No Navega en internet, Windows sin internet

victor_TeReparoLaPC · 19 Junio, 2019 21:33

Hola. Soy antigüo en el foro pero no se que ha pasado con mi cuenta tuve que crear otra. Buenas tardes a todos. Tengo el siguiente inconveniente La PC en cuestión no navega en internet ni tampoco tiene internet a pesar de que conecte, usando dns automaticos queda con signo de exclamacion y sin accceso a internet pero al poner los de googles u otro si conecta y muestra acceso a internet pero sin embargo no navega ni actualiza windows ni tampoco los antivirus. Se probo live cd de linux y windows y la placa funciona correctamente y hay conexión y puedo navegar, usando un disco nuevo y formateando tambien esta todo OK! Realice escaneo con malwarebytes y detecto PUPs y malware , todos fueron eliminados, Dr.Web detecto como probable amenaza Userinit pero no lo he neutralizado aun por las dudas que sea falso positivo. Espero puedan ayudarme ya que el dueño no quiere formatear la PC.

Windows 7 SP1 64Bits Intel Core 2 Quad Q650 3.0Ghz 8 GB RAM Nvidia GeForce 8400GS

Mother: P35 Platinium MS-7345 rev 1.0

SanMar · 19 Junio, 2019 21:46

Hola @victor_TeReparoLaPC

Bienvenido a esta nueva etapa de InfoSpyware!!!

Aquí lo nuevo que ha pasado:

ForoSpyware reabre sus puertas nuevamente!

En tu próxima respuesta peganos los reportes.

Que Sistema Operativo tiene?

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga Farbar Recovery Scan Tool. en el escritorio, seleccionando la versión adecuada para la arquitectura (32 o 64bits) de su equipo. [size=1] >> Como saber si mi Windows es de 32 o 64 bits.?[/size]

Ejecuta FRST.exe.
En el mensaje de la ventana del Disclaimer, pulsamos Yes
En la ventana principal pulsamos en el botón Scan y esperamos a que concluya el proceso.
Se abrirán dos(2) archivos(Logs), Frst.txt y Addition.txt, estos quedaran grabados en el escritorio.

Guía: Como Ejecutar FRST

3.- En tu próxima respuesta, pega los reportes generados.

Guía : ¿Como Pegar reportes en el Foro?

Esperamos esos reporte.

Salu2

victor_TeReparoLaPC · 19 Junio, 2019 22:22

El reporte de Malwarebytes no lo tengo, lo desinstale y no guarde copia de su reporte.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-06-2019
Ran by Mati (administrator) on MATI-PC (MICRO-STAR INTERNATIONAL CO.,LTD P35 Platinum(MS-7345)) (19-06-2019 19:06:57)
Running from C:\Users\Mati\Desktop
Loaded Profiles: Mati (Available Profiles: Mati)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Español (España, internacional)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Doctor Web Ltd. -> ) C:\Users\Mati\AppData\Local\Temp\D7726CD8-2346E1E4-CE5FA724-7DD7BC28\IqOYAxE9.exe
(Doctor Web Ltd. -> ) C:\Users\Mati\AppData\Local\Temp\D7726CD8-2346E1E4-CE5FA724-7DD7BC28\QbqsRY99z349.exe
(Doctor Web Ltd. -> ) C:\Users\Mati\AppData\Local\Temp\D7726CD8-2346E1E4-CE5FA724-7DD7BC28\y4DzgrRJWwNciA.exe
(Doctor Web Ltd. -> ) C:\Users\Mati\Desktop\drkd9hxe.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(SEIKO EPSON Corporation -> Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672664 2014-06-30] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKU\S-1-5-21-470037617-1738153215-1971209628-1001\...\MountPoints2: {0a80e7ee-d436-11e4-9e15-001d928483bf} - L:\setup.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKLM\...\Drivers32: [VIDC.FICV] => C:\Windows\system32\ficvdec_x64.dll [652288 2013-05-28] () [File not signed]
HKLM\...\Drivers32: [VIDC.FICV] => C:\Windows\SysWOW64\ficvdec_x86.dll [641024 2013-05-28] () [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\70.0.3538.77\Installer\chrmstp.exe [2018-10-26] (Google Inc -> Google Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0309550F-A1C7-44ED-ABF2-2E4DD90C5D93} - System32\Tasks\ASC9_PerformanceMonitor => C:\Users\Mati\Downloads\Monitor temperaturas ASC9 -W10\Monitor de Rendimiento - ASC9\Monitor.exe [1517344 2015-11-06] (IObit Information Technology -> IObit)
Task: {0C51074C-BFB0-4DCA-882C-110EE3D49A1A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [538952 2018-09-11] (Piriform Ltd -> Piriform Ltd)
Task: {2B5404FC-E330-4390-945D-649BC660D11A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {2B5404FC-E330-4390-945D-649BC660D11A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [343040  [343040 2015-07-04]] (Microsoft Windows -> Microsoft Corporation)
Task: {397C4FB5-7531-47A6-841B-078A7B14DC16} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-03-27] (Google Inc -> Google Inc.)
Task: {3DCAA28E-39DB-4113-AC7B-1D8B20FCAF7C} - System32\Tasks\{5057F1CA-7F94-4CAF-9CC8-BA7AEA7634D6} => C:\Windows\system32\pcalua.exe -a "C:\Users\Mati\Desktop\LG Mobile Support Tool\LG Mobile Support Tool.exe" -d "C:\Users\Mati\Desktop\LG Mobile Support Tool"
Task: {4C541660-2DC1-42DE-B10E-FE65716110DE} - System32\Tasks\EPSON XP-211 214 216 Series Invitation {8B97DC3F-EDD9-4AFA-B1FB-072EEF8DB156} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE [679488 2013-02-27] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {571B5C7D-1B28-447C-9E58-FB0F6E7F664E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1190424 2018-08-14] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {6F20C1B7-EB3C-4D46-B3F9-BFB03AEC0BA8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [13797712 2018-09-11] (Piriform Ltd -> Piriform Ltd)
Task: {815E70A1-4B11-4888-B934-0149C2E17014} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [107848 2015-03-27] (Google Inc -> Google Inc.)
Task: {9CE504EB-FAC5-4355-9DC4-FB692664A68A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {9CE504EB-FAC5-4355-9DC4-FB692664A68A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [343040  [343040 2015-07-04]] (Microsoft Windows -> Microsoft Corporation)
Task: {A44702B2-0CCD-4924-9BA4-1B2F50BC06F7} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {A44702B2-0CCD-4924-9BA4-1B2F50BC06F7} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {A44702B2-0CCD-4924-9BA4-1B2F50BC06F7} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [343040  [343040 2015-07-04]] (Microsoft Windows -> Microsoft Corporation)
Task: {A8160E4F-4830-4EC6-983B-85667128DE29} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_122_pepper.exe [1454592 2018-10-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {B0A2B5E9-9FE8-44AA-A6BB-8A27573B9EF5} - System32\Tasks\{F6212FBF-100F-4864-A51A-04E5FCF9E835} => C:\Windows\twain_32\escndv\escndv.exe [212504 2012-09-05] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORP.)
Task: {C1E75B03-FB48-41F1-A0AD-4B92E0EDDDC2} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\\MpCmdRun.exe [410784 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {D9498885-006B-4C1A-92CB-A391226D2E88} - System32\Tasks\{E2711D8C-B367-4A6F-A88C-1490E92BD75E} => C:\Windows\system32\pcalua.exe -a C:\Users\Mati\Downloads\WinSetupFromUSB_0-2-3.exe -d C:\Users\Mati\Downloads
Task: {E57B8B3F-2B00-4062-BD1E-87B6406CEF73} - System32\Tasks\EPSON XP-211 214 216 Series Update {8B97DC3F-EDD9-4AFA-B1FB-072EEF8DB156} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE [679488 2013-02-27] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {E6952E73-59F1-4893-8E78-C16559F5810D} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [39848 2017-03-28] (Garmin International, Inc. -> )
Task: {E7BE0D97-9D94-45A2-879B-23DCC57813DD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335872 2018-10-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {EA99BCDB-2C74-4CA4-81FE-462F4C2EB755} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_122_Plugin.exe [1454592 2018-10-09] (Adobe Systems Incorporated -> Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\EPSON XP-211 214 216 Series Invitation {7B0121BA-A77B-4C02-9B90-EC20B54BB0AE}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE
Task: C:\Windows\Tasks\EPSON XP-211 214 216 Series Update {7B0121BA-A77B-4C02-9B90-EC20B54BB0AE}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLDE.EXE:/EXE:{7B0121BA-A77B-4C02-9B90-EC20B54BB0AE} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 186.130.128.250 186.130.129.250
Tcpip\..\Interfaces\{31B4C276-2391-4127-B9EB-023319F16CC8}: [DhcpNameServer] 186.130.128.250 186.130.129.250
Tcpip\..\Interfaces\{B09639EE-19D8-4AFD-B48F-9EBBB6D642FD}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{B09639EE-19D8-4AFD-B48F-9EBBB6D642FD}: [DhcpNameServer] 186.130.128.250 186.130.129.250

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-470037617-1738153215-1971209628-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-470037617-1738153215-1971209628-1001 -> ${searchCLSID} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2012-01-25] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Mati\AppData\Roaming\Mozilla\Firefox\Profiles\l9m4un6x.default [2019-06-19]
FF Homepage: Mozilla\Firefox\Profiles\l9m4un6x.default -> www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_31_0_0_122.dll [2018-10-09] (Adobe Systems Incorporated -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-10-09] (Adobe Systems Incorporated -> )
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] (Apple Inc. -> )
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-01-29] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-01-29] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [File not signed]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-19] (Google Inc -> Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR Profile: C:\Users\Mati\AppData\Local\Google\Chrome\User Data\Default [2019-06-19]
CHR Extension: (Pick your Color) - C:\Users\Mati\AppData\Local\Google\Chrome\User Data\Default\Extensions\oggekmchebjhcebioohbjaogddbmijcc [2018-11-13]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [oggekmchebjhcebioohbjaogddbmijcc] - C:\Users\Mati\AppData\Roaming\Chrome Extensions\Pick-your-Color_v1.0.2.crx [2017-09-15]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKLM\SYSTEM\CurrentControlSet\Services\458276B498F951AA <==== ATTENTION (Rootkit!)

R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [674768 2018-04-25] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-04-28] (Microsoft Windows -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe [473312 2017-03-20] (Wondershare Technology Co.,Ltd -> Wondershare)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\MobileGo\DriverInstall.exe [101152 2017-06-01] (Wondershare Technology Co.,Ltd -> Wondershare)
S2 MBAMService; "C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
S3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0074.sys [38432 2016-09-18] (SoftEther Corporation -> SoftEther Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation -> Microsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation -> NVIDIA Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
S3 rt61x64; C:\Windows\System32\DRIVERS\WMP54Gv41x64.sys [446304 2010-04-07] (Ralink Technology Corporation -> Ralink Technology, Corp.)
R3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Microsoft Windows -> Realtek Semiconductor Corporation )
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S3 ssudmdm; C:\Windows\System32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [File not signed]
S3 vvftav211; C:\Windows\System32\drivers\vvftav211.sys [308224 2007-12-10] (Microsoft Windows Hardware Compatibility Publisher -> Vimicro Corporation)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB)
S3 ZSMC30x; C:\Windows\System32\Drivers\ZS211.sys [1491712 2007-12-13] (Microsoft Windows Hardware Compatibility Publisher -> ZSMC.Corporation)
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
U3 aswbdisk; no ImagePath
S3 cpuz138; \??\C:\Users\Mati\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X] <==== ATTENTION
S3 MBAMSwissArmy; \SystemRoot\System32\Drivers\mbamswissarmy.sys [X]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-19 19:06 - 2019-06-19 19:07 - 000020887 _____ C:\Users\Mati\Desktop\FRST.txt
2019-06-19 19:02 - 2019-06-19 19:06 - 000000000 ____D C:\FRST
2019-06-19 19:02 - 2019-06-19 18:59 - 002418688 _____ (Farbar) C:\Users\Mati\Desktop\FRST64.exe
2019-06-19 18:56 - 2019-06-19 11:43 - 063182216 _____ (Malwarebytes ) C:\Users\Mati\Desktop\mb3-setup-43841.43841-3.7.1.2839-1.0.586-1.0.10430.exe
2019-06-19 18:11 - 2019-06-19 18:12 - 355832572 _____ C:\backupdrweb.reg
2019-06-19 18:02 - 2019-06-19 18:02 - 000000000 ____D C:\Users\Mati\Doctor Web
2019-06-19 18:02 - 2019-06-19 18:02 - 000000000 ____D C:\ProgramData\Doctor Web
2019-06-19 18:01 - 2019-06-19 18:01 - 000000571 _____ C:\Users\Mati\Desktop\ESET Online Scanner.lnk
2019-06-19 18:01 - 2019-06-19 18:01 - 000000000 ____D C:\Users\Mati\AppData\Local\ESET
2019-06-19 18:01 - 2019-06-19 11:35 - 007986200 _____ (ESET spol. s r.o.) C:\Users\Mati\Desktop\esetonlinescanner_esl.exe
2019-06-19 18:01 - 2019-06-19 11:15 - 191597952 _____ C:\Users\Mati\Desktop\drkd9hxe.exe
2019-06-19 18:01 - 2019-06-19 09:15 - 001668952 _____ (PortableApps.com) C:\Users\Mati\Desktop\GoogleChromePortable_75.0.3770.100_online.paf.exe
2019-06-19 17:54 - 2019-04-17 13:10 - 001106720 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2019-06-19 17:54 - 2019-04-17 13:10 - 000122752 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2019-06-19 17:54 - 2019-04-17 13:10 - 000118712 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\SET32.tmp
2019-06-19 17:54 - 2019-04-17 13:10 - 000118712 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2019-06-19 17:52 - 2019-06-19 17:55 - 000000000 ____D C:\Windows\LastGood
2019-06-19 14:37 - 2019-06-19 14:37 - 000000054 _____ C:\Users\Mati\Desktop\backuphho.txt
2019-06-19 14:01 - 2019-06-19 14:01 - 000009692 _____ C:\Users\Mati\Documents\cc_20190619_140118.reg
2019-06-19 13:45 - 2019-06-19 18:56 - 000000594 _____ C:\Users\Mati\Desktop\cpuz.ini
2019-06-19 13:45 - 2019-06-19 13:42 - 010924745 _____ C:\Users\Mati\Desktop\realtek_pcielan_7_mb.zip
2019-06-19 13:45 - 2019-06-19 13:39 - 002877647 _____ C:\Users\Mati\Desktop\cpu-z_1.89-en.zip
2019-06-19 13:45 - 2019-05-23 13:21 - 003782624 _____ (CPUID) C:\Users\Mati\Desktop\cpuz_x64.exe
2019-06-19 13:45 - 2019-05-23 13:21 - 003250656 _____ (CPUID) C:\Users\Mati\Desktop\cpuz_x32.exe
2019-06-19 13:45 - 2019-05-23 10:22 - 000028147 _____ C:\Users\Mati\Desktop\cpuz_readme.txt
2019-06-19 11:47 - 2019-06-19 11:47 - 000000000 ____D C:\Users\Mati\AppData\Local\mbamtray
2019-06-19 11:47 - 2019-06-19 11:47 - 000000000 ____D C:\Users\Mati\AppData\Local\mbam
2019-06-19 11:45 - 2019-06-19 11:45 - 000008442 _____ C:\Users\Mati\Documents\cc_20190619_114538.reg
2019-06-19 11:44 - 2019-06-19 11:44 - 000068150 _____ C:\Users\Mati\Documents\cc_20190619_114401.reg
2019-06-19 11:34 - 2011-05-19 18:05 - 000000137 _____ C:\Users\Mati\Desktop\WinSockFix-Win7.bat
2019-06-19 11:34 - 2009-05-17 20:28 - 001445888 _____ (Option^Explicit Software Solutions) C:\Users\Mati\Desktop\WinsockxpFix-WinXP.exe
2019-06-19 09:16 - 2019-06-19 09:20 - 000000000 ____D C:\GoogleChromePortable
2019-06-03 00:55 - 2019-06-03 00:55 - 000000000 ____D C:\Users\Mati\Desktop\WIN7-7.125.307.2019

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-19 18:57 - 2011-04-12 06:10 - 000765610 _____ C:\Windows\system32\perfh00A.dat
2019-06-19 18:57 - 2011-04-12 06:10 - 000164850 _____ C:\Windows\system32\perfc00A.dat
2019-06-19 18:57 - 2009-07-14 02:13 - 001714072 _____ C:\Windows\system32\PerfStringBackup.INI
2019-06-19 18:57 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\inf
2019-06-19 18:42 - 2009-07-14 00:20 - 000000000 ____D C:\Windows\system32\NDF
2019-06-19 18:02 - 2015-03-26 02:29 - 000000000 ____D C:\Users\Mati
2019-06-19 17:54 - 2015-03-27 01:28 - 000000000 ____D C:\Program Files (x86)\Realtek
2019-06-19 17:53 - 2015-03-27 01:28 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-06-19 17:52 - 2015-03-26 09:03 - 000000000 ____D C:\ProgramData\NVIDIA
2019-06-19 17:52 - 2009-07-14 02:08 - 000032580 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2019-06-19 17:52 - 2009-07-14 02:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-06-19 17:51 - 2009-07-14 01:45 - 000028976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-06-19 17:51 - 2009-07-14 01:45 - 000028976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-06-19 13:58 - 2016-08-27 19:00 - 000000000 ____D C:\Program Files\SoftEther VPN Client
2019-06-19 12:20 - 2015-03-27 01:42 - 000000000 ____D C:\Users\Mati\AppData\Roaming\FlvtoConverter
2019-06-19 12:20 - 2015-03-27 01:30 - 000000000 ____D C:\Users\Mati\AppData\Local\Flvto Youtube Downloader
2019-06-19 12:19 - 2017-11-29 08:58 - 000000000 ____D C:\Program Files (x86)\Ares
2019-06-19 12:19 - 2016-11-09 21:00 - 000000000 ____D C:\UsbFix
2019-06-19 12:19 - 2015-03-27 01:25 - 000000000 ____D C:\Program Files (x86)\Flvto Youtube Downloader
2019-06-19 11:48 - 2009-07-14 01:45 - 000414888 _____ C:\Windows\system32\FNTCACHE.DAT
2019-06-19 11:47 - 2015-03-27 00:24 - 000110768 _____ C:\Users\Mati\AppData\Local\GDIPFONTCACHEV1.DAT
2019-06-19 11:44 - 2015-04-02 11:50 - 000000000 ____D C:\Windows\pss
2019-06-19 11:43 - 2016-09-01 02:38 - 000000000 ____D C:\Users\Mati\AppData\Local\CrashDumps
2019-06-19 11:43 - 2016-03-05 23:06 - 000000000 ____D C:\Windows\Minidump

==================== Files in the root of some directories ================

2016-10-26 21:05 - 2018-11-02 17:00 - 000461837 _____ () C:\Users\Mati\AppData\Roaming\downloads.json
2016-04-25 21:21 - 2016-04-25 21:21 - 000000001 _____ () C:\Users\Mati\AppData\Local\llftool.4.40.agreement
2017-10-09 09:18 - 2017-10-09 09:18 - 000007605 _____ () C:\Users\Mati\AppData\Local\Resmon.ResmonCfg
2018-06-21 06:54 - 2018-06-21 06:54 - 000000000 _____ () C:\Users\Mati\AppData\Local\{2151B5AD-0B53-4EF4-8A81-217CED7BFDB0}
2017-12-08 08:12 - 2017-12-08 08:12 - 000000000 _____ () C:\Users\Mati\AppData\Local\{B0F38DA6-AE8A-415F-99BF-4A03E7C821A0}
2018-06-06 08:09 - 2018-06-06 08:09 - 000000000 _____ () C:\Users\Mati\AppData\Local\{C230AAA5-AF95-48B8-852A-EBFBA09F5646}

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2018-10-25 00:38
==================== End of FRST.txt ============================

victor_TeReparoLaPC · 19 Junio, 2019 22:27

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-06-2019
Ran by Mati (19-06-2019 19:07:55)
Running from C:\Users\Mati\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2015-03-26 05:28:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-470037617-1738153215-1971209628-500 - Administrator - Disabled)
HomeGroupUser$ (S-1-5-21-470037617-1738153215-1971209628-1002 - Limited - Enabled)
Invitado (S-1-5-21-470037617-1738153215-1971209628-501 - Limited - Disabled)
Mati (S-1-5-21-470037617-1738153215-1971209628-1001 - Administrator - Enabled) => C:\Users\Mati

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Out of date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Disabled - Out of date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Actualización de NVIDIA 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 19.008.20080 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.124 - Adobe Systems Incorporated)
Adobe Flash Player 31 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 31.0.0.122 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
Adobe Flash Player 31 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 31.0.0.122 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (HKLM\...\{7664AF65-7B0D-4171-9F0F-50455278B428}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Ares 2.2.4 (HKLM-x32\...\Ares) (Version: 2.2.4-Build#3048 - Ares Development Group)
Autosoft Taller 2.50.044 (HKLM-x32\...\{09C81138-8ABF-4AD8-8E77-51FEEAC99E53}) (Version: 2.50.0440 - Santa Rita Investments Inc) Hidden
Autosoft Taller 2.50.044 (HKLM-x32\...\InstallShield_{09C81138-8ABF-4AD8-8E77-51FEEAC99E53}) (Version: 2.50.0440 - Santa Rita Investments Inc)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.46 - Piriform)
Defraggler (HKLM\...\Defraggler) (Version: 2.22 - Piriform)
Elevated Installer (HKLM-x32\...\{1052502B-4C91-43F9-B160-AE39ED57C9F0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.80.0000 - Seiko Epson Corporation)
Epson Easy Photo Print 2 (HKLM-x32\...\{79D0F056-39DE-4FDD-83FD-1554CE2C6443}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery (HKLM-x32\...\EEPPPlugIn) (Version:  - SEIKO EPSON Corporation)
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup (HKLM-x32\...\{7B7044AE-6D1F-456D-B2BA-28BFFFAF3F71}) (Version: 1.00.0000 - SEIKO EPSON Corporation) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON TX133 TX135 Series Printer Uninstall (HKLM\...\EPSON TX133 TX135 Series) (Version:  - SEIKO EPSON Corporation)
EPSON XP-211 214 216 Series Printer Uninstall (HKLM\...\EPSON XP-211 214 216 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Flvto Youtube Downloader (HKLM-x32\...\Flvto YouTube Downloader) (Version: 1.2.1 - Hotger)
Garmin Express (HKLM-x32\...\{BCC7CA85-E57F-452D-BB44-15A1CE018BD0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{bd8bd200-9a60-4969-b267-6b565f36e3da}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (HKLM-x32\...\{DA9C865D-6762-4931-8588-0B13B7A0796B}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.77 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Hard Disk Low Level Format Tool 4.40 (HKLM-x32\...\Hard Disk Low Level Format Tool_is1) (Version:  - HDDGURU)
HDD Regenerator (HKLM-x32\...\{2445981B-A23B-4A0E-AD15-3D391BDAEC3E}) (Version: 1.71.0012 - Abstradrome)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Kodi (HKU\S-1-5-21-470037617-1738153215-1971209628-1001\...\Kodi) (Version:  - XBMC-Foundation)
LG United Mobile Drivers (HKLM-x32\...\{5DB849D6-9392-4FB7-9ABB-87ED433152E5}) (Version: 3.8.1 - LG Electronics)
Manual Epson XP-211_XP-214 versión 1.0 (HKLM-x32\...\UsersGuideManual Epson XP-211_XP-214_is1) (Version: 1.0 - )
Microsoft .NET Framework 4.5.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Excel 2007 Help Actualización (KB963678) (HKLM-x32\...\{90120000-0016-0C0A-0000-0000000FF1CE}_ENTERPRISE_{59E09C3D-4878-47D9-87DB-6D0018026889}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook 2007 Help Actualización (KB963677) (HKLM-x32\...\{90120000-001A-0C0A-0000-0000000FF1CE}_ENTERPRISE_{59C244C2-0C37-4E85-8F7E-DBDD3958B694}) (Version:  - Microsoft)
Microsoft Office Powerpoint 2007 Help Actualización (KB963669) (HKLM-x32\...\{90120000-0018-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F318245D-05AE-4681-A749-A036CE44AF29}) (Version:  - Microsoft)
Microsoft Office Word 2007 Help Actualización (KB963665) (HKLM-x32\...\{90120000-001B-0C0A-0000-0000000FF1CE}_ENTERPRISE_{377BA42A-1C84-45D6-94B8-6D00887D172D}) (Version:  - Microsoft)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mobile Upgrade S 4.2.3 (HKLM-x32\...\{C9A7E6A6-110D-4DBC-A8E2-F634613B5A8C}_is1) (Version:  - TCL Communication Technology Holdings Limited)
Mozilla Firefox 51.0.1 (x86 es-ES) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 es-ES)) (Version: 51.0.1 - Mozilla)
Mozilla Firefox 63.0.1 (x86 es-ES) (HKU\S-1-5-21-470037617-1738153215-1971209628-1001\...\Mozilla Firefox 63.0.1 (x86 es-ES)) (Version: 63.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Need for Speed Underground 2 (HKLM-x32\...\{909F8EBC-EC7F-48FF-0085-475D818F0F31}) (Version:  - )
Nero 8.3.2.1 (HKLM-x32\...\Nero8WinuE_is1) (Version: 8.3.2.1 - Bj @ WinuE)
NVIDIA Controlador de 3D Vision 341.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.95 - NVIDIA Corporation)
NVIDIA Controlador de gráficos 341.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.95 - NVIDIA Corporation)
NVIDIA Controlador de la controladora 3D Vision 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
ONE TOUCH Center v1.2.6 (HKLM-x32\...\ONE TOUCH Center for Android_is1) (Version:  - TCL Communication Ltd)
Panel de control de NVIDIA 341.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 341.95 - NVIDIA Corporation) Hidden
Paquete de controladores de Windows - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Paquete de controladores de Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (12/06/2010 4.0.0000.00000) (HKLM\...\76F6B4A696B8C9A7ACFF01D4E1D6EF2D974C3E67) (Version: 12/06/2010 4.0.0000.00000 - Google, Inc.)
Paquete de controladores de Windows - MediaTek Inc. (usbser) Ports  (09/01/2011 2.0.1136.0) (HKLM\...\32DC281B7E359EA3D16ECC7D98609F6A592B981D) (Version: 09/01/2011 2.0.1136.0 - MediaTek Inc.)
Paquete de controladores de Windows - MediaTek Inc. Net  (07/14/2011 1.1129.00) (HKLM\...\8BC3CF920AF63C7AEF78B82D1C60D94704FB95CD) (Version: 07/14/2011 1.1129.00 - MediaTek Inc.)
Paquete de controladores de Windows - Microsoft (WUDFRd) WPD  (02/22/2006 5.2.5326.4762) (HKLM\...\B77DDB8A5697AAF5DA4E4859E53C301B877DD206) (Version: 02/22/2006 5.2.5326.4762 - Microsoft)
Paquete de controladores de Windows - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Pixlr-o-matic (HKLM-x32\...\{41A63ADA-088B-1C2D-43B3-E4087FE79881}) (Version: 2.1 - UNKNOWN) Hidden
Pixlr-o-matic (HKLM-x32\...\Pixlromatic) (Version: 2.1 - UNKNOWN)
POISelector (HKLM-x32\...\{CEEAA2C6-011D-4ECA-B83D-21D829E68E8D}) (Version: 1.6.0 - EAA)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.125.307.2019 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7293 - Realtek Semiconductor Corp.)
Sega Col 1.00 (HKLM-x32\...\Sega Col 1.00) (Version: 1.00 - Pilotus)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
UsbFix By El Desaparecido (HKLM-x32\...\Usbfix) (Version:  - El Desaparecido - SosVirus.net)
Virtua Tennis 4™ (HKLM-x32\...\{53450FA2-E900-456E-9715-501000008200}) (Version: 1.0.0000.130 - SEGA) Hidden
Virtua Tennis 4™ (HKLM-x32\...\GFWL_{53450FA2-E900-456E-9715-501000008200}) (Version: 1.0.0000.130 - SEGA)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.3 - VideoLAN)
WicReset version 5.0.0.5 (HKLM-x32\...\{20379D3A-321B-4830-96A6-37183B713AE8}_is1) (Version: 5.0.0.5 - WWW.WIC.SUPPORT)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinSetupFromUSB (HKU\S-1-5-21-470037617-1738153215-1971209628-1001\...\WinSetupFromUSB) (Version:  - )
Wondershare MobileGo(Version 8.5.0) (HKLM-x32\...\{1E04C795-7359-4E05-8A0E-5644F777AA09}_is1) (Version: 8.5.0 - Wondershare)
ZSMC USB PC Camera (ZS0211) (HKLM-x32\...\{44D02D8B-FFB3-4245-8D26-68D10B4C4023}) (Version: 2007.04.19 - ZSMC)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> No File
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2016-01-29] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> No File
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-24] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

ShortcutWithArgument: C:\Users\Mati\AppData\Local\Google\Chrome\User Data\Menú de aplicaciones de Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\Mati\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Menú de aplicaciones de Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list

==================== Loaded Modules (Whitelisted) ==============

2009-08-18 11:24 - 2009-08-18 11:24 - 000167424 _____ (Microsoft Corporation) [File not signed] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
2018-07-02 21:30 - 2015-02-27 10:35 - 000489984 _____ (Newtonsoft) [File not signed] C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\Newtonsoft.Json.dll
2015-11-05 01:00 - 2012-11-12 15:15 - 000558592 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\enppmon.dll
2015-11-05 01:00 - 2012-10-22 17:19 - 000221184 _____ (SEIKO EPSON CORPORATION) [File not signed] C:\Windows\System32\enpres.dll
2018-07-02 21:30 - 2017-03-20 16:13 - 000087552 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppCollect.dll
2018-07-02 21:30 - 2017-03-20 16:13 - 000197632 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppCommon.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\ProgramData\TEMP:1AAB2E68 [127]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-09-28 23:59 - 2019-06-19 14:38 - 000000826 _____ C:\Windows\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
HKU\S-1-5-21-470037617-1738153215-1971209628-1001\Control Panel\Desktop\\Wallpaper -> %windir%\web\wallpaper\windows\img0.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CodecPackTrayMenu.lnk => C:\Windows\pss\CodecPackTrayMenu.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MobileGo Service.lnk => C:\Windows\pss\MobileGo Service.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SoftEther VPN Client Manager Startup.lnk => C:\Windows\pss\SoftEther VPN Client Manager Startup.lnk.CommonStartup
MSCONFIG\startupreg: ares => "C:\Program Files (x86)\Ares\Ares.exe" -h
MSCONFIG\startupreg: BigDogPath => C:\Windows\ZSSnp211.exe
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Domino => C:\Windows\Domino.exe
MSCONFIG\startupreg: EPLTarget => 
MSCONFIG\startupreg: Flvto YouTube Downloader => "C:\Users\Mati\AppData\Local\Flvto YouTube Downloader\FlvtoYoutubeDownloader.Redesign.exe" /minimize
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: MSC => "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: SoftEther VPN Client UI Helper => "C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe" /uihelp

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8CC2E106-79E0-4067-B63F-93CD65050FBE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CAABFD24-6F7A-43E9-8ABC-F15B46A920E0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9861F74D-4511-4443-959F-6377224C761F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C5CFF2FA-EADD-41BD-8664-299FE1C36F52}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A33221C5-5405-4A15-B2AE-13BF76FDEC82}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{34D833B1-5B27-46B3-9188-DEF2113A3BE4}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC-Foundation) [File not signed]
FirewallRules: [UDP Query User{3D6A3D8B-2AD3-4469-86E5-6F6687BE478C}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC-Foundation) [File not signed]
FirewallRules: [{45E3E2B7-4205-4521-B119-4F0496346019}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{08ED665E-000F-49CC-A2A8-9DAA5464C5D9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{FCAEBBD5-DFC2-467E-95AE-A640DBCF1B39}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F456526E-3A3A-4E5F-B7D9-EE24EEB08661}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A5EDA233-2B98-42B4-8F45-816FCAF8D3E1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5E21B65D-24BE-423A-B81A-D78664499355}] => (Allow) D:\2017\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A7E627F0-766D-44F8-B8A7-69E639137B37}] => (Allow) D:\2017\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{A3FF1B8C-506F-4E11-BC01-DE7C6408F18D}C:1\google\chrome\application\chrome.exe] => (Allow) C:1\google\chrome\application\chrome.exe No File
FirewallRules: [UDP Query User{EC186D4D-CF14-400B-A36B-015C56243180}C:1\google\chrome\application\chrome.exe] => (Allow) C:1\google\chrome\application\chrome.exe No File
FirewallRules: [TCP Query User{3101A9A7-F2D7-4D45-91D2-41FA2DB437A6}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe No File
FirewallRules: [UDP Query User{D826AA80-8CFB-4A53-8848-7A6B1A06BF11}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe No File
FirewallRules: [TCP Query User{C83D3E32-0452-4F76-8CA0-BDE974177B46}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe No File
FirewallRules: [UDP Query User{9E59507C-E4D4-47EA-ADA9-C73F3FA2137D}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe No File
FirewallRules: [TCP Query User{21821AFE-BA4A-48AC-90AF-35BB28ED8BAD}D:\2017\firefox.exe] => (Allow) D:\2017\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{7F8D73B2-54AD-49D7-9462-6191DAB7C7B0}D:\2017\firefox.exe] => (Allow) D:\2017\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{2352025B-FC59-4DC3-B449-BEF41959F722}C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe] => (Allow) C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe (Wondershare Technology Co.,Ltd -> Wondershare)
FirewallRules: [UDP Query User{A092479A-CE9B-4757-8DD2-C17F2ED361B9}C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe] => (Allow) C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe (Wondershare Technology Co.,Ltd -> Wondershare)
FirewallRules: [{C529970A-5A76-4118-8FD5-55E34D654CFE}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd -> Piriform Ltd)
FirewallRules: [{2C5BA035-3471-4602-8638-4CD03C97C948}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Ltd -> Piriform Ltd)
FirewallRules: [TCP Query User{E5C8E338-4621-4FA5-9969-7BD3F4E02C76}C:\program files (x86)\wondershare\mobilego\mobilego.exe] => (Block) C:\program files (x86)\wondershare\mobilego\mobilego.exe (Wondershare Technology Co.,Ltd -> Wondershare)
FirewallRules: [UDP Query User{6BCD9F5F-47E0-4AB5-95BF-6ECD4042915A}C:\program files (x86)\wondershare\mobilego\mobilego.exe] => (Block) C:\program files (x86)\wondershare\mobilego\mobilego.exe (Wondershare Technology Co.,Ltd -> Wondershare)
FirewallRules: [{C858E188-42E0-4EBE-B5ED-CBD13EE4C1A1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.)
FirewallRules: [TCP Query User{4C308AB5-69EF-4A63-A728-2C034AFB1B35}C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe] => (Allow) C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe (Wondershare Technology Co.,Ltd -> Wondershare)
FirewallRules: [UDP Query User{880013C7-1FC0-4C3F-B8B3-B97E57C94010}C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe] => (Allow) C:\program files (x86)\wondershare\mobilego\mobilegoservice.exe (Wondershare Technology Co.,Ltd -> Wondershare)

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/19/2019 06:14:46 PM) (Source: VSS) (EventID: 12305) (User: )
Description: Error del Servicio de instantáneas de volumen: volumen o disco no conectado
o no encontrado.
Contexto de error: GetComputerNameEx(3, NULL, [0]) [0].


Operación:
   Procesar BeginPrepareSnapshot
   Contexto de instantánea

Contexto:
   Contexto de ejecución: System Provider
   Nombre del volumen: \\?\Volume{18e7216f-d356-11e4-ac83-806e6f6e6963}\
   Id. de instantánea: {98c519cf-14e9-472f-918e-fa64b56eaabc}

Error: (06/19/2019 05:54:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.

Error: (06/19/2019 05:53:58 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: No se pudo crear el punto de restauración (proceso = C:\Users\Mati\Desktop\WIN7-7.125.307.2019\setup.exe ; descripción = Instalado Realtek Ethernet Controller Driver; error = 0x80042308).

Error: (06/19/2019 05:53:58 PM) (Source: VSS) (EventID: 12305) (User: )
Description: Error del Servicio de instantáneas de volumen: volumen o disco no conectado
o no encontrado.
Contexto de error: GetComputerNameEx(3, NULL, [0]) [0].


Operación:
   Procesar BeginPrepareSnapshot
   Contexto de instantánea

Contexto:
   Contexto de ejecución: System Provider
   Nombre del volumen: \\?\Volume{18e7216f-d356-11e4-ac83-806e6f6e6963}\
   Id. de instantánea: {84015d0a-05de-4f9d-b394-8a4f33146e3f}

Error: (06/19/2019 05:52:30 PM) (Source: Schedule) (EventID: 0) (User: )
Description: Event-ID 0

Error: (06/19/2019 05:49:39 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: No se pudo crear el punto de restauración (proceso = C:\Users\Mati\Desktop\WIN7-7.125.307.2019\setup.exe ; descripción = Eliminado Realtek Ethernet Controller Driver; error = 0x80042308).

Error: (06/19/2019 05:49:39 PM) (Source: VSS) (EventID: 12305) (User: )
Description: Error del Servicio de instantáneas de volumen: volumen o disco no conectado
o no encontrado.
Contexto de error: GetComputerNameEx(3, NULL, [0]) [0].


Operación:
   Procesar BeginPrepareSnapshot
   Contexto de instantánea

Contexto:
   Contexto de ejecución: System Provider
   Nombre del volumen: \\?\Volume{18e7216f-d356-11e4-ac83-806e6f6e6963}\
   Id. de instantánea: {220568fd-1686-4e2f-839f-f235878b8ffb}

Error: (06/19/2019 05:40:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: No se pudo reactivar el filtro de eventos con la consulta "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" en el espacio de nombres "//./root/CIMV2" por el error 0x80041003. Los eventos no se podrán entregar a través de este filtro hasta que se corrija este problema.


System errors:
=============
Error: (06/19/2019 06:22:31 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Antimalware de Microsoft ha encontrado un error al intentar actualizar las firmas.

	Nueva versión de firma: 

	Versión de firma anterior: 1.279.1036.0

	Origen de actualización: Centro de protección contra malware de Microsoft

	Etapa de actualización: Buscar

	Ruta de origen: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.15400.4&avdelta=1.279.1036.0&asdelta=1.279.1036.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Tipo de firma: Antispyware

	Tipo de actualización: Completa

	Usuario: NT AUTHORITY\Servicio de red

	Versión de motor actual: 

	Versión de motor anterior: 1.1.15400.4

	Código del error: 0x80072ee7

	Descripción del error: No se pudo resolver el nombre de servidor o su dirección

Error: (06/19/2019 06:22:31 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Antimalware de Microsoft ha encontrado un error al intentar actualizar las firmas.

	Nueva versión de firma: 

	Versión de firma anterior: 1.279.1036.0

	Origen de actualización: Centro de protección contra malware de Microsoft

	Etapa de actualización: Buscar

	Ruta de origen: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.15400.4&avdelta=1.279.1036.0&asdelta=1.279.1036.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Tipo de firma: Antivirus

	Tipo de actualización: Completa

	Usuario: NT AUTHORITY\Servicio de red

	Versión de motor actual: 

	Versión de motor anterior: 1.1.15400.4

	Código del error: 0x80072ee7

	Descripción del error: No se pudo resolver el nombre de servidor o su dirección

Error: (06/19/2019 06:22:31 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Antimalware de Microsoft ha encontrado un error al intentar actualizar las firmas.

	Nueva versión de firma: 

	Versión de firma anterior: 1.279.1036.0

	Origen de actualización: Servidor de Microsoft Update

	Etapa de actualización: Buscar

	Ruta de origen: http://www.microsoft.com

	Tipo de firma: Antivirus

	Tipo de actualización: Completa

	Usuario: NT AUTHORITY\SYSTEM

	Versión de motor actual: 

	Versión de motor anterior: 1.1.15400.4

	Código del error: 0x8024402c

	Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico.

Error: (06/19/2019 06:02:43 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Antimalware de Microsoft ha encontrado un error al intentar actualizar las firmas.

	Nueva versión de firma: 

	Versión de firma anterior: 1.279.1036.0

	Origen de actualización: Centro de protección contra malware de Microsoft

	Etapa de actualización: Buscar

	Ruta de origen: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.15400.4&avdelta=1.279.1036.0&asdelta=1.279.1036.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Tipo de firma: Antispyware

	Tipo de actualización: Completa

	Usuario: NT AUTHORITY\Servicio de red

	Versión de motor actual: 

	Versión de motor anterior: 1.1.15400.4

	Código del error: 0x80072ee7

	Descripción del error: No se pudo resolver el nombre de servidor o su dirección

Error: (06/19/2019 06:02:43 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Antimalware de Microsoft ha encontrado un error al intentar actualizar las firmas.

	Nueva versión de firma: 

	Versión de firma anterior: 1.279.1036.0

	Origen de actualización: Centro de protección contra malware de Microsoft

	Etapa de actualización: Buscar

	Ruta de origen: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.15400.4&avdelta=1.279.1036.0&asdelta=1.279.1036.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094

	Tipo de firma: Antivirus

	Tipo de actualización: Completa

	Usuario: NT AUTHORITY\Servicio de red

	Versión de motor actual: 

	Versión de motor anterior: 1.1.15400.4

	Código del error: 0x80072ee7

	Descripción del error: No se pudo resolver el nombre de servidor o su dirección

Error: (06/19/2019 06:02:43 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Antimalware de Microsoft ha encontrado un error al intentar actualizar las firmas.

	Nueva versión de firma: 

	Versión de firma anterior: 1.279.1036.0

	Origen de actualización: Servidor de Microsoft Update

	Etapa de actualización: Buscar

	Ruta de origen: http://www.microsoft.com

	Tipo de firma: Antivirus

	Tipo de actualización: Completa

	Usuario: NT AUTHORITY\SYSTEM

	Versión de motor actual: 

	Versión de motor anterior: 1.1.15400.4

	Código del error: 0x8024402c

	Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulte Ayuda y soporte técnico.

Error: (06/19/2019 06:02:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio eapihdrv no pudo iniciarse debido al siguiente error: 
Se ha bloqueado la descarga de este controlador

Error: (06/19/2019 06:02:13 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Se bloqueó la carga de \??\C:\Users\Mati\AppData\Local\Temp\ehdrv.sys por una incompatibilidad con este sistema. Póngase en contacto con el fabricante del software para obtener una versión compatible del controlador.


Windows Defender:
===================================
Date: 2015-03-26 09:26:37.822
Description: 
Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma:
Versión de firma anterior:
Origen de actualización:Usuario
Tipo de firma:
Tipo de actualización:
Usuario:Mati-PC\Mati
Versión de motor actual:
Versión de motor anterior:1.1.11502.0
Código de error:0x8050a003
Descripción de error:Este paquete no contiene archivos de definición actualizados para este programa. Para obtener más información, consulte Ayuda y soporte técnico. 

==================== Memory info =========================== 

BIOS: American Megatrends Inc. V1.12 12/30/2009
Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD P35 Platinum(MS-7345)
Processor: Intel(R) Core(TM)2 Quad CPU Q9650 @ 3.00GHz
Percentage of memory in use: 39%
Total physical RAM: 8191.3 MB
Available physical RAM: 4994.14 MB
Total Virtual: 16380.76 MB
Available Virtual: 12507.7 MB

==================== Drives ================================

Drive c: (fdfdferfer) (Fixed) (Total:95.73 GB) (Free:25.04 GB) NTFS
Drive d: () (Fixed) (Total:202.26 GB) (Free:79.01 GB) NTFS
Drive e: (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (Nuevo vol) (Fixed) (Total:64.36 GB) (Free:50.53 GB) NTFS
Drive h: (Progr y Doc) (Fixed) (Total:196.31 GB) (Free:150.91 GB) NTFS
Drive i: (Datos) (Fixed) (Total:204.99 GB) (Free:60.33 GB) NTFS


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: B543CEFE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=64.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=196.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=205 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 39C139C0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=95.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=202.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

victor_TeReparoLaPC · 20 Junio, 2019 01:30

@SanMar perdon estaba desde el movil y sin querer di solucion en un de los reportes y ya no veo tu ultimo mensaje que enviaste, donde me dedcias que tenia rootkit (dicho de paso se me olvido escanear por rootkit, siempre lo hago)

SanMar · 20 Junio, 2019 04:13

Hola

Me estaba dando un error el script y para que no te de error a ti lo oculte.

Ahora estoy yo desde el móvil en un rato lo arreglo y te aviso.

Salu2

Hola @victor_TeReparoLaPC

No es un falso positivo el Sistema tiene un Rootkits.

Sigue estos pasos:

1.- Muy Importante >>> Realizar una copia de Seguridad de su Registro.

Descarga DelFix en el escritorio de Windows.
Clic Derecho, “Ejecutar como Administrador”.
En la ventana principal, marca solamente la casilla “Create Registry Backup”.
Clic en Run.

Al terminar se abrirá un reporte llamado DelFix.txt, guárdelo por si fuera necesario y cierre la herramienta…

2.- Desactiva Temporalmente tu antivirus.

3.- Abre un nuevo archivo Notepad y copia y pega este contenido:


Start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-470037617-1738153215-1971209628-1001\...\MountPoints2: {0a80e7ee-d436-11e4-9e15-001d928483bf} - L:\setup.exe
roupPolicy: Restriction ? <==== ATTENTION
Task: {2B5404FC-E330-4390-945D-649BC660D11A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {2B5404FC-E330-4390-945D-649BC660D11A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [343040  [343040 2015-07-04]] (Microsoft Windows -> Microsoft Corporation)
Task: {9CE504EB-FAC5-4355-9DC4-FB692664A68A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {9CE504EB-FAC5-4355-9DC4-FB692664A68A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [343040  [343040 2015-07-04]] (Microsoft Windows -> Microsoft Corporation)
Task: {A44702B2-0CCD-4924-9BA4-1B2F50BC06F7} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {A44702B2-0CCD-4924-9BA4-1B2F50BC06F7} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {A44702B2-0CCD-4924-9BA4-1B2F50BC06F7} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [343040  [343040 2015-07-04]] (Microsoft Windows -> Microsoft Corporation)
Task: {D9498885-006B-4C1A-92CB-A391226D2E88} - System32\Tasks\{E2711D8C-B367-4A6F-A88C-1490E92BD75E} => C:\Windows\system32\pcalua.exe -a C:\Users\Mati\Downloads\WinSetupFromUSB_0-2-3.exe -d C:\Users\Mati\Downloads
Tcpip\Parameters: [DhcpNameServer] 186.130.128.250 186.130.129.250
Tcpip\..\Interfaces\{31B4C276-2391-4127-B9EB-023319F16CC8}: [DhcpNameServer] 186.130.128.250 186.130.129.250
Tcpip\..\Interfaces\{B09639EE-19D8-4AFD-B48F-9EBBB6D642FD}: [DhcpNameServer] 186.130.128.250 186.130.129.250
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-470037617-1738153215-1971209628-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-470037617-1738153215-1971209628-1001 -> ${searchCLSID} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
StartMenuInternet: FIREFOX.EXE - firefox.exe
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [oggekmchebjhcebioohbjaogddbmijcc] - C:\Users\Mati\AppData\Roaming\Chrome Extensions\Pick-your-Color_v1.0.2.crx [2017-09-15]
HKLM\SYSTEM\CurrentControlSet\Services\458276B498F951AA <==== ATTENTION (Rootkit!)
S2 MBAMService; "C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe" [X]
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
U3 aswbdisk; no ImagePath
S3 cpuz138; \??\C:\Users\Mati\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X] <==== ATTENTION
S3 MBAMSwissArmy; \SystemRoot\System32\Drivers\mbamswissarmy.sys [X]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2019-06-19 11:47 - 2019-06-19 11:47 - 000000000 ____D C:\Users\Mati\AppData\Local\mbamtray
2019-06-19 11:47 - 2019-06-19 11:47 - 000000000 ____D C:\Users\Mati\AppData\Local\mbam
2016-10-26 21:05 - 2018-11-02 17:00 - 000461837 _____ () C:\Users\Mati\AppData\Roaming\downloads.json
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> No File
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> No File
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> No File
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
ShortcutWithArgument: C:\Users\Mati\AppData\Local\Google\Chrome\User Data\Menú de aplicaciones de Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\Mati\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Menú de aplicaciones de Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\ProgramData\TEMP:1AAB2E68 [127]
FirewallRules: [TCP Query User{A3FF1B8C-506F-4E11-BC01-DE7C6408F18D}C:1\google\chrome\application\chrome.exe] => (Allow) C:1\google\chrome\application\chrome.exe No File
FirewallRules: [UDP Query User{EC186D4D-CF14-400B-A36B-015C56243180}C:1\google\chrome\application\chrome.exe] => (Allow) C:1\google\chrome\application\chrome.exe No File
FirewallRules: [TCP Query User{3101A9A7-F2D7-4D45-91D2-41FA2DB437A6}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe No File
FirewallRules: [UDP Query User{D826AA80-8CFB-4A53-8848-7A6B1A06BF11}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe No File
FirewallRules: [TCP Query User{C83D3E32-0452-4F76-8CA0-BDE974177B46}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe No File
FirewallRules: [UDP Query User{9E59507C-E4D4-47EA-ADA9-C73F3FA2137D}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe No File

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END

Lo guardas bajo el nombre de fixlist.txt en el escritorio <<< Esto es muy importante.

Nota: Es necesario que el ejecutable Frst.exe y fixlist.txt se encuentren en la misma ubicación (escritorio) o si no la herramienta no trabajara.

Ejecutas Frst.exe.
Presionas el botón Fix y aguardas a que termine.
La Herramienta guardara el reporte en tu escritorio (Fixlog.txt).
Lo pegas en tu próxima respuesta.

Cualquier error o cuelgue o problema que tengas no insistas, vienes y lo comentas.

El equipo ademas tiene el siguiente error:

Error: (06/19/2019 05:49:39 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: No se pudo crear el punto de restauración (proceso = C:\Users\Mati\Desktop\WIN7-7.125.307.2019\setup.exe ; descripción = Eliminado Realtek Ethernet Controller Driver; error = 0x80042308).

Revisa en el Administrador de Dispositivos si encuentras ese driver que te marque en negrita.

Nos comentas.

Salu2

victor_TeReparoLaPC · 20 Junio, 2019 04:22

Mañana luego del trabajo realizare los pasos, ya ire a dormir son las 1:20 AM, en cuanto a esto : C:\Users\Mati\Desktop\WIN7-7.125.307.2019\setup.exe ; descripción = Eliminado Realtek Ethernet Controller Driver ; error = 0x80042308). Es el driver oficial de mi tarjeta ethernet Onboard fue para intentar reinstalar el driver pero no ayudo y esa carpeta estaba en el escritotio y fue borrada. Saludos y gracias por la ayuda.

SanMar · 20 Junio, 2019 04:26

Hola:

Perfecto, esperamos el reporte

Salu2

victor_TeReparoLaPC · 20 Junio, 2019 18:57

Hola @SanMar aca dejo el reporte del fix. El problema continua.

Fix result of Farbar Recovery Scan Tool (x64) Version: 19-06-2019
Ran by Mati (20-06-2019 15:53:59) Run:1
Running from C:\Users\Mati\Desktop
Loaded Profiles: Mati (Available Profiles: Mati)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-470037617-1738153215-1971209628-1001\...\MountPoints2: {0a80e7ee-d436-11e4-9e15-001d928483bf} - L:\setup.exe
roupPolicy: Restriction ? <==== ATTENTION
Task: {2B5404FC-E330-4390-945D-649BC660D11A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {2B5404FC-E330-4390-945D-649BC660D11A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [343040  [343040 2015-07-04]] (Microsoft Windows -> Microsoft Corporation)
Task: {9CE504EB-FAC5-4355-9DC4-FB692664A68A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfigAndContent
Task: {9CE504EB-FAC5-4355-9DC4-FB692664A68A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => Command(2): C:\Windows\system32\GWX\GWXDetector.exe [343040  [343040 2015-07-04]] (Microsoft Windows -> Microsoft Corporation)
Task: {A44702B2-0CCD-4924-9BA4-1B2F50BC06F7} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(1): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshConfig
Task: {A44702B2-0CCD-4924-9BA4-1B2F50BC06F7} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(2): %windir%\system32\GWX\GWXConfigManager.exe -> /RefreshContent
Task: {A44702B2-0CCD-4924-9BA4-1B2F50BC06F7} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => Command(3): C:\Windows\system32\GWX\GWXDetector.exe [343040  [343040 2015-07-04]] (Microsoft Windows -> Microsoft Corporation)
Task: {D9498885-006B-4C1A-92CB-A391226D2E88} - System32\Tasks\{E2711D8C-B367-4A6F-A88C-1490E92BD75E} => C:\Windows\system32\pcalua.exe -a C:\Users\Mati\Downloads\WinSetupFromUSB_0-2-3.exe -d C:\Users\Mati\Downloads
Tcpip\Parameters: [DhcpNameServer] 186.130.128.250 186.130.129.250
Tcpip\..\Interfaces\{31B4C276-2391-4127-B9EB-023319F16CC8}: [DhcpNameServer] 186.130.128.250 186.130.129.250
Tcpip\..\Interfaces\{B09639EE-19D8-4AFD-B48F-9EBBB6D642FD}: [DhcpNameServer] 186.130.128.250 186.130.129.250
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-470037617-1738153215-1971209628-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-470037617-1738153215-1971209628-1001 -> ${searchCLSID} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
StartMenuInternet: FIREFOX.EXE - firefox.exe
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [oggekmchebjhcebioohbjaogddbmijcc] - C:\Users\Mati\AppData\Roaming\Chrome Extensions\Pick-your-Color_v1.0.2.crx [2017-09-15]
HKLM\SYSTEM\CurrentControlSet\Services\458276B498F951AA <==== ATTENTION (Rootkit!)
S2 MBAMService; "C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe" [X]
S3 andnetadb; System32\Drivers\lgandnetadb.sys [X]
S3 AndNetDiag; system32\DRIVERS\lgandnetdiag64.sys [X]
S3 ANDNetModem; system32\DRIVERS\lgandnetmodem64.sys [X]
U3 aswbdisk; no ImagePath
S3 cpuz138; \??\C:\Users\Mati\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X] <==== ATTENTION
S3 MBAMSwissArmy; \SystemRoot\System32\Drivers\mbamswissarmy.sys [X]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2019-06-19 11:47 - 2019-06-19 11:47 - 000000000 ____D C:\Users\Mati\AppData\Local\mbamtray
2019-06-19 11:47 - 2019-06-19 11:47 - 000000000 ____D C:\Users\Mati\AppData\Local\mbam
2016-10-26 21:05 - 2018-11-02 17:00 - 000461837 _____ () C:\Users\Mati\AppData\Roaming\downloads.json
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> No File
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> No File
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} =>  -> No File
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
ShortcutWithArgument: C:\Users\Mati\AppData\Local\Google\Chrome\User Data\Men� de aplicaciones de Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\Mati\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Men� de aplicaciones de Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\ProgramData\TEMP:1AAB2E68 [127]
FirewallRules: [TCP Query User{A3FF1B8C-506F-4E11-BC01-DE7C6408F18D}C:1\google\chrome\application\chrome.exe] => (Allow) C:1\google\chrome\application\chrome.exe No File
FirewallRules: [UDP Query User{EC186D4D-CF14-400B-A36B-015C56243180}C:1\google\chrome\application\chrome.exe] => (Allow) C:1\google\chrome\application\chrome.exe No File
FirewallRules: [TCP Query User{3101A9A7-F2D7-4D45-91D2-41FA2DB437A6}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe No File
FirewallRules: [UDP Query User{D826AA80-8CFB-4A53-8848-7A6B1A06BF11}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe No File
FirewallRules: [TCP Query User{C83D3E32-0452-4F76-8CA0-BDE974177B46}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe No File
FirewallRules: [UDP Query User{9E59507C-E4D4-47EA-ADA9-C73F3FA2137D}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe No File

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
END
*****************

Processes closed successfully.
Error: (0) Failed to create a restore point.
HKU\S-1-5-21-470037617-1738153215-1971209628-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a80e7ee-d436-11e4-9e15-001d928483bf} => removed successfully
HKLM\Software\Classes\CLSID\{0a80e7ee-d436-11e4-9e15-001d928483bf} => not found
roupPolicy: Restriction ? <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2B5404FC-E330-4390-945D-649BC660D11A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B5404FC-E330-4390-945D-649BC660D11A}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B5404FC-E330-4390-945D-649BC660D11A}" => not found
"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9CE504EB-FAC5-4355-9DC4-FB692664A68A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CE504EB-FAC5-4355-9DC4-FB692664A68A}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CE504EB-FAC5-4355-9DC4-FB692664A68A}" => not found
"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A44702B2-0CCD-4924-9BA4-1B2F50BC06F7}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A44702B2-0CCD-4924-9BA4-1B2F50BC06F7}" => removed successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A44702B2-0CCD-4924-9BA4-1B2F50BC06F7}" => not found
"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A44702B2-0CCD-4924-9BA4-1B2F50BC06F7}" => not found
"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D9498885-006B-4C1A-92CB-A391226D2E88}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9498885-006B-4C1A-92CB-A391226D2E88}" => removed successfully
C:\Windows\System32\Tasks\{E2711D8C-B367-4A6F-A88C-1490E92BD75E} => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E2711D8C-B367-4A6F-A88C-1490E92BD75E}" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{31B4C276-2391-4127-B9EB-023319F16CC8}\\DhcpNameServer" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B09639EE-19D8-4AFD-B48F-9EBBB6D642FD}\\DhcpNameServer" => removed successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\ielnksrch => not found
"HKU\S-1-5-21-470037617-1738153215-1971209628-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-470037617-1738153215-1971209628-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\${searchCLSID} => removed successfully
HKLM\Software\Classes\CLSID\${searchCLSID} => not found
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => value restored successfully
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj => removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\oggekmchebjhcebioohbjaogddbmijcc => removed successfully
C:\Users\Mati\AppData\Roaming\Chrome Extensions\Pick-your-Color_v1.0.2.crx => moved successfully
HKLM\SYSTEM\CurrentControlSet\Services\458276B498F951AA <==== ATTENTION (Rootkit!) => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\MBAMService => removed successfully
MBAMService => service removed successfully
HKLM\System\CurrentControlSet\Services\andnetadb => removed successfully
andnetadb => service removed successfully
HKLM\System\CurrentControlSet\Services\AndNetDiag => removed successfully
AndNetDiag => service removed successfully
HKLM\System\CurrentControlSet\Services\ANDNetModem => removed successfully
ANDNetModem => service removed successfully
HKLM\System\CurrentControlSet\Services\aswbdisk => removed successfully
aswbdisk => service removed successfully
HKLM\System\CurrentControlSet\Services\cpuz138 => removed successfully
cpuz138 => service removed successfully
HKLM\System\CurrentControlSet\Services\MBAMSwissArmy => removed successfully
MBAMSwissArmy => service removed successfully
HKLM\System\CurrentControlSet\Services\usbbus => removed successfully
usbbus => service removed successfully
HKLM\System\CurrentControlSet\Services\UsbDiag => removed successfully
UsbDiag => service removed successfully
HKLM\System\CurrentControlSet\Services\USBModem => removed successfully
USBModem => service removed successfully
HKLM\System\CurrentControlSet\Services\VGPU => removed successfully
VGPU => service removed successfully
C:\Users\Mati\AppData\Local\mbamtray => moved successfully
C:\Users\Mati\AppData\Local\mbam => moved successfully
C:\Users\Mati\AppData\Roaming\downloads.json => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\UAContextMenu => removed successfully
HKLM\Software\Classes\CLSID\{A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\UAContextMenu => removed successfully
HKLM\Software\Classes\CLSID\{A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => not found
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\UAContextMenu => removed successfully
HKLM\Software\Classes\CLSID\{A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => not found
"CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"" => removed successfully
"BVTFilter" => removed successfully
"BVTConsumer" => removed successfully
"C:\Users\Mati\AppData\Local\Google\Chrome\User Data\Men� de aplicaciones de Chrome.lnk" => not found
"C:\Users\Mati\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Men� de aplicaciones de Chrome.lnk" => not found
C:\ProgramData\Reprise => ":wupeogjxldtlfudivq`qsp`27hfm" ADS removed successfully
C:\ProgramData\TEMP => ":1AAB2E68" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{A3FF1B8C-506F-4E11-BC01-DE7C6408F18D}C:1\google\chrome\application\chrome.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{EC186D4D-CF14-400B-A36B-015C56243180}C:1\google\chrome\application\chrome.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{3101A9A7-F2D7-4D45-91D2-41FA2DB437A6}C:\program files (x86)\ares\ares.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D826AA80-8CFB-4A53-8848-7A6B1A06BF11}C:\program files (x86)\ares\ares.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C83D3E32-0452-4F76-8CA0-BDE974177B46}C:\program files (x86)\ares\ares.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9E59507C-E4D4-47EA-ADA9-C73F3FA2137D}C:\program files (x86)\ares\ares.exe" => removed successfully

========= ipconfig /flushdns =========


Configuraci¢n IP de Windows

Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.

========= End of CMD: =========


========= ipconfig /renew =========


Configuraci¢n IP de Windows

No se puede realizar ninguna operaci¢n en Conexi¢n de  rea local 2 mientras los medios
est‚n desconectados.

Adaptador de Ethernet Conexi¢n de  rea local:

   Sufijo DNS espec¡fico para la conexi¢n. . : 
   Direcci¢n IPv6 . . . . . . . . . . : 2802:8000:642:f100:14a8:b439:c9e5:bad5
   Direcci¢n IPv6 temporal. . . . . . : 2802:8000:642:f100:29c8:f9ac:9423:fafc
   V¡nculo: direcci¢n IPv6 local. . . : fe80::14a8:b439:c9e5:bad5%19
   Direcci¢n IPv4. . . . . . . . . . . . . . : 192.168.1.37
   M scara de subred . . . . . . . . . . . . : 255.255.255.0
   Puerta de enlace predeterminada . . . . . : fe80::e241:36ff:fe63:3c98%19
                                       192.168.1.1

Adaptador de Ethernet Conexi¢n de  rea local 2:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de t£nel isatap.{B09639EE-19D8-4AFD-B48F-9EBBB6D642FD}:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de t£nel Conexi¢n de  rea local*:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

Adaptador de t£nel isatap.{31B4C276-2391-4127-B9EB-023319F16CC8}:

   Estado de los medios. . . . . . . . . . . : medios desconectados
   Sufijo DNS espec¡fico para la conexi¢n. . : 

========= End of CMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {508AB632-F1E5-4FC4-BF40-7CDC94BF58C7}.
Unable to cancel {7FCF11A2-8C33-4727-8D8D-B178B239062B}.
Unable to cancel {65DA741E-3B9E-4F27-A795-392A527A3E73}.
Unable to cancel {36BA1C89-C3EB-4CCC-B360-7631DA0D6AB2}.
Unable to cancel {215CA5C6-90CB-420D-A2C9-B38D178EB969}.
Unable to cancel {0FFE6098-4368-48B6-91C6-F8EA4ED5A88D}.
Unable to cancel {65B0DAF9-B248-4D05-B09C-DB369D2C3402}.
Unable to cancel {366BC974-62BF-4D0F-BC5B-C854546F8463}.
0 out of 8 jobs canceled.

========= End of CMD: =========


========= netsh winsock reset =========


El cat logo Winsock se restableci¢ correctamente.
Debe reiniciar el equipo para completar el restablecimiento.


========= End of CMD: =========


========= netsh advfirewall reset =========

Aceptar


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Aceptar


========= End of CMD: =========


========= netsh int ipv4 reset =========

Global se restableci¢ correctamente.
Interfaz se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= netsh int ipv6 reset =========

Interfaz se restableci¢ correctamente.
Reinicie el equipo para completar esta acci¢n.


========= End of CMD: =========


========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully
"HKU\S-1-5-21-470037617-1738153215-1971209628-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => removed successfully
"HKU\S-1-5-21-470037617-1738153215-1971209628-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11511464 B
Java, Flash, Steam htmlcache => 1252 B
Windows/system/drivers => 8981809 B
Edge => 0 B
Chrome => 11805848 B
Firefox => 7912152 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 9983036 B
LocalService => 0 B
NetworkService => 231593025 B
Mati => 18330876 B

RecycleBin => 223708858 B
EmptyTemp: => 507.6 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:54:44 ====

SanMar · 20 Junio, 2019 19:50

Hola @victor_TeReparoLaPC

Lo imaginaba, ademas el Rootkit sigue allí.

1.- Descarga, instala y ejecuta de acuerdo a su Manual TDSKiller.

Manual de TDSSKiller

2.- Luego de reiniciar descarga FSS.exe a tu escritorio.

Ejecuta FSS.exe (Presiona clic derecho y seleccionas Ejecutar como administrador)

Marca todas las opciones:

Internet Services.
Windows Firewall
System Restore.
Security Center/Action Center.
Windows Update.
Windows Defender.

Presiona el botón Scan y esperá a que termine su trabajo.

Se abrirá un Bloc de notas. Copia y pega el contenido en tu próxima respuesta.

Esperamos ambos reportes.

Salu2.

victor_TeReparoLaPC · 20 Junio, 2019 20:13

El problema continua

16:53:08.0907 0x07fc  TDSS rootkit removing tool 3.1.0.28 Apr  9 2019 21:11:46
16:53:13.0485 0x07fc  ============================================================
16:53:13.0485 0x07fc  Current date / time: 2019/06/20 16:53:13.0485
16:53:13.0485 0x07fc  SystemInfo:
16:53:13.0485 0x07fc  
16:53:13.0485 0x07fc  OS Version: 6.1.7601 ServicePack: 1.0
16:53:13.0485 0x07fc  Product type: Workstation
16:53:13.0485 0x07fc  ComputerName: MATI-PC
16:53:13.0485 0x07fc  UserName: Mati
16:53:13.0485 0x07fc  Windows directory: C:\Windows
16:53:13.0485 0x07fc  System windows directory: C:\Windows
16:53:13.0485 0x07fc  Running under WOW64
16:53:13.0485 0x07fc  Processor architecture: Intel x64
16:53:13.0485 0x07fc  Number of processors: 4
16:53:13.0485 0x07fc  Page size: 0x1000
16:53:13.0485 0x07fc  Boot type: Normal boot
16:53:13.0485 0x07fc  CodeIntegrityOptions = 0x00000001
16:53:13.0485 0x07fc  ============================================================
16:53:15.0188 0x07fc  KLMD registered as C:\Windows\system32\drivers\22267614.sys
16:53:15.0188 0x07fc  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 7601.24150, osProperties = 0x1
16:53:15.0375 0x07fc  System UUID: {2DBD5F72-AF29-BFAE-C971-0609320C6D0A}
16:53:15.0579 0x07fc  Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:53:19.0860 0x07fc  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0x7E2CB, SectorsPerTrack: 0xE, TracksPerCylinder: 0x87, Type 'K0', Flags 0x00000040
16:53:19.0875 0x07fc  ============================================================
16:53:19.0875 0x07fc  \Device\Harddisk1\DR1:
16:53:19.0875 0x07fc  MBR partitions:
16:53:19.0875 0x07fc  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:53:19.0875 0x07fc  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xBF74000
16:53:19.0875 0x07fc  \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0xBFA6800, BlocksNum 0x19487800
16:53:19.0875 0x07fc  \Device\Harddisk0\DR0:
16:53:19.0875 0x07fc  MBR partitions:
16:53:19.0875 0x07fc  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:53:19.0875 0x07fc  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x80B6000
16:53:19.0875 0x07fc  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x80E8B5E, BlocksNum 0x188A025B
16:53:19.0875 0x07fc  \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x20988DB9, BlocksNum 0x199FBE88
16:53:19.0875 0x07fc  ============================================================
16:53:19.0891 0x07fc  C: <-> \Device\Harddisk1\DR1\Partition2
16:53:19.0922 0x07fc  D: <-> \Device\Harddisk1\DR1\Partition3
16:53:19.0954 0x07fc  F: <-> \Device\Harddisk1\DR1\Partition1
16:53:19.0969 0x07fc  G: <-> \Device\Harddisk0\DR0\Partition2
16:53:20.0000 0x07fc  H: <-> \Device\Harddisk0\DR0\Partition3
16:53:20.0032 0x07fc  I: <-> \Device\Harddisk0\DR0\Partition4
16:53:20.0047 0x07fc  E: <-> \Device\Harddisk0\DR0\Partition1
16:53:20.0047 0x07fc  ============================================================
16:53:20.0047 0x07fc  Initialize success
16:53:20.0047 0x07fc  ============================================================
16:58:12.0612 0x0e1c  ============================================================
16:58:12.0612 0x0e1c  Scan started
16:58:12.0612 0x0e1c  Mode: Manual; 
16:58:12.0612 0x0e1c  ============================================================
16:58:12.0612 0x0e1c  KSN ping started
16:58:12.0893 0x0e1c  KSN ping finished: true
16:58:13.0534 0x0e1c  ================ Scan BIOS =================================
16:58:13.0534 0x0e1c  BIOS info: vendor = American Megatrends Inc., version = V1.12, releaseDate = 12/30/2009
16:58:13.0534 0x0e1c  Base board info: manufacturer = MICRO-STAR INTERNATIONAL CO.,LTD, product = P35 Platinum(MS-7345), version = 1.0
16:58:14.0643 0x0e1c  [ 65F1156F4F53F236C874100A45D86D42, CCD03F2E50A8DE70F7C7A2858E260CF1A2F0BBB8833305C77E40FCDA53D9B9B7 ] BIOS
16:58:14.0643 0x0e1c  BIOS - ok
16:58:14.0643 0x0e1c  ================ Scan system memory ========================
16:58:14.0643 0x0e1c  System memory - ok
16:58:14.0643 0x0e1c  ================ Scan services =============================
16:58:14.0784 0x0e1c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
16:58:14.0784 0x0e1c  1394ohci - ok
16:58:14.0846 0x0e1c  [ BDFA7A13CC73B180BBDF1ABA280E1CF7, BF97E7DF4CF526BF37408CFE30106981842F20769FA949B8EFDBE37306BF929A ] 1634E677        C:\Windows\system32\drivers\1634E677.sys
16:58:14.0862 0x0e1c  1634E677 - ok
16:58:14.0940 0x0e1c  [ DCA5495CA17AEB2F4FD8AC60812C3999, 20A3FC0349294584C340C76D674EE5CA37BA69C886DDA6886CBCCFA437A51BD8 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:58:14.0956 0x0e1c  ACPI - ok
16:58:14.0971 0x0e1c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
16:58:14.0971 0x0e1c  AcpiPmi - ok
16:58:15.0096 0x0e1c  [ 696A8431DD22EDE385D7AB84E0EAF4C9, E5892B346904C7A392A0B1C8F4C9066BC535A2C70307123C8E1F2157353333F0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:58:15.0112 0x0e1c  AdobeARMservice - ok
16:58:15.0237 0x0e1c  [ 13521A1D38F1BECD6CC8086CFFC0C5EF, 2993A0088310F17643E58CB7DDBABB757450819B44AF92B78B5AA6CE681E97A2 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:58:15.0252 0x0e1c  AdobeFlashPlayerUpdateSvc - ok
16:58:15.0299 0x0e1c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
16:58:15.0315 0x0e1c  adp94xx - ok
16:58:15.0346 0x0e1c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
16:58:15.0362 0x0e1c  adpahci - ok
16:58:15.0377 0x0e1c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
16:58:15.0377 0x0e1c  adpu320 - ok
16:58:15.0409 0x0e1c  [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:58:15.0424 0x0e1c  AeLookupSvc - ok
16:58:15.0502 0x0e1c  [ 0DC2A9882540DEA4A55B08785E09D8FC, 69B15724B0034F9915AACE109A6C596D6AF2DA350FC18C9A0CD98C81CB7EDEE3 ] AFD             C:\Windows\system32\drivers\afd.sys
16:58:15.0518 0x0e1c  AFD - ok
16:58:15.0549 0x0e1c  [ 466BF4170DC41BB939F1F9AB8F97F8F5, 603BF9DA00AABF2CC9FA89865EBCF0CDAADB77D147D0B9FC30480DA7D8215C61 ] agp440          C:\Windows\system32\drivers\agp440.sys
16:58:15.0549 0x0e1c  agp440 - ok
16:58:15.0581 0x0e1c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
16:58:15.0581 0x0e1c  ALG - ok
16:58:15.0596 0x0e1c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:58:15.0596 0x0e1c  aliide - ok
16:58:15.0612 0x0e1c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
16:58:15.0627 0x0e1c  amdide - ok
16:58:15.0627 0x0e1c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
16:58:15.0643 0x0e1c  AmdK8 - ok
16:58:15.0643 0x0e1c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
16:58:15.0643 0x0e1c  AmdPPM - ok
16:58:15.0659 0x0e1c  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:58:15.0659 0x0e1c  amdsata - ok
16:58:15.0690 0x0e1c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
16:58:15.0690 0x0e1c  amdsbs - ok
16:58:15.0706 0x0e1c  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:58:15.0706 0x0e1c  amdxata - ok
16:58:15.0737 0x0e1c  [ 204EEBF8D67B5C16F9AEB5174A8CEB90, C8F22829239CD7FE010AB577F9D41B39BFD61224B5AC510FF6D67F4A978A93F7 ] AppID           C:\Windows\system32\drivers\appid.sys
16:58:15.0737 0x0e1c  AppID - ok
16:58:15.0752 0x0e1c  [ 53396A117500B9EE8D9E35B55F1870DF, A9B3AC8C0052A782EF9DA1F7FC8E6996D013137CBDEAB37EC3969F350B4F01E3 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:58:15.0752 0x0e1c  AppIDSvc - ok
16:58:15.0784 0x0e1c  [ D92C0D871FBA258CBF2126EABFE31447, 62E2C3CF0E3BB6A4C6AC101333728E447960B182C11F7B1900CA5C6E4B46D02C ] Appinfo         C:\Windows\System32\appinfo.dll
16:58:15.0784 0x0e1c  Appinfo - ok
16:58:15.0831 0x0e1c  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
16:58:15.0831 0x0e1c  AppMgmt - ok
16:58:15.0846 0x0e1c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
16:58:15.0862 0x0e1c  arc - ok
16:58:15.0862 0x0e1c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
16:58:15.0877 0x0e1c  arcsas - ok
16:58:15.0971 0x0e1c  [ 2BE5C30079D9D06D756BBF0B8C4CC33F, 3C06F950ADE76519DF438322900416D66E5801003721FA8EB9DDD37EBF6CA218 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:58:15.0987 0x0e1c  aspnet_state - ok
16:58:16.0034 0x0e1c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:58:16.0034 0x0e1c  AsyncMac - ok
16:58:16.0049 0x0e1c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
16:58:16.0049 0x0e1c  atapi - ok
16:58:16.0112 0x0e1c  [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:58:16.0143 0x0e1c  AudioEndpointBuilder - ok
16:58:16.0159 0x0e1c  [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
16:58:16.0159 0x0e1c  AudioSrv - ok
16:58:16.0190 0x0e1c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:58:16.0190 0x0e1c  AxInstSV - ok
16:58:16.0221 0x0e1c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
16:58:16.0237 0x0e1c  b06bdrv - ok
16:58:16.0284 0x0e1c  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
16:58:16.0284 0x0e1c  b57nd60a - ok
16:58:16.0299 0x0e1c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:58:16.0299 0x0e1c  BDESVC - ok
16:58:16.0331 0x0e1c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:58:16.0331 0x0e1c  Beep - ok
16:58:16.0393 0x0e1c  [ E3ED6C06462FDDE33100F7E45E8F5213, 71AA528F8912106FDAD83175A7529CF94B5B19093D2C63C25FAC198587286F87 ] BFE             C:\Windows\System32\bfe.dll
16:58:16.0409 0x0e1c  BFE - ok
16:58:16.0471 0x0e1c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
16:58:16.0502 0x0e1c  BITS - ok
16:58:16.0534 0x0e1c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:58:16.0534 0x0e1c  blbdrive - ok
16:58:16.0581 0x0e1c  [ ABA3984C822E4D3F889699912D85D6C5, 2251FA135CC290DA13DAE4743F393C7CC9E6A737C054707CB8D72C369D1FFACB ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:58:16.0581 0x0e1c  bowser - ok
16:58:16.0596 0x0e1c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
16:58:16.0596 0x0e1c  BrFiltLo - ok
16:58:16.0612 0x0e1c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
16:58:16.0612 0x0e1c  BrFiltUp - ok
16:58:16.0643 0x0e1c  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
16:58:16.0659 0x0e1c  Browser - ok
16:58:16.0674 0x0e1c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:58:16.0690 0x0e1c  Brserid - ok
16:58:16.0737 0x0e1c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:58:16.0737 0x0e1c  BrSerWdm - ok
16:58:16.0752 0x0e1c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:58:16.0752 0x0e1c  BrUsbMdm - ok
16:58:16.0768 0x0e1c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:58:16.0768 0x0e1c  BrUsbSer - ok
16:58:16.0768 0x0e1c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
16:58:16.0784 0x0e1c  BTHMODEM - ok
16:58:16.0799 0x0e1c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
16:58:16.0799 0x0e1c  bthserv - ok
16:58:16.0846 0x0e1c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:58:16.0846 0x0e1c  cdfs - ok
16:58:16.0877 0x0e1c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
16:58:16.0877 0x0e1c  cdrom - ok
16:58:16.0893 0x0e1c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
16:58:16.0893 0x0e1c  CertPropSvc - ok
16:58:16.0909 0x0e1c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
16:58:16.0909 0x0e1c  circlass - ok
16:58:16.0987 0x0e1c  [ B5D7A0638CA817BA7D8A4DFD3499BA2A, B20EDC88A37C87456102EFFCA5EDD6DC9EFDA4B2E03DD9611C06693D1E4BC526 ] CLFS            C:\Windows\system32\CLFS.sys
16:58:17.0018 0x0e1c  CLFS - ok
16:58:17.0065 0x0e1c  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:58:17.0065 0x0e1c  clr_optimization_v2.0.50727_32 - ok
16:58:17.0127 0x0e1c  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:58:17.0143 0x0e1c  clr_optimization_v2.0.50727_64 - ok
16:58:17.0190 0x0e1c  [ E92174C5B9610D580C6BAAE75A4DB9C8, 03049649E81BDABBCF1F9A544C064B5ECFF2CB31CD5C8DB41FC598078B906936 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:58:17.0190 0x0e1c  clr_optimization_v4.0.30319_32 - ok
16:58:17.0206 0x0e1c  [ 578F1BA9228FA9C270B1A4DDCC77EB2F, A1057FC68625811E785B11B04E4EA7EE4F3EC805F72FC62D02BAEB5D5BFD2428 ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:58:17.0206 0x0e1c  clr_optimization_v4.0.30319_64 - ok
16:58:17.0237 0x0e1c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
16:58:17.0237 0x0e1c  CmBatt - ok
16:58:17.0237 0x0e1c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:58:17.0237 0x0e1c  cmdide - ok
16:58:17.0315 0x0e1c  [ 9DE8D00626F01DBD1879A6655D7A752D, 7624FEAEC4FBB2FAC484DA295FB748136BB331032FC58B426A45802F55F5C24D ] CNG             C:\Windows\system32\Drivers\cng.sys
16:58:17.0331 0x0e1c  CNG - ok
16:58:17.0362 0x0e1c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
16:58:17.0362 0x0e1c  Compbatt - ok
16:58:17.0377 0x0e1c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
16:58:17.0393 0x0e1c  CompositeBus - ok
16:58:17.0393 0x0e1c  COMSysApp - ok
16:58:17.0409 0x0e1c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
16:58:17.0409 0x0e1c  crcdisk - ok
16:58:17.0440 0x0e1c  [ EC0550300E899BD69BDB5937E684D348, 982E5FB213F6DE07F061D4FE201CA69D99572398ED41C953E0B3358C3FD9EBF6 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:58:17.0440 0x0e1c  CryptSvc - ok
16:58:17.0487 0x0e1c  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
16:58:17.0502 0x0e1c  CSC - ok
16:58:17.0534 0x0e1c  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
16:58:17.0565 0x0e1c  CscService - ok
16:58:17.0581 0x0e1c  [ 4CE2D42E24914EE91BFFCD8D8485A1BB, 64A005A2B56CDEB00F43B56040DEB7E5995909E9E11AFB4535895A2C3F0A4648 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:58:17.0596 0x0e1c  DcomLaunch - ok
16:58:17.0627 0x0e1c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
16:58:17.0627 0x0e1c  defragsvc - ok
16:58:17.0659 0x0e1c  [ 7D2D2284833760A82308CF09F7618E8B, A78F9369D4614D305D2F8E3CD2C697107781DD83A695022A192B2D8E1E21A05D ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:58:17.0659 0x0e1c  DfsC - ok
16:58:17.0721 0x0e1c  [ 5F78930AAB3900102EA8ACDD38F97324, 49CAE29CC7B1B846BDE603B1A411833162ACC1A9D1608BFDF67C2EA3A0EE0F85 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
16:58:17.0721 0x0e1c  dg_ssudbus - ok
16:58:17.0737 0x0e1c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:58:17.0752 0x0e1c  Dhcp - ok
16:58:17.0846 0x0e1c  [ EE9954237F15BE4DD9304D12E4D305ED, F295C9BAF20F0E669B673AFCC16B4969EE31B6A3808980DAB93D9B0F167DA3C0 ] DiagTrack       C:\Windows\system32\diagtrack.dll
16:58:17.0893 0x0e1c  DiagTrack - ok
16:58:17.0924 0x0e1c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
16:58:17.0924 0x0e1c  discache - ok
16:58:17.0940 0x0e1c  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
16:58:17.0940 0x0e1c  Disk - ok
16:58:17.0956 0x0e1c  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
16:58:17.0956 0x0e1c  dmvsc - ok
16:58:18.0002 0x0e1c  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:58:18.0002 0x0e1c  Dnscache - ok
16:58:18.0018 0x0e1c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:58:18.0034 0x0e1c  dot3svc - ok
16:58:18.0049 0x0e1c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
16:58:18.0049 0x0e1c  DPS - ok
16:58:18.0081 0x0e1c  [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:58:18.0081 0x0e1c  drmkaud - ok
16:58:18.0159 0x0e1c  [ 5CEF80AE869336376F550ECAE91E424A, 49152AC35556A5629AE7A4A762FDB2112FAD1C9CDB91E6196172809F74A3149A ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:58:18.0190 0x0e1c  DXGKrnl - ok
16:58:18.0206 0x0e1c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
16:58:18.0206 0x0e1c  EapHost - ok
16:58:18.0315 0x0e1c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
16:58:18.0409 0x0e1c  ebdrv - ok
16:58:18.0456 0x0e1c  [ 979C12C081DFF8BFE24EEA2D68234BDA, A1358D520BBD2192AA8DBA09104D93462CDAE6A44A883CCDD8E215D732BA8A7F ] EFS             C:\Windows\System32\lsass.exe
16:58:18.0456 0x0e1c  EFS - ok
16:58:18.0502 0x0e1c  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:58:18.0534 0x0e1c  ehRecvr - ok
16:58:18.0534 0x0e1c  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
16:58:18.0549 0x0e1c  ehSched - ok
16:58:18.0596 0x0e1c  [ BE2902E13CA69383F449B6BF927844FB, F092785E305D8E1FE795AF98A7A7B7B4548A0D6687060568C9E078FFA8D65C1C ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
16:58:18.0596 0x0e1c  ElbyCDIO - ok
16:58:18.0643 0x0e1c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
16:58:18.0659 0x0e1c  elxstor - ok
16:58:18.0752 0x0e1c  [ CE6854918FE6CD63C9F374FAB1D20BA7, EF582F9AF1DF041043472AD9EC1017AD7ED23AA0F5C43D28F7D258AB7318246A ] EpsonCustomerResearchParticipation C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
16:58:18.0784 0x0e1c  EpsonCustomerResearchParticipation - ok
16:58:18.0831 0x0e1c  [ D315FF43E23DF424ECEC2F6C930203E4, 68940EDA34DC4945CDD0D8018D96A0DA8F99F16A930946D14E4FECEE033FCB80 ] EpsonScanSvc    C:\Windows\system32\EscSvc64.exe
16:58:18.0831 0x0e1c  EpsonScanSvc - ok
16:58:18.0909 0x0e1c  [ 194E8100D57FC13BEF88129BAAD07E46, 745D24ADD99ED182FCCA30C6B85167484B74D3EFD631AF92AA57AAD73F474631 ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
16:58:18.0909 0x0e1c  EPSON_PM_RPCV4_04 - ok
16:58:18.0940 0x0e1c  [ 9002EED07FD7FCFF6B8C5C06B454AC19, 0FCEF7D930316FF267841009DF83F29A7D9CD6ED710128F493EC15EC99D9ACD6 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:58:18.0940 0x0e1c  ErrDev - ok
16:58:18.0987 0x0e1c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
16:58:19.0002 0x0e1c  EventSystem - ok
16:58:19.0049 0x0e1c  [ 7E45F8B117419ABA3BB26579F6E70324, 03FE86519860153E1BE571F10ACC9BA58FFB5A661C5C3EBDF3B77973BCD96C84 ] exfat           C:\Windows\system32\drivers\exfat.sys
16:58:19.0065 0x0e1c  exfat - ok
16:58:19.0096 0x0e1c  [ 6EDFA237D25433C03F42FBFDB16BDD24, A30F89A40F7AFC475D3C2D3591FB9AFC06AE3FEBC915FDCB24ED77946FBA4E2C ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:58:19.0096 0x0e1c  fastfat - ok
16:58:19.0127 0x0e1c  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
16:58:19.0143 0x0e1c  Fax - ok
16:58:19.0174 0x0e1c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
16:58:19.0174 0x0e1c  fdc - ok
16:58:19.0190 0x0e1c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
16:58:19.0190 0x0e1c  fdPHost - ok
16:58:19.0206 0x0e1c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:58:19.0206 0x0e1c  FDResPub - ok
16:58:19.0237 0x0e1c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:58:19.0237 0x0e1c  FileInfo - ok
16:58:19.0252 0x0e1c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:58:19.0252 0x0e1c  Filetrace - ok
16:58:19.0268 0x0e1c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:58:19.0268 0x0e1c  flpydisk - ok
16:58:19.0315 0x0e1c  [ DC591A7A196E99EFB5A48D708CB989FD, 1C34C0A4AEEE977D290EF5E79C3B13B1F1F18E051F49815013D360F62458D82A ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:58:19.0331 0x0e1c  FltMgr - ok
16:58:19.0471 0x0e1c  [ 785F474FB5E67E448E1931C98E8D0ABC, 911697D580CBF508A6F4A52D4F95A6976CF9A0EC3549076A8D0B5C8BD947C989 ] FontCache       C:\Windows\system32\FntCache.dll
16:58:19.0518 0x0e1c  FontCache - ok
16:58:19.0565 0x0e1c  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:58:19.0565 0x0e1c  FontCache3.0.0.0 - ok
16:58:19.0581 0x0e1c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:58:19.0581 0x0e1c  FsDepends - ok
16:58:19.0612 0x0e1c  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:58:19.0612 0x0e1c  Fs_Rec - ok
16:58:19.0643 0x0e1c  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:58:19.0643 0x0e1c  fvevol - ok
16:58:19.0659 0x0e1c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
16:58:19.0659 0x0e1c  gagp30kx - ok
16:58:19.0815 0x0e1c  [ C92C54CBF0D83A0BC4A4B5CC84781319, 643C0D5017DF758D3AA128CB104FBB4B6F1C3A1EF1FDD672792C0D2502E2BA0A ] Garmin Device Interaction Service C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
16:58:19.0846 0x0e1c  Garmin Device Interaction Service - ok
16:58:19.0909 0x0e1c  [ E4AE497857409127ED57562AF913A903, 262ADD713B1FBF6200550967D1F8635B55D01BBD8FA2E753536E71A4EC87867B ] gpsvc           C:\Windows\System32\gpsvc.dll
16:58:19.0940 0x0e1c  gpsvc - ok
16:58:19.0987 0x0e1c  [ B9893A68032A6D9ADDB5B98287C630F7, F0280764D7B31F1EA634E91397229B1C064A7C1B3A77A6BBD123CEA74180789F ] grmnusb         C:\Windows\system32\drivers\grmnusb.sys
16:58:19.0987 0x0e1c  grmnusb - ok
16:58:20.0065 0x0e1c  [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:58:20.0065 0x0e1c  gupdate - ok
16:58:20.0065 0x0e1c  [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:58:20.0065 0x0e1c  gupdatem - ok
16:58:20.0096 0x0e1c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:58:20.0096 0x0e1c  hcw85cir - ok
16:58:20.0127 0x0e1c  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:58:20.0143 0x0e1c  HdAudAddService - ok
16:58:20.0190 0x0e1c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
16:58:20.0190 0x0e1c  HDAudBus - ok
16:58:20.0206 0x0e1c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
16:58:20.0206 0x0e1c  HidBatt - ok
16:58:20.0221 0x0e1c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
16:58:20.0221 0x0e1c  HidBth - ok
16:58:20.0237 0x0e1c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
16:58:20.0237 0x0e1c  HidIr - ok
16:58:20.0268 0x0e1c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
16:58:20.0268 0x0e1c  hidserv - ok
16:58:20.0299 0x0e1c  [ 90D91013D16A15B22A4B4EB6D4140A5B, A13B013AB5F1839304699A8130A5DF8B4F76657E4132BF7EAFAEADBFFE3AB490 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:58:20.0299 0x0e1c  HidUsb - ok
16:58:20.0315 0x0e1c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:58:20.0315 0x0e1c  hkmsvc - ok
16:58:20.0346 0x0e1c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:58:20.0362 0x0e1c  HomeGroupListener - ok
16:58:20.0393 0x0e1c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:58:20.0393 0x0e1c  HomeGroupProvider - ok
16:58:20.0409 0x0e1c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:58:20.0424 0x0e1c  HpSAMD - ok
16:58:20.0502 0x0e1c  [ 93C367EA831FB39DEE3BA96539A187FB, 8B912152CA8B89B4429278F93163481BAA07E2D940EE61CE1B7AD178AB13E105 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:58:20.0518 0x0e1c  HTTP - ok
16:58:20.0534 0x0e1c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:58:20.0534 0x0e1c  hwpolicy - ok
16:58:20.0581 0x0e1c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
16:58:20.0581 0x0e1c  i8042prt - ok
16:58:20.0612 0x0e1c  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:58:20.0627 0x0e1c  iaStorV - ok
16:58:20.0706 0x0e1c  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:58:20.0737 0x0e1c  idsvc - ok
16:58:20.0737 0x0e1c  IEEtwCollectorService - ok
16:58:20.0752 0x0e1c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
16:58:20.0752 0x0e1c  iirsp - ok
16:58:20.0815 0x0e1c  [ 25AF7D5C819F19D7C97F4A9607F2609A, 70142B97F1087E20758AFECF5A7AB2EC1FDBBF68019A3BEC6C49F168650FEFC8 ] IKEEXT          C:\Windows\System32\ikeext.dll
16:58:20.0846 0x0e1c  IKEEXT - ok
16:58:20.0987 0x0e1c  [ CC2521C1BE66E922196431B77F765178, 07106F575F715F761E01D3788053CBA6E53DD8390CE79BD4F6FC2BCDDC34C982 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:58:21.0034 0x0e1c  IntcAzAudAddService - ok
16:58:21.0065 0x0e1c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
16:58:21.0065 0x0e1c  intelide - ok
16:58:21.0081 0x0e1c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:58:21.0081 0x0e1c  intelppm - ok
16:58:21.0096 0x0e1c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:58:21.0112 0x0e1c  IPBusEnum - ok
16:58:21.0127 0x0e1c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:58:21.0127 0x0e1c  IpFilterDriver - ok
16:58:21.0159 0x0e1c  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:58:21.0174 0x0e1c  iphlpsvc - ok
16:58:21.0190 0x0e1c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
16:58:21.0190 0x0e1c  IPMIDRV - ok
16:58:21.0206 0x0e1c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:58:21.0206 0x0e1c  IPNAT - ok
16:58:21.0284 0x0e1c  [ B066C46E4B638B849245E35A5703AF80, 738A2A76A68721DCA5004DFF381EF2F032A7E309454294E4ABDFF5141BAC9337 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
16:58:21.0299 0x0e1c  iPod Service - ok
16:58:21.0315 0x0e1c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:58:21.0315 0x0e1c  IRENUM - ok
16:58:21.0331 0x0e1c  [ 905E9D664F38B93B53FA05422165F5B5, 5B0D8869C73836378C234FAA407DE047F5F638D3E872B246A1AC74BE44BBD7DD ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:58:21.0331 0x0e1c  isapnp - ok
16:58:21.0362 0x0e1c  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:58:21.0377 0x0e1c  iScsiPrt - ok
16:58:21.0393 0x0e1c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:58:21.0409 0x0e1c  kbdclass - ok
16:58:21.0409 0x0e1c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
16:58:21.0409 0x0e1c  kbdhid - ok
16:58:21.0424 0x0e1c  [ 979C12C081DFF8BFE24EEA2D68234BDA, A1358D520BBD2192AA8DBA09104D93462CDAE6A44A883CCDD8E215D732BA8A7F ] KeyIso          C:\Windows\system32\lsass.exe
16:58:21.0424 0x0e1c  KeyIso - ok
16:58:21.0471 0x0e1c  [ 248B268241DB33B677FB0D50CE52A7F7, F6B2064890D0446FCB4FC0C09D7ECBB5FA3061738BF1E6F09BE1E4E7104BEDF7 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:58:21.0471 0x0e1c  KSecDD - ok
16:58:21.0518 0x0e1c  [ 755895D37F128F9AE3F408B20630EDC3, 64344D12C70FB8EB3B92B0AAB097E5BFA211DF71AB38897A88378764C6D9F37F ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:58:21.0518 0x0e1c  KSecPkg - ok
16:58:21.0534 0x0e1c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
16:58:21.0534 0x0e1c  ksthunk - ok
16:58:21.0565 0x0e1c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:58:21.0596 0x0e1c  KtmRm - ok
16:58:21.0643 0x0e1c  [ E65118228501478C4630BC96F2E1C876, FF2346ED4B097D9D58D558F4A8A854597E457F37C12984160D22E0F5B2F31720 ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:58:21.0659 0x0e1c  LanmanServer - ok
16:58:21.0690 0x0e1c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:58:21.0690 0x0e1c  LanmanWorkstation - ok
16:58:21.0706 0x0e1c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:58:21.0706 0x0e1c  lltdio - ok
16:58:21.0721 0x0e1c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:58:21.0752 0x0e1c  lltdsvc - ok
16:58:21.0768 0x0e1c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:58:21.0768 0x0e1c  lmhosts - ok
16:58:21.0784 0x0e1c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
16:58:21.0784 0x0e1c  LSI_FC - ok
16:58:21.0799 0x0e1c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
16:58:21.0815 0x0e1c  LSI_SAS - ok
16:58:21.0815 0x0e1c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
16:58:21.0815 0x0e1c  LSI_SAS2 - ok
16:58:21.0831 0x0e1c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
16:58:21.0846 0x0e1c  LSI_SCSI - ok
16:58:21.0862 0x0e1c  [ 5416CEB2916BBE635288C4D1075B045E, BEFF99052206C0D774CFFF14AC3305C397726B289B17666C2AD2706C261F2FF0 ] luafv           C:\Windows\system32\drivers\luafv.sys
16:58:21.0862 0x0e1c  luafv - ok
16:58:21.0893 0x0e1c  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:58:21.0893 0x0e1c  Mcx2Svc - ok
16:58:21.0909 0x0e1c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
16:58:21.0909 0x0e1c  megasas - ok
16:58:21.0924 0x0e1c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
16:58:21.0940 0x0e1c  MegaSR - ok
16:58:22.0018 0x0e1c  [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
16:58:22.0018 0x0e1c  Microsoft Office Groove Audit Service - ok
16:58:22.0034 0x0e1c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
16:58:22.0034 0x0e1c  MMCSS - ok
16:58:22.0065 0x0e1c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
16:58:22.0065 0x0e1c  Modem - ok
16:58:22.0081 0x0e1c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:58:22.0081 0x0e1c  monitor - ok
16:58:22.0127 0x0e1c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:58:22.0127 0x0e1c  mouclass - ok
16:58:22.0127 0x0e1c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:58:22.0127 0x0e1c  mouhid - ok
16:58:22.0174 0x0e1c  [ 072D8646E23ECF8A3F5F0157017B4DB6, EBFB1459ECC5AF94C94FB49CEBC724542612680F0777E24B5AA6E062C0EE5D94 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:58:22.0174 0x0e1c  mountmgr - ok
16:58:22.0237 0x0e1c  [ ADF79A49E942C91D1FC9863CBFDD6B58, C2B2A792C4717133DCAE6297EE3F5D985B11D3C1E68A8DC23985AC6B78ACDE98 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:58:22.0237 0x0e1c  MozillaMaintenance - ok
16:58:22.0299 0x0e1c  [ 3665AB2F67F4024F5F3F80335ED5322A, BE3DC246F176E00D7611A7E16FBC22615199F49EBCB4C90B0C107294E592BF8D ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
16:58:22.0315 0x0e1c  MpFilter - ok
16:58:22.0346 0x0e1c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:58:22.0346 0x0e1c  mpio - ok
16:58:22.0393 0x0e1c  [ 6D9BB8B53394B62540A3971FCE2BE8DB, C1942B2F3C6A4282FE39FCE5DCF46FA446D4F086F2F9ABDED9A4163A83A253B8 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:58:22.0393 0x0e1c  mpsdrv - ok
16:58:22.0456 0x0e1c  [ 92B4079384B8BE97AEE3CA8B43E0AAEB, 0AB87851F91274DDB19E21052E1D66FF76BA031D39A716EB4242BC5C0AC4ADB7 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:58:22.0487 0x0e1c  MpsSvc - ok
16:58:22.0518 0x0e1c  [ 98DB1790F0A584E0A2528B92B052417F, 9AA04CA73AFE599810CD233B9CEC212E16D44DCEDF5C7D0181C7257F498068B5 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:58:22.0518 0x0e1c  MRxDAV - ok
16:58:22.0549 0x0e1c  [ B07AD0FD4026F7E3A146485B728B9CAF, E6A762ECD856BB886FC833D6D359846306B5B688E0B7F91544D9422B07ED17C1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:58:22.0565 0x0e1c  mrxsmb - ok
16:58:22.0581 0x0e1c  [ 4D28B9613A100BC42CAA07E335AD4705, D20FDD637322C8FFA9145048249FDE618B771F5C0B9D981FDC3C4651813559AE ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:58:22.0596 0x0e1c  mrxsmb10 - ok
16:58:22.0627 0x0e1c  [ 9E4E93DA0A2A492C8D31FCA092BE9384, D2B5F8E5C86D1C540A841B994E06BCBCD6EB08C37865172CE7215093CA28F676 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:58:22.0627 0x0e1c  mrxsmb20 - ok
16:58:22.0659 0x0e1c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
16:58:22.0659 0x0e1c  msahci - ok
16:58:22.0674 0x0e1c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:58:22.0674 0x0e1c  msdsm - ok
16:58:22.0690 0x0e1c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
16:58:22.0706 0x0e1c  MSDTC - ok
16:58:22.0721 0x0e1c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:58:22.0721 0x0e1c  Msfs - ok
16:58:22.0721 0x0e1c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:58:22.0721 0x0e1c  mshidkmdf - ok
16:58:22.0752 0x0e1c  [ 6FE3DBEEA730A857CA3DF603B7DEADA2, CFB2F88799BD8D4D6B435C88B0B12D6E3EE83428B8EBE4C9DAACE25F03E7EABB ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:58:22.0752 0x0e1c  msisadrv - ok
16:58:22.0784 0x0e1c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:58:22.0784 0x0e1c  MSiSCSI - ok
16:58:22.0784 0x0e1c  msiserver - ok
16:58:22.0831 0x0e1c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:58:22.0831 0x0e1c  MSKSSRV - ok
16:58:22.0893 0x0e1c  [ 5ADED2C1239D7BD798E2C4EF9EAA1FA3, 6A462DAC110015F3E59610202714120C557674019A0196680B72031C50D7C474 ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
16:58:22.0893 0x0e1c  MsMpSvc - ok
16:58:22.0909 0x0e1c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:58:22.0909 0x0e1c  MSPCLOCK - ok
16:58:22.0909 0x0e1c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:58:22.0909 0x0e1c  MSPQM - ok
16:58:22.0956 0x0e1c  [ 94275393BB85D1E2B74BFEFEC386B4A0, D1E8B2AFB5B0E0B4670887F15A4EDFF88B1C91AF052B2C687590AF05AC560C18 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:58:22.0971 0x0e1c  MsRPC - ok
16:58:22.0987 0x0e1c  [ 1FC0BF25FFCB9F751BCBC6C6AC577078, D48313C4A3E711F3E2AFEC87E3C78B9230A96438CEC92857F8B454E2D1602E84 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
16:58:22.0987 0x0e1c  mssmbios - ok
16:58:23.0002 0x0e1c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:58:23.0002 0x0e1c  MSTEE - ok
16:58:23.0018 0x0e1c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
16:58:23.0018 0x0e1c  MTConfig - ok
16:58:23.0034 0x0e1c  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
16:58:23.0034 0x0e1c  Mup - ok
16:58:23.0081 0x0e1c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
16:58:23.0112 0x0e1c  napagent - ok
16:58:23.0159 0x0e1c  [ 9FB2A095B1166CB3C9A06651863B3452, 808105C59C2D28C390FDE0CA48690A5CD052DE3D7F7327864EB45F80187D5BE9 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:58:23.0174 0x0e1c  NativeWifiP - ok
16:58:23.0206 0x0e1c  [ 261F27367EB6EA6478B940811F0A6F03, C5924B8B00E93DA9B8B1DBAA05A4D53BB1720C2FFA9B3EDA63CB20A64F59808B ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:58:23.0237 0x0e1c  NDIS - ok

debido a lo largo del repore lo posteo en 2 partes

victor_TeReparoLaPC · 20 Junio, 2019 20:14

16:58:23.0252 0x0e1c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:58:23.0252 0x0e1c  NdisCap - ok
16:58:23.0284 0x0e1c  [ 3F217F77899654833B650ED6A1372BE4, BB351A685D8F05E8066716F7346D28F950FB263D6C4F6957D908EA602FFF0681 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:58:23.0284 0x0e1c  NdisTapi - ok
16:58:23.0299 0x0e1c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:58:23.0299 0x0e1c  Ndisuio - ok
16:58:23.0315 0x0e1c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:58:23.0315 0x0e1c  NdisWan - ok
16:58:23.0362 0x0e1c  [ E46AF308E96F7730F59B0F250A884CD6, F5D00B950AAE1F38E295385C934FDC6C24608E65A8357317AE889947A2FE2BDC ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:58:23.0362 0x0e1c  NDProxy - ok
16:58:23.0393 0x0e1c  [ 3351A92971670764F014A566D1106E2B, EE93B719C5F38386A23CB81FD818EEEA7332FE5119646CE20ED4160B10F17534 ] Neo_VPN         C:\Windows\system32\DRIVERS\Neo_0074.sys
16:58:23.0393 0x0e1c  Neo_VPN - ok
16:58:23.0409 0x0e1c  [ 2E19EB10185992AB08BC3688AACA4CE2, D9E3A5CFE8887B7F66239000116723FAA119107870A6FB65FD6F108CE5C9D9EB ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:58:23.0409 0x0e1c  NetBIOS - ok
16:58:23.0471 0x0e1c  [ 734837208CAFD6E0959A7A0333C95C9D, 0B7CD6E3CE43ABE021DBE6516492E326265EC0273F2F4297187CE70602CB8CE1 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:58:23.0487 0x0e1c  NetBT - ok
16:58:23.0487 0x0e1c  [ 979C12C081DFF8BFE24EEA2D68234BDA, A1358D520BBD2192AA8DBA09104D93462CDAE6A44A883CCDD8E215D732BA8A7F ] Netlogon        C:\Windows\system32\lsass.exe
16:58:23.0487 0x0e1c  Netlogon - ok
16:58:23.0534 0x0e1c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
16:58:23.0549 0x0e1c  Netman - ok
16:58:23.0581 0x0e1c  [ DE38E1601A85FB72FCE2EFAC49ED3927, C3359D9867481DE42A64B8861921CD2A36925242D7D0B16F61D3F1B6D115E798 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:58:23.0581 0x0e1c  NetMsmqActivator - ok
16:58:23.0612 0x0e1c  [ DE38E1601A85FB72FCE2EFAC49ED3927, C3359D9867481DE42A64B8861921CD2A36925242D7D0B16F61D3F1B6D115E798 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:58:23.0612 0x0e1c  NetPipeActivator - ok
16:58:23.0659 0x0e1c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
16:58:23.0674 0x0e1c  netprofm - ok
16:58:23.0674 0x0e1c  [ DE38E1601A85FB72FCE2EFAC49ED3927, C3359D9867481DE42A64B8861921CD2A36925242D7D0B16F61D3F1B6D115E798 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:58:23.0690 0x0e1c  NetTcpActivator - ok
16:58:23.0690 0x0e1c  [ DE38E1601A85FB72FCE2EFAC49ED3927, C3359D9867481DE42A64B8861921CD2A36925242D7D0B16F61D3F1B6D115E798 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:58:23.0690 0x0e1c  NetTcpPortSharing - ok
16:58:23.0706 0x0e1c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
16:58:23.0706 0x0e1c  nfrd960 - ok
16:58:23.0737 0x0e1c  [ CE5F6E635FE4506AE6F2D6EB87425128, 3DB5ECF7CD2F2C3C010AA40CE57F1B3856E284BBA359FBC41A1B340E3180FD5F ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:58:23.0737 0x0e1c  NisDrv - ok
16:58:23.0784 0x0e1c  [ D630B510E1E3FF6BA12B705F47F115D9, 05D76065D5D9A82E53EA18CD2D0184338681A7BBD3CD5D6C44D1FA5CB1C63640 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
16:58:23.0799 0x0e1c  NisSrv - ok
16:58:23.0846 0x0e1c  [ 93DEDBE8E24F31962755E6AA4AC2D7B0, 368B3F48F230514F496CE24339EC8943A87A6BB9815912AE192B73837AB3E3B7 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:58:23.0862 0x0e1c  NlaSvc - ok
16:58:23.0877 0x0e1c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:58:23.0877 0x0e1c  Npfs - ok
16:58:23.0909 0x0e1c  [ 668B9EFF5CCA4542F435D2CD9CE3C778, 7409EF35D1DC0DE2BAB752694981FFA1F1855C7F11310366B80BD1EC3513262E ] nsi             C:\Windows\system32\nsisvc.dll
16:58:23.0909 0x0e1c  nsi - ok
16:58:23.0940 0x0e1c  [ BE313E566EEA2A4B7F9AAC9782A567D4, 377C624737B1A4FBC1DFF988F029B8ED9A368827C33A4FEEBA1B7937A87C2B47 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:58:23.0940 0x0e1c  nsiproxy - ok
16:58:24.0018 0x0e1c  [ 8422AFBD1C2D30FFC913309D7F1A366D, 1CE5A7945C412BC1F38852DECD7C57FE244EF0D525B9A4F5DD29C1073713B8C6 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:58:24.0065 0x0e1c  Ntfs - ok
16:58:24.0081 0x0e1c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
16:58:24.0081 0x0e1c  Null - ok
16:58:24.0112 0x0e1c  [ E366A5681C50785D4ED04FCFD65C3415, 7FF7B4B8F09E773401AE879897E60BF494B57B9ACEE990204A4C98A3FB183A33 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
16:58:24.0112 0x0e1c  NVHDA - ok
16:58:24.0456 0x0e1c  [ 144E1FEE0A69BA8D9AC323E772708BC5, 5AF8505301C831036A092EAE67DD9998E756B78026346E860C663DC24B4042F4 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:58:24.0643 0x0e1c  nvlddmkm - ok
16:58:24.0690 0x0e1c  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:58:24.0706 0x0e1c  nvraid - ok
16:58:24.0706 0x0e1c  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:58:24.0706 0x0e1c  nvstor - ok
16:58:24.0799 0x0e1c  [ F82BCEB9F57B2959F6AAE2A3DDA892A8, 5B02C74BAF0E12B84F239B1449DAA955B28BD5BA7D35D315DB57F45E042E0DB3 ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
16:58:24.0799 0x0e1c  NvStreamKms - ok
16:58:24.0940 0x0e1c  [ 9209D57C1AA24841EF8D5DE6A5B2AAEB, C1A53621F5361DCE9C962A9B9B586D1904901C9EC20EFCA76C40ADCD98BEDF3C ] NvStreamNetworkSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
16:58:25.0034 0x0e1c  NvStreamNetworkSvc - ok
16:58:25.0127 0x0e1c  [ 0EDF9504CA5174075BA5902AFC1F57C8, 8E210E71BA91813D3BB6B59E5F6AD0889711336AD12B1B1C67CCC882A6ED3E53 ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
16:58:25.0206 0x0e1c  NvStreamSvc - ok
16:58:25.0252 0x0e1c  [ E2ABF40D5E04ACE17064EC1D3B1F7834, 191285D4E476DA5DDE39EC772253B99FD3C5F472B26C673D814F4BE0549C21BF ] nvsvc           C:\Windows\system32\nvvsvc.exe
16:58:25.0268 0x0e1c  nvsvc - ok
16:58:25.0315 0x0e1c  [ F37FE6B15A987AEEC08EEF531F2FAED7, CC768E7DE80C7A8CB2392F9BC528212B8A3A35A30A222ED0B0B959051E6F8065 ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
16:58:25.0315 0x0e1c  nvvad_WaveExtensible - ok
16:58:25.0331 0x0e1c  [ 7425A6B64F5D37D0565F2581B886E5E3, 877095624C4EAE13A5814117EEEF515842FFF77C9823DA83BC01FA6B8D9E8A6B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:58:25.0346 0x0e1c  nv_agp - ok
16:58:25.0440 0x0e1c  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:58:25.0456 0x0e1c  odserv - ok
16:58:25.0487 0x0e1c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:58:25.0487 0x0e1c  ohci1394 - ok
16:58:25.0518 0x0e1c  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:58:25.0518 0x0e1c  ose - ok
16:58:25.0549 0x0e1c  [ 64FB16C5849444F0CFD403C83D9579A1, CDF3730453C9D469140F88BAC41181DD8AA2C7B2432961826E2379F2535F5293 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:58:25.0581 0x0e1c  p2pimsvc - ok
16:58:25.0612 0x0e1c  [ 79DB2B358BF0B152F15D1C5A525233BD, 374D9E8D7FBBC3EB14BDC651378120FCB075A36404F1E76A3F291F89CD5C3362 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:58:25.0627 0x0e1c  p2psvc - ok
16:58:25.0643 0x0e1c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
16:58:25.0643 0x0e1c  Parport - ok
16:58:25.0659 0x0e1c  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:58:25.0659 0x0e1c  partmgr - ok
16:58:25.0706 0x0e1c  [ 3CD83692C43D87088E85E3C916146FFB, 9E812535E8FBA045FDA30F68E9EB2031132C37721D542A2DC9D4C33E2B137FCF ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:58:25.0706 0x0e1c  PcaSvc - ok
16:58:25.0752 0x0e1c  [ 481DADB90C1D4E9F19328079C7A9E63D, DA8946D89F0D59F2A17512B9029EB17B2909CF99B70CF4BA7258012E95008ABD ] pci             C:\Windows\system32\drivers\pci.sys
16:58:25.0752 0x0e1c  pci - ok
16:58:25.0768 0x0e1c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
16:58:25.0768 0x0e1c  pciide - ok
16:58:25.0784 0x0e1c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
16:58:25.0784 0x0e1c  pcmcia - ok
16:58:25.0815 0x0e1c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
16:58:25.0815 0x0e1c  pcw - ok
16:58:25.0877 0x0e1c  [ EA4D67448BE493D543F1730D6CD04694, 24717C5E41B7CA522F3330EF2228B6685E710A5259396E9887A1C1E7A413F8CA ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:58:25.0909 0x0e1c  PEAUTH - ok
16:58:25.0971 0x0e1c  [ C59E17D5E30972ECA28A72004795AEA7, 24CE4698F578BB6BE51101BA083C5E4A6A1AA449439C125BA3E5793E54260525 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
16:58:26.0018 0x0e1c  PeerDistSvc - ok
16:58:26.0081 0x0e1c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:58:26.0081 0x0e1c  PerfHost - ok
16:58:26.0143 0x0e1c  [ BC5F8C5C7ACCD0B884FCB8B67616F537, 5C99E9D7E7095CED52B1F5F4A569E54F124602C573DD2B25731E0D57FDA22A27 ] pla             C:\Windows\system32\pla.dll
16:58:26.0174 0x0e1c  pla - ok
16:58:26.0206 0x0e1c  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:58:26.0221 0x0e1c  PlugPlay - ok
16:58:26.0252 0x0e1c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:58:26.0252 0x0e1c  PNRPAutoReg - ok
16:58:26.0268 0x0e1c  [ 64FB16C5849444F0CFD403C83D9579A1, CDF3730453C9D469140F88BAC41181DD8AA2C7B2432961826E2379F2535F5293 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:58:26.0284 0x0e1c  PNRPsvc - ok
16:58:26.0331 0x0e1c  [ 80D6B0563ED2BF10656B1D4748331082, B7E6B5E1148B7EE537E8D5C3A65450876B61CD45A395267D08699746E98AD574 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:58:26.0346 0x0e1c  PolicyAgent - ok
16:58:26.0377 0x0e1c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
16:58:26.0377 0x0e1c  Power - ok
16:58:26.0393 0x0e1c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:58:26.0409 0x0e1c  PptpMiniport - ok
16:58:26.0424 0x0e1c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
16:58:26.0424 0x0e1c  Processor - ok
16:58:26.0440 0x0e1c  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
16:58:26.0471 0x0e1c  ProfSvc - ok
16:58:26.0471 0x0e1c  [ 979C12C081DFF8BFE24EEA2D68234BDA, A1358D520BBD2192AA8DBA09104D93462CDAE6A44A883CCDD8E215D732BA8A7F ] ProtectedStorage C:\Windows\system32\lsass.exe
16:58:26.0471 0x0e1c  ProtectedStorage - ok
16:58:26.0518 0x0e1c  [ C32ECB99AD25E9A04F01C8665DF29EF8, 0489B3DEC6A33E50D8A48A8DAD3F5B923A81F7300E4A71358D90D2879BAC9AA2 ] pwdrvio         C:\Windows\system32\pwdrvio.sys
16:58:26.0518 0x0e1c  pwdrvio - ok
16:58:26.0534 0x0e1c  [ D619356B955EEFA642F5FF72755E8B3C, 1FD54978A77ACD6FBF1236E177ED074894743A9141E4169FE9AFE28680FC93C5 ] pwdspio         C:\Windows\system32\pwdspio.sys
16:58:26.0534 0x0e1c  pwdspio - ok
16:58:26.0596 0x0e1c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
16:58:26.0627 0x0e1c  ql2300 - ok
16:58:26.0659 0x0e1c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
16:58:26.0659 0x0e1c  ql40xx - ok
16:58:26.0690 0x0e1c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
16:58:26.0690 0x0e1c  QWAVE - ok
16:58:26.0706 0x0e1c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:58:26.0706 0x0e1c  QWAVEdrv - ok
16:58:26.0721 0x0e1c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:58:26.0721 0x0e1c  RasAcd - ok
16:58:26.0737 0x0e1c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:58:26.0737 0x0e1c  RasAgileVpn - ok
16:58:26.0752 0x0e1c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
16:58:26.0768 0x0e1c  RasAuto - ok
16:58:26.0799 0x0e1c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:58:26.0799 0x0e1c  Rasl2tp - ok
16:58:26.0831 0x0e1c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
16:58:26.0846 0x0e1c  RasMan - ok
16:58:26.0862 0x0e1c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:58:26.0862 0x0e1c  RasPppoe - ok
16:58:26.0877 0x0e1c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:58:26.0877 0x0e1c  RasSstp - ok
16:58:26.0924 0x0e1c  [ FB45727105E27756B3252572A138FA19, B11A375C7377C2DD02175921F5A3BBD23191207DE76DB220ACF72BD5CF74E09A ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:58:26.0940 0x0e1c  rdbss - ok
16:58:26.0956 0x0e1c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
16:58:26.0956 0x0e1c  rdpbus - ok
16:58:26.0971 0x0e1c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:58:26.0971 0x0e1c  RDPCDD - ok
16:58:26.0987 0x0e1c  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
16:58:27.0002 0x0e1c  RDPDR - ok
16:58:27.0018 0x0e1c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:58:27.0018 0x0e1c  RDPENCDD - ok
16:58:27.0018 0x0e1c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:58:27.0018 0x0e1c  RDPREFMP - ok
16:58:27.0081 0x0e1c  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:58:27.0081 0x0e1c  RdpVideoMiniport - ok
16:58:27.0112 0x0e1c  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:58:27.0127 0x0e1c  RDPWD - ok
16:58:27.0174 0x0e1c  [ F4287A980C0AA41DE3073F053E5EA73C, 04A386884DE32C6813486FD2D8FD9B9B275758CE5354459D8862A60E7F134833 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:58:27.0174 0x0e1c  rdyboost - ok
16:58:27.0221 0x0e1c  [ 0301EEE83B03229F555C6F8025FB5540, 3ABBA482E59FF9FC831A0FEA75A8C937BAE5077108A0EB3F89205C72FEDC2CD9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:58:27.0221 0x0e1c  RemoteAccess - ok
16:58:27.0252 0x0e1c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:58:27.0252 0x0e1c  RemoteRegistry - ok
16:58:27.0268 0x0e1c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:58:27.0268 0x0e1c  RpcEptMapper - ok
16:58:27.0284 0x0e1c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
16:58:27.0284 0x0e1c  RpcLocator - ok
16:58:27.0331 0x0e1c  [ 4CE2D42E24914EE91BFFCD8D8485A1BB, 64A005A2B56CDEB00F43B56040DEB7E5995909E9E11AFB4535895A2C3F0A4648 ] RpcSs           C:\Windows\system32\rpcss.dll
16:58:27.0346 0x0e1c  RpcSs - ok
16:58:27.0377 0x0e1c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:58:27.0377 0x0e1c  rspndr - ok
16:58:27.0440 0x0e1c  [ 60EB8A87357CA5B088B422D1E55A2405, A4E8ACACB9EFB094D05EC24DFB65D969DBA14634EEB6B4DBEF500BDEA8D78DB5 ] rt61x64         C:\Windows\system32\DRIVERS\WMP54Gv41x64.sys
16:58:27.0456 0x0e1c  rt61x64 - ok
16:58:27.0487 0x0e1c  [ 68DD0457D18FCCEF7384AE84022F0C86, 82C02EDB30D4FA1145AB1818F9FCE0B73FEB1B94C138B5513794F25FAC85F2CC ] RTL8023x64      C:\Windows\system32\DRIVERS\Rtnic64.sys
16:58:27.0502 0x0e1c  RTL8023x64 - ok
16:58:27.0549 0x0e1c  [ 6E6C8B60344C1C8396AB683FA3055086, 7093A532D2F576A4AEA8A101E44543DFFBDF1E71A8759D82ACE9FF93C6FA390F ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
16:58:27.0581 0x0e1c  RTL8167 - ok
16:58:27.0596 0x0e1c  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
16:58:27.0596 0x0e1c  s3cap - ok
16:58:27.0612 0x0e1c  [ 979C12C081DFF8BFE24EEA2D68234BDA, A1358D520BBD2192AA8DBA09104D93462CDAE6A44A883CCDD8E215D732BA8A7F ] SamSs           C:\Windows\system32\lsass.exe
16:58:27.0612 0x0e1c  SamSs - ok
16:58:27.0627 0x0e1c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:58:27.0627 0x0e1c  sbp2port - ok
16:58:27.0659 0x0e1c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:58:27.0659 0x0e1c  SCardSvr - ok
16:58:27.0674 0x0e1c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:58:27.0674 0x0e1c  scfilter - ok
16:58:27.0737 0x0e1c  [ E5A1E7B40B5086E643705B2D85A139C4, 0B298C16689C8AA475396C9BEAF1032A156A0D7986931337D47FE3AF72228026 ] Schedule        C:\Windows\system32\schedsvc.dll
16:58:27.0784 0x0e1c  Schedule - ok
16:58:27.0799 0x0e1c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:58:27.0799 0x0e1c  SCPolicySvc - ok
16:58:27.0846 0x0e1c  [ 0447065A6E10774EFCECFDD0EB970A79, 384A9AC72E756F96D43EE4B144A466564476AFD8778092C979116BB29A514433 ] ScpVBus         C:\Windows\system32\DRIVERS\ScpVBus.sys
16:58:27.0846 0x0e1c  ScpVBus - ok
16:58:27.0877 0x0e1c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:58:27.0893 0x0e1c  SDRSVC - ok
16:58:27.0924 0x0e1c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:58:27.0924 0x0e1c  secdrv - ok
16:58:27.0956 0x0e1c  [ A19623BDD61E66A12AB53992002B4F3A, E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56 ] seclogon        C:\Windows\system32\seclogon.dll
16:58:27.0956 0x0e1c  seclogon - ok
16:58:27.0956 0x0e1c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
16:58:27.0956 0x0e1c  SENS - ok
16:58:27.0987 0x0e1c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:58:27.0987 0x0e1c  SensrSvc - ok
16:58:28.0002 0x0e1c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
16:58:28.0002 0x0e1c  Serenum - ok
16:58:28.0018 0x0e1c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
16:58:28.0018 0x0e1c  Serial - ok
16:58:28.0049 0x0e1c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
16:58:28.0049 0x0e1c  sermouse - ok
16:58:28.0065 0x0e1c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
16:58:28.0081 0x0e1c  SessionEnv - ok
16:58:28.0096 0x0e1c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:58:28.0096 0x0e1c  sffdisk - ok
16:58:28.0112 0x0e1c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:58:28.0112 0x0e1c  sffp_mmc - ok
16:58:28.0127 0x0e1c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:58:28.0127 0x0e1c  sffp_sd - ok
16:58:28.0143 0x0e1c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
16:58:28.0143 0x0e1c  sfloppy - ok
16:58:28.0174 0x0e1c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:58:28.0206 0x0e1c  SharedAccess - ok
16:58:28.0237 0x0e1c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:58:28.0252 0x0e1c  ShellHWDetection - ok
16:58:28.0268 0x0e1c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
16:58:28.0268 0x0e1c  SiSRaid2 - ok
16:58:28.0284 0x0e1c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
16:58:28.0284 0x0e1c  SiSRaid4 - ok
16:58:28.0315 0x0e1c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:58:28.0315 0x0e1c  Smb - ok
16:58:28.0331 0x0e1c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:58:28.0331 0x0e1c  SNMPTRAP - ok
16:58:28.0346 0x0e1c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:58:28.0346 0x0e1c  spldr - ok
16:58:28.0393 0x0e1c  [ 8003D39B386EDCCFB08DC21AACC0683A, 99D6A4DBE810335A69AE3053DC4B6AAC267639AD7F9C568431FA0714F6E71F30 ] Spooler         C:\Windows\System32\spoolsv.exe
16:58:28.0409 0x0e1c  Spooler - ok
16:58:28.0502 0x0e1c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
16:58:28.0596 0x0e1c  sppsvc - ok
16:58:28.0643 0x0e1c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
16:58:28.0643 0x0e1c  sppuinotify - ok
16:58:28.0706 0x0e1c  [ 1145EC013B72D4E6C60497707BB1A4B6, 1062AE3C61A5ACB25A1899E354DC9AA750658E23B22F2A97E9B181B65A50AA46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:58:28.0721 0x0e1c  srv - ok
16:58:28.0784 0x0e1c  [ 2D8FFA3B636368130F909E0CD935B555, 0C0BC56D5F6B1931D9159D98D3C8F4F1C4F4C3674C48430DFAC79926AB355601 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:58:28.0799 0x0e1c  srv2 - ok
16:58:28.0846 0x0e1c  [ 4B1C343E11065819F687EAC68A5E13F3, 4A850E37ECA4293A12E9C12B96999C4AA84A44177D31DFEF316E52050B1EDDA3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:58:28.0862 0x0e1c  srvnet - ok
16:58:28.0877 0x0e1c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:58:28.0893 0x0e1c  SSDPSRV - ok
16:58:28.0909 0x0e1c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:58:28.0909 0x0e1c  SstpSvc - ok
16:58:28.0956 0x0e1c  [ F0B59ADCD06BCEB9D47311B7041CA2C9, 6299AB514CBE153C875F083ED789F6205C1781C0178759521F5A6D8007F5257C ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
16:58:28.0956 0x0e1c  ssudmdm - ok
16:58:29.0065 0x0e1c  [ 167E7CE4DBBA691E563AC36ECDB00318, 894C37C1DD794FC6F90408697D354E2AE89F2A7873AD66AF45F36D0C9142AE9C ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:58:29.0081 0x0e1c  Stereo Service - ok
16:58:29.0112 0x0e1c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
16:58:29.0112 0x0e1c  stexstor - ok
16:58:29.0143 0x0e1c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
16:58:29.0174 0x0e1c  stisvc - ok
16:58:29.0206 0x0e1c  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
16:58:29.0206 0x0e1c  storflt - ok
16:58:29.0206 0x0e1c  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
16:58:29.0206 0x0e1c  storvsc - ok
16:58:29.0252 0x0e1c  [ 10DCD3BDFA785E1482EC02304A7E9B96, DBD348388F5B17F2620A9D40D1191A51BA6CDAF15E37503630D859FB144486A1 ] swenum          C:\Windows\system32\drivers\swenum.sys
16:58:29.0252 0x0e1c  swenum - ok
16:58:29.0284 0x0e1c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
16:58:29.0315 0x0e1c  swprv - ok
16:58:29.0346 0x0e1c  [ C3A39C4079305480972D29C44B868C78, 8F1BB75C743256F905EAEDE744B6082C53774C49126875FB4E4FBA30F5478B17 ] Synth3dVsc      C:\Windows\system32\drivers\synth3dvsc.sys
16:58:29.0346 0x0e1c  Synth3dVsc - ok
16:58:29.0440 0x0e1c  [ 15CF7B24AA64FE958CAEA00274838B1C, 820F7CF1CCD036A1871D728C1CC80D9E9BB5E3BD5D9C7BC822B1711D8DB79707 ] SysMain         C:\Windows\system32\sysmain.dll
16:58:29.0487 0x0e1c  SysMain - ok
16:58:29.0518 0x0e1c  [ AD359C53941A6AC57FB935E7E9F1D16E, 6D53065ECE8E928CC045E16B7618D866C121EBA6C6CBDADC97C2B0DC8D8CF9FC ] TabletInputService C:\Windows\System32\TabSvc.dll
16:58:29.0518 0x0e1c  TabletInputService - ok
16:58:29.0549 0x0e1c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:58:29.0565 0x0e1c  TapiSrv - ok
16:58:29.0581 0x0e1c  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
16:58:29.0581 0x0e1c  TBS - ok
16:58:29.0674 0x0e1c  [ 8A54B9C4206FBAB2CEE3525CFD365241, 009D2C45797D512F6B973BAE6FECA67C9BAE6B2C726A916D7168230ADDC769DC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:58:29.0737 0x0e1c  Tcpip - ok
16:58:29.0784 0x0e1c  [ 8A54B9C4206FBAB2CEE3525CFD365241, 009D2C45797D512F6B973BAE6FECA67C9BAE6B2C726A916D7168230ADDC769DC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:58:29.0815 0x0e1c  TCPIP6 - ok
16:58:29.0846 0x0e1c  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:58:29.0846 0x0e1c  tcpipreg - ok
16:58:29.0862 0x0e1c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:58:29.0862 0x0e1c  TDPIPE - ok
16:58:29.0862 0x0e1c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:58:29.0862 0x0e1c  TDTCP - ok
16:58:29.0893 0x0e1c  [ 4DD986720F7CB7A8A5D1226793097B9A, 9020375B45E9C966BF44CF425C127D7E0EC82EB99C7047F225C25402FF97743D ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:58:29.0909 0x0e1c  tdx - ok
16:58:29.0924 0x0e1c  [ AC24D7A7D9EEDE11E2926F9001BEAFB5, 04F8FEC125B70A292DF4748925064CBDDF6D8FFF596ACD1EB063425E22505472 ] TermDD          C:\Windows\system32\drivers\termdd.sys
16:58:29.0940 0x0e1c  TermDD - ok
16:58:29.0940 0x0e1c  [ EF4469AB69EB15E5D3754E6AEAFBCD3D, 3609214C3D5181364B544EBF17E9A109952BE1C4C35BE0A8727BFA8F49ECB130 ] terminpt        C:\Windows\system32\drivers\terminpt.sys
16:58:29.0940 0x0e1c  terminpt - ok
16:58:29.0987 0x0e1c  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
16:58:30.0018 0x0e1c  TermService - ok
16:58:30.0049 0x0e1c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
16:58:30.0049 0x0e1c  Themes - ok
16:58:30.0065 0x0e1c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
16:58:30.0065 0x0e1c  THREADORDER - ok
16:58:30.0081 0x0e1c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
16:58:30.0081 0x0e1c  TrkWks - ok
16:58:30.0127 0x0e1c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:58:30.0127 0x0e1c  TrustedInstaller - ok
16:58:30.0159 0x0e1c  [ 2CF58216424757ED29605B4F18EC443C, 9D523FC075F7F41A17F60617670A976A8F2F2943444515DC3834720BDC37DFA0 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:58:30.0159 0x0e1c  tssecsrv - ok
16:58:30.0190 0x0e1c  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:58:30.0190 0x0e1c  TsUsbFlt - ok
16:58:30.0206 0x0e1c  [ D34789988234DCC8FA55FA9A485AF0EC, 5C1A77EFA23261F5F9C971A12145CA6AC701723A94B6A8AE9BE95EEDD3C02919 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
16:58:30.0206 0x0e1c  TsUsbGD - ok
16:58:30.0237 0x0e1c  [ E1748D04AE40118B62BC18AC86032192, A954B141D1B27272C771D14F3B40C7CC1F572DD72559F2C96182EFBE2B095FDE ] tsusbhub        C:\Windows\system32\drivers\tsusbhub.sys
16:58:30.0237 0x0e1c  tsusbhub - ok
16:58:30.0252 0x0e1c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:58:30.0252 0x0e1c  tunnel - ok
16:58:30.0268 0x0e1c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
16:58:30.0268 0x0e1c  uagp35 - ok
16:58:30.0299 0x0e1c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:58:30.0315 0x0e1c  udfs - ok
16:58:30.0346 0x0e1c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:58:30.0346 0x0e1c  UI0Detect - ok
16:58:30.0362 0x0e1c  [ B70E26A57F35ECA5199E6D6B9592A67C, 8ECCEEA69A69FBDC4AFEB2EC306FCEE6B569370F599D76F4CFDEAF77A0CD018C ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:58:30.0362 0x0e1c  uliagpkx - ok
16:58:30.0377 0x0e1c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
16:58:30.0393 0x0e1c  umbus - ok
16:58:30.0409 0x0e1c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
16:58:30.0409 0x0e1c  UmPass - ok
16:58:30.0424 0x0e1c  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
16:58:30.0440 0x0e1c  UmRdpService - ok
16:58:30.0456 0x0e1c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
16:58:30.0471 0x0e1c  upnphost - ok
16:58:30.0534 0x0e1c  [ F957092C63CD71D85903CA0D8370F473, 4DEC2FC20329F248135DA24CB6694FD972DCCE8B1BBEA8D872FDE41939E96AAF ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
16:58:30.0534 0x0e1c  USBAAPL64 - ok
16:58:30.0565 0x0e1c  [ 9E68E917FB4B5C983438969643F53BEF, 7148BF1E7AFAFA025A51AA9A26B90ED85328B41C7F7791CB3460D9CF53245985 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:58:30.0565 0x0e1c  usbccgp - ok
16:58:30.0596 0x0e1c  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:58:30.0596 0x0e1c  usbcir - ok
16:58:30.0627 0x0e1c  [ 3F9D3902CE931E2A28DD8452AE915B67, C8BF042DD84FB2E3AE7FCDBA65923611FCBDAFD6410E42A5E58F8995D99AE16C ] usbehci         C:\Windows\system32\drivers\usbehci.sys
16:58:30.0627 0x0e1c  usbehci - ok
16:58:30.0690 0x0e1c  [ 86B65EEBC03B936DE8B26E5A18D98FA2, 2981CF5A0FB6B6FE0A38363EA4804DB743C45E3E6E72DC3A2260F583377717C8 ] usbhub          C:\Windows\system32\drivers\usbhub.sys
16:58:30.0706 0x0e1c  usbhub - ok
16:58:30.0752 0x0e1c  [ 099C2931C6F73EB1B9E13C560F61B50D, 83B64A52173243526E380C8FA0D913C7B07C2AF1806ECC4EC0D0B5523A7CBFAA ] usbohci         C:\Windows\system32\drivers\usbohci.sys
16:58:30.0752 0x0e1c  usbohci - ok
16:58:30.0768 0x0e1c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:58:30.0784 0x0e1c  usbprint - ok
16:58:30.0815 0x0e1c  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
16:58:30.0815 0x0e1c  usbscan - ok
16:58:30.0862 0x0e1c  [ B57B4F0BEC4270A281B9F8537EB2FA04, 554273482EE85F010DC62E412C9933E65BD63AA09911BD25D86F86D2618EF382 ] usbser          C:\Windows\system32\DRIVERS\USBSER.sys
16:58:30.0862 0x0e1c  usbser - ok
16:58:30.0909 0x0e1c  [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:58:30.0909 0x0e1c  USBSTOR - ok
16:58:30.0924 0x0e1c  [ 5D7651347C7D702F4A5DE53603DC024F, F55532D13AB2FF6D4B6058113AF2710AC5C87059C9000942CF517198BABCD6F5 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
16:58:30.0924 0x0e1c  usbuhci - ok
16:58:30.0940 0x0e1c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
16:58:30.0956 0x0e1c  UxSms - ok
16:58:30.0956 0x0e1c  [ 979C12C081DFF8BFE24EEA2D68234BDA, A1358D520BBD2192AA8DBA09104D93462CDAE6A44A883CCDD8E215D732BA8A7F ] VaultSvc        C:\Windows\system32\lsass.exe
16:58:30.0956 0x0e1c  VaultSvc - ok
16:58:30.0987 0x0e1c  [ 3C8E2C591345F38149C69FE8E5DF8C90, 9F4BB9BDA09CB2E99A6A888B288F322AE5C460B5D124CD714C6F00FF5029144B ] VClone          C:\Windows\system32\DRIVERS\VClone.sys
16:58:30.0987 0x0e1c  VClone - ok
16:58:31.0002 0x0e1c  [ 7BDCE021786C3DCCFD2C22EBF643EE36, 92842E529EBDE9A9A9408287182BF1ECD8737C1DA39AF20570528CBD37D43228 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:58:31.0018 0x0e1c  vdrvroot - ok
16:58:31.0034 0x0e1c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
16:58:31.0065 0x0e1c  vds - ok
16:58:31.0096 0x0e1c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:58:31.0096 0x0e1c  vga - ok
16:58:31.0112 0x0e1c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:58:31.0112 0x0e1c  VgaSave - ok
16:58:31.0127 0x0e1c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
16:58:31.0143 0x0e1c  vhdmp - ok
16:58:31.0143 0x0e1c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
16:58:31.0143 0x0e1c  viaide - ok
16:58:31.0159 0x0e1c  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
16:58:31.0159 0x0e1c  vmbus - ok
16:58:31.0174 0x0e1c  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
16:58:31.0174 0x0e1c  VMBusHID - ok
16:58:31.0190 0x0e1c  [ 8EDE91FBAC7BF7605323C517C717A253, 8441DBE652E8922B888649FF8F37D5593FD8938E3AFFB69323184DE8E4A5EBDB ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:58:31.0190 0x0e1c  volmgr - ok
16:58:31.0237 0x0e1c  [ 85C5468BC395819AE2A0C747334BA14C, 75EB4751F90F3347229442A5622539383CE0B1834EE7B995260D0D433BA2E25F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:58:31.0252 0x0e1c  volmgrx - ok
16:58:31.0268 0x0e1c  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:58:31.0284 0x0e1c  volsnap - ok
16:58:31.0299 0x0e1c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
16:58:31.0299 0x0e1c  vsmraid - ok
16:58:31.0377 0x0e1c  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
16:58:31.0409 0x0e1c  VSS - ok
16:58:31.0471 0x0e1c  [ DC067801E8E3B664F25FF7D3E501926E, 3BD1C9B92747995F6F1C532104AA2BA1BF93B5BC5CA3AE28450207ABED2C9DB5 ] vvftav211       C:\Windows\system32\drivers\vvftav211.sys
16:58:31.0487 0x0e1c  vvftav211 - ok
16:58:31.0502 0x0e1c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
16:58:31.0502 0x0e1c  vwifibus - ok
16:58:31.0518 0x0e1c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
16:58:31.0534 0x0e1c  W32Time - ok
16:58:31.0565 0x0e1c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
16:58:31.0565 0x0e1c  WacomPen - ok
16:58:31.0596 0x0e1c  [ DC4CB3626E7423B9D83CF1B4857FDF15, 36BC894AC01A2A493D408F9F6B65064E901882F038A8A74CA4F21735D283E46F ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:58:31.0596 0x0e1c  WANARP - ok
16:58:31.0612 0x0e1c  [ DC4CB3626E7423B9D83CF1B4857FDF15, 36BC894AC01A2A493D408F9F6B65064E901882F038A8A74CA4F21735D283E46F ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:58:31.0612 0x0e1c  Wanarpv6 - ok
16:58:31.0659 0x0e1c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
16:58:31.0706 0x0e1c  wbengine - ok
16:58:31.0737 0x0e1c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:58:31.0737 0x0e1c  WbioSrvc - ok
16:58:31.0752 0x0e1c  [ 79E3903FD75A22386326B542F17A2563, 3CCCE0BCDE12240BE7E108A8C0A959A33C8462A0DE8510F28FA0107C4A9A1F05 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:58:31.0768 0x0e1c  wcncsvc - ok
16:58:31.0799 0x0e1c  [ 35050F01D00E7E72A2449EB6F9ABF8B4, CF45943E14D2418E83CF4DC836D3AFE4ED61186B6B9DA25EF745DC6FBB07FAC5 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:58:31.0815 0x0e1c  WcsPlugInService - ok
16:58:31.0831 0x0e1c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
16:58:31.0831 0x0e1c  Wd - ok
16:58:31.0893 0x0e1c  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:58:31.0924 0x0e1c  Wdf01000 - ok
16:58:31.0940 0x0e1c  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:58:31.0956 0x0e1c  WdiServiceHost - ok
16:58:31.0956 0x0e1c  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:58:31.0956 0x0e1c  WdiSystemHost - ok
16:58:32.0018 0x0e1c  [ 9955F303C20C4F58DB6645C6248DE1C8, 1A04B5C0EF2FE0CDBA054104727C54A02072B829BEAF4F3E4D16E581B50593F1 ] wdm_usb         C:\Windows\system32\DRIVERS\usb2ser.sys
16:58:32.0034 0x0e1c  wdm_usb - ok
16:58:32.0065 0x0e1c  [ EE841B6D1F2B9508D3ABAE52AC05A94F, F1AE981FCDBFC4672A4EABABD41382E93762EFC2EDAD96E75530E7ACA5AF1FD8 ] WebClient       C:\Windows\System32\webclnt.dll
16:58:32.0081 0x0e1c  WebClient - ok
16:58:32.0112 0x0e1c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:58:32.0127 0x0e1c  Wecsvc - ok
16:58:32.0143 0x0e1c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:58:32.0143 0x0e1c  wercplsupport - ok
16:58:32.0159 0x0e1c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:58:32.0159 0x0e1c  WerSvc - ok
16:58:32.0174 0x0e1c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:58:32.0174 0x0e1c  WfpLwf - ok
16:58:32.0190 0x0e1c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:58:32.0190 0x0e1c  WIMMount - ok
16:58:32.0221 0x0e1c  WinDefend - ok
16:58:32.0237 0x0e1c  WinHttpAutoProxySvc - ok
16:58:32.0299 0x0e1c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:58:32.0315 0x0e1c  Winmgmt - ok
16:58:32.0409 0x0e1c  [ EBDA1B0F15CB9B2CBCC6C94824E4E054, C51314F7D611E4903DA00EFA8EB99365414436324D256083CE0B5A8E055E8E06 ] WinRM           C:\Windows\system32\WsmSvc.dll
16:58:32.0471 0x0e1c  WinRM - ok
16:58:32.0518 0x0e1c  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
16:58:32.0518 0x0e1c  WinUsb - ok
16:58:32.0581 0x0e1c  [ 4B7912EB80820EAC543EE54806EFCAF0, 4D9186F9FE80F03C85C4DC73342EE5870DF1021BD29974BE33557CEA0D524667 ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:58:32.0612 0x0e1c  Wlansvc - ok
16:58:32.0768 0x0e1c  [ 98F138897EF4246381D197CB81846D62, A9FA88475AFBB8883297708608EC7C1AC29F229C3299A84D557172604813A18C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:58:32.0815 0x0e1c  wlidsvc - ok
16:58:32.0846 0x0e1c  [ 43471A750D4F3918AC92F5131AE252D3, E843AA1555262F521B924BBB1505474757E1BB9540FCCF93BC0BE2059F497C87 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
16:58:32.0846 0x0e1c  WmiAcpi - ok
16:58:32.0893 0x0e1c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:58:32.0909 0x0e1c  wmiApSrv - ok
16:58:32.0924 0x0e1c  WMPNetworkSvc - ok
16:58:32.0940 0x0e1c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:58:32.0940 0x0e1c  WPCSvc - ok
16:58:32.0956 0x0e1c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:58:32.0956 0x0e1c  WPDBusEnum - ok
16:58:32.0971 0x0e1c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:58:32.0987 0x0e1c  ws2ifsl - ok
16:58:33.0065 0x0e1c  [ E0A69AAB9D8F6EFDAD11AE261E3FE986, BD2B75A0A73636396F1556A8E153D994F75E4DC776B8FD1B1C73C5F2BF72FD79 ] WsAppService    C:\Program Files (x86)\Wondershare\WAF\2.4.2.223\WsAppService.exe
16:58:33.0065 0x0e1c  WsAppService - ok
16:58:33.0081 0x0e1c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
16:58:33.0081 0x0e1c  wscsvc - ok
16:58:33.0127 0x0e1c  [ E6BDB785DDB30427DE00F3B7039A73C2, 93AD43FBEC99B9CB510C121516EE2B354B9CD66FB77ACF00CCFE4D517639F7E0 ] WsDrvInst       C:\Program Files (x86)\Wondershare\MobileGo\DriverInstall.exe
16:58:33.0127 0x0e1c  WsDrvInst - ok
16:58:33.0143 0x0e1c  WSearch - ok
16:58:33.0252 0x0e1c  [ 0A2E5059B5775E7DBBE05B8156ECE0C6, 75584C0E9EACB26585795C24A0DE19709A6842D286B5DD99036880D66DD20CDD ] wuauserv        C:\Windows\system32\wuaueng.dll
16:58:33.0315 0x0e1c  wuauserv - ok
16:58:33.0346 0x0e1c  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:58:33.0346 0x0e1c  WudfPf - ok
16:58:33.0362 0x0e1c  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:58:33.0362 0x0e1c  WUDFRd - ok
16:58:33.0393 0x0e1c  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:58:33.0409 0x0e1c  wudfsvc - ok
16:58:33.0424 0x0e1c  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:58:33.0424 0x0e1c  WwanSvc - ok
16:58:33.0456 0x0e1c  [ 2EE48CFCE7CA8E0DB4C44C7476C0943B, 2C324592F3F2D50BABA7123B6F9FC922667CC132777E019FF615F2D6F273A45E ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
16:58:33.0456 0x0e1c  xusb21 - ok
16:58:33.0549 0x0e1c  [ 86840BE194AA7D42954B3D0CBE21C1FA, DE327A6708610ECBB35ED1ED0C2965881C9AE5B31E40C27E550670467DB2360A ] ZSMC30x         C:\Windows\system32\Drivers\ZS211.sys
16:58:33.0581 0x0e1c  ZSMC30x - ok
16:58:33.0612 0x0e1c  ================ Scan global ===============================
16:58:33.0643 0x0e1c  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
16:58:33.0690 0x0e1c  [ 14B9D4DB3CD804DC935C2AD0E655200B, 20B2F9581C787F6EC79D5C7A4B764EB4FF2F3E43DADCCAD81AB9C70A5B058F90 ] C:\Windows\system32\winsrv.dll
16:58:33.0706 0x0e1c  [ 14B9D4DB3CD804DC935C2AD0E655200B, 20B2F9581C787F6EC79D5C7A4B764EB4FF2F3E43DADCCAD81AB9C70A5B058F90 ] C:\Windows\system32\winsrv.dll
16:58:33.0721 0x0e1c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
16:58:33.0768 0x0e1c  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
16:58:33.0784 0x0e1c  [ Global ] - ok
16:58:33.0784 0x0e1c  ================ Scan MBR ==================================
16:58:33.0799 0x0e1c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
16:58:34.0284 0x0e1c  \Device\Harddisk1\DR1 - ok
16:58:34.0284 0x0e1c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:58:34.0393 0x0e1c  \Device\Harddisk0\DR0 - ok
16:58:34.0393 0x0e1c  ================ Scan VBR ==================================
16:58:34.0393 0x0e1c  [ 25B93AF45E3161E4E6F0734436DD0010 ] \Device\Harddisk1\DR1\Partition1
16:58:34.0409 0x0e1c  \Device\Harddisk1\DR1\Partition1 - ok
16:58:34.0409 0x0e1c  [ 27504BD0AE6EBDBE69E74BD3633F9D88 ] \Device\Harddisk1\DR1\Partition2
16:58:34.0409 0x0e1c  \Device\Harddisk1\DR1\Partition2 - ok
16:58:34.0409 0x0e1c  [ D92FBEB7F8555ABE754E8707CFC50262 ] \Device\Harddisk1\DR1\Partition3
16:58:34.0409 0x0e1c  \Device\Harddisk1\DR1\Partition3 - ok
16:58:34.0409 0x0e1c  [ 755BA15353D796E6EA5B1D9D01CF8995 ] \Device\Harddisk0\DR0\Partition1
16:58:34.0409 0x0e1c  \Device\Harddisk0\DR0\Partition1 - ok
16:58:34.0409 0x0e1c  [ 6EF7628F37DD77C0F4F1BF4985389BD2 ] \Device\Harddisk0\DR0\Partition2
16:58:34.0424 0x0e1c  \Device\Harddisk0\DR0\Partition2 - ok
16:58:34.0424 0x0e1c  [ 14DF279151325FCDA4EA9795058E2124 ] \Device\Harddisk0\DR0\Partition3
16:58:34.0424 0x0e1c  \Device\Harddisk0\DR0\Partition3 - ok
16:58:34.0424 0x0e1c  [ 767E2622404884C70B74F1FFCE9B7F2C ] \Device\Harddisk0\DR0\Partition4
16:58:34.0424 0x0e1c  \Device\Harddisk0\DR0\Partition4 - ok
16:58:34.0424 0x0e1c  ================ Scan generic autorun ======================
16:58:34.0784 0x0e1c  [ DA2D7BED47EF71BDFEEDDEEE76C965FD, 79DB43FB6E84AD492E45DD7F58235D65DF0750AED8E1CEF287D9D1379106A953 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
16:58:35.0112 0x0e1c  RTHDVCPL - ok
16:58:35.0206 0x0e1c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
16:58:35.0237 0x0e1c  Sidebar - ok
16:58:35.0268 0x0e1c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
16:58:35.0268 0x0e1c  mctadmin - ok
16:58:35.0315 0x0e1c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
16:58:35.0346 0x0e1c  Sidebar - ok
16:58:35.0346 0x0e1c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
16:58:35.0346 0x0e1c  mctadmin - ok
16:58:35.0346 0x0e1c  Waiting for KSN requests completion. In queue: 99
16:58:36.0346 0x0e1c  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.10.209.0 ), 0x60010 ( disabled : outofdate )
16:58:36.0362 0x0e1c  Win FW state via NFP2: enabled ( trusted )
16:58:36.0737 0x0e1c  ============================================================
16:58:36.0737 0x0e1c  Scan finished
16:58:36.0737 0x0e1c  ============================================================
16:58:36.0737 0x0308  Detected object count: 0
16:58:36.0737 0x0308  Actual detected object count: 0
16:59:35.0590 0x04b4  Deinitialize success

victor_TeReparoLaPC · 20 Junio, 2019 20:15

y aca el de FSS

Farbar Service Scanner Version: 27-01-2016
Ran by Mati (administrator) on 20-06-2019 at 17:03:50
Running from "C:\Users\Mati\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
LAN connected.
Attempt to access Google IP returned error. Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Policy: 
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

SanMar · 21 Junio, 2019 06:31

Hola @victor_TeReparoLaPC

Aun no se ha podido eliminar.

Una consulta supongo que si pero debo preguntar, tienes acceso a una unidad USB y otro equipo limpio?

Realiza lo siguiente:

1.- Desactiva temporalmente tu antivirus y cualquier programa de seguridad.

2.- Descarga a tu escritorio las siguientes herramientas:

Manual Malwarebytes Anti-Rootkit

3.- Malwarebytes Anti-Rootkits

Lo Instalas y actualizas.
Realiza un Análisis Completo de acuerdo a su Manual.

Guía : ¿Como Pegar reportes en el Foro?

Esperamos el reporte.

Salu2

victor_TeReparoLaPC · 22 Junio, 2019 02:02

Hola @SanMar disculpa la demora. Si, tengo un portatil limpio y con acceso a internet desde el mismo estoy bajando todo y pasando mediante pendrive a pc que estamos tratando

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
  main:    v2019.06.21.09
  rootkit: v2019.06.21.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.19035
Mati :: MATI-PC [administrator]

21/06/2019 22:10:32
mbar-log-2019-06-21 (22-10-32).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 191341
Time elapsed: 18 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

SanMar · 22 Junio, 2019 02:38

Hola @victor_TeReparoLaPC

Aunque el equipo infectado arranque normal necesito que lo hagas desde las Opciones de Recuperación.

Si tienes otro USB que no hayas usado hasta ahora mejor, al finalizar recuerdame que analicemos ese equipo limpio.

Realice lo siguiente:

Herramientas necesarias.

Un ordenador limpio con conexión a Internet.
Un USB.

Desde el ordenador limpio:.

Descargue FRST.EXE a su escritorio, seleccionando la versión adecuada para la arquitectura (32 o 64bits) de su equipo. >>> ¿Cómo saber si mi Windows es de 32 o 64 bits.?
Copie Frst.exe o Frst64.exe a su unidad USB.

Desde el equipo Infectado:

Conecte el Usb en el equipo infectado…

Ingrese a Símbolo de Sistema del Entorno de Recuperación.:

Para acceder a las Opciones de Recuperación del Sistema:

Instrucciones para Windows 7.

Reinicie el equipo.
Tan pronto como se carga el BIOS comienze a apretar la tecla F8 hasta que aparezcan las opciones avanzadas de arranque.
Selecciona Reparar el Equipo y presione enter.
Espere a que cargue, seleccione el idioma y configuración de teclado, clic en siguiente.
Seleccione el sistema operativo que desee reparar y haga clic en siguiente.
Seleccione su cuenta de usuario haga clic en siguiente.

En el menú de Opciones de Recuperación del Sistema vera las siguientes opciones:

Reparación de inicio.
Restaurar sistema.
Restauración de imagen del sistema.
Diagnóstico de memoria de Windows.
Símbolo del sistema.

Una vez en el Símbolo del Sistema:

En la ventana de Comandos, escriba notepad.exe, presione “Enter”.
Se abrirá la ventana del programa, en la parte superior vaya a Archivo >>> Abrir. *Seleccione “Equipo” para encontrar la letra de su Unidad USB, cierre el Bloc de Notas.

Una vez dentro de la Ventana de Comandos escribe tal cual x:frst.exe o x:frst64.exe según sea su caso, donde x debe ser reemplazada por la letra de Su unidad Usb.
Presione Enter.

La herramienta comenzará a correr.
Cuando la herramienta se abra le mostrará la ventana “Disclaimer”, haga clic en “Sí/Yes”.

Luego abrirá la ventana del programa:

Pulse el botón Scan.

Al finalizar el escaneo se creará un reporte Frst.txt o Frst64.txt en su USB. Conecte de nuevo el USB en el ordenador limpio, abra el archivo Frst.txt o Frst64.txt copie y pegue su contenido en su próxima respuesta.

Cualquier duda nos consulta.

Para tu seguridad imprime los pasos.

Salu2

victor_TeReparoLaPC · 22 Junio, 2019 02:54

No aparece la opción de reparar equipo solo las de modo seguro, modo seguro con funciones red, modo seguro con simbolo de sistema y las demas

SanMar · 22 Junio, 2019 02:59

Hola @victor_TeReparoLaPC

Hola tienes una .iso Windows 7 con la misma versión en un DVD/USB de arranque?

Salu2

victor_TeReparoLaPC · 22 Junio, 2019 03:10

Tengo un Aio de win 7

SanMar · 22 Junio, 2019 05:09

Hola:

Ese servirá:

Imagino por tu nombre que ya alguna vez has instalado Windows.

Configura Bios para arrancar desde el DVD como si fueras a reinstalar Windows.

Solo que debes elegir REPARAR.

Selecciona la instalación a reparar.

Entra a las opciones avanzadas >>> Simbolo del Sistema y sigues los pasos del post 18.

Salu2