nd60a - ok
10:11:37.0906 1552 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:11:37.0917 1552 BDESVC - ok
10:11:37.0945 1552 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:11:37.0952 1552 Beep - ok
10:11:38.0007 1552 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
10:11:38.0039 1552 BITS - ok
10:11:38.0070 1552 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:11:38.0095 1552 blbdrive - ok
10:11:38.0149 1552 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:11:38.0169 1552 bowser - ok
10:11:38.0214 1552 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:11:38.0238 1552 BrFiltLo - ok
10:11:38.0285 1552 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:11:38.0298 1552 BrFiltUp - ok
10:11:38.0342 1552 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
10:11:38.0362 1552 Browser - ok
10:11:38.0370 1552 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:11:38.0393 1552 Brserid - ok
10:11:38.0396 1552 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:11:38.0406 1552 BrSerWdm - ok
10:11:38.0436 1552 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:11:38.0443 1552 BrUsbMdm - ok
10:11:38.0445 1552 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:11:38.0452 1552 BrUsbSer - ok
10:11:38.0533 1552 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
10:11:38.0558 1552 BthEnum - ok
10:11:38.0566 1552 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:11:38.0578 1552 BTHMODEM - ok
10:11:38.0599 1552 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
10:11:38.0611 1552 BthPan - ok
10:11:38.0634 1552 [ 64C198198501F7560EE41D8D1EFA7952 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
10:11:38.0659 1552 BTHPORT - ok
10:11:38.0687 1552 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:11:38.0697 1552 bthserv - ok
10:11:38.0711 1552 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
10:11:38.0724 1552 BTHUSB - ok
10:11:38.0765 1552 [ 7A2CE8C1BF4DAA1F2766E21E9CA11078 ] btwampfl C:\Windows\system32\drivers\btwampfl.sys
10:11:38.0780 1552 btwampfl - ok
10:11:38.0818 1552 [ A75BF6802A967F5AACECC3C67FEBDF55 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
10:11:38.0841 1552 btwaudio - ok
10:11:38.0876 1552 [ D895DC213EDBDA5FCC53AAD1F1E0E63B ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
10:11:38.0889 1552 btwavdt - ok
10:11:38.0958 1552 [ 692F8648D7686D91E34A65AC698019D8 ] btwdins C:\Bluetooth Software\btwdins.exe
10:11:39.0002 1552 btwdins - ok
10:11:39.0016 1552 [ 07096D2BC22CCB6CEA5A532DF0BE8A75 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
10:11:39.0029 1552 btwl2cap - ok
10:11:39.0043 1552 [ 6D7AA2BDE0135599C5F230D69DB3B420 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
10:11:39.0056 1552 btwrchid - ok
10:11:39.0196 1552 [ A454A9BAA25B8C8E76735DD86BD4B017 ] CcmExec C:\Windows\SysWOW64\CCM\CcmExec.exe
10:11:39.0247 1552 CcmExec - ok
10:11:39.0279 1552 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:11:39.0288 1552 cdfs - ok
10:11:39.0339 1552 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:11:39.0359 1552 cdrom - ok
10:11:39.0404 1552 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
10:11:39.0432 1552 CertPropSvc - ok
10:11:39.0460 1552 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
10:11:39.0473 1552 circlass - ok
10:11:39.0513 1552 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:11:39.0534 1552 CLFS - ok
10:11:39.0605 1552 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:11:39.0639 1552 clr_optimization_v2.0.50727_32 - ok
10:11:39.0701 1552 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:11:39.0717 1552 clr_optimization_v2.0.50727_64 - ok
10:11:39.0795 1552 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:11:39.0837 1552 clr_optimization_v4.0.30319_32 - ok
10:11:39.0908 1552 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:11:39.0912 1552 clr_optimization_v4.0.30319_64 - ok
10:11:39.0938 1552 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:11:39.0960 1552 CmBatt - ok
10:11:39.0997 1552 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:11:40.0007 1552 cmdide - ok
10:11:40.0067 1552 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
10:11:40.0134 1552 CNG - ok
10:11:40.0186 1552 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:11:40.0208 1552 Compbatt - ok
10:11:40.0247 1552 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
10:11:40.0270 1552 CompositeBus - ok
10:11:40.0304 1552 COMSysApp - ok
10:11:40.0339 1552 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
10:11:40.0360 1552 crcdisk - ok
10:11:40.0424 1552 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:11:40.0458 1552 CryptSvc - ok
10:11:40.0487 1552 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
10:11:40.0517 1552 CSC - ok
10:11:40.0558 1552 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
10:11:40.0579 1552 CscService - ok
10:11:40.0615 1552 [ BA8E5B2291C01EF71CA80E25F0C79D55 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
10:11:40.0638 1552 ctxusbm - ok
10:11:40.0682 1552 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:11:40.0689 1552 DcomLaunch - ok
10:11:40.0733 1552 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:11:40.0772 1552 defragsvc - ok
10:11:40.0803 1552 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:11:40.0826 1552 DfsC - ok
10:11:40.0857 1552 [ 105373D52E71D2D1355AD3ACD18259C3 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
10:11:40.0887 1552 dg_ssudbus - ok
10:11:40.0916 1552 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
10:11:40.0929 1552 Dhcp - ok
10:11:40.0956 1552 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:11:40.0966 1552 discache - ok
10:11:40.0989 1552 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
10:11:40.0999 1552 Disk - ok
10:11:41.0023 1552 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:11:41.0035 1552 Dnscache - ok
10:11:41.0057 1552 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:11:41.0069 1552 dot3svc - ok
10:11:41.0089 1552 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
10:11:41.0090 1552 DPS - ok
10:11:41.0127 1552 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:11:41.0172 1552 drmkaud - ok
10:11:41.0244 1552 [ 0040A0132AAC1004E50055F8FBB14C08 ] dsNcAdpt C:\Windows\system32\DRIVERS\dsNcAdpt.sys
10:11:41.0261 1552 dsNcAdpt - ok
10:11:41.0384 1552 [ 004CE5DE82780E617639466180AE75E9 ] dsNcService C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
10:11:41.0426 1552 dsNcService - ok
10:11:41.0467 1552 [ D3D64CF7B2BCEAA34A270F45A3FFFB36 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
10:11:41.0480 1552 dtsoftbus01 - ok
10:11:41.0530 1552 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:11:41.0549 1552 DXGKrnl - ok
10:11:41.0577 1552 [ DC1776D086AA9733B1929A3D979D9FDD ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys
10:11:41.0591 1552 e1cexpress - ok
10:11:41.0624 1552 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:11:41.0633 1552 EapHost - ok
10:11:41.0732 1552 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
10:11:41.0813 1552 ebdrv - ok
10:11:41.0842 1552 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
10:11:41.0851 1552 EFS - ok
10:11:41.0913 1552 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:11:41.0957 1552 ehRecvr - ok
10:11:42.0014 1552 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:11:42.0049 1552 ehSched - ok
10:11:42.0090 1552 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
10:11:42.0113 1552 elxstor - ok
10:11:42.0136 1552 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:11:42.0145 1552 ErrDev - ok
10:11:42.0186 1552 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:11:42.0201 1552 EventSystem - ok
10:11:42.0227 1552 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:11:42.0244 1552 exfat - ok
10:11:42.0265 1552 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:11:42.0277 1552 fastfat - ok
10:11:42.0314 1552 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
10:11:42.0354 1552 Fax - ok
10:11:42.0371 1552 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:11:42.0381 1552 fdc - ok
10:11:42.0420 1552 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:11:42.0429 1552 fdPHost - ok
10:11:42.0439 1552 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:11:42.0448 1552 FDResPub - ok
10:11:42.0460 1552 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:11:42.0472 1552 FileInfo - ok
10:11:42.0487 1552 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:11:42.0498 1552 Filetrace - ok
10:11:42.0512 1552 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:11:42.0522 1552 flpydisk - ok
10:11:42.0576 1552 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:11:42.0613 1552 FltMgr - ok
10:11:42.0659 1552 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
10:11:42.0702 1552 FontCache - ok
10:11:42.0787 1552 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:11:42.0819 1552 FontCache3.0.0.0 - ok
10:11:42.0843 1552 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:11:42.0853 1552 FsDepends - ok
10:11:42.0879 1552 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:11:42.0888 1552 Fs_Rec - ok
10:11:42.0919 1552 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:11:42.0950 1552 fvevol - ok
10:11:42.0990 1552 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
10:11:43.0016 1552 gagp30kx - ok
10:11:43.0045 1552 [ 78DF6B481A14C0C6532BCC9E6BD3B259 ] GKUPRO2D C:\Windows\system32\Drivers\GKUPRO2D.sys
10:11:43.0047 1552 GKUPRO2D - ok
10:11:43.0103 1552 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
10:11:43.0156 1552 gpsvc - ok
10:11:43.0195 1552 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:11:43.0218 1552 hcw85cir - ok
10:11:43.0278 1552 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:11:43.0335 1552 HdAudAddService - ok
10:11:43.0366 1552 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
10:11:43.0393 1552 HDAudBus - ok
10:11:43.0398 1552 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
10:11:43.0408 1552 HidBatt - ok
10:11:43.0412 1552 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
10:11:43.0424 1552 HidBth - ok
10:11:43.0427 1552 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
10:11:43.0436 1552 HidIr - ok
10:11:43.0465 1552 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
10:11:43.0473 1552 hidserv - ok
10:11:43.0508 1552 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:11:43.0509 1552 HidUsb - ok
10:11:43.0540 1552 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:11:43.0549 1552 hkmsvc - ok
10:11:43.0597 1552 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:11:43.0607 1552 HomeGroupListener - ok
10:11:43.0627 1552 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:11:43.0637 1552 HomeGroupProvider - ok
10:11:43.0756 1552 [ D4B198E9B3CE6D05771E116D2D560F2F ] hpCMSrv C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
10:11:43.0762 1552 hpCMSrv - ok
10:11:43.0790 1552 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
10:11:43.0804 1552 HPDrvMntSvc.exe - ok
10:11:43.0838 1552 [ A4BE23C451ADEB252CD17A0532CAE220 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
10:11:43.0847 1552 hpdskflt - ok
10:11:43.0879 1552 [ 0ADC6AFAB2B17FFC9C6E24DD1583F888 ] hpHotkeyMonitor C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
10:11:43.0943 1552 hpHotkeyMonitor - ok
10:11:43.0986 1552 [ B98EE5D4535A685634B90F7E04DE0DF7 ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
10:11:43.0998 1552 HpqKbFiltr - ok
10:11:44.0040 1552 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
10:11:44.0090 1552 hpqwmiex - ok
10:11:44.0129 1552 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:11:44.0143 1552 HpSAMD - ok
10:11:44.0157 1552 [ A88A45E82BC54BFFB49C63973010226A ] hpsrv C:\Windows\system32\Hpservice.exe
10:11:44.0172 1552 hpsrv - ok
10:11:44.0215 1552 [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64 C:\Windows\system32\Drivers\ANDROIDUSB.sys
10:11:44.0237 1552 HTCAND64 - ok
10:11:44.0275 1552 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:11:44.0315 1552 HTTP - ok
10:11:44.0347 1552 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:11:44.0369 1552 hwpolicy - ok
10:11:44.0393 1552 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:11:44.0422 1552 i8042prt - ok
10:11:44.0456 1552 [ D469B77687E12FE43E344806740B624D ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
10:11:44.0460 1552 iaStor - ok
10:11:44.0517 1552 [ 117FF657E0D9BBD61B5C3E71E63D3919 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
10:11:44.0519 1552 IAStorDataMgrSvc - ok
10:11:44.0574 1552 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:11:44.0606 1552 iaStorV - ok
10:11:44.0662 1552 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:11:44.0699 1552 idsvc - ok
10:11:44.0733 1552 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
10:11:44.0756 1552 iirsp - ok
10:11:44.0819 1552 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
10:11:44.0848 1552 IKEEXT - ok
10:11:44.0876 1552 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
10:11:44.0887 1552 intelide - ok
10:11:44.0914 1552 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:11:44.0927 1552 intelppm - ok
10:11:44.0961 1552 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:11:44.0976 1552 IPBusEnum - ok
10:11:45.0010 1552 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:11:45.0026 1552 IpFilterDriver - ok
10:11:45.0047 1552 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:11:45.0064 1552 IPMIDRV - ok
10:11:45.0119 1552 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:11:45.0153 1552 IPNAT - ok
10:11:45.0193 1552 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:11:45.0214 1552 IRENUM - ok
10:11:45.0240 1552 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:11:45.0250 1552 isapnp - ok
10:11:45.0281 1552 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:11:45.0301 1552 iScsiPrt - ok
10:11:45.0334 1552 [ 0B44199365A69696109AB9A5855E0841 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
10:11:45.0344 1552 JMCR - ok
10:11:45.0386 1552 [ C6A3593D397B111C1DBBC1BE6384B548 ] johci C:\Windows\system32\DRIVERS\johci.sys
10:11:45.0394 1552 johci - ok
10:11:45.0419 1552 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:11:45.0428 1552 kbdclass - ok
10:11:45.0440 1552 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:11:45.0448 1552 kbdhid - ok
10:11:45.0475 1552 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
10:11:45.0476 1552 KeyIso - ok
10:11:45.0492 1552 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:11:45.0501 1552 KSecDD - ok
10:11:45.0510 1552 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:11:45.0521 1552 KSecPkg - ok
10:11:45.0539 1552 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:11:45.0546 1552 ksthunk - ok
10:11:45.0579 1552 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:11:45.0590 1552 KtmRm - ok
10:11:45.0619 1552 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
10:11:45.0630 1552 LanmanServer - ok
10:11:45.0659 1552 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:11:45.0668 1552 LanmanWorkstation - ok
10:11:45.0701 1552 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:11:45.0710 1552 lltdio - ok
10:11:45.0733 1552 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:11:45.0748 1552 lltdsvc - ok
10:11:45.0762 1552 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:11:45.0770 1552 lmhosts - ok
10:11:45.0842 1552 [ DE75F2EA497DA4B3A764D4EAC43135E9 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
10:11:45.0879 1552 LMS - ok
10:11:45.0915 1552 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
10:11:45.0949 1552 LSI_FC - ok
10:11:45.0983 1552 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
10:11:46.0006 1552 LSI_SAS - ok
10:11:46.0009 1552 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:11:46.0020 1552 LSI_SAS2 - ok
10:11:46.0024 1552 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:11:46.0035 1552 LSI_SCSI - ok
10:11:46.0058 1552 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:11:46.0068 1552 luafv - ok
10:11:46.0087 1552 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:11:46.0096 1552 Mcx2Svc - ok
10:11:46.0179 1552 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
10:11:46.0228 1552 MDM - ok
10:11:46.0231 1552 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
10:11:46.0239 1552 megasas - ok
10:11:46.0244 1552 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
10:11:46.0256 1552 MegaSR - ok
10:11:46.0295 1552 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
10:11:46.0303 1552 MEIx64 - ok
10:11:46.0364 1552 [ 7C4C76B39D5525C4A465E0BE32528E19 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
10:11:46.0378 1552 Microsoft Office Groove Audit Service - ok
10:11:46.0417 1552 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:11:46.0418 1552 MMCSS - ok
10:11:46.0445 1552 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:11:46.0456 1552 Modem - ok
10:11:46.0476 1552 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:11:46.0485 1552 monitor - ok
10:11:46.0513 1552 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:11:46.0525 1552 mouclass - ok
10:11:46.0540 1552 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:11:46.0550 1552 mouhid - ok
10:11:46.0585 1552 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:11:46.0596 1552 mountmgr - ok
10:11:46.0649 1552 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:11:46.0688 1552 MozillaMaintenance - ok
10:11:46.0721 1552 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
10:11:46.0742 1552 mpio - ok
10:11:46.0757 1552 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:11:46.0767 1552 mpsdrv - ok
10:11:46.0799 1552 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:11:46.0810 1552 MRxDAV - ok
10:11:46.0833 1552 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:11:46.0845 1552 mrxsmb - ok
10:11:46.0857 1552 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:11:46.0869 1552 mrxsmb10 - ok
10:11:46.0905 1552 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:11:46.0939 1552 mrxsmb20 - ok
10:11:46.0973 1552 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
10:11:46.0987 1552 msahci - ok
10:11:47.0004 1552 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:11:47.0014 1552 msdsm - ok

 

[dperezfa]

--------------------------------------------------- TDSskiller report (2)

10:11:47.0042 1552 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:11:47.0053 1552 MSDTC - ok
10:11:47.0095 1552 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:11:47.0103 1552 Msfs - ok
10:11:47.0145 1552 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:11:47.0167 1552 mshidkmdf - ok
10:11:47.0203 1552 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:11:47.0226 1552 msisadrv - ok
10:11:47.0256 1552 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:11:47.0271 1552 MSiSCSI - ok
10:11:47.0274 1552 msiserver - ok
10:11:47.0311 1552 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:11:47.0321 1552 MSKSSRV - ok
10:11:47.0344 1552 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:11:47.0352 1552 MSPCLOCK - ok
10:11:47.0363 1552 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:11:47.0371 1552 MSPQM - ok
10:11:47.0393 1552 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:11:47.0427 1552 MsRPC - ok
10:11:47.0455 1552 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
10:11:47.0467 1552 mssmbios - ok
10:11:47.0483 1552 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:11:47.0491 1552 MSTEE - ok
10:11:47.0501 1552 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
10:11:47.0511 1552 MTConfig - ok
10:11:47.0526 1552 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:11:47.0536 1552 Mup - ok
10:11:47.0563 1552 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
10:11:47.0575 1552 napagent - ok
10:11:47.0617 1552 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:11:47.0640 1552 NativeWifiP - ok
10:11:47.0694 1552 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
10:11:47.0759 1552 NDIS - ok
10:11:47.0785 1552 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:11:47.0799 1552 NdisCap - ok
10:11:47.0830 1552 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:11:47.0843 1552 NdisTapi - ok
10:11:47.0873 1552 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:11:47.0888 1552 Ndisuio - ok
10:11:47.0914 1552 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:11:47.0926 1552 NdisWan - ok
10:11:47.0946 1552 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:11:47.0954 1552 NDProxy - ok
10:11:47.0965 1552 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:11:47.0974 1552 NetBIOS - ok
10:11:48.0002 1552 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:11:48.0013 1552 NetBT - ok
10:11:48.0024 1552 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
10:11:48.0025 1552 Netlogon - ok
10:11:48.0061 1552 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:11:48.0071 1552 Netman - ok
10:11:48.0118 1552 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:11:48.0151 1552 NetMsmqActivator - ok
10:11:48.0156 1552 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:11:48.0158 1552 NetPipeActivator - ok
10:11:48.0181 1552 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:11:48.0196 1552 netprofm - ok
10:11:48.0199 1552 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:11:48.0200 1552 NetTcpActivator - ok
10:11:48.0204 1552 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:11:48.0205 1552 NetTcpPortSharing - ok
10:11:48.0377 1552 [ 5D262402B0634C998F8CBCEAD7DD8676 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
10:11:48.0518 1552 NETwNs64 - ok
10:11:48.0561 1552 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
10:11:48.0584 1552 nfrd960 - ok
10:11:48.0616 1552 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:11:48.0635 1552 NlaSvc - ok
10:11:48.0701 1552 [ 5FE6F8C05F0769BBB74AFAC11453B182 ] nmwcd C:\Windows\system32\drivers\ccdcmbx64.sys
10:11:48.0726 1552 nmwcd - ok
10:11:48.0741 1552 [ 73C929945C0850B8D1FE2FEA05FDF05D ] nmwcdc C:\Windows\system32\drivers\ccdcmbox64.sys
10:11:48.0753 1552 nmwcdc - ok
10:11:48.0786 1552 [ 292DDF13F91F2CB2482B57AACD6AEB9B ] nmwcdnsux64 C:\Windows\system32\drivers\nmwcdnsux64.sys
10:11:48.0808 1552 nmwcdnsux64 - ok
10:11:48.0862 1552 [ C31FA031335EFF434B2D94278E74BCCE ] npf C:\Windows\system32\drivers\npf.sys
10:11:48.0888 1552 npf - ok
10:11:48.0903 1552 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:11:48.0918 1552 Npfs - ok
10:11:48.0951 1552 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:11:48.0958 1552 nsi - ok
10:11:48.0974 1552 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:11:48.0982 1552 nsiproxy - ok
10:11:49.0024 1552 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:11:49.0094 1552 Ntfs - ok
10:11:49.0238 1552 [ A2BEAF0E75F7C14744BC084091517363 ] ntrtscan C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe
10:11:49.0269 1552 ntrtscan - ok
10:11:49.0302 1552 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:11:49.0312 1552 Null - ok
10:11:49.0336 1552 [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
10:11:49.0357 1552 nusb3hub - ok
10:11:49.0393 1552 [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
10:11:49.0429 1552 nusb3xhc - ok
10:11:49.0488 1552 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:11:49.0521 1552 nvraid - ok
10:11:49.0559 1552 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:11:49.0572 1552 nvstor - ok
10:11:49.0603 1552 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:11:49.0632 1552 nv_agp - ok
10:11:49.0729 1552 [ C9262F14883A07F104C14D1F9501786B ] NWSAPAutoWorkstationUpdateSvc C:\Program Files (x86)\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe
10:11:49.0768 1552 NWSAPAutoWorkstationUpdateSvc - ok
10:11:49.0858 1552 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:11:49.0899 1552 odserv - ok
10:11:49.0935 1552 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:11:49.0968 1552 ohci1394 - ok
10:11:50.0048 1552 [ 3D70B0630342132EBC1FF5CFF483E6C0 ] OpenSSHd C:\Program Files (x86)\OpenSSH\bin\cygrunsrv.exe
10:11:50.0116 1552 OpenSSHd - ok
10:11:50.0166 1552 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:11:50.0180 1552 ose - ok
10:11:50.0225 1552 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:11:50.0241 1552 p2pimsvc - ok
10:11:50.0265 1552 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:11:50.0280 1552 p2psvc - ok
10:11:50.0312 1552 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:11:50.0323 1552 Parport - ok
10:11:50.0356 1552 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:11:50.0388 1552 partmgr - ok
10:11:50.0399 1552 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:11:50.0415 1552 PcaSvc - ok
10:11:50.0473 1552 [ 3FDE033DFB0D07F8B7D5C9A3044AA121 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
10:11:50.0499 1552 pccsmcfd - ok
10:11:50.0527 1552 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
10:11:50.0529 1552 pci - ok
10:11:50.0558 1552 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
10:11:50.0565 1552 pciide - ok
10:11:50.0600 1552 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
10:11:50.0666 1552 pcmcia - ok
10:11:50.0681 1552 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:11:50.0699 1552 pcw - ok
10:11:50.0748 1552 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:11:50.0804 1552 PEAUTH - ok
10:11:50.0869 1552 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
10:11:50.0928 1552 PeerDistSvc - ok
10:11:51.0003 1552 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:11:51.0033 1552 PerfHost - ok
10:11:51.0097 1552 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
10:11:51.0149 1552 pla - ok
10:11:51.0202 1552 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:11:51.0226 1552 PlugPlay - ok
10:11:51.0270 1552 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:11:51.0283 1552 PNRPAutoReg - ok
10:11:51.0309 1552 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:11:51.0313 1552 PNRPsvc - ok
10:11:51.0345 1552 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:11:51.0369 1552 PolicyAgent - ok
10:11:51.0412 1552 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:11:51.0442 1552 Power - ok
10:11:51.0487 1552 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:11:51.0505 1552 PptpMiniport - ok
10:11:51.0596 1552 [ 3A603DD6466569970BD99DFB4C63BBC7 ] prepdrvr C:\Windows\SysWOW64\CCM\prepdrv.sys
10:11:51.0620 1552 prepdrvr - ok
10:11:51.0655 1552 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
10:11:51.0672 1552 Processor - ok
10:11:51.0704 1552 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
10:11:51.0717 1552 ProfSvc - ok
10:11:51.0724 1552 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:11:51.0725 1552 ProtectedStorage - ok
10:11:51.0756 1552 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:11:51.0769 1552 Psched - ok
10:11:51.0812 1552 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
10:11:51.0855 1552 ql2300 - ok
10:11:51.0859 1552 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
10:11:51.0869 1552 ql40xx - ok
10:11:51.0898 1552 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:11:51.0908 1552 QWAVE - ok
10:11:51.0921 1552 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:11:51.0930 1552 QWAVEdrv - ok
10:11:51.0944 1552 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:11:51.0952 1552 RasAcd - ok
10:11:51.0984 1552 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:11:51.0993 1552 RasAgileVpn - ok
10:11:52.0000 1552 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:11:52.0010 1552 RasAuto - ok
10:11:52.0033 1552 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:11:52.0044 1552 Rasl2tp - ok
10:11:52.0074 1552 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
10:11:52.0085 1552 RasMan - ok
10:11:52.0119 1552 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:11:52.0137 1552 RasPppoe - ok
10:11:52.0186 1552 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:11:52.0220 1552 RasSstp - ok
10:11:52.0245 1552 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:11:52.0284 1552 rdbss - ok
10:11:52.0293 1552 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:11:52.0304 1552 rdpbus - ok
10:11:52.0311 1552 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:11:52.0318 1552 RDPCDD - ok
10:11:52.0343 1552 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
10:11:52.0359 1552 RDPDR - ok
10:11:52.0394 1552 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:11:52.0416 1552 RDPENCDD - ok
10:11:52.0426 1552 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:11:52.0435 1552 RDPREFMP - ok
10:11:52.0486 1552 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:11:52.0514 1552 RdpVideoMiniport - ok
10:11:52.0542 1552 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:11:52.0558 1552 RDPWD - ok
10:11:52.0598 1552 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:11:52.0628 1552 rdyboost - ok
10:11:52.0669 1552 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:11:52.0700 1552 RemoteAccess - ok
10:11:52.0734 1552 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:11:52.0756 1552 RemoteRegistry - ok
10:11:52.0797 1552 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
10:11:52.0810 1552 RFCOMM - ok
10:11:52.0820 1552 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:11:52.0830 1552 RpcEptMapper - ok
10:11:52.0854 1552 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:11:52.0862 1552 RpcLocator - ok
10:11:52.0888 1552 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
10:11:52.0892 1552 RpcSs - ok
10:11:52.0937 1552 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:11:52.0967 1552 rspndr - ok
10:11:52.0990 1552 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
10:11:52.0995 1552 s3cap - ok
10:11:53.0007 1552 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
10:11:53.0008 1552 SamSs - ok
10:11:53.0034 1552 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:11:53.0044 1552 sbp2port - ok
10:11:53.0062 1552 SBRE - ok
10:11:53.0082 1552 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:11:53.0092 1552 SCardSvr - ok
10:11:53.0117 1552 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:11:53.0118 1552 scfilter - ok
10:11:53.0144 1552 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
10:11:53.0177 1552 Schedule - ok
10:11:53.0211 1552 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:11:53.0211 1552 SCPolicySvc - ok
10:11:53.0230 1552 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
10:11:53.0241 1552 sdbus - ok
10:11:53.0273 1552 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:11:53.0285 1552 SDRSVC - ok
10:11:53.0378 1552 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
10:11:53.0486 1552 SDScannerService - ok
10:11:53.0558 1552 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
10:11:53.0682 1552 SDUpdateService - ok
10:11:53.0703 1552 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
10:11:53.0716 1552 SDWSCService - ok
10:11:53.0761 1552 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:11:53.0784 1552 secdrv - ok
10:11:53.0811 1552 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
10:11:53.0833 1552 seclogon - ok
10:11:53.0861 1552 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
10:11:53.0874 1552 SENS - ok
10:11:53.0886 1552 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:11:53.0897 1552 SensrSvc - ok
10:11:53.0924 1552 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:11:53.0933 1552 Serenum - ok
10:11:53.0962 1552 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:11:53.0973 1552 Serial - ok
10:11:54.0009 1552 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
10:11:54.0017 1552 sermouse - ok
10:11:54.0112 1552 [ C3BB6CF8F9EE199005A2AAE2815AD756 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
10:11:54.0191 1552 ServiceLayer - ok
10:11:54.0225 1552 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
10:11:54.0234 1552 SessionEnv - ok
10:11:54.0255 1552 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:11:54.0262 1552 sffdisk - ok
10:11:54.0271 1552 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:11:54.0278 1552 sffp_mmc - ok
10:11:54.0289 1552 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:11:54.0297 1552 sffp_sd - ok
10:11:54.0325 1552 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:11:54.0332 1552 sfloppy - ok
10:11:54.0368 1552 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:11:54.0383 1552 SharedAccess - ok
10:11:54.0411 1552 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:11:54.0427 1552 ShellHWDetection - ok
10:11:54.0444 1552 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:11:54.0452 1552 SiSRaid2 - ok
10:11:54.0460 1552 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
10:11:54.0469 1552 SiSRaid4 - ok
10:11:54.0495 1552 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:11:54.0505 1552 Smb - ok
10:11:54.0507 1552 smstsmgr - ok
10:11:54.0549 1552 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:11:54.0557 1552 SNMPTRAP - ok
10:11:54.0643 1552 [ 43FBAA2C9E6B01B6AFC40B69019C27EC ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
10:11:54.0663 1552 SNP2UVC - ok
10:11:54.0690 1552 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:11:54.0697 1552 spldr - ok
10:11:54.0729 1552 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
10:11:54.0753 1552 Spooler - ok
10:11:54.0836 1552 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
10:11:54.0878 1552 sppsvc - ok
10:11:54.0920 1552 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:11:54.0948 1552 sppuinotify - ok
10:11:54.0978 1552 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
10:11:55.0017 1552 srv - ok
10:11:55.0032 1552 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:11:55.0056 1552 srv2 - ok
10:11:55.0084 1552 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:11:55.0096 1552 srvnet - ok
10:11:55.0121 1552 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:11:55.0133 1552 SSDPSRV - ok
10:11:55.0142 1552 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:11:55.0151 1552 SstpSvc - ok
10:11:55.0196 1552 [ 74425FFA11C133D045E1C3BE2EAD481D ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
10:11:55.0234 1552 ssudmdm - ok
10:11:55.0335 1552 [ 0CDEA5ACBB69C45F642E96D81E906CCD ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
10:11:55.0367 1552 STacSV - ok
10:11:55.0391 1552 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
10:11:55.0399 1552 stexstor - ok
10:11:55.0433 1552 [ 5C8D6072D1D09F11789C6A014688048A ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
10:11:55.0465 1552 STHDA - ok
10:11:55.0502 1552 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
10:11:55.0525 1552 stisvc - ok
10:11:55.0548 1552 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
10:11:55.0558 1552 storflt - ok
10:11:55.0578 1552 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
10:11:55.0587 1552 StorSvc - ok
10:11:55.0605 1552 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
10:11:55.0614 1552 storvsc - ok
10:11:55.0628 1552 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
10:11:55.0637 1552 swenum - ok
10:11:55.0711 1552 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
10:11:55.0766 1552 SwitchBoard - ok
10:11:55.0793 1552 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:11:55.0809 1552 swprv - ok
10:11:55.0819 1552 Synth3dVsc - ok
10:11:55.0874 1552 [ B25C79B3348D539B9DBFB6C15637D13C ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
10:11:55.0890 1552 SynTP - ok
10:11:55.0967 1552 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
10:11:56.0046 1552 SysMain - ok
10:11:56.0090 1552 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:11:56.0100 1552 TabletInputService - ok
10:11:56.0199 1552 [ FAAB3E5CE56EDC0769B3387383570839 ] TabletServiceWacom C:\Windows\system32\Wacom_Tablet.exe
10:11:56.0260 1552 TabletServiceWacom - ok
10:11:56.0291 1552 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:11:56.0307 1552 TapiSrv - ok
10:11:56.0332 1552 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:11:56.0340 1552 TBS - ok
10:11:56.0419 1552 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:11:56.0490 1552 Tcpip - ok
10:11:56.0536 1552 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:11:56.0550 1552 TCPIP6 - ok
10:11:56.0596 1552 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:11:56.0621 1552 tcpipreg - ok
10:11:56.0655 1552 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:11:56.0662 1552 TDPIPE - ok
10:11:56.0682 1552 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:11:56.0691 1552 TDTCP - ok
10:11:56.0712 1552 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:11:56.0723 1552 tdx - ok
10:11:56.0750 1552 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
10:11:56.0758 1552 TermDD - ok
10:11:56.0788 1552 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
10:11:56.0793 1552 TermService - ok
10:11:56.0813 1552 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:11:56.0821 1552 Themes - ok
10:11:56.0831 1552 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:11:56.0832 1552 THREADORDER - ok
10:11:56.0871 1552 [ 505DB66467DF7658CC156B1704C7582C ] tmactmon C:\Windows\system32\DRIVERS\tmactmon.sys
10:11:56.0898 1552 tmactmon - ok
10:11:56.0974 1552 [ EFB980D4F0A565ECEA8BEFB22C620698 ] TMBMServer C:\Program Files (x86)\Trend Micro\BM\TMBMSRV.exe
10:11:57.0010 1552 TMBMServer - ok
10:11:57.0043 1552 [ 46EDB648C1B5C3ABD76BD5E912DAC026 ] tmcomm C:\Windows\system32\DRIVERS\tmcomm.sys
10:11:57.0057 1552 tmcomm - ok
10:11:57.0093 1552 [ 30CF571B3320221E331D2D887CB8552B ] tmevtmgr C:\Windows\system32\DRIVERS\tmevtmgr.sys
10:11:57.0103 1552 tmevtmgr - ok
10:11:57.0158 1552 [ 55283E1FC92021AEBA8E1E5B7EBAD9D1 ] TmFilter C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys
10:11:57.0200 1552 TmFilter - ok
10:11:57.0309 1552 [ 245DB19AF7252BBB77E9B7E9D93CB69D ] tmlisten C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe
10:11:57.0340 1552 tmlisten - ok
10:11:57.0371 1552 [ 8F82EF40FA762354530236ABE302FA35 ] TmPreFilter C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys
10:11:57.0386 1552 TmPreFilter - ok
10:11:57.0467 1552 [ EB689B4C0FCA28A7BA881BA31A9224D4 ] TmProxy C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe
10:11:57.0500 1552 TmProxy - ok
10:11:57.0543 1552 [ A42E6780C52B248AF54C6010A9A93384 ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys
10:11:57.0552 1552 tmtdi - ok
10:11:57.0585 1552 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
10:11:57.0612 1552 TPM - ok
10:11:57.0660 1552 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:11:57.0676 1552 TrkWks - ok
10:11:57.0723 1552 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:11:57.0725 1552 TrustedInstaller - ok
10:11:57.0737 1552 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:11:57.0748 1552 tssecsrv - ok
10:11:57.0758 1552 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:11:57.0768 1552 TsUsbFlt - ok
10:11:57.0771 1552 tsusbhub - ok
10:11:57.0797 1552 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:11:57.0808 1552 tunnel - ok
10:11:57.0843 1552 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
10:11:57.0852 1552 uagp35 - ok
10:11:57.0929 1552 [ D5994AB5C2B2D72D6320A7004D52617C ] uArcCapture C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe
10:11:58.0065 1552 uArcCapture - ok
10:11:58.0081 1552 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:11:58.0097 1552 udfs - ok
10:11:58.0129 1552 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:11:58.0138 1552 UI0Detect - ok
10:11:58.0157 1552 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:11:58.0166 1552 uliagpkx - ok
10:11:58.0196 1552 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:11:58.0204 1552 umbus - ok
10:11:58.0238 1552 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
10:11:58.0245 1552 UmPass - ok
10:11:58.0268 1552 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
10:11:58.0280 1552 UmRdpService - ok
10:11:58.0429 1552 [ 2955A9ADBC618B6A09E3D3BECC3CCB3D ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
10:11:58.0467 1552 UNS - ok
10:11:58.0496 1552 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:11:58.0511 1552 upnphost - ok
10:11:58.0544 1552 [ 34AFB83C7BBA370E404E52CC2290350C ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
10:11:58.0551 1552 upperdev - ok
10:11:58.0583 1552 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
10:11:58.0594 1552 usbaudio - ok
10:11:58.0644 1552 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:11:58.0678 1552 usbccgp - ok
10:11:58.0720 1552 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:11:58.0749 1552 usbcir - ok
10:11:58.0769 1552 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
10:11:58.0780 1552 usbehci - ok
10:11:58.0825 1552 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:11:58.0855 1552 usbhub - ok
10:11:58.0874 1552 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:11:58.0884 1552 usbohci - ok
10:11:58.0911 1552 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:11:58.0921 1552 usbprint - ok
10:11:58.0953 1552 [ AA75E1EFBEE7186B4CBAAACF1F15E6CA ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
10:11:58.0960 1552 UsbserFilt - ok
10:11:58.0987 1552 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:11:59.0000 1552 USBSTOR - ok
10:11:59.0028 1552 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
10:11:59.0038 1552 usbuhci - ok
10:11:59.0067 1552 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
10:11:59.0080 1552 usbvideo - ok
10:11:59.0104 1552 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:11:59.0112 1552 UxSms - ok
10:11:59.0132 1552 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
10:11:59.0133 1552 VaultSvc - ok
10:11:59.0240 1552 [ 41EEF971DD82A3674D07F275A4DEF702 ] vcsFPService C:\Windows\system32\vcsFPService.exe
10:11:59.0332 1552 vcsFPService - ok
10:11:59.0358 1552 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:11:59.0368 1552 vdrvroot - ok
10:11:59.0401 1552 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
10:11:59.0455 1552 vds - ok
10:11:59.0493 1552 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:11:59.0503 1552 vga - ok
10:11:59.0517 1552 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:11:59.0526 1552 VgaSave - ok
10:11:59.0528 1552 VGPU - ok
10:11:59.0553 1552 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:11:59.0566 1552 vhdmp - ok
10:11:59.0597 1552 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
10:11:59.0614 1552 viaide - ok
10:11:59.0632 1552 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
10:11:59.0649 1552 vmbus - ok
10:11:59.0680 1552 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
10:11:59.0704 1552 VMBusHID - ok
10:11:59.0731 1552 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:11:59.0744 1552 volmgr - ok
10:11:59.0769 1552 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:11:59.0794 1552 volmgrx - ok
10:11:59.0828 1552 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:11:59.0869 1552 volsnap - ok
10:11:59.0924 1552 [ 8811748190D194EAE2E2155DA3E2B022 ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
10:11:59.0970 1552 vpnagent - ok
10:12:00.0003 1552 [ 845DAE50510383B7F6ACA73CE2099048 ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys
10:12:00.0015 1552 vpnva - ok
10:12:00.0105 1552 [ BF63E3F8F1CED65F4F5AD22E0735B2E4 ] VSApiNt C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys
10:12:00.0131 1552 VSApiNt - ok
10:12:00.0161 1552 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
10:12:00.0171 1552 vsmraid - ok
10:12:00.0215 1552 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
10:12:00.0233 1552 VSS - ok
10:12:00.0249 1552 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
10:12:00.0257 1552 vwifibus - ok
10:12:00.0279 1552 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
10:12:00.0289 1552 vwififlt - ok
10:12:00.0315 1552 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:12:00.0330 1552 W32Time - ok
10:12:00.0366 1552 [ F39FC224758290A3193C68C091E6F11A ] wacmoumonitor C:\Windows\system32\DRIVERS\wacmoumonitor.sys
10:12:00.0373 1552 wacmoumonitor - ok
10:12:00.0393 1552 [ E04D43C7D1641E95D35CAE6086C7E350 ] wacommousefilter C:\Windows\system32\DRIVERS\wacommousefilter.sys
10:12:00.0400 1552 wacommousefilter - ok
10:12:00.0417 1552 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
10:12:00.0426 1552 WacomPen - ok
10:12:00.0447 1552 [ BB9D431C8D025BA13E60ADDDCFF04F1A ] wacomvhid C:\Windows\system32\DRIVERS\wacomvhid.sys
10:12:00.0454 1552 wacomvhid - ok
10:12:00.0484 1552 [ 8B4255329EDFBA3ECFBD0714476FAD38 ] WacomVKHid C:\Windows\system32\DRIVERS\WacomVKHid.sys
10:12:00.0491 1552 WacomVKHid - ok
10:12:00.0529 1552 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:12:00.0558 1552 WANARP - ok
10:12:00.0562 1552 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:12:00.0563 1552 Wanarpv6 - ok
10:12:00.0663 1552 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
10:12:00.0707 1552 WatAdminSvc - ok
10:12:00.0759 1552 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
10:12:00.0817 1552 wbengine - ok
10:12:00.0842 1552 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:12:00.0853 1552 WbioSrvc - ok
10:12:00.0878 1552 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:12:00.0893 1552 wcncsvc - ok
10:12:00.0899 1552 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:12:00.0907 1552 WcsPlugInService - ok
10:12:00.0927 1552 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
10:12:00.0936 1552 Wd - ok
10:12:00.0954 1552 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:12:00.0978 1552 Wdf01000 - ok
10:12:00.0985 1552 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:12:00.0994 1552 WdiServiceHost - ok
10:12:00.0996 1552 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:12:00.0998 1552 WdiSystemHost - ok
10:12:01.0028 1552 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
10:12:01.0038 1552 WebClient - ok
10:12:01.0053 1552 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:12:01.0064 1552 Wecsvc - ok
10:12:01.0070 1552 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:12:01.0079 1552 wercplsupport - ok
10:12:01.0096 1552 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:12:01.0106 1552 WerSvc - ok
10:12:01.0130 1552 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:12:01.0137 1552 WfpLwf - ok
10:12:01.0150 1552 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:12:01.0158 1552 WIMMount - ok
10:12:01.0227 1552 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:12:01.0255 1552 Winmgmt - ok
10:12:01.0304 1552 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
10:12:01.0371 1552 WinRM - ok
10:12:01.0459 1552 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
10:12:01.0482 1552 WinUSB - ok
10:12:01.0527 1552 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:12:01.0571 1552 Wlansvc - ok
10:12:01.0700 1552 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:12:01.0796 1552 wlidsvc - ok
10:12:01.0852 1552 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:12:01.0877 1552 WmiAcpi - ok
10:12:01.0912 1552 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:12:01.0934 1552 wmiApSrv - ok
10:12:01.0956 1552 WMPNetworkSvc - ok
10:12:01.0994 1552 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:12:02.0012 1552 WPCSvc - ok
10:12:02.0056 1552 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:12:02.0087 1552 WPDBusEnum - ok
10:12:02.0125 1552 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:12:02.0144 1552 ws2ifsl - ok
10:12:02.0206 1552 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
10:12:02.0232 1552 wscsvc - ok
10:12:02.0237 1552 WSearch - ok
10:12:02.0299 1552 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
10:12:02.0350 1552 wuauserv - ok
10:12:02.0385 1552 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:12:02.0418 1552 WudfPf - ok
10:12:02.0446 1552 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:12:02.0464 1552 WUDFRd - ok
10:12:02.0486 1552 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:12:02.0495 1552 wudfsvc - ok
10:12:02.0520 1552 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
10:12:02.0531 1552 WwanSvc - ok
10:12:02.0563 1552 ================ Scan global ===============================
10:12:02.0575 1552 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:12:02.0615 1552 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
10:12:02.0631 1552 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
10:12:02.0660 1552 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:12:02.0693 1552 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:12:02.0696 1552 [Global] - ok
10:12:02.0696 1552 ================ Scan MBR ==================================
10:12:02.0711 1552 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:12:03.0033 1552 \Device\Harddisk0\DR0 - ok
10:12:03.0035 1552 ================ Scan VBR ==================================
10:12:03.0040 1552 [ 6D1A2C0B871EABE7FC96FD0B555A9BCB ] \Device\Harddisk0\DR0\Partition1
10:12:03.0042 1552 \Device\Harddisk0\DR0\Partition1 - ok
10:12:03.0059 1552 [ 80A4445866A5B3FB22FB496BA6B83521 ] \Device\Harddisk0\DR0\Partition2
10:12:03.0060 1552 \Device\Harddisk0\DR0\Partition2 - ok
10:12:03.0082 1552 [ 9E0D760F1D78C07BC5D4FEF0ABFB4A52 ] \Device\Harddisk0\DR0\Partition3
10:12:03.0084 1552 \Device\Harddisk0\DR0\Partition3 - ok
10:12:03.0084 1552 ============================================================
10:12:03.0084 1552 Scan finished
10:12:03.0084 1552 ============================================================
10:12:03.0096 6572 Detected object count: 0
10:12:03.0096 6572 Actual detected object count: 0

 

[Robybel]

Hi dperezfa

P2P Programs:

P2P programs are a major source of Malware infections.
From your log I see you have uTorrent and vDownloader We do not pass judgment on file-sharing, however we must inform you that engaging in this activity and having this kind of software installed on your system will always make you more susceptible to Malware infections.
The use of P2P programs may be contributing to your current situation, and you would certainly be doing yourself a favour by removing them.
If you wish to keep the program(s), please do not use them until your computer is cleaned.

Information regarding the risk of using these programs can be found from here and here


Run OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  

  :OTL
  O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
  O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  [2012/10/19 15:36:06 | 000,000,000 | ---D | M] -- C:\Users\dperezfadon\AppData\Roaming\uTorrent
  [2012/03/22 09:04:40 | 000,000,000 | ---D | M] -- C:\Users\dperezfadon\AppData\Roaming\VDownloader
  @Alternate Data Stream - 1077 bytes -> C:\ProgramData\Microsoft:TBXZAfprE1N3yMTlCs3bRqVjiJe
  @Alternate Data Stream - 1033 bytes -> C:\ProgramData\Microsoft:nrUSg800GX3oLNPvyfgZZiZguPqe
  
  
  :Files
  ipconfig /flushdns /c
  
  
  :Commands
  [EMPTYFLASH]
  [REBOOT]
  [RESETHOSTS]
  [CREATERESTOREPOINT]

• Then click the Run Fix button at the top
• Let the program run unhindered.
• OTL may ask to reboot the machine. Please do so if asked.
• The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

NEXT

AdwCleaner

• Please download AdwCleaner by Xplode onto your desktop.
• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

NEXT

• Download RogueKiller and save it to your desktop.
• Quit all other programs
• Start RogueKiller.exe
• Wait until the Prescan has finished ...
• Click on Scan
  
  
• Wait for the end of the scan
• A report will be created on your desktop.
• Click on the Delete button
  
  
• Next click on the ShortcutsFix
  
  
• another report will be created on your desktop.

Please post: All RKreport.txt text files located on your desktop.

On your next reply please post :

• New OTL log after fix
• AdwCleaner log
• All RKreport.txt

Let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!

 

[dperezfa]

--------------------------------------- OTL log --> I HAVE NO OTL LOG. It ran and reboot my computer and then ... no log.





---------------------------------------- AdwCleaner[S2].txt :

# AdwCleaner v2.200 - Fichero creado el 03/04/2013 a 13:56:48
# Actualizado el 02/04/2013 por Xplode
# Sistema operativo : Windows 7 Enterprise Service Pack 1 (64 bits)
# Usuario : dperezfadon - DPEREZFADONPW7
# Modo de inicio : Normal
# Ejecutado desde : D:\BIBLIOTECA\MALWARE_REMOVAL\AdwCleaner.exe
# Opción [Supresión]


***** [Servicios] *****


***** [Ficheros / Carpetas] *****


***** [Registro] *****


***** [Navegadores] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] El registro no contiene ninguna entrada ilegítima.

-\\ Mozilla Firefox v13.0.1 (es-ES)

Fichero : C:\Users\dperezfadon\AppData\Roaming\Mozilla\Firefox\Profiles\zmdxyoi7.default\prefs.js

[OK] El fichero no contiene ninguna entrada ilegítima.

-\\ Google Chrome v26.0.1410.43

Fichero : C:\Users\dperezfadon\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] El fichero no contiene ninguna entrada ilegítima.

-\\ Opera v [Imposible obtener la versión]

Fichero : C:\Users\dperezfadon\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] El fichero no contiene ninguna entrada ilegítima.

*************************

AdwCleaner[R1].txt - [2516 octets] - [14/03/2013 09:31:05]
AdwCleaner[S1].txt - [2599 octets] - [14/03/2013 09:31:38]
AdwCleaner[S2].txt - [1271 octets] - [03/04/2013 13:56:48]

########## EOF - C:\AdwCleaner[S2].txt - [1331 octets] ##########








-------------------------------- RKreport[1]_S_04032013_02d1410.txt

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : dperezfadon [Admin rights]
Mode : Scan -- Date : 04/03/2013 14:10:26
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (proxy.indra.es:8080) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEKT-60PVMT0 +++++
--- User ---
[MBR] 76b8c01b0112762377ef7f778af1b059
[BSP] cd27ed3eb96aab5c994ff939e1f9cca6 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 101 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 208896 | Size: 102900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 210948096 | Size: 202242 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_04032013_02d1410.txt >>
RKreport[1]_S_04032013_02d1410.txt






------------------------------- RKreport[2]_D_04032013_02d1413.txt

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : dperezfadon [Admin rights]
Mode : Remove -- Date : 04/03/2013 14:13:33
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (proxy.indra.es:8080) -> NOT REMOVED, USE PROXYFIX

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEKT-60PVMT0 +++++
--- User ---
[MBR] 76b8c01b0112762377ef7f778af1b059
[BSP] cd27ed3eb96aab5c994ff939e1f9cca6 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 101 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 208896 | Size: 102900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 210948096 | Size: 202242 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_04032013_02d1413.txt >>
RKreport[1]_S_04032013_02d1410.txt ; RKreport[2]_D_04032013_02d1413.txt







------------------------ RKreport[3]_SC_04032013_02d1422.txt

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : dperezfadon [Admin rights]
Mode : Shortcuts HJfix -- Date : 04/03/2013 14:22:58
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 2 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 23 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 3 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\CdRom1 -- 0x5 --> Skipped

Finished : << RKreport[3]_SC_04032013_02d1422.txt >>
RKreport[1]_S_04032013_02d1410.txt ; RKreport[2]_D_04032013_02d1413.txt ; RKreport[3]_SC_04032013_02d1422.txt

 

[dperezfa]

i'm rebooting and browsing some URL's and YESS!!! it seems that the ad frame no longer appears

:wav: Give me an "R"! Give me an "O" ... Roobybel! Roobybel!

Thank you very much! :thanks:

 

[Robybel]

Hi dperezfa

I'm very happy

OK please, follow this:

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
  
  
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected .
• When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
• Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

=============================== Next =======================================



ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

Note: If you are using Windows Vista/7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
2. Click the
   
   button.
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. Click on
      
      to download the ESET Smart Installer. Save it to your desktop.
   2. Double click on the
      
      icon on your desktop.
4. Check
   
5. Click the
   
   button.
6. Accept any security warnings from your browser.
7. Check
   
8. Make sure that the option "Remove found threats" is Unchecked
9. Push the Start button.
10. ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
11. When the scan completes, push
    
12. Push
    
    , and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
13. Push the Back button.
14. Select Uninstall application on close check box and push
    

Please let me know how your machine is running and if there are any outstanding issues


On your next reply please post :

• MBAM log
• Eset report

Let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!

 

[Robybel]

Still with me?

 

[dperezfa]

Yes, scanning with mbam ...

 

[dperezfa]

i've scanning with ESET for hours and it is 30%. I´m stopping it because now i have to use the computer. I will scan with ESET later...

 

[Robybel]

:bigthumb:

 

[dperezfa]

18 hours after start scanning ESET has closed without warning or log. It were at 90%.

Maybe my antivirus (trend micro officescan) has interfered. I'm not able to disable it.

Here is the mbam log:

-------------------------------------- MBAM log (in spanish sorry)

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Versión de la Base de Datos: v2013.04.08.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
dperezfadon :: DPEREZFADONPW7 [administrador]

08/04/2013 8:50:13
mbam-log-2013-04-08 (08-50-13).txt

Tipos de Análisis: Análisis Rápido
Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opciones de análisis desactivados: P2P
Objetos examinados: 259926
Tiempo transcurrido: 14 minuto(s), 14 segundo(s)

Procesos en Memoria Detectados: 0
(No se han detectado elementos maliciosos)

Módulos de Memoria Detectados: 0
(No se han detectado elementos maliciosos)

Claves del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Valores del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Carpetas Detectadas: 0
(No se han detectado elementos maliciosos)

Archivos Detectados: 0
(No se han detectado elementos maliciosos)

fin)

 

[Robybel]

Hi dperezfa

Try this now

Please download Windows Repair (all in one) from here

Install the program then run it

Go to step 2 and allow it to run Disk check

Once that is done then go to step 3 and allow it to run SFC

On the the Start Repairs tab => Click the Start

Click on the select all check box and then click on Start

DON'T use the computer while each scan is in progress.

Restart may be needed to finish the repair procedure

 

[dperezfa]

I'm a little worried about the "set windows services to default startup". I work from my home 250km away from my job (teleworking) so I have to solve all the problems by myself if i can. I have the computer configured to work with and I don't want to remove the configuration of something important. :blink:

 

[Robybel]

Hi dperezfa

Ok!
No problem, you can not run this tool.

Please let me know how your machine is running and if there are any outstanding issues

 

[dperezfa]

Thank you Robybel.
The machine seems to run OK now.

 

[dperezfa]

One last thing... Maybe I have to uninstall something?

 

[Robybel]

Hi dperezfa

IT APPEARS THAT YOUR LOGS ARE NOW CLEAN SO LETS DO A COUPLE OF THINGS TO WRAP THIS UP!!

This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.

• Click START then RUN
• Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.
  
  
  

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

Unistall AdwCleaner

• Double click on adwcleaner.exe to run the tool.
• Click on Uninstall.
• Confirm with yes.

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

MOST IMPORTANT: You Need to Update Windows and IE to get all the Latest Security Patches to protect your computer from the malware that is around on the internet.

Here are some tips to reduce the potential for spyware infection in the future:

1. Make your Internet Explorer more secure - This can be done by following these simple instructions:

• From within Internet Explorer click on the Tools menu and then click on Options.
• Click once on the Security tab
• Click once on the Internet icon so it becomes highlighted.
• Click once on the Custom Level button.
• Change the Download signed ActiveX controls to Prompt
• Change the Download unsigned ActiveX controls to Disable
• Change the Initialize and script ActiveX controls not marked as safe to Disable
• Change the Installation of desktop items to Prompt
• Change the Launching programs and files in an IFRAME to Prompt
• Change the Navigate sub-frames across different domains to Prompt
• When all these settings have been made, click on the OK button.
• If it prompts you as to whether or not you want to save the settings, press the Yes button.
• Next press the Apply button and then the OK to exit the Internet Properties page.

Make your Mozilla Firefox more secure - This can be done by adding these add-ons:

• NoScript
• AdBlockPlus

2. Enable Protected Mode in Internet Explorer. This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:

• Open Internet Explorer
• Click on Tools > Internet Options
• Press Security tab
• Select Internet zone then place check next to Enable Protected Mode if not already done
• Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
• Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.

3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

4. Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here. **There are firewalls listed in this tutorial that could be downloaded and used but I would personally only recommend using one of the following two below:
Online Armor Free
Agnitum Outpost Firewall Free


5.SPYWARE PREVENTION
This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles:

• • How Did I Get Infected In The First Place? by TonyKlein
    [*]How to Prevent Malware by miekiemoes
  • PC Safety and Security--What Do I Need?

6. Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

7. WOT (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

8.Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place?

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.

 

[dperezfa]

Ok. I followed all the steps.
I'm satisfied and we can mark the problem as solved.

Thank you!

 

[Robybel]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.