supturb89

Members

View Profile See their activity

Posts
13
Joined
December 29, 2012
Last visited
February 21, 2015

Reputation

0 Neutral

lsass.exe using exorbitant memory

supturb89 replied to supturb89's topic in Resolved Malware Removal Logs

Gringo, Thanks for all your help. My computer is running great. Aaron
- January 1, 2013
- 22 replies
lsass.exe using exorbitant memory

supturb89 replied to supturb89's topic in Resolved Malware Removal Logs

Gringo, ESET found some threats. C:\Users\Webb\Downloads\MediaInfo_GUI_0.7.31_Windows_x64.exe Win32/OpenCandy application C:\Users\Webb\Downloads\MediaInfo_GUI_0.7.36_Windows_i386.exe Win32/OpenCandy application
- January 1, 2013
- 22 replies
lsass.exe using exorbitant memory

supturb89 replied to supturb89's topic in Resolved Malware Removal Logs

Gringo, I performed the steps you asked. Computer is running fine. Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2012.12.31.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Webb :: HTPC [administrator] 12/31/2012 9:24:09 AM mbam-log-2012-12-31 (09-24-09).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 234327 Time elapsed: 2 minute(s), 9 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:32:20 AM, on 12/31/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\Program Files (x86)\Garmin\gStart.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files (x86)\ZeeVee\ZvRemote\ZvRemote.exe C:\Windows\SysWOW64\ctfmon.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe C:\Users\Webb\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [WatcherHelper] "C:\Program Files (x86)\Sierra Wireless Inc\Watcher\WaHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKUS\S-1-5-18\..\RunOnce: [osk.exe] osk.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [Application Restart #0] C:\Windows\System32\osk.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [osk.exe] osk.exe (User 'Default user') O4 - Startup: ZvRemote.lnk = C:\Program Files (x86)\ZeeVee\ZvRemote\ZvRemote.exe O4 - Global Startup: Air Mouse.lnk = C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe O4 - Global Startup: Media Browser Service.lnk = C:\Program Files (x86)\MediaBrowser\MediaBrowser\MediaBrowserService.exe O4 - Global Startup: Windows Home Server.lnk = ? O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files (x86)\COMODO\COMODO livePCsupport\CLPSLS.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8033 bytes
- December 31, 2012
- 22 replies
lsass.exe using exorbitant memory

supturb89 replied to supturb89's topic in Resolved Malware Removal Logs

Grigo, I created the scrip and ran it with Comcofix. I ahve attached the log. My computer is running great. Again though the lsass.exe process is no longer running. ComboFix 12-12-31.01 - Webb 12/31/2012 8:24.2.2 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.3094 [GMT -6:00] Running from: c:\users\Webb\Desktop\ComboFix.exe Command switches used :: c:\users\Webb\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-31 ))))))))))))))))))))))))))))))) . . 2012-12-31 14:30 . 2012-12-31 14:30 -------- d-----w- c:\users\test\AppData\Local\temp 2012-12-31 14:30 . 2012-12-31 14:30 -------- d-----w- c:\users\test.HTPC\AppData\Local\temp 2012-12-31 14:30 . 2012-12-31 14:30 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-31 01:53 . 2012-12-31 01:53 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-12-31 01:53 . 2012-12-31 01:52 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-12-31 01:49 . 2012-12-31 01:49 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CBDA262E-5FCC-4B41-B1E7-7BEC5A2B2BA5}\offreg.dll 2012-12-29 03:03 . 2012-12-29 03:03 -------- d-----w- c:\users\Webb\AppData\Roaming\Malwarebytes 2012-12-29 03:03 . 2012-12-29 03:03 -------- d-----w- c:\programdata\Malwarebytes 2012-12-29 03:03 . 2012-12-29 03:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-12-29 03:03 . 2012-12-14 22:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-29 03:02 . 2012-12-29 03:02 -------- d-----w- c:\users\Webb\AppData\Local\Programs 2012-12-28 18:41 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CBDA262E-5FCC-4B41-B1E7-7BEC5A2B2BA5}\mpengine.dll 2012-12-21 13:54 . 2012-12-21 13:56 -------- d-----w- c:\program files (x86)\Google 2012-12-21 09:00 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-21 09:00 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-21 09:00 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 09:00 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-11 19:07 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-11 19:07 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-12-11 19:05 . 2012-10-04 16:47 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-31 01:52 . 2012-10-19 11:18 859072 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-12-31 01:52 . 2010-04-25 02:57 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-12-12 11:13 . 2012-04-07 13:19 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-12 11:13 . 2011-05-21 19:42 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-12 09:01 . 2010-04-23 02:37 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-11-07 23:38 . 2010-04-09 06:25 94288 ----a-w- c:\windows\system32\drivers\inspect.sys 2012-11-07 23:38 . 2010-04-09 06:25 38144 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2012-11-07 23:37 . 2010-04-09 06:25 584056 ----a-w- c:\windows\system32\drivers\cmdGuard.sys 2012-11-07 23:37 . 2010-04-09 06:25 22736 ----a-w- c:\windows\system32\drivers\cmderd.sys 2012-11-07 23:37 . 2012-01-18 13:15 41240 ----a-w- c:\windows\system32\cmdcsr.dll 2012-11-07 23:37 . 2010-04-09 06:26 301264 ----a-w- c:\windows\SysWow64\guard32.dll 2012-11-07 23:37 . 2010-04-09 06:26 390392 ----a-w- c:\windows\system32\guard64.dll 2012-10-30 23:51 . 2010-04-23 02:32 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-10-30 23:51 . 2011-03-09 01:52 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-10-30 23:51 . 2010-04-23 02:32 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-10-30 23:51 . 2010-04-23 02:32 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-10-30 23:51 . 2010-04-23 02:32 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-10-30 23:51 . 2010-07-24 02:43 41224 ----a-w- c:\windows\avastSS.scr 2012-10-30 23:50 . 2010-04-23 02:31 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-10-30 23:50 . 2011-02-13 22:36 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-10-19 15:29 . 2012-10-19 15:29 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin 2012-10-16 08:38 . 2012-11-27 18:55 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-27 18:55 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-27 18:55 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-15 16:59 . 2012-04-07 13:20 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-10-09 18:17 . 2012-11-14 10:50 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-10-09 18:17 . 2012-11-14 10:50 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-10-09 17:40 . 2012-11-14 10:50 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40 . 2012-11-14 10:50 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll 2012-10-04 20:29 . 2012-03-15 06:40 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2012-10-04 20:28 . 2012-02-19 21:32 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-10-04 20:28 . 2012-02-19 21:32 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-10-04 20:28 . 2012-02-19 21:32 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-10-04 16:40 . 2012-12-11 19:05 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-10-03 17:56 . 2012-11-14 10:49 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-10-03 17:44 . 2012-11-14 10:49 70656 ----a-w- c:\windows\system32\nlaapi.dll 2012-10-03 17:44 . 2012-11-14 10:49 303104 ----a-w- c:\windows\system32\nlasvc.dll 2012-10-03 17:44 . 2012-11-14 10:49 246272 ----a-w- c:\windows\system32\netcorehc.dll 2012-10-03 17:44 . 2012-11-14 10:49 18944 ----a-w- c:\windows\system32\netevent.dll 2012-10-03 17:44 . 2012-11-14 10:49 216576 ----a-w- c:\windows\system32\ncsi.dll 2012-10-03 17:42 . 2012-11-14 10:49 569344 ----a-w- c:\windows\system32\iphlpsvc.dll 2012-10-03 16:42 . 2012-11-14 10:49 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll 2012-10-03 16:42 . 2012-11-14 10:49 18944 ----a-w- c:\windows\SysWow64\netevent.dll 2012-10-03 16:42 . 2012-11-14 10:49 156672 ----a-w- c:\windows\SysWow64\ncsi.dll 2012-10-03 16:07 . 2012-11-14 10:49 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2010-12-07 22:27 . 2010-11-21 17:11 331249 ----a-w- c:\program files (x86)\Clown_BD_v0.79.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-27 98304] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888] "WatcherHelper"="c:\program files (x86)\Sierra Wireless Inc\Watcher\WaHelper.exe" [2009-06-12 53248] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "osk.exe"="osk.exe" [2009-07-14 646144] "Application Restart 0"="c:\windows\System32\osk.exe" [2009-07-14 646144] . c:\users\Webb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ ZvRemote.lnk - c:\program files (x86)\ZeeVee\ZvRemote\ZvRemote.exe [2010-2-10 1565944] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Air Mouse.lnk - c:\program files (x86)\Air Mouse\Air Mouse\Air Mouse.exe [2010-6-27 1018856] Media Browser Service.lnk - c:\program files (x86)\MediaBrowser\MediaBrowser\MediaBrowserService.exe [2012-1-14 135168] Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2012-1-2 666992] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992] R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe [2009-08-24 93336] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-02-18 51712] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-23 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-11-07 584056] S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-11-07 38144] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-27 203776] S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2011-01-10 231280] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600] S2 CLPSLS;COMODO livePCsupport Service;c:\program files (x86)\COMODO\COMODO livePCsupport\CLPSLS.exe [2010-02-19 148744] S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [2011-01-10 109936] S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2011-01-10 489840] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040] . . Contents of the 'Scheduled Tasks' folder . 2012-12-31 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 11:13] . 2012-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-21 13:54] . 2012-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-21 13:54] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 23:50 133400 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 9577680] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Webb\AppData\Roaming\Mozilla\Firefox\Profiles\ek5gyir8.default\ FF - prefs.js: browser.startup.homepage - www.google.com . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-gStart - c:\program files (x86)\Garmin\gStart.exe SafeBoot-06223878.sys . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-12-31 08:32:27 ComboFix-quarantined-files.txt 2012-12-31 14:32 ComboFix2.txt 2012-12-30 14:11 . Pre-Run: 97,690,898,432 bytes free Post-Run: 97,392,054,272 bytes free . - - End Of File - - B20D5A267C7EC9E84E2D218E7E8DBAF8
- December 31, 2012
- 22 replies
lsass.exe using exorbitant memory

supturb89 replied to supturb89's topic in Resolved Malware Removal Logs

Gringo, I ran the MBrootkit and no threats were found. My computer is running great but as I said in a previous reply the lsass.exe process is no longer running according to the task manager. Aaron
- December 31, 2012
- 22 replies
lsass.exe using exorbitant memory

supturb89 replied to supturb89's topic in Resolved Malware Removal Logs

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2012-12-30 14:14:03 ----------------------------- 14:14:03.509 OS Version: Windows x64 6.1.7601 Service Pack 1 14:14:03.509 Number of processors: 2 586 0x4303 14:14:03.509 ComputerName: HTPC UserName: Webb 14:14:04.273 Initialize success 14:14:07.736 AVAST engine defs: 12123000 14:14:16.831 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 14:14:16.831 Disk 0 Vendor: WDC_WD2500YD-01NVB1 10.02E01 Size: 239372MB BusType: 3 14:14:16.847 Disk 0 MBR read successfully 14:14:16.847 Disk 0 MBR scan 14:14:16.847 Disk 0 Windows 7 default MBR code 14:14:16.862 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 188252 MB offset 2048 14:14:16.862 Disk 0 Partition - 00 05 Extended 51113 MB offset 385543935 14:14:16.894 Disk 0 Partition 2 00 82 Linux swap 2133 MB offset 485853858 14:14:16.956 Disk 0 scanning C:\Windows\system32\drivers 14:14:29.982 Service scanning 14:14:46.331 Modules scanning 14:14:46.331 Disk 0 trace - called modules: 14:14:46.347 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys 14:14:46.861 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004893220] 14:14:46.861 3 CLASSPNP.SYS[fffff88001b9243f] -> nt!IofCallDriver -> [0xfffffa800489d9b0] 14:14:46.861 5 ACPI.sys[fffff88000f6d7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004885680] 14:14:47.298 AVAST engine scan C:\Windows 14:14:50.637 AVAST engine scan C:\Windows\system32 14:18:03.484 AVAST engine scan C:\Windows\system32\drivers 14:18:15.871 AVAST engine scan C:\Users\Webb 14:20:04.135 AVAST engine scan C:\ProgramData 14:23:36.936 Scan finished successfully 14:24:06.233 Disk 0 MBR has been saved successfully to "C:\Users\Webb\Desktop\MBR.dat" 14:24:06.233 The log file has been saved successfully to "C:\Users\Webb\Desktop\aswMBR.txt"
- December 30, 2012
- 22 replies
lsass.exe using exorbitant memory

supturb89 replied to supturb89's topic in Resolved Malware Removal Logs

more TDSKiller 14:11:42.0330 4428 C:\Windows\System32\SearchFilterHost.exe - ok 14:11:42.0345 4428 [ 101797BA603D227946B4B5109867EB19 ] C:\Windows\System32\SyncCenter.dll 14:11:42.0345 4428 C:\Windows\System32\SyncCenter.dll - ok 14:11:42.0345 4428 [ 48041BAEB60CE5F34F13CC2A1361E49C ] C:\Windows\System32\mssph.dll 14:11:42.0345 4428 C:\Windows\System32\mssph.dll - ok 14:11:42.0345 4428 [ 021287C2050FD5DB4A8B084E2C38139C ] C:\Windows\System32\WinSATAPI.dll 14:11:42.0345 4428 C:\Windows\System32\WinSATAPI.dll - ok 14:11:42.0361 4428 [ C8541AECCCA9260DE93C85F214110FA8 ] C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\wpfgfx_v0300.dll 14:11:42.0361 4428 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\wpfgfx_v0300.dll - ok 14:11:42.0361 4428 [ 8F4BB0CFECED925D440ABC2481278360 ] C:\Windows\System32\mapi32.dll 14:11:42.0361 4428 C:\Windows\System32\mapi32.dll - ok 14:11:42.0361 4428 [ 28A7D7C7E2FDD1D55F12F750CD6331EC ] C:\Windows\System32\MSMPEG2ENC.DLL 14:11:42.0361 4428 C:\Windows\System32\MSMPEG2ENC.DLL - ok 14:11:42.0377 4428 [ D47EC6A8E81633DD18D2436B19BAF6DE ] C:\Windows\System32\upnphost.dll 14:11:42.0377 4428 C:\Windows\System32\upnphost.dll - ok 14:11:42.0377 4428 [ 8130391F82D52D36C0441F714136957F ] C:\Windows\System32\imapi2.dll 14:11:42.0377 4428 C:\Windows\System32\imapi2.dll - ok 14:11:42.0377 4428 [ 2730BC63D4896F7976D9D31BC9786EBA ] C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll 14:11:42.0377 4428 C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll - ok 14:11:42.0392 4428 [ 6A5C1A8AC0B572679361026D0E900420 ] C:\Windows\System32\hgcpl.dll 14:11:42.0392 4428 C:\Windows\System32\hgcpl.dll - ok 14:11:42.0392 4428 [ D64D99EC088B54FFE8EE67A480386C20 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll 14:11:42.0392 4428 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll - ok 14:11:42.0392 4428 [ 07AD88DF9EF73215458867EFC1BFFE9E ] C:\Windows\System32\wbem\wmiprov.dll 14:11:42.0392 4428 C:\Windows\System32\wbem\wmiprov.dll - ok 14:11:42.0392 4428 [ 4C3DAEE652B005B483F16B8E9131C99D ] C:\Windows\System32\d3d9.dll 14:11:42.0392 4428 C:\Windows\System32\d3d9.dll - ok 14:11:42.0408 4428 [ 0438CAB2E03F4FB61455A7956026FE86 ] C:\Windows\System32\fdPHost.dll 14:11:42.0408 4428 C:\Windows\System32\fdPHost.dll - ok 14:11:42.0408 4428 [ 171D7DB433314A868507C4326E8209DC ] C:\Windows\System32\fdWSD.dll 14:11:42.0408 4428 C:\Windows\System32\fdWSD.dll - ok 14:11:42.0408 4428 [ A2E5B2D20954210DCE1A75A1FC8CC36D ] C:\Windows\System32\fdSSDP.dll 14:11:42.0408 4428 C:\Windows\System32\fdSSDP.dll - ok 14:11:42.0423 4428 [ EFDFB3DD38A4376F93E7985173813ABD ] C:\Windows\System32\ListSvc.dll 14:11:42.0423 4428 C:\Windows\System32\ListSvc.dll - ok 14:11:42.0423 4428 [ B6411CED931AFD059E48C52DBFBA95B4 ] C:\Windows\System32\P2P.dll 14:11:42.0423 4428 C:\Windows\System32\P2P.dll - ok 14:11:42.0423 4428 [ 3EAC4455472CC2C97107B5291E0DCAFE ] C:\Windows\System32\pnrpsvc.dll 14:11:42.0423 4428 C:\Windows\System32\pnrpsvc.dll - ok 14:11:42.0439 4428 [ 4A82EA2807B16FF577AEAF8ADB8779FF ] C:\Windows\System32\IdListen.dll 14:11:42.0439 4428 C:\Windows\System32\IdListen.dll - ok 14:11:42.0439 4428 [ A0524499F4C63CADA7E1529FC77F5DC1 ] C:\Windows\System32\hgprint.dll 14:11:42.0439 4428 C:\Windows\System32\hgprint.dll - ok 14:11:42.0439 4428 [ 3044D07ABDF4BBEA27E2EE7B1E0C0C65 ] C:\Windows\System32\d3d8thk.dll 14:11:42.0439 4428 C:\Windows\System32\d3d8thk.dll - ok 14:11:42.0439 4428 [ 927463ECB02179F88E4B9A17568C63C3 ] C:\Windows\System32\p2psvc.dll 14:11:42.0439 4428 C:\Windows\System32\p2psvc.dll - ok 14:11:42.0455 4428 [ C16628F1DFA5495A22E1DA05A852722C ] C:\Windows\System32\atiu9p64.dll 14:11:42.0455 4428 C:\Windows\System32\atiu9p64.dll - ok 14:11:42.0455 4428 [ 3AEE02CEDAA3ACD14F9D7E038E44D6D1 ] C:\Windows\System32\P2PGraph.dll 14:11:42.0455 4428 C:\Windows\System32\P2PGraph.dll - ok 14:11:42.0455 4428 [ 71E68F2443A80BD4DA89181889C457EA ] C:\Windows\System32\udhisapi.dll 14:11:42.0455 4428 C:\Windows\System32\udhisapi.dll - ok 14:11:42.0470 4428 [ 21E0179A49F1E1B50520C1D528D8F7B7 ] C:\Windows\System32\atiumd64.dll 14:11:42.0470 4428 C:\Windows\System32\atiumd64.dll - ok 14:11:42.0470 4428 [ 63C9BE8CD9815CB6BD2C2221A0034BE0 ] C:\Windows\System32\atiumd6a.dll 14:11:42.0470 4428 C:\Windows\System32\atiumd6a.dll - ok 14:11:42.0486 4428 [ 70C8F2121EA29625A4913336AF781725 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\adcf9e45725f341acbd5d3fcd0a54572\PresentationFramework.Aero.ni.dll 14:11:42.0486 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\adcf9e45725f341acbd5d3fcd0a54572\PresentationFramework.Aero.ni.dll - ok 14:11:42.0486 4428 [ B439EFB7F218ED0849B4CC2D4A7FE1D3 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\63ba654893f4fc924ff75cf785744150\System.Core.ni.dll 14:11:42.0486 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\63ba654893f4fc924ff75cf785744150\System.Core.ni.dll - ok 14:11:42.0486 4428 [ 0BF4362E18DFC52382F418278DCC52C4 ] C:\Windows\System32\rdpdd.dll 14:11:42.0486 4428 C:\Windows\System32\rdpdd.dll - ok 14:11:42.0501 4428 [ FF6148B1C150DA05D35C68D143AD6DEA ] C:\Windows\System32\RDPENCDD.dll 14:11:42.0501 4428 C:\Windows\System32\RDPENCDD.dll - ok 14:11:42.0501 4428 [ A23A9301EE7152FB6776052E52BDE9D9 ] C:\Windows\System32\RDPREFDD.dll 14:11:42.0501 4428 C:\Windows\System32\RDPREFDD.dll - ok 14:11:42.0501 4428 [ F718374D57E7469C8A633B168D1EBF54 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\226e588583e180296094202f09fc5ddd\Microsoft.MediaCenter.ni.dll 14:11:42.0501 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\226e588583e180296094202f09fc5ddd\Microsoft.MediaCenter.ni.dll - ok 14:11:42.0517 4428 [ BB34C799E8ADB9B3253A375F65D9C2C1 ] C:\ProgramData\MediaBrowser\System.Data.SQLite.dll 14:11:42.0517 4428 C:\ProgramData\MediaBrowser\System.Data.SQLite.dll - ok 14:11:42.0517 4428 [ D233C7FEAE3FAA25F93A9E6B46815ADC ] C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcr90.dll 14:11:42.0517 4428 C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcr90.dll - ok 14:11:42.0517 4428 [ A4D07BCCCDF8211D4027E37A43E20163 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\ee5c9facac5c7dbf9c4b1e160f76daae\System.Data.ni.dll 14:11:42.0517 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\ee5c9facac5c7dbf9c4b1e160f76daae\System.Data.ni.dll - ok 14:11:42.0517 4428 [ 98D53BB2DB8E11762D30C3CF41FA140B ] C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll 14:11:42.0517 4428 C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll - ok 14:11:42.0533 4428 [ E4806AC8BE2D890193252D4BEE7EA95C ] C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll 14:11:42.0533 4428 C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll - ok 14:11:42.0533 4428 [ F0A079CB4F819DD2AB94B06B3C17BF4C ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\2110a213770c5bf08d61fb266706eb6d\System.Transactions.ni.dll 14:11:42.0533 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\2110a213770c5bf08d61fb266706eb6d\System.Transactions.ni.dll - ok 14:11:42.0533 4428 [ E4FD4F6D50FB4D4CD66F1611664F7276 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\7b5db8785f8af88c502b492d8f83a90e\System.EnterpriseServices.ni.dll 14:11:42.0533 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\7b5db8785f8af88c502b492d8f83a90e\System.EnterpriseServices.ni.dll - ok 14:11:42.0548 4428 [ 2E7ADF9B0389CD94605717784D7E416A ] C:\Windows\System32\drttransport.dll 14:11:42.0548 4428 C:\Windows\System32\drttransport.dll - ok 14:11:42.0548 4428 [ C57BC99A4467B3E8F1CC2184A3F46729 ] C:\Windows\System32\drt.dll 14:11:42.0548 4428 C:\Windows\System32\drt.dll - ok 14:11:42.0548 4428 [ C5413BC4F10CEB4C3070BBF04D324117 ] C:\Windows\SysWOW64\msisip.dll 14:11:42.0548 4428 C:\Windows\SysWOW64\msisip.dll - ok 14:11:42.0564 4428 [ E8F6851E4600CD3674422487EE240941 ] C:\Windows\SysWOW64\wshext.dll 14:11:42.0564 4428 C:\Windows\SysWOW64\wshext.dll - ok 14:11:42.0564 4428 [ 2875B386B45B8A77E2343C5E129AE50C ] C:\Windows\SysWOW64\WindowsPowerShell\v1.0\pwrshsip.dll 14:11:42.0564 4428 C:\Windows\SysWOW64\WindowsPowerShell\v1.0\pwrshsip.dll - ok 14:11:42.0564 4428 [ 559D9CBFC29DEE2773B28D38851683BA ] C:\Program Files (x86)\Microsoft Silverlight\xapauthenticodesip.dll 14:11:42.0564 4428 C:\Program Files (x86)\Microsoft Silverlight\xapauthenticodesip.dll - ok 14:11:42.0579 4428 [ 3D3CBD1847F980FB03343A63671E7886 ] C:\Windows\SysWOW64\schannel.dll 14:11:42.0579 4428 C:\Windows\SysWOW64\schannel.dll - ok 14:11:42.0579 4428 [ 7F19838AC317C34FCED020BE529AF71E ] C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe 14:11:42.0579 4428 C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe - ok 14:11:42.0579 4428 [ 3206A288014B1207F4E86336385CB41D ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDPROV.DLL 14:11:42.0579 4428 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDPROV.DLL - ok 14:11:42.0595 4428 [ 81953836F678A7353A797E3F7DE69B55 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\wlidcli.dll 14:11:42.0595 4428 C:\Program Files\Common Files\Microsoft Shared\Windows Live\wlidcli.dll - ok 14:11:42.0595 4428 [ F2C7BB8ACC97F92E987A2D4087D021B1 ] C:\Windows\System32\notepad.exe 14:11:42.0595 4428 C:\Windows\System32\notepad.exe - ok 14:11:42.0595 4428 [ F146E2BA475893DD77B2370DC1211FC6 ] C:\Windows\System32\drivers\55281566.sys 14:11:42.0595 4428 C:\Windows\System32\drivers\55281566.sys - ok 14:11:42.0611 4428 [ 3819AD4329303EAC88480CA16A650735 ] C:\Windows\System32\UIAnimation.dll 14:11:42.0611 4428 C:\Windows\System32\UIAnimation.dll - ok 14:11:42.0611 4428 [ 102CF6879887BBE846A00C459E6D4ABC ] C:\Windows\SysWOW64\riched20.dll 14:11:42.0611 4428 C:\Windows\SysWOW64\riched20.dll - ok 14:11:42.0611 4428 [ E2A17BCC08D92F42E08AF6BA2F93ABA7 ] C:\Windows\SysWOW64\ExplorerFrame.dll 14:11:42.0611 4428 C:\Windows\SysWOW64\ExplorerFrame.dll - ok 14:11:42.0626 4428 [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\SysWOW64\duser.dll 14:11:42.0626 4428 C:\Windows\SysWOW64\duser.dll - ok 14:11:42.0626 4428 [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\SysWOW64\dui70.dll 14:11:42.0626 4428 C:\Windows\SysWOW64\dui70.dll - ok 14:11:42.0626 4428 [ 2898035F522BA2989BBA8B9CFB020FD2 ] C:\Program Files\Alwil Software\Avast5\defs\12123000\aspColl.dll 14:11:42.0626 4428 C:\Program Files\Alwil Software\Avast5\defs\12123000\aspColl.dll - ok 14:11:42.0642 4428 [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 14:11:42.0642 4428 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok 14:11:42.0642 4428 [ E5F7C30EDF0892667933BE879F067D67 ] C:\Windows\SysWOW64\msvcr100_clr0400.dll 14:11:42.0642 4428 C:\Windows\SysWOW64\msvcr100_clr0400.dll - ok 14:11:42.0642 4428 [ D83947A58613E9091B4C9CC0F1546A8D ] C:\Windows\SysWOW64\mscoree.dll 14:11:42.0642 4428 C:\Windows\SysWOW64\mscoree.dll - ok 14:11:42.0657 4428 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 14:11:42.0657 4428 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe - ok 14:11:42.0657 4428 [ CB21CD39637AC13F3455454B2F648257 ] C:\Windows\System32\msvcr100_clr0400.dll 14:11:42.0657 4428 C:\Windows\System32\msvcr100_clr0400.dll - ok 14:11:42.0657 4428 [ 5C4CB4086FB83115B153E47ADD961A0C ] C:\Windows\System32\FntCache.dll 14:11:42.0657 4428 C:\Windows\System32\FntCache.dll - ok 14:11:42.0673 4428 [ E4024CCF225A936207294DE50925D4F6 ] C:\Program Files (x86)\Google\Update\1.3.21.123\goopdateres_en.dll 14:11:42.0673 4428 C:\Program Files (x86)\Google\Update\1.3.21.123\goopdateres_en.dll - ok 14:11:42.0673 4428 [ E17E0188BB90FAE42D83E98707EFA59C ] C:\Windows\System32\sppsvc.exe 14:11:42.0673 4428 C:\Windows\System32\sppsvc.exe - ok 14:11:42.0673 4428 [ FFF95479C7AB1550F0750A5D01744211 ] C:\Windows\System32\drivers\spsys.sys 14:11:42.0673 4428 C:\Windows\System32\drivers\spsys.sys - ok 14:11:42.0689 4428 [ E8B1FE6669397D1772D8196DF0E57A9E ] C:\Windows\System32\wscsvc.dll 14:11:42.0689 4428 C:\Windows\System32\wscsvc.dll - ok 14:11:42.0689 4428 [ C47F35CC6FA4F1BDBEF8F87AC1A46537 ] C:\Windows\System32\wuapi.dll 14:11:42.0689 4428 C:\Windows\System32\wuapi.dll - ok 14:11:42.0689 4428 [ FA43D418BC945D27D0625B697B8442B5 ] C:\Windows\System32\cabinet.dll 14:11:42.0689 4428 C:\Windows\System32\cabinet.dll - ok 14:11:42.0689 4428 [ E746ED90132C6B6313CE9179F56BD31D ] C:\Windows\System32\wups.dll 14:11:42.0689 4428 C:\Windows\System32\wups.dll - ok 14:11:42.0704 4428 [ 7DF186D86CF8C571A12AAB788C777F84 ] C:\Windows\SysWOW64\wscproxystub.dll 14:11:42.0704 4428 C:\Windows\SysWOW64\wscproxystub.dll - ok 14:11:42.0704 4428 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] C:\Windows\System32\wuaueng.dll 14:11:42.0704 4428 C:\Windows\System32\wuaueng.dll - ok 14:11:42.0704 4428 [ 617F6EC0AC677C685479C1D0D1E76C6F ] C:\Windows\System32\mspatcha.dll 14:11:42.0704 4428 C:\Windows\System32\mspatcha.dll - ok 14:11:42.0720 4428 [ F6F22291024906E43D135A4B1705FEAC ] C:\Windows\System32\sppwinob.dll 14:11:42.0720 4428 C:\Windows\System32\sppwinob.dll - ok 14:11:42.0720 4428 [ 7FE0D0C8F53735EA17C9AE93EFE7AD5A ] C:\Windows\System32\wups2.dll 14:11:42.0720 4428 C:\Windows\System32\wups2.dll - ok 14:11:42.0720 4428 [ 2B373B5F7E36B5ED5DA176D4400EF091 ] C:\Windows\System32\sppobjs.dll 14:11:42.0720 4428 C:\Windows\System32\sppobjs.dll - ok 14:11:42.0735 4428 [ 769765CE2CC62867468CEA93969B2242 ] C:\Windows\System32\drivers\asyncmac.sys 14:11:42.0735 4428 C:\Windows\System32\drivers\asyncmac.sys - ok 14:11:42.0735 4428 [ 81252AA3B13743020BCF2089A5A0D911 ] C:\Windows\System32\wscinterop.dll 14:11:42.0735 4428 C:\Windows\System32\wscinterop.dll - ok 14:11:42.0735 4428 [ DF50DAE4C547285E4997A0C61063B632 ] C:\Windows\System32\wscui.cpl 14:11:42.0735 4428 C:\Windows\System32\wscui.cpl - ok 14:11:42.0735 4428 [ F9959237F106F2B2609E61A290C0652E ] C:\Windows\System32\werconcpl.dll 14:11:42.0735 4428 C:\Windows\System32\werconcpl.dll - ok 14:11:42.0751 4428 [ 7E591867422DC788B9E5BD337A669A08 ] C:\Windows\System32\wercplsupport.dll 14:11:42.0751 4428 C:\Windows\System32\wercplsupport.dll - ok 14:11:42.0751 4428 [ 809AE7D4ACE06BBCF621E5C504BF6FC8 ] C:\Windows\System32\hcproviders.dll 14:11:42.0751 4428 C:\Windows\System32\hcproviders.dll - ok 14:11:42.0751 4428 [ 0D893F8D145D3B125B0226727C243A69 ] C:\Windows\System32\security.dll 14:11:42.0751 4428 C:\Windows\System32\security.dll - ok 14:11:42.0767 4428 [ 012787CEB35505EB78DF82E0A0072888 ] C:\Windows\System32\browcli.dll 14:11:42.0767 4428 C:\Windows\System32\browcli.dll - ok 14:11:42.0767 4428 [ C4BFE4B61086416B0529212F92BCE081 ] C:\Windows\System32\schedcli.dll 14:11:42.0767 4428 C:\Windows\System32\schedcli.dll - ok 14:11:42.0767 4428 [ 5EA9A0950F322BFA382AF277801C0307 ] C:\Windows\System32\wbem\wmipcima.dll 14:11:42.0767 4428 C:\Windows\System32\wbem\wmipcima.dll - ok 14:11:42.0782 4428 [ C00DB14550E4BD49737F311C644E45FF ] C:\Windows\System32\wmi.dll 14:11:42.0782 4428 C:\Windows\System32\wmi.dll - ok 14:11:42.0782 4428 [ B6D6886149573278CBA6ABD44C4317F5 ] C:\Windows\System32\slwga.dll 14:11:42.0782 4428 C:\Windows\System32\slwga.dll - ok 14:11:42.0782 4428 ============================================================ 14:11:42.0782 4428 Scan finished 14:11:42.0782 4428 ============================================================ 14:11:42.0798 2956 Detected object count: 1 14:11:42.0798 2956 Actual detected object count: 1 14:12:22.0071 2956 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - skipped by user 14:12:22.0071 2956 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:12:28.0202 3828 Deinitialize success
- December 30, 2012
- 22 replies
lsass.exe using exorbitant memory

supturb89 replied to supturb89's topic in Resolved Malware Removal Logs

more TDSKiller 14:11:39.0693 4428 C:\Program Files\Alwil Software\Avast5\aswStrm.dll - ok 14:11:39.0693 4428 [ F436E847FA799ECD75AD8C313673F450 ] C:\Windows\SysWOW64\cfgmgr32.dll 14:11:39.0693 4428 C:\Windows\SysWOW64\cfgmgr32.dll - ok 14:11:39.0693 4428 [ 262F6592C3299C005FD6BEC90FC4463A ] C:\Windows\System32\schedsvc.dll 14:11:39.0693 4428 C:\Windows\System32\schedsvc.dll - ok 14:11:39.0693 4428 [ 945E54F23C72D37B8CD1987AF0DB63BF ] C:\Windows\System32\fveapi.dll 14:11:39.0693 4428 C:\Windows\System32\fveapi.dll - ok 14:11:39.0709 4428 [ BC414631876B2F28B8DAB08E849C12C5 ] C:\Windows\System32\ktmw32.dll 14:11:39.0709 4428 C:\Windows\System32\ktmw32.dll - ok 14:11:39.0709 4428 [ 891ECFD08E2C538B7948CBC45106D697 ] C:\Windows\System32\fvecerts.dll 14:11:39.0709 4428 C:\Windows\System32\fvecerts.dll - ok 14:11:39.0709 4428 [ 694865362F0965779F92BCFE97712323 ] C:\Windows\System32\tbs.dll 14:11:39.0709 4428 C:\Windows\System32\tbs.dll - ok 14:11:39.0725 4428 [ 8269210DAF3B12BC8300631B28A2A442 ] C:\Windows\System32\wiarpc.dll 14:11:39.0725 4428 C:\Windows\System32\wiarpc.dll - ok 14:11:39.0725 4428 [ 6DC4A7242F565C9E9C9CCC7BB0FA75C7 ] C:\Windows\System32\taskcomp.dll 14:11:39.0725 4428 C:\Windows\System32\taskcomp.dll - ok 14:11:39.0725 4428 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] C:\Windows\System32\drivers\http.sys 14:11:39.0725 4428 C:\Windows\System32\drivers\http.sys - ok 14:11:39.0740 4428 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] C:\Windows\System32\spoolsv.exe 14:11:39.0740 4428 C:\Windows\System32\spoolsv.exe - ok 14:11:39.0740 4428 [ 517110BD83835338C037269E603DB55D ] C:\Windows\System32\taskhost.exe 14:11:39.0740 4428 C:\Windows\System32\taskhost.exe - ok 14:11:39.0740 4428 [ 94EEAC26F57811BD1AEFC164412F7FCE ] C:\Windows\System32\PlaySndSrv.dll 14:11:39.0740 4428 C:\Windows\System32\PlaySndSrv.dll - ok 14:11:39.0756 4428 [ 1F1CA9E99DD5BF918BE0BF30B5A42FDA ] C:\Windows\System32\MsCtfMonitor.dll 14:11:39.0756 4428 C:\Windows\System32\MsCtfMonitor.dll - ok 14:11:39.0756 4428 [ F09A9A1AD21FE618C4C8B0A0D830C886 ] C:\Windows\System32\msutb.dll 14:11:39.0756 4428 C:\Windows\System32\msutb.dll - ok 14:11:39.0756 4428 [ 9BB99503D6A4DD62569EDE9E5E2672A5 ] C:\Windows\System32\HotStartUserAgent.dll 14:11:39.0756 4428 C:\Windows\System32\HotStartUserAgent.dll - ok 14:11:39.0771 4428 [ 82974D6A2FD19445CC5171FC378668A4 ] C:\Windows\System32\BFE.DLL 14:11:39.0771 4428 C:\Windows\System32\BFE.DLL - ok 14:11:39.0771 4428 [ 6C02A83164F5CC0A262F4199F0871CF5 ] C:\Windows\System32\drivers\bowser.sys 14:11:39.0771 4428 C:\Windows\System32\drivers\bowser.sys - ok 14:11:39.0771 4428 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] C:\Windows\System32\drivers\mpsdrv.sys 14:11:39.0771 4428 C:\Windows\System32\drivers\mpsdrv.sys - ok 14:11:39.0771 4428 [ A5D9106A73DC88564C825D317CAC68AC ] C:\Windows\System32\drivers\mrxsmb.sys 14:11:39.0771 4428 C:\Windows\System32\drivers\mrxsmb.sys - ok 14:11:39.0787 4428 [ D711B3C1D5F42C0C2415687BE09FC163 ] C:\Windows\System32\drivers\mrxsmb10.sys 14:11:39.0787 4428 C:\Windows\System32\drivers\mrxsmb10.sys - ok 14:11:39.0787 4428 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] C:\Windows\System32\MPSSVC.dll 14:11:39.0787 4428 C:\Windows\System32\MPSSVC.dll - ok 14:11:39.0787 4428 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] C:\Windows\System32\drivers\mrxsmb20.sys 14:11:39.0787 4428 C:\Windows\System32\drivers\mrxsmb20.sys - ok 14:11:39.0803 4428 [ 851A1382EED3E3A7476DB004F4EE3E1A ] C:\Windows\System32\wkssvc.dll 14:11:39.0803 4428 C:\Windows\System32\wkssvc.dll - ok 14:11:39.0803 4428 [ C67F8A962B2534224D5908D16D2AD3CE ] C:\Windows\System32\wfapigp.dll 14:11:39.0803 4428 C:\Windows\System32\wfapigp.dll - ok 14:11:39.0803 4428 [ 1834B31C749B86DAC233BBBA1C03BC48 ] C:\Windows\System32\mscms.dll 14:11:39.0803 4428 C:\Windows\System32\mscms.dll - ok 14:11:39.0818 4428 [ 3AEAA8B561E63452C655DC0584922257 ] C:\Windows\System32\pcasvc.dll 14:11:39.0818 4428 C:\Windows\System32\pcasvc.dll - ok 14:11:39.0818 4428 [ 6313F223E817CC09AA41811DAA7F541D ] C:\Windows\System32\snmptrap.exe 14:11:39.0818 4428 C:\Windows\System32\snmptrap.exe - ok 14:11:39.0818 4428 [ 10EAB90C1AE8271B5FE5A8930987EE5C ] C:\Program Files\Windows Live\Mesh\WLRemoteServiceResource.dll 14:11:39.0818 4428 C:\Program Files\Windows Live\Mesh\WLRemoteServiceResource.dll - ok 14:11:39.0834 4428 [ 91A8E32B00BF7899EDAB6783287DDDA6 ] C:\Windows\System32\PeerDistSh.dll 14:11:39.0834 4428 C:\Windows\System32\PeerDistSh.dll - ok 14:11:39.0834 4428 [ 908ACB1F594274965A53926B10C81E89 ] C:\Windows\System32\provsvc.dll 14:11:39.0834 4428 C:\Windows\System32\provsvc.dll - ok 14:11:39.0834 4428 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] C:\Windows\System32\sstpsvc.dll 14:11:39.0834 4428 C:\Windows\System32\sstpsvc.dll - ok 14:11:39.0834 4428 [ 5997D769CDB108390DCFAEBF442BF816 ] C:\Windows\SysWOW64\RpcRtRemote.dll 14:11:39.0834 4428 C:\Windows\SysWOW64\RpcRtRemote.dll - ok 14:11:39.0849 4428 [ A8CDF3768604FF95B54669E20053D569 ] C:\Windows\SysWOW64\wscapi.dll 14:11:39.0849 4428 C:\Windows\SysWOW64\wscapi.dll - ok 14:11:39.0849 4428 [ 8258362DDB18B644A82D8B5061AD9426 ] C:\Windows\SysWOW64\wscisvif.dll 14:11:39.0849 4428 C:\Windows\SysWOW64\wscisvif.dll - ok 14:11:39.0849 4428 [ 20F6F19FE9E753F2780DC2FA083AD597 ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 14:11:39.0849 4428 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - ok 14:11:39.0865 4428 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll 14:11:39.0865 4428 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll - ok 14:11:39.0865 4428 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll 14:11:39.0865 4428 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - ok 14:11:39.0865 4428 [ 1EBE9524683C7C4EED8B8BC93FB6FBCC ] C:\Windows\SysWOW64\fltLib.dll 14:11:39.0865 4428 C:\Windows\SysWOW64\fltLib.dll - ok 14:11:39.0881 4428 [ 401107CE7913B526FD87CC53F23A102F ] C:\Windows\SysWOW64\guard32.dll 14:11:39.0881 4428 C:\Windows\SysWOW64\guard32.dll - ok 14:11:39.0881 4428 [ DDDD1D04D5F4360371BC99C7C476F70D ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll 14:11:39.0881 4428 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll - ok 14:11:39.0881 4428 [ DC70310B3D079D667B67F0C7067209F3 ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll 14:11:39.0881 4428 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll - ok 14:11:39.0896 4428 [ 10FB16B50AFFDA6D44588F3C445DC273 ] C:\Windows\SysWOW64\setupapi.dll 14:11:39.0896 4428 C:\Windows\SysWOW64\setupapi.dll - ok 14:11:39.0896 4428 [ 2EEFF4502F5E13B1BED4A04CCAD64C08 ] C:\Windows\SysWOW64\devobj.dll 14:11:39.0896 4428 C:\Windows\SysWOW64\devobj.dll - ok 14:11:39.0896 4428 [ 9184FA2B677CBF2F8E26098980E47304 ] C:\Program Files\Alwil Software\Avast5\defs\12123000\aswEngin.dll 14:11:39.0896 4428 C:\Program Files\Alwil Software\Avast5\defs\12123000\aswEngin.dll - ok 14:11:39.0912 4428 [ A94AF354E4EA9C835DCF3E60EC75911C ] C:\Program Files\Alwil Software\Avast5\defs\12123000\aswCmnOS.dll 14:11:39.0912 4428 C:\Program Files\Alwil Software\Avast5\defs\12123000\aswCmnOS.dll - ok 14:11:39.0912 4428 [ F8AC522C1DAEED05BDA7C0E4E394BCD7 ] C:\Program Files\Alwil Software\Avast5\defs\12123000\aswCmnIS.dll 14:11:39.0912 4428 C:\Program Files\Alwil Software\Avast5\defs\12123000\aswCmnIS.dll - ok 14:11:39.0912 4428 [ 1E7EAFF858538C516D7358C360605E3A ] C:\Program Files\Alwil Software\Avast5\defs\12123000\aswCmnBS.dll 14:11:39.0912 4428 C:\Program Files\Alwil Software\Avast5\defs\12123000\aswCmnBS.dll - ok 14:11:39.0927 4428 [ 2E929D6CF669AEF225552EEA9BE7E150 ] C:\Program Files\Alwil Software\Avast5\defs\12123000\aswScan.dll 14:11:39.0927 4428 C:\Program Files\Alwil Software\Avast5\defs\12123000\aswScan.dll - ok 14:11:39.0927 4428 [ 1752EE915B9003E1FD1FFB4DE63E538B ] C:\Program Files\Alwil Software\Avast5\defs\12123000\aswRep.dll 14:11:39.0927 4428 C:\Program Files\Alwil Software\Avast5\defs\12123000\aswRep.dll - ok 14:11:39.0927 4428 [ CE7828A0EA430338BBCFFC6914462BAA ] C:\Program Files\Alwil Software\Avast5\defs\12123000\aswFiDb.dll 14:11:39.0927 4428 C:\Program Files\Alwil Software\Avast5\defs\12123000\aswFiDb.dll - ok 14:11:39.0943 4428 [ B9EC9CC2D0013C2DF5E04791E7EDF85D ] C:\Program Files\Alwil Software\Avast5\defs\12123000\algo.dll 14:11:39.0943 4428 C:\Program Files\Alwil Software\Avast5\defs\12123000\algo.dll - ok 14:11:39.0943 4428 [ D025E95247353BA8ADB53CFF3A4E5BBB ] C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll 14:11:39.0943 4428 C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll - ok 14:11:39.0943 4428 [ 29E9794708DF51DB5DC89FB2E903A0F6 ] C:\Windows\SysWOW64\shell32.dll 14:11:39.0943 4428 C:\Windows\SysWOW64\shell32.dll - ok 14:11:39.0959 4428 [ F93674263F6B07C77956E966953242D9 ] C:\Windows\SysWOW64\secur32.dll 14:11:39.0959 4428 C:\Windows\SysWOW64\secur32.dll - ok 14:11:39.0959 4428 [ 749CF03BADC40453F61FD7025E2BA2F5 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll 14:11:39.0959 4428 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok 14:11:39.0959 4428 [ 418E881201583A3039D81F43E39E6C78 ] C:\Windows\SysWOW64\winsta.dll 14:11:39.0959 4428 C:\Windows\SysWOW64\winsta.dll - ok 14:11:39.0974 4428 [ 9C09AF87AC7351985AB5FFBA3FC52575 ] C:\Program Files\Alwil Software\Avast5\AhResBhv.dll 14:11:39.0974 4428 C:\Program Files\Alwil Software\Avast5\AhResBhv.dll - ok 14:11:39.0974 4428 [ 152F8772D5A5CD7883305C3B8D28470E ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll 14:11:39.0974 4428 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok 14:11:39.0974 4428 [ 65EA57712340C09B1B0C427B4848AE05 ] C:\Windows\System32\taskeng.exe 14:11:39.0974 4428 C:\Windows\System32\taskeng.exe - ok 14:11:39.0990 4428 [ 258D35F5F5F5F3F6045488ECDC14FAAB ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll 14:11:39.0990 4428 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll - ok 14:11:39.0990 4428 [ E844C96552989FA1ECA95778583A904C ] C:\Program Files\Alwil Software\Avast5\AhResJs.dll 14:11:39.0990 4428 C:\Program Files\Alwil Software\Avast5\AhResJs.dll - ok 14:11:39.0990 4428 [ 7EF0C8A9A1A57756F4868E3693173C08 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll 14:11:39.0990 4428 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll - ok 14:11:40.0005 4428 [ C7B2C357F485A3046DA50DA779068648 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icuin40.dll 14:11:40.0005 4428 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icuin40.dll - ok 14:11:40.0005 4428 [ D5AEFAD57C08349A4393D987DF7C715D ] C:\Windows\SysWOW64\winmm.dll 14:11:40.0005 4428 C:\Windows\SysWOW64\winmm.dll - ok 14:11:40.0005 4428 [ 805A52C5AE26C28E88FDD9BCCFE6F312 ] C:\Windows\System32\TSChannel.dll 14:11:40.0005 4428 C:\Windows\System32\TSChannel.dll - ok 14:11:40.0021 4428 [ 65CDD43CD0B4876D35C30CA9C7416C05 ] C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe 14:11:40.0021 4428 C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe - ok 14:11:40.0021 4428 [ EA10AD929B194D042090B16481E4D30B ] C:\Program Files (x86)\ASUS\AASP\1.00.97\AsLoader.exe 14:11:40.0021 4428 C:\Program Files (x86)\ASUS\AASP\1.00.97\AsLoader.exe - ok 14:11:40.0021 4428 [ 0EF9D6C6C04CAB0B87C57330910D20A6 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icuuc40.dll 14:11:40.0021 4428 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icuuc40.dll - ok 14:11:40.0037 4428 [ F02A533F517EB38333CB12A9E8963773 ] C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 14:11:40.0037 4428 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - ok 14:11:40.0037 4428 [ 90E11D62F692F5A0B7DFC548F776BAAF ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt40.dll 14:11:40.0037 4428 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt40.dll - ok 14:11:40.0037 4428 [ 17F5861A03516864A5F4CC04C7324278 ] C:\Program Files\Alwil Software\Avast5\AhResMai.dll 14:11:40.0037 4428 C:\Program Files\Alwil Software\Avast5\AhResMai.dll - ok 14:11:40.0037 4428 [ 8BEC10C53E927CD5E442FE332804F1AC ] C:\Program Files\Alwil Software\Avast5\AhResMes.dll 14:11:40.0037 4428 C:\Program Files\Alwil Software\Avast5\AhResMes.dll - ok 14:11:40.0052 4428 [ 9B2F20ECF609EDF54FEC43E792028261 ] C:\Program Files\Alwil Software\Avast5\AhResNS.dll 14:11:40.0052 4428 C:\Program Files\Alwil Software\Avast5\AhResNS.dll - ok 14:11:40.0052 4428 [ 857661F2E5A677CFB6D3B2CF6E428227 ] C:\Program Files\Alwil Software\Avast5\AhResP2P.dll 14:11:40.0052 4428 C:\Program Files\Alwil Software\Avast5\AhResP2P.dll - ok 14:11:40.0052 4428 [ 2466ED58B8EFB3320BCA73ACF8179D24 ] C:\Program Files\Alwil Software\Avast5\AhResStd.dll 14:11:40.0052 4428 C:\Program Files\Alwil Software\Avast5\AhResStd.dll - ok 14:11:40.0068 4428 [ 5D9550E02D981B92B133E5F8F7BDF8D2 ] C:\Program Files\Alwil Software\Avast5\AhResWS.dll 14:11:40.0068 4428 C:\Program Files\Alwil Software\Avast5\AhResWS.dll - ok 14:11:40.0068 4428 [ 72A7C1EC4D3BF38CB115395AD721AE3C ] C:\Program Files\Alwil Software\Avast5\defs\12123000\ArPot.dll 14:11:40.0068 4428 C:\Program Files\Alwil Software\Avast5\defs\12123000\ArPot.dll - ok 14:11:40.0068 4428 [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\SysWOW64\ntmarta.dll 14:11:40.0068 4428 C:\Windows\SysWOW64\ntmarta.dll - ok 14:11:40.0083 4428 [ A8BB45F9ECAD993461E0FEF8E2A99152 ] C:\Windows\SysWOW64\Wldap32.dll 14:11:40.0083 4428 C:\Windows\SysWOW64\Wldap32.dll - ok 14:11:40.0083 4428 [ 8999B8631C7FD9F7F9EC3CAFD953BA24 ] C:\Windows\SysWOW64\mswsock.dll 14:11:40.0083 4428 C:\Windows\SysWOW64\mswsock.dll - ok 14:11:40.0083 4428 [ F832F1505AD8B83474BD9A5B1B985E01 ] C:\Program Files (x86)\Bonjour\mDNSResponder.exe 14:11:40.0083 4428 C:\Program Files (x86)\Bonjour\mDNSResponder.exe - ok 14:11:40.0099 4428 [ 17448AF0BBA9E7AB5EC955AF93F271BD ] C:\Windows\SysWOW64\wintrust.dll 14:11:40.0099 4428 C:\Windows\SysWOW64\wintrust.dll - ok 14:11:40.0099 4428 [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\SysWOW64\WSHTCPIP.DLL 14:11:40.0099 4428 C:\Windows\SysWOW64\WSHTCPIP.DLL - ok 14:11:40.0099 4428 [ 1ABFFB6ABE8B70EDA4206F0F3D3D72F4 ] C:\Program Files\Alwil Software\Avast5\ashMaiSv.dll 14:11:40.0099 4428 C:\Program Files\Alwil Software\Avast5\ashMaiSv.dll - ok 14:11:40.0115 4428 [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\SysWOW64\cryptsp.dll 14:11:40.0115 4428 C:\Windows\SysWOW64\cryptsp.dll - ok 14:11:40.0115 4428 [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\SysWOW64\rsaenh.dll 14:11:40.0115 4428 C:\Windows\SysWOW64\rsaenh.dll - ok 14:11:40.0115 4428 [ 0BA65122FFA7E37564EE86422DBF7AE8 ] C:\Windows\SysWOW64\nlaapi.dll 14:11:40.0115 4428 C:\Windows\SysWOW64\nlaapi.dll - ok 14:11:40.0115 4428 [ 0B7E85364CB878E2AD531DB7B601A9E5 ] C:\Windows\SysWOW64\NapiNSP.dll 14:11:40.0115 4428 C:\Windows\SysWOW64\NapiNSP.dll - ok 14:11:40.0130 4428 [ 5CF640EDDB1E40A5AB1BB743BCDEC610 ] C:\Windows\SysWOW64\pnrpnsp.dll 14:11:40.0130 4428 C:\Windows\SysWOW64\pnrpnsp.dll - ok 14:11:40.0130 4428 [ CFB3EEDF620E7F32464A3091BA76D5E8 ] C:\Program Files\Alwil Software\Avast5\defs\12123000\exts.dll 14:11:40.0130 4428 C:\Program Files\Alwil Software\Avast5\defs\12123000\exts.dll - ok 14:11:40.0130 4428 [ 9D4A1690AF93F233E15380398BEC7431 ] C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL 14:11:40.0130 4428 C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL - ok 14:11:40.0146 4428 [ C69DBFA61FE3DEA653A9B83C3A2B052B ] C:\Program Files (x86)\Bonjour\mdnsNSP.dll 14:11:40.0146 4428 C:\Program Files (x86)\Bonjour\mdnsNSP.dll - ok 14:11:40.0146 4428 [ 39EADCAA61372C038BCFED96DF5323DA ] C:\Program Files\Alwil Software\Avast5\ashWebSv.dll 14:11:40.0146 4428 C:\Program Files\Alwil Software\Avast5\ashWebSv.dll - ok 14:11:40.0146 4428 [ B40420876B9288E0A1C8CCA8A84E5DC9 ] C:\Windows\SysWOW64\dnsapi.dll 14:11:40.0146 4428 C:\Windows\SysWOW64\dnsapi.dll - ok 14:11:40.0161 4428 [ A90DC9ABD65DB1A8902F361103029952 ] C:\Windows\SysWOW64\IPHLPAPI.DLL 14:11:40.0161 4428 C:\Windows\SysWOW64\IPHLPAPI.DLL - ok 14:11:40.0161 4428 [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\SysWOW64\winnsi.dll 14:11:40.0161 4428 C:\Windows\SysWOW64\winnsi.dll - ok 14:11:40.0161 4428 [ 03A03A453F1AAAE0C73AAAF895321C7A ] C:\Windows\SysWOW64\FWPUCLNT.DLL 14:11:40.0161 4428 C:\Windows\SysWOW64\FWPUCLNT.DLL - ok 14:11:40.0177 4428 [ 5DF5D8CFD9B9573FA3B2C89D9061A240 ] C:\Windows\SysWOW64\winrnr.dll 14:11:40.0177 4428 C:\Windows\SysWOW64\winrnr.dll - ok 14:11:40.0177 4428 [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\SysWOW64\rasadhlp.dll 14:11:40.0177 4428 C:\Windows\SysWOW64\rasadhlp.dll - ok 14:11:40.0177 4428 [ 96386E75BCFED6F339BE01359D6CBFAF ] C:\Program Files\Alwil Software\Avast5\ashWsFtr.dll 14:11:40.0177 4428 C:\Program Files\Alwil Software\Avast5\ashWsFtr.dll - ok 14:11:40.0193 4428 [ 4F6E72B34ED3DC53DCC5E8708E60B61F ] C:\Windows\SysWOW64\security.dll 14:11:40.0193 4428 C:\Windows\SysWOW64\security.dll - ok 14:11:40.0193 4428 [ 352B3DC62A0D259A82A052238425C872 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll 14:11:40.0193 4428 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll - ok 14:11:40.0193 4428 [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\SysWOW64\wship6.dll 14:11:40.0193 4428 C:\Windows\SysWOW64\wship6.dll - ok 14:11:40.0193 4428 [ D79D3EABD4730970770EFA530D094E0F ] C:\Program Files\Alwil Software\Avast5\snxhk.dll 14:11:40.0193 4428 C:\Program Files\Alwil Software\Avast5\snxhk.dll - ok 14:11:40.0208 4428 [ 08DFDBD2FD4EA951DC46B1C7661ED35A ] C:\Windows\SysWOW64\powrprof.dll 14:11:40.0208 4428 C:\Windows\SysWOW64\powrprof.dll - ok 14:11:40.0208 4428 [ 863F793D15B4026B1A5FDECA873D4D84 ] C:\Windows\SysWOW64\apphelp.dll 14:11:40.0208 4428 C:\Windows\SysWOW64\apphelp.dll - ok 14:11:40.0208 4428 [ 893F8E81D1117C48CB9D6E9E5F64BAB1 ] C:\Program Files\Alwil Software\Avast5\Setup\avast.setup 14:11:40.0208 4428 C:\Program Files\Alwil Software\Avast5\Setup\avast.setup - ok 14:11:40.0224 4428 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] C:\Windows\System32\dps.dll 14:11:40.0224 4428 C:\Windows\System32\dps.dll - ok 14:11:40.0224 4428 [ C4002B6B41975F057D98C439030CEA07 ] C:\Windows\ehome\ehrecvr.exe 14:11:40.0224 4428 C:\Windows\ehome\ehrecvr.exe - ok 14:11:40.0224 4428 [ 81F6C1AE23B1C493D9E996C3103915D7 ] C:\Windows\SysWOW64\dhcpcsvc6.dll 14:11:40.0224 4428 C:\Windows\SysWOW64\dhcpcsvc6.dll - ok 14:11:40.0239 4428 [ 9A85ABCE0FDD1AF8E79E731EB0B679F3 ] C:\Windows\SysWOW64\dhcpcsvc.dll 14:11:40.0239 4428 C:\Windows\SysWOW64\dhcpcsvc.dll - ok 14:11:40.0239 4428 [ 9FF47CD8A3787C8FD3CDFE40441C722E ] C:\Program Files (x86)\Google\Update\1.3.21.123\goopdate.dll 14:11:40.0239 4428 C:\Program Files (x86)\Google\Update\1.3.21.123\goopdate.dll - ok 14:11:40.0239 4428 [ B2DB6ABA2E292235749B80A9C3DFA867 ] C:\Windows\SysWOW64\imagehlp.dll 14:11:40.0239 4428 C:\Windows\SysWOW64\imagehlp.dll - ok 14:11:40.0255 4428 [ BDAC1AA64495D0F7E1FF810EBBF1F018 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll 14:11:40.0255 4428 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll - ok 14:11:40.0255 4428 [ A6C29DB53ECA94FA8591C5388D604B82 ] C:\Windows\SysWOW64\msi.dll 14:11:40.0255 4428 C:\Windows\SysWOW64\msi.dll - ok 14:11:40.0255 4428 [ D1DE1EAFDE97BE41CF6585027FF3E732 ] C:\Windows\SysWOW64\comdlg32.dll 14:11:40.0255 4428 C:\Windows\SysWOW64\comdlg32.dll - ok 14:11:40.0271 4428 [ 9E4B0E7472B4CEBA9E17F440B8CB0AB8 ] C:\Windows\SysWOW64\winspool.drv 14:11:40.0271 4428 C:\Windows\SysWOW64\winspool.drv - ok 14:11:40.0271 4428 [ 18AB2E5A40064ED5F7791AC5946A90F3 ] C:\Windows\SysWOW64\msimg32.dll 14:11:40.0271 4428 C:\Windows\SysWOW64\msimg32.dll - ok 14:11:40.0271 4428 [ 936F728E04ACCF3F38801CFFCF1E3F40 ] C:\Windows\SysWOW64\oledlg.dll 14:11:40.0271 4428 C:\Windows\SysWOW64\oledlg.dll - ok 14:11:40.0286 4428 [ CA9F7888B524D8100B977C81F44C3234 ] C:\Windows\SysWOW64\winhttp.dll 14:11:40.0286 4428 C:\Windows\SysWOW64\winhttp.dll - ok 14:11:40.0286 4428 [ FB19FC5951A88F3C523E35C2C98D23C0 ] C:\Windows\SysWOW64\webio.dll 14:11:40.0286 4428 C:\Windows\SysWOW64\webio.dll - ok 14:11:40.0286 4428 [ 9C17DCD6DDFEB1A012544FAF4F2789F6 ] C:\Windows\AppPatch\AcGenral.dll 14:11:40.0286 4428 C:\Windows\AppPatch\AcGenral.dll - ok 14:11:40.0286 4428 [ 26BA928D3FBA2A12589A8A9B1A47FB08 ] C:\Program Files\Alwil Software\Avast5\defs\12123000\aswAR.dll 14:11:40.0286 4428 C:\Program Files\Alwil Software\Avast5\defs\12123000\aswAR.dll - ok 14:11:40.0302 4428 [ 0D0FA4434A9434641AB0A6332AC5560A ] C:\Program Files\Alwil Software\Avast5\defs\12123000\aswRawFS.dll 14:11:40.0302 4428 C:\Program Files\Alwil Software\Avast5\defs\12123000\aswRawFS.dll - ok 14:11:40.0302 4428 [ 9392C25DEEDA9A79FDBF6559D47EAB1F ] C:\Program Files\Alwil Software\Avast5\snxhk64.dll 14:11:40.0302 4428 C:\Program Files\Alwil Software\Avast5\snxhk64.dll - ok 14:11:40.0302 4428 [ 4D842C5081F06E61BFF461CF87D13525 ] C:\Windows\ehome\ehtrace.dll 14:11:40.0302 4428 C:\Windows\ehome\ehtrace.dll - ok 14:11:40.0317 4428 [ C07D5582F2107ACAB4564E1DAE977C64 ] C:\Windows\ehome\ehprivjob.exe 14:11:40.0317 4428 C:\Windows\ehome\ehprivjob.exe - ok 14:11:40.0317 4428 [ 3326166011C9BC13D6A8EFD856E9921C ] C:\Windows\System32\conhost.exe 14:11:40.0317 4428 C:\Windows\System32\conhost.exe - ok 14:11:40.0317 4428 [ DB76DB15EFC6E4D1153A6C5BC895948D ] C:\Windows\System32\sppc.dll 14:11:40.0317 4428 C:\Windows\System32\sppc.dll - ok 14:11:40.0333 4428 [ 4705E8EF9934482C5BB488CE28AFC681 ] C:\Windows\ehome\ehsched.exe 14:11:40.0333 4428 C:\Windows\ehome\ehsched.exe - ok 14:11:40.0333 4428 [ 94B3C06DCF580695EBA5304F3C750256 ] C:\Program Files\Windows Home Server\esClient.exe 14:11:40.0333 4428 C:\Program Files\Windows Home Server\esClient.exe - ok 14:11:40.0333 4428 [ A5AE40808B72A25379A5499AD9977743 ] C:\Windows\System32\sbe.dll 14:11:40.0333 4428 C:\Windows\System32\sbe.dll - ok 14:11:40.0333 4428 [ 43964FA89CCF97BA6BE34D69455AC65F ] C:\Windows\SysWOW64\uxtheme.dll 14:11:40.0333 4428 C:\Windows\SysWOW64\uxtheme.dll - ok 14:11:40.0349 4428 [ 85683DF1F917E4D7F6BE1A04986BF1C8 ] C:\Windows\SysWOW64\msacm32.dll 14:11:40.0349 4428 C:\Windows\SysWOW64\msacm32.dll - ok 14:11:40.0349 4428 [ 68ECCA523ED760AAFC03C5D587569859 ] C:\Windows\SysWOW64\samcli.dll 14:11:40.0349 4428 C:\Windows\SysWOW64\samcli.dll - ok 14:11:40.0349 4428 [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9 ] C:\Windows\SysWOW64\sfc.dll 14:11:40.0349 4428 C:\Windows\SysWOW64\sfc.dll - ok 14:11:40.0364 4428 [ 84799328D87B3091A3BDD251E1AD31F9 ] C:\Windows\SysWOW64\sfc_os.dll 14:11:40.0364 4428 C:\Windows\SysWOW64\sfc_os.dll - ok 14:11:40.0364 4428 [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\SysWOW64\dwmapi.dll 14:11:40.0364 4428 C:\Windows\SysWOW64\dwmapi.dll - ok 14:11:40.0364 4428 [ B9A8CBCFCD3EC9D2EA4740AF347BF108 ] C:\Windows\SysWOW64\mpr.dll 14:11:40.0364 4428 C:\Windows\SysWOW64\mpr.dll - ok 14:11:40.0380 4428 [ 9BAC981F66940ACFF5469D15B769E056 ] C:\Windows\System32\logman.exe 14:11:40.0380 4428 C:\Windows\System32\logman.exe - ok 14:11:40.0380 4428 [ 802496CB59A30349F9A6DD22D6947644 ] C:\Windows\System32\FDResPub.dll 14:11:40.0380 4428 C:\Windows\System32\FDResPub.dll - ok 14:11:40.0380 4428 [ FCD84C381E0140AF901E58D48882D26B ] C:\Windows\System32\IKEEXT.DLL 14:11:40.0380 4428 C:\Windows\System32\IKEEXT.DLL - ok 14:11:40.0395 4428 [ 847D3AE376C0817161A14A82C8922A9E ] C:\Windows\System32\netman.dll 14:11:40.0395 4428 C:\Windows\System32\netman.dll - ok 14:11:40.0395 4428 [ C7CF6A6E137463219E1259E3F0F0DD6C ] C:\Windows\System32\pla.dll 14:11:40.0395 4428 C:\Windows\System32\pla.dll - ok 14:11:40.0395 4428 [ 8AD77806D336673F270DB31645267293 ] C:\Windows\System32\nlasvc.dll 14:11:40.0395 4428 C:\Windows\System32\nlasvc.dll - ok 14:11:40.0411 4428 [ 60C44E5B40F1845800494001464CD627 ] C:\Program Files (x86)\ASUS\EPU-4 Engine\AsAcpi.dll 14:11:40.0411 4428 C:\Program Files (x86)\ASUS\EPU-4 Engine\AsAcpi.dll - ok 14:11:40.0411 4428 [ 1727B2A2F379A32B864C096FA794AADC ] C:\Windows\System32\aepic.dll 14:11:40.0411 4428 C:\Windows\System32\aepic.dll - ok 14:11:40.0411 4428 [ C6DCD1D11ED6827F05C00773C3E7053C ] C:\Windows\System32\sfc.dll 14:11:40.0411 4428 C:\Windows\System32\sfc.dll - ok 14:11:40.0411 4428 [ 895C9AB0A855547445C4181195230757 ] C:\Windows\System32\sfc_os.dll 14:11:40.0411 4428 C:\Windows\System32\sfc_os.dll - ok 14:11:40.0427 4428 [ 539C49CEBB3C50957AC8A09D95ECD880 ] C:\Windows\SysWOW64\shfolder.dll 14:11:40.0427 4428 C:\Windows\SysWOW64\shfolder.dll - ok 14:11:40.0427 4428 [ 68769C3356B3BE5D1C732C97B9A80D6E ] C:\Windows\System32\drivers\PEAuth.sys 14:11:40.0427 4428 C:\Windows\System32\drivers\PEAuth.sys - ok 14:11:40.0427 4428 [ 3EA8A16169C26AFBEB544E0E48421186 ] C:\Windows\System32\drivers\secdrv.sys 14:11:40.0427 4428 C:\Windows\System32\drivers\secdrv.sys - ok 14:11:40.0442 4428 [ 0191E738BF521FE6EC567148E73C086B ] C:\Windows\System32\MSVidCtl.dll 14:11:40.0442 4428 C:\Windows\System32\MSVidCtl.dll - ok 14:11:40.0442 4428 [ AE5A69F44C1F97EDC83237FC0B29B6FB ] C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe 14:11:40.0442 4428 C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe - ok 14:11:40.0442 4428 [ 41938F2C1642459CBBA691B5DBD6395A ] C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe 14:11:40.0442 4428 C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe - ok 14:11:40.0458 4428 [ FF5688D309347F2720911D8796912834 ] C:\Windows\SysWOW64\clbcatq.dll 14:11:40.0458 4428 C:\Windows\SysWOW64\clbcatq.dll - ok 14:11:40.0458 4428 [ C5A99A4C0DC9F0F5A95BA0C83D30A549 ] C:\Windows\SysWOW64\mstask.dll 14:11:40.0458 4428 C:\Windows\SysWOW64\mstask.dll - ok 14:11:40.0458 4428 [ F1B205F932F62F94506A5F332C895DAF ] C:\Windows\System32\WSDApi.dll 14:11:40.0458 4428 C:\Windows\System32\WSDApi.dll - ok 14:11:40.0473 4428 [ 27E461F0BE5BFF5FC737328F749538C3 ] C:\Windows\System32\drivers\srvnet.sys 14:11:40.0473 4428 C:\Windows\System32\drivers\srvnet.sys - ok 14:11:40.0473 4428 [ 210FCACAF902B2CD47CF9FD17D846146 ] C:\Windows\System32\aeevts.dll 14:11:40.0473 4428 C:\Windows\System32\aeevts.dll - ok 14:11:40.0473 4428 [ BCEA9AB347E53BC03B2E36BE0B8BA0EF ] C:\Windows\System32\httpapi.dll 14:11:40.0473 4428 C:\Windows\System32\httpapi.dll - ok 14:11:40.0473 4428 [ BC617A4E1B4FA8DF523A061739A0BD87 ] C:\Windows\System32\seclogon.dll 14:11:40.0473 4428 C:\Windows\System32\seclogon.dll - ok 14:11:40.0489 4428 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] C:\Windows\System32\sysmain.dll 14:11:40.0489 4428 C:\Windows\System32\sysmain.dll - ok 14:11:40.0489 4428 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] C:\Windows\System32\wiaservc.dll 14:11:40.0489 4428 C:\Windows\System32\wiaservc.dll - ok 14:11:40.0489 4428 [ 77B5035BC6EDF4D1B6265391AECEE4C0 ] C:\Windows\System32\vpnikeapi.dll 14:11:40.0489 4428 C:\Windows\System32\vpnikeapi.dll - ok 14:11:40.0505 4428 [ 44A8B9185030EA57F7999383643ADFFB ] C:\Windows\System32\quartz.dll 14:11:40.0505 4428 C:\Windows\System32\quartz.dll - ok 14:11:40.0505 4428 [ 9E0FF5DDD8B908DA5611445C35D6CD24 ] C:\Windows\System32\slcext.dll 14:11:40.0505 4428 C:\Windows\System32\slcext.dll - ok 14:11:40.0505 4428 [ 6F5BE3F67D7F66FFA861ABBFC6A8C973 ] C:\Windows\System32\sppcext.dll 14:11:40.0505 4428 C:\Windows\System32\sppcext.dll - ok 14:11:40.0520 4428 [ D4FAC263861BAE06971C7F7D0A8EBF15 ] C:\Windows\System32\ncsi.dll 14:11:40.0520 4428 C:\Windows\System32\ncsi.dll - ok 14:11:40.0520 4428 [ 58F4493BF748A3A89689997B7BD00E95 ] C:\Windows\System32\winhttp.dll 14:11:40.0520 4428 C:\Windows\System32\winhttp.dll - ok 14:11:40.0520 4428 [ C55516D98DD5D8F0153C2A9B4227DA86 ] C:\Windows\System32\webservices.dll 14:11:40.0520 4428 C:\Windows\System32\webservices.dll - ok 14:11:40.0536 4428 [ B5055B51BAA0FD0A736A88653DA3C1C0 ] C:\Windows\System32\fundisc.dll 14:11:40.0536 4428 C:\Windows\System32\fundisc.dll - ok 14:11:40.0536 4428 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] C:\Windows\System32\tapisrv.dll 14:11:40.0536 4428 C:\Windows\System32\tapisrv.dll - ok 14:11:40.0536 4428 [ 603EBD34E216C5654A2D774EAC98D278 ] C:\Windows\System32\webio.dll 14:11:40.0536 4428 C:\Windows\System32\webio.dll - ok 14:11:40.0551 4428 [ CF6850A72BEB4845A3BFFB3F5E8014B2 ] C:\Windows\System32\pdh.dll 14:11:40.0551 4428 C:\Windows\System32\pdh.dll - ok 14:11:40.0551 4428 [ FBD879D17B26D49DD7A48FF58062FAE6 ] C:\Windows\System32\tdh.dll 14:11:40.0551 4428 C:\Windows\System32\tdh.dll - ok 14:11:40.0551 4428 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] C:\Windows\System32\drivers\tcpipreg.sys 14:11:40.0551 4428 C:\Windows\System32\drivers\tcpipreg.sys - ok 14:11:40.0567 4428 [ 3BDCBB29D727C49DC3E3256253467281 ] C:\Windows\System32\wmdrmsdk.dll 14:11:40.0567 4428 C:\Windows\System32\wmdrmsdk.dll - ok 14:11:40.0567 4428 [ 54B5DCD55B223BC5DF50B82E1E9E86B1 ] C:\Windows\System32\mfplat.dll 14:11:40.0567 4428 C:\Windows\System32\mfplat.dll - ok 14:11:40.0567 4428 [ 7E7AFD841694F6AC397E99D75CEAD49D ] C:\Windows\System32\trkwks.dll 14:11:40.0567 4428 C:\Windows\System32\trkwks.dll - ok 14:11:40.0567 4428 [ 0364256B4A2A93A8C8CDA6B3B5A0EFF5 ] C:\Windows\System32\wiatrace.dll 14:11:40.0567 4428 C:\Windows\System32\wiatrace.dll - ok 14:11:40.0583 4428 [ 19B07E7E8915D701225DA41CB3877306 ] C:\Windows\System32\wbem\WMIsvc.dll 14:11:40.0583 4428 C:\Windows\System32\wbem\WMIsvc.dll - ok 14:11:40.0583 4428 [ 0255C22D99602534F15CBB8D9B6F152F ] C:\Windows\System32\wbem\WinMgmtR.dll 14:11:40.0583 4428 C:\Windows\System32\wbem\WinMgmtR.dll - ok 14:11:40.0583 4428 [ 0C52762C606BCF6A377D5E4688191A6B ] C:\Windows\System32\wbem\WmiDcPrv.dll 14:11:40.0583 4428 C:\Windows\System32\wbem\WmiDcPrv.dll - ok 14:11:40.0598 4428 [ CF318F60A84F15AF352439465A8D05F4 ] C:\Program Files\Windows Defender\MpSvc.dll 14:11:40.0598 4428 C:\Program Files\Windows Defender\MpSvc.dll - ok 14:11:40.0598 4428 [ ADF3E771F429940E762AC097F5A54EAF ] C:\Program Files\Windows Defender\MpClient.dll 14:11:40.0598 4428 C:\Program Files\Windows Defender\MpClient.dll - ok 14:11:40.0598 4428 [ FA5CF5CC82D4E39103DEC713E3790FF9 ] C:\Program Files (x86)\ASUS\EPU-4 Engine\AiGear.dll 14:11:40.0598 4428 C:\Program Files (x86)\ASUS\EPU-4 Engine\AiGear.dll - ok 14:11:40.0614 4428 [ 5EB55F661DEBF156E126160BCD4D89F8 ] C:\Windows\System32\wbem\wbemcore.dll 14:11:40.0614 4428 C:\Windows\System32\wbem\wbemcore.dll - ok 14:11:40.0614 4428 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 14:11:40.0614 4428 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE - ok 14:11:40.0614 4428 [ 2BBF3FDB70B8965DFA0258CBAB41ECCE ] C:\Windows\System32\ssdpapi.dll 14:11:40.0614 4428 C:\Windows\System32\ssdpapi.dll - ok 14:11:40.0629 4428 [ 522B0466ED967A0762E9AF5B37D8F40A ] C:\Windows\System32\esent.dll 14:11:40.0629 4428 C:\Windows\System32\esent.dll - ok 14:11:40.0629 4428 [ 46767946E7B559D981C1DC04EC0AB36F ] C:\Windows\System32\devenum.dll 14:11:40.0629 4428 C:\Windows\System32\devenum.dll - ok 14:11:40.0629 4428 [ 5F639198C4137075DA50E61C23963C11 ] C:\Windows\System32\drprov.dll 14:11:40.0629 4428 C:\Windows\System32\drprov.dll - ok 14:11:40.0629 4428 [ 558C42D165DB5799B4072DC0A9C27C0B ] C:\Windows\System32\msdmo.dll 14:11:40.0629 4428 C:\Windows\System32\msdmo.dll - ok 14:11:40.0645 4428 [ D38535978F93F9FC9F28BE6093A87DBE ] C:\Windows\System32\msdri.dll 14:11:40.0645 4428 C:\Windows\System32\msdri.dll - ok 14:11:40.0645 4428 [ 96DB78C9C50CEED9DA5050EFFEE272A2 ] C:\Windows\System32\upnp.dll 14:11:40.0645 4428 C:\Windows\System32\upnp.dll - ok 14:11:40.0645 4428 [ B837D1528CE2E3CB79F09496BC08DDC6 ] C:\Windows\System32\SensApi.dll 14:11:40.0645 4428 C:\Windows\System32\SensApi.dll - ok 14:11:40.0661 4428 [ 93812FDC01AA864195816CD814445F95 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL 14:11:40.0661 4428 C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL - ok 14:11:40.0661 4428 [ 9689A9C7F7C2A1A423CDA2C3B43FFF65 ] C:\Windows\System32\wer.dll 14:11:40.0661 4428 C:\Windows\System32\wer.dll - ok 14:11:40.0661 4428 [ 9149EC69ACD3EFC97B01D5A1BAEB3B57 ] C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe 14:11:40.0661 4428 C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe - ok 14:11:40.0676 4428 [ A08C010D859F8EB42BDD7E1D55B8CA27 ] C:\Windows\System32\mscoree.dll 14:11:40.0676 4428 C:\Windows\System32\mscoree.dll - ok 14:11:40.0676 4428 [ 087D8668C71634A3A3761135ABF16EEE ] C:\Windows\System32\wbem\esscli.dll 14:11:40.0676 4428 C:\Windows\System32\wbem\esscli.dll - ok 14:11:40.0676 4428 [ 63DCDFFCBB7E41540F4D64CCED66536B ] C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 14:11:40.0676 4428 C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll - ok 14:11:40.0692 4428 [ AA794B099F776B37ACCDEAD00E0FBFC9 ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll 14:11:40.0692 4428 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll - ok 14:11:40.0692 4428 [ BC566D17914B07ABAAB3A5A385CC3300 ] C:\Windows\System32\ntlanman.dll 14:11:40.0692 4428 C:\Windows\System32\ntlanman.dll - ok 14:11:40.0692 4428 [ 0B2D65FDDE31069299AA6330F359FF9C ] C:\Windows\System32\msxml3.dll 14:11:40.0692 4428 C:\Windows\System32\msxml3.dll - ok 14:11:40.0707 4428 [ EE26D130808D16C0E417BBBED0451B34 ] C:\Windows\System32\ntdsapi.dll 14:11:40.0707 4428 C:\Windows\System32\ntdsapi.dll - ok 14:11:40.0707 4428 [ A3F5E8EC1316C3E2562B82694A251C9E ] C:\Windows\System32\wbem\fastprox.dll 14:11:40.0707 4428 C:\Windows\System32\wbem\fastprox.dll - ok 14:11:40.0707 4428 [ 718B6F51AB7F6FE2988A36868F9AD3AB ] C:\Windows\System32\wbem\wbemsvc.dll 14:11:40.0707 4428 C:\Windows\System32\wbem\wbemsvc.dll - ok 14:11:40.0707 4428 [ 0143DB80DACFB7C2B5B7009ED9063353 ] C:\Windows\System32\wbem\wmiutils.dll 14:11:40.0707 4428 C:\Windows\System32\wbem\wmiutils.dll - ok 14:11:40.0723 4428 [ B3A33600DCDFB84D7FBE09ADEB1C9B8A ] C:\Windows\System32\davclnt.dll 14:11:40.0723 4428 C:\Windows\System32\davclnt.dll - ok 14:11:40.0723 4428 [ 02CD5B2C3B017122CAC00BDB520CD7AC ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll 14:11:40.0723 4428 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll - ok 14:11:40.0723 4428 [ EC6BA7C92FA5B2AA4AFDF4DF22AEDAB7 ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcr80.dll 14:11:40.0723 4428 C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcr80.dll - ok 14:11:40.0739 4428 [ 0AB34456654C283DAA13B8D2BA21439B ] C:\Windows\System32\wbem\repdrvfs.dll 14:11:40.0739 4428 C:\Windows\System32\wbem\repdrvfs.dll - ok 14:11:40.0739 4428 [ 01AEA2F16FE0C522DDFD7FAFFC959C6A ] C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\74a5f0c2bc0d0e6e3c4ec4886b9be891\mscorlib.ni.dll 14:11:40.0739 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\74a5f0c2bc0d0e6e3c4ec4886b9be891\mscorlib.ni.dll - ok 14:11:40.0739 4428 [ 0A94DE4AA9864D312E60D747FD249ABE ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsec.dll 14:11:40.0739 4428 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsec.dll - ok 14:11:40.0754 4428 [ 850BD2D2D9CB5894935C3B6333CAD6FD ] C:\Windows\System32\riched20.dll 14:11:40.0754 4428 C:\Windows\System32\riched20.dll - ok 14:11:40.0754 4428 [ 45B24A357C801CE62052FE0CDC8BD4D2 ] C:\Windows\System32\davhlpr.dll 14:11:40.0754 4428 C:\Windows\System32\davhlpr.dll - ok 14:11:40.0754 4428 [ 58A0CDABEA255616827B1C22C9994466 ] C:\Windows\System32\NapiNSP.dll 14:11:40.0754 4428 C:\Windows\System32\NapiNSP.dll - ok 14:11:40.0770 4428 [ 613C8CE10A5FDE582BA5FA64C4D56AAA ] C:\Windows\System32\pnrpnsp.dll 14:11:40.0770 4428 C:\Windows\System32\pnrpnsp.dll - ok 14:11:40.0770 4428 [ 28AD5E311996A34025CFB07E131058DD ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL 14:11:40.0770 4428 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL - ok 14:11:40.0770 4428 [ 70A176BF2ED362862944C371838262F8 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE 14:11:40.0770 4428 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE - ok 14:11:40.0785 4428 [ F11A57E91FDAECFB41A5CB21EB1EBC8E ] C:\Windows\System32\dssenh.dll 14:11:40.0785 4428 C:\Windows\System32\dssenh.dll - ok 14:11:40.0785 4428 [ 4FDFA3F219692D17011BF1B428857C1E ] C:\Program Files\Windows Defender\MpRTP.dll 14:11:40.0785 4428 C:\Program Files\Windows Defender\MpRTP.dll - ok 14:11:40.0785 4428 [ 3ABB7ADB9CCBCD24D6C55201A3842A94 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll 14:11:40.0785 4428 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll - ok 14:11:40.0801 4428 [ D527EF4364D2D00443470940B177EAD4 ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CBDA262E-5FCC-4B41-B1E7-7BEC5A2B2BA5}\mpengine.dll 14:11:40.0801 4428 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CBDA262E-5FCC-4B41-B1E7-7BEC5A2B2BA5}\mpengine.dll - ok 14:11:40.0801 4428 [ B144A2223EF11ED42310124A7839258E ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CBDA262E-5FCC-4B41-B1E7-7BEC5A2B2BA5}\mpasbase.vdm 14:11:40.0801 4428 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CBDA262E-5FCC-4B41-B1E7-7BEC5A2B2BA5}\mpasbase.vdm - ok 14:11:40.0801 4428 [ 9092F57AFC5328F9F98F0936CB4AD391 ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CBDA262E-5FCC-4B41-B1E7-7BEC5A2B2BA5}\mpasdlta.vdm 14:11:40.0801 4428 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CBDA262E-5FCC-4B41-B1E7-7BEC5A2B2BA5}\mpasdlta.vdm - ok 14:11:40.0817 4428 [ C8A2FA2EE9241B8D66F9D7DE9AE34AEE ] C:\Program Files\Bonjour\mdnsNSP.dll 14:11:40.0817 4428 C:\Program Files\Bonjour\mdnsNSP.dll - ok 14:11:40.0817 4428 [ 88351B29B622B30962D2FEB6CA8D860B ] C:\Windows\System32\rasadhlp.dll 14:11:40.0817 4428 C:\Windows\System32\rasadhlp.dll - ok 14:11:40.0817 4428 [ 93BB66044FA76734E882C6F3E8EE1900 ] C:\Program Files\Windows Defender\MsMpLics.dll 14:11:40.0817 4428 C:\Program Files\Windows Defender\MsMpLics.dll - ok 14:11:40.0832 4428 [ 218A400108F280428FA22282D3268BBC ] C:\Windows\System32\wscapi.dll 14:11:40.0832 4428 C:\Windows\System32\wscapi.dll - ok 14:11:40.0832 4428 [ B84E2D174DC84916A536572BB8F691A8 ] C:\Windows\System32\wscisvif.dll 14:11:40.0832 4428 C:\Windows\System32\wscisvif.dll - ok 14:11:40.0832 4428 [ 6C1E3C43B35268C17833244C8ED96430 ] C:\Windows\System32\wscproxystub.dll 14:11:40.0832 4428 C:\Windows\System32\wscproxystub.dll - ok 14:11:40.0832 4428 [ 8BE887F1743FBB39ED2C9CA2937742D6 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System\f3888a2c7b096d416ca0cfc5405219b4\System.ni.dll 14:11:40.0832 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\System\f3888a2c7b096d416ca0cfc5405219b4\System.ni.dll - ok 14:11:40.0848 4428 [ 020C2F610BE801B9B50AF1BFF4A5B24B ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\c9866f6c2cae33d2c38ab32da622a167\System.ServiceProcess.ni.dll 14:11:40.0848 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\c9866f6c2cae33d2c38ab32da622a167\System.ServiceProcess.ni.dll - ok 14:11:40.0848 4428 [ DDD0357A92FA843EFF8915ED17253D6C ] C:\Windows\System32\wbem\WmiPrvSD.dll 14:11:40.0848 4428 C:\Windows\System32\wbem\WmiPrvSD.dll - ok 14:11:40.0848 4428 [ D41FEBD098234F02485A4EA98D4730A4 ] C:\Windows\System32\ncobjapi.dll 14:11:40.0848 4428 C:\Windows\System32\ncobjapi.dll - ok 14:11:40.0863 4428 [ 6F40D6FB05E0C1E5402812B426971AF0 ] C:\Windows\System32\wbem\wbemess.dll 14:11:40.0863 4428 C:\Windows\System32\wbem\wbemess.dll - ok 14:11:40.0863 4428 [ 5BBC951150E738F108C6D3D325BD4029 ] C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll 14:11:40.0863 4428 C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll - ok 14:11:40.0863 4428 [ 839F96DBAAFD3353E0B248A5E0BD2A51 ] C:\Windows\SysWOW64\rasapi32.dll 14:11:40.0863 4428 C:\Windows\SysWOW64\rasapi32.dll - ok 14:11:40.0879 4428 [ FFA7172354B9256DBB2CDD75F16F33FE ] C:\Windows\SysWOW64\rasman.dll 14:11:40.0879 4428 C:\Windows\SysWOW64\rasman.dll - ok 14:11:40.0879 4428 [ 0915C4DB6DBC3BB9E11B7ECBBE4B7159 ] C:\Windows\SysWOW64\rtutils.dll 14:11:40.0879 4428 C:\Windows\SysWOW64\rtutils.dll - ok 14:11:40.0879 4428 [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\SysWOW64\SensApi.dll 14:11:40.0879 4428 C:\Windows\SysWOW64\SensApi.dll - ok 14:11:40.0895 4428 [ 8C338238C16777A802D6A9211EB2BA50 ] C:\Windows\SysWOW64\netprofm.dll 14:11:40.0895 4428 C:\Windows\SysWOW64\netprofm.dll - ok 14:11:40.0895 4428 [ 212F87EE837B4E35E43A93BBFC44E7A7 ] C:\Windows\SysWOW64\AsIO.dll 14:11:40.0895 4428 C:\Windows\SysWOW64\AsIO.dll - ok 14:11:40.0895 4428 [ DC6612A9EE015A36BA2A27BC9CC12537 ] C:\Windows\SysWOW64\mfc42.dll 14:11:40.0895 4428 C:\Windows\SysWOW64\mfc42.dll - ok 14:11:40.0910 4428 [ 7D34AF98A706230CC2DEDFE0CABF87AB ] C:\Windows\SysWOW64\odbc32.dll 14:11:40.0910 4428 C:\Windows\SysWOW64\odbc32.dll - ok 14:11:40.0910 4428 [ 619A67C9F617B7E69315BB28ECD5E1DF ] C:\Windows\System32\wbem\WmiPrvSE.exe 14:11:40.0910 4428 C:\Windows\System32\wbem\WmiPrvSE.exe - ok 14:11:40.0910 4428 [ 6607C2182C6A53ED983813AFE2F85768 ] C:\Windows\System32\wbem\cimwin32.dll 14:11:40.0910 4428 C:\Windows\System32\wbem\cimwin32.dll - ok 14:11:40.0926 4428 [ 1484B9EBF567346582DE571B0E164AE0 ] C:\Windows\System32\framedynos.dll 14:11:40.0926 4428 C:\Windows\System32\framedynos.dll - ok 14:11:40.0926 4428 [ ABA457BFC7EC0B5E130B2F1E0F549DFF ] C:\Windows\SysWOW64\odbcint.dll 14:11:40.0926 4428 C:\Windows\SysWOW64\odbcint.dll - ok 14:11:40.0926 4428 [ CDAD3376DFF3D9AC7FDCBE2B94B0D3C8 ] C:\Windows\System32\shfolder.dll 14:11:40.0926 4428 C:\Windows\System32\shfolder.dll - ok 14:11:40.0926 4428 [ 06EBB2B3F1588E6182C67F6D95F151EA ] C:\Program Files\COMODO\COMODO Internet Security\platform.dll 14:11:40.0926 4428 C:\Program Files\COMODO\COMODO Internet Security\platform.dll - ok 14:11:40.0941 4428 [ 6D8F59648536E150DC5543E439281AE3 ] C:\Program Files\COMODO\COMODO Internet Security\scanners\common.cav 14:11:40.0941 4428 C:\Program Files\COMODO\COMODO Internet Security\scanners\common.cav - ok 14:11:40.0941 4428 [ 73EC75C38053596DBE594D63E4CD3E79 ] C:\Program Files\COMODO\COMODO Internet Security\signmgr.dll 14:11:40.0941 4428 C:\Program Files\COMODO\COMODO Internet Security\signmgr.dll - ok 14:11:40.0941 4428 [ 77A0AC6A3031FEFCBE2B7A52F4E8C0D3 ] C:\Program Files\COMODO\COMODO Internet Security\scanners\fileid.cav 14:11:40.0941 4428 C:\Program Files\COMODO\COMODO Internet Security\scanners\fileid.cav - ok 14:11:40.0957 4428 [ B598F178B9454BA8700EC7FA16FD4284 ] C:\Program Files\COMODO\COMODO Internet Security\scanners\pkann.dll 14:11:40.0957 4428 C:\Program Files\COMODO\COMODO Internet Security\scanners\pkann.dll - ok 14:11:40.0957 4428 [ 6A9178ADC5A029992399B76AE5E5E96E ] C:\Program Files\COMODO\COMODO Internet Security\scanners\mach32.dll 14:11:40.0957 4428 C:\Program Files\COMODO\COMODO Internet Security\scanners\mach32.dll - ok 14:11:40.0957 4428 [ DDABE79024A488DBBB7DE369FA22A93D ] C:\Program Files\COMODO\COMODO Internet Security\scanners\white.cav 14:11:40.0957 4428 C:\Program Files\COMODO\COMODO Internet Security\scanners\white.cav - ok 14:11:40.0973 4428 [ 2E2072EB48238FCA8FBB7A9F5FABAC45 ] C:\Windows\System32\winrnr.dll 14:11:40.0973 4428 C:\Windows\System32\winrnr.dll - ok 14:11:40.0973 4428 [ A4B3A9FFA483F8CB36E56C19448DDE36 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\52e2da35b160dbd254683f72a0f1b937\System.Xml.ni.dll 14:11:40.0973 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\52e2da35b160dbd254683f72a0f1b937\System.Xml.ni.dll - ok 14:11:40.0973 4428 [ 0017163E0D5985168792BEE5CF70D5DF ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dll 14:11:40.0973 4428 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dll - ok 14:11:40.0988 4428 [ 5DCD11D0B1CB71E2B035B30670365C35 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\6c3851b925e2a31ddefb3d36bb9163cb\System.Runtime.Remoting.ni.dll 14:11:40.0988 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\6c3851b925e2a31ddefb3d36bb9163cb\System.Runtime.Remoting.ni.dll - ok 14:11:40.0988 4428 [ 08C2957BB30058E663720C5606885653 ] C:\Windows\System32\iphlpsvc.dll 14:11:40.0988 4428 C:\Windows\System32\iphlpsvc.dll - ok 14:11:40.0988 4428 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] C:\Windows\System32\drivers\srv2.sys 14:11:40.0988 4428 C:\Windows\System32\drivers\srv2.sys - ok 14:11:41.0004 4428 [ 1EF54B3220EBF3794439EB072B350F3E ] C:\Program Files\Windows Home Server\WHSConnector.exe 14:11:41.0004 4428 C:\Program Files\Windows Home Server\WHSConnector.exe - ok 14:11:41.0004 4428 [ AB92BDA9FF444B39D22E94DC9D233CF4 ] C:\Program Files\Windows Home Server\PartnerManager.dll 14:11:41.0004 4428 C:\Program Files\Windows Home Server\PartnerManager.dll - ok 14:11:41.0004 4428 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] C:\Windows\System32\drivers\srv.sys 14:11:41.0004 4428 C:\Windows\System32\drivers\srv.sys - ok 14:11:41.0019 4428 [ 222D7D2B40F376038320668F7A909B36 ] C:\Program Files\Windows Home Server\WSCSource.dll 14:11:41.0019 4428 C:\Program Files\Windows Home Server\WSCSource.dll - ok 14:11:41.0019 4428 [ 27B9E163740A226B65E4B9E186117911 ] C:\Windows\System32\sqmapi.dll 14:11:41.0019 4428 C:\Windows\System32\sqmapi.dll - ok 14:11:41.0019 4428 [ 7B38D7916A7CD058C16A0A6CA5077901 ] C:\Windows\System32\wdscore.dll 14:11:41.0019 4428 C:\Windows\System32\wdscore.dll - ok 14:11:41.0035 4428 [ 814A7F6D222E65B065F139D891203656 ] C:\Program Files\Windows Home Server\WHSNotificationFactory.dll 14:11:41.0035 4428 C:\Program Files\Windows Home Server\WHSNotificationFactory.dll - ok 14:11:41.0035 4428 [ 1DB725C6D5B8EF722B0A4CD8A3B51F27 ] C:\Program Files\Windows Home Server\WHSNotificationSource.dll 14:11:41.0035 4428 C:\Program Files\Windows Home Server\WHSNotificationSource.dll - ok 14:11:41.0035 4428 [ 75131819FDCDA81739B1BE87DFD45F4A ] C:\Windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\c241cc03e9b5ac3666acb0e2ab47965b\ehRecObj.ni.dll 14:11:41.0035 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\c241cc03e9b5ac3666acb0e2ab47965b\ehRecObj.ni.dll - ok 14:11:41.0051 4428 [ EE867A0870FC9E4972BA9EAAD35651E2 ] C:\Windows\System32\rasmans.dll 14:11:41.0051 4428 C:\Windows\System32\rasmans.dll - ok 14:11:41.0051 4428 [ D9F42719019740BAA6D1C6D536CBDAA6 ] C:\Windows\System32\srvsvc.dll 14:11:41.0051 4428 C:\Windows\System32\srvsvc.dll - ok 14:11:41.0051 4428 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] C:\Windows\System32\browser.dll 14:11:41.0051 4428 C:\Windows\System32\browser.dll - ok 14:11:41.0066 4428 [ CFEFA40DDE34659BE5211966EAD86437 ] C:\Windows\System32\netmsg.dll 14:11:41.0066 4428 C:\Windows\System32\netmsg.dll - ok 14:11:41.0066 4428 [ 44C96B48112EB24AE7764EBF1C527000 ] C:\Windows\System32\rastapi.dll 14:11:41.0066 4428 C:\Windows\System32\rastapi.dll - ok 14:11:41.0066 4428 [ FAFAE01E889DC9C05A6CA2138CFC220B ] C:\Windows\System32\tapi32.dll 14:11:41.0066 4428 C:\Windows\System32\tapi32.dll - ok 14:11:41.0082 4428 [ 03706015DB44368375AEBE6339490E66 ] C:\Windows\System32\netcfgx.dll 14:11:41.0082 4428 C:\Windows\System32\netcfgx.dll - ok 14:11:41.0082 4428 [ 60666289DB3D58D68DCC2C6A54703BC0 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\mcstore\9a109c70eea14b5006fbce07e1db37b5\mcstore.ni.dll 14:11:41.0082 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\mcstore\9a109c70eea14b5006fbce07e1db37b5\mcstore.ni.dll - ok 14:11:41.0082 4428 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] C:\Windows\System32\netprofm.dll 14:11:41.0082 4428 C:\Windows\System32\netprofm.dll - ok 14:11:41.0082 4428 [ 3B367397320C26DBA890B260F80D1B1B ] C:\Windows\System32\hnetcfg.dll 14:11:41.0082 4428 C:\Windows\System32\hnetcfg.dll - ok 14:11:41.0097 4428 [ D2A0FFA75AB181B19B5EB93BB29C7686 ] C:\Windows\System32\unimdm.tsp 14:11:41.0097 4428 C:\Windows\System32\unimdm.tsp - ok 14:11:41.0097 4428 [ 81749E073AC5857B044A686B406E5244 ] C:\Windows\System32\clusapi.dll 14:11:41.0097 4428 C:\Windows\System32\clusapi.dll - ok 14:11:41.0097 4428 [ FF80CAD87555E8E4D2CFD7B9058343F8 ] C:\Windows\System32\sscore.dll 14:11:41.0097 4428 C:\Windows\System32\sscore.dll - ok 14:11:41.0113 4428 [ 344FCC9850C3A8A3B4D3C65151AF8E4C ] C:\Windows\System32\resutils.dll 14:11:41.0113 4428 C:\Windows\System32\resutils.dll - ok 14:11:41.0113 4428 [ FEB91B4DA0D540865260A33838654FA3 ] C:\Windows\System32\nci.dll 14:11:41.0113 4428 C:\Windows\System32\nci.dll - ok 14:11:41.0113 4428 [ 94B7DF336815B47236724019FAB24B7C ] C:\Windows\System32\uniplat.dll 14:11:41.0113 4428 C:\Windows\System32\uniplat.dll - ok 14:11:41.0129 4428 [ 41326DD08ACC0CDC5F8177AF96C066E8 ] C:\Windows\System32\kmddsp.tsp 14:11:41.0129 4428 C:\Windows\System32\kmddsp.tsp - ok 14:11:41.0129 4428 [ 1D6BC2769DA66C1145F4DA5A65F52E61 ] C:\Windows\System32\ndptsp.tsp 14:11:41.0129 4428 C:\Windows\System32\ndptsp.tsp - ok 14:11:41.0129 4428 [ 7C1BAE7D23D4874FEE256A2B9C00E019 ] C:\Windows\System32\hidphone.tsp 14:11:41.0129 4428 C:\Windows\System32\hidphone.tsp - ok 14:11:41.0129 4428 [ A717A35120DBAB5AB707AB40662AF9DD ] C:\Windows\System32\rasppp.dll 14:11:41.0129 4428 C:\Windows\System32\rasppp.dll - ok 14:11:41.0144 4428 [ 0FE5CD5F9C9248F42D1EF56E495B182E ] C:\Windows\System32\vpnike.dll 14:11:41.0144 4428 C:\Windows\System32\vpnike.dll - ok 14:11:41.0144 4428 [ 6A84E68B538B8B04608BF2F0D426CE6F ] C:\Windows\System32\raschap.dll 14:11:41.0144 4428 C:\Windows\System32\raschap.dll - ok 14:11:41.0144 4428 [ A53B66A443C2B313B12A27A07133594D ] C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\99adaa00da8830c264898b126ad2af54\Microsoft.MediaCenter.UI.ni.dll 14:11:41.0144 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\99adaa00da8830c264898b126ad2af54\Microsoft.MediaCenter.UI.ni.dll - ok 14:11:41.0160 4428 [ DC3E0DFB43ED05FF8290B38E3F94C0DE ] C:\Windows\ehome\ehepgres.dll 14:11:41.0160 4428 C:\Windows\ehome\ehepgres.dll - ok 14:11:41.0160 4428 [ B95F6501A2F8B2E78C697FEC401970CE ] C:\Windows\System32\ipnathlp.dll 14:11:41.0160 4428 C:\Windows\System32\ipnathlp.dll - ok 14:11:41.0160 4428 [ 2DF29664ED261F0FC448E58F338F0671 ] C:\Windows\System32\mprapi.dll 14:11:41.0160 4428 C:\Windows\System32\mprapi.dll - ok 14:11:41.0175 4428 [ A42F2C1EB3B66C54FB3C7B79D30C1A6D ] C:\Windows\System32\netshell.dll 14:11:41.0175 4428 C:\Windows\System32\netshell.dll - ok 14:11:41.0175 4428 [ 2E648163254233755035B46DD7B89123 ] C:\Windows\System32\termsrv.dll 14:11:41.0175 4428 C:\Windows\System32\termsrv.dll - ok 14:11:41.0175 4428 [ BF1FC3F79B863C914687A737C2F3D681 ] C:\Windows\System32\wdi.dll 14:11:41.0175 4428 C:\Windows\System32\wdi.dll - ok 14:11:41.0191 4428 [ F7073C962C4FB7C415565DDE109DE49F ] C:\Windows\System32\npmproxy.dll 14:11:41.0191 4428 C:\Windows\System32\npmproxy.dll - ok 14:11:41.0191 4428 [ BD9EB3958F213F96B97B1D897DEE006D ] C:\Windows\System32\hidserv.dll 14:11:41.0191 4428 C:\Windows\System32\hidserv.dll - ok 14:11:41.0191 4428 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] C:\Windows\System32\ssdpsrv.dll 14:11:41.0191 4428 C:\Windows\System32\ssdpsrv.dll - ok 14:11:41.0191 4428 [ 93221146D4EBBF314C29B23CD6CC391D ] C:\Windows\System32\wpdbusenum.dll 14:11:41.0191 4428 C:\Windows\System32\wpdbusenum.dll - ok 14:11:41.0207 4428 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] C:\Windows\System32\appinfo.dll 14:11:41.0207 4428 C:\Windows\System32\appinfo.dll - ok 14:11:41.0207 4428 [ 15E298B5EC5B89C5994A59863969D9FF ] C:\Windows\SysWOW64\npmproxy.dll 14:11:41.0207 4428 C:\Windows\SysWOW64\npmproxy.dll - ok 14:11:41.0207 4428 [ BF4AC709BE5BF64F331F5D67773A0C82 ] C:\Windows\System32\perftrack.dll 14:11:41.0207 4428 C:\Windows\System32\perftrack.dll - ok 14:11:41.0222 4428 [ 4449D23E8F197862F1B16F1E6C89C36C ] C:\Windows\System32\diagperf.dll 14:11:41.0222 4428 C:\Windows\System32\diagperf.dll - ok 14:11:41.0222 4428 [ 7E236CC26FF0C2513819FA453E2C5371 ] C:\Windows\System32\icaapi.dll 14:11:41.0222 4428 C:\Windows\System32\icaapi.dll - ok 14:11:41.0222 4428 [ 988121D083B7AB61D4A7E244290BAAB0 ] C:\Windows\System32\lsmproxy.dll 14:11:41.0222 4428 C:\Windows\System32\lsmproxy.dll - ok 14:11:41.0238 4428 [ 9719E3D834F5C8C43F56A93DFA497023 ] C:\Windows\System32\pnpts.dll 14:11:41.0238 4428 C:\Windows\System32\pnpts.dll - ok 14:11:41.0238 4428 [ 46863C4CC5B68EB09EA2D5EEF0F1193A ] C:\Windows\System32\radardt.dll 14:11:41.0238 4428 C:\Windows\System32\radardt.dll - ok 14:11:41.0238 4428 [ E811F8510B133E70CF6E509FB809824F ] C:\Windows\System32\wdiasqmmodule.dll 14:11:41.0238 4428 C:\Windows\System32\wdiasqmmodule.dll - ok 14:11:41.0253 4428 [ E377BBA01F34E4183C32E5BBD688CE83 ] C:\Windows\System32\regapi.dll 14:11:41.0253 4428 C:\Windows\System32\regapi.dll - ok 14:11:41.0253 4428 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] C:\Windows\System32\IPSECSVC.DLL 14:11:41.0253 4428 C:\Windows\System32\IPSECSVC.DLL - ok 14:11:41.0253 4428 [ 92E0508D924512F63FFEEFE498CBD11F ] C:\Windows\System32\p2pcollab.dll 14:11:41.0253 4428 C:\Windows\System32\p2pcollab.dll - ok 14:11:41.0269 4428 [ 5B236296E233CAA6BF86BE0C6501A224 ] C:\Windows\System32\rdpcorekmts.dll 14:11:41.0269 4428 C:\Windows\System32\rdpcorekmts.dll - ok 14:11:41.0269 4428 [ 6D5DCC1579B3961D791ABDE286A1CB5E ] C:\Windows\System32\rdpwsx.dll 14:11:41.0269 4428 C:\Windows\System32\rdpwsx.dll - ok 14:11:41.0269 4428 [ 1B6163C503398B23FF8B939C67747683 ] C:\Windows\System32\drivers\rdpdr.sys 14:11:41.0269 4428 C:\Windows\System32\drivers\rdpdr.sys - ok 14:11:41.0269 4428 [ 582AC6D9873E31DFA28A4547270862DD ] C:\Windows\System32\QAGENTRT.DLL 14:11:41.0269 4428 C:\Windows\System32\QAGENTRT.DLL - ok 14:11:41.0285 4428 [ 1B4A711265FEA91259553D7B4E83394B ] C:\Windows\System32\tlscsp.dll 14:11:41.0285 4428 C:\Windows\System32\tlscsp.dll - ok 14:11:41.0285 4428 [ 506A83A3BEEE9FCA09F0170DE9FC7D1B ] C:\Windows\System32\fveui.dll 14:11:41.0285 4428 C:\Windows\System32\fveui.dll - ok 14:11:41.0285 4428 [ F17D1D393BBC69C5322FBFAFACA28C7F ] C:\Windows\System32\certprop.dll 14:11:41.0285 4428 C:\Windows\System32\certprop.dll - ok 14:11:41.0300 4428 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] C:\Windows\System32\drivers\tdtcp.sys 14:11:41.0300 4428 C:\Windows\System32\drivers\tdtcp.sys - ok 14:11:41.0300 4428 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] C:\Windows\System32\drivers\tssecsrv.sys 14:11:41.0300 4428 C:\Windows\System32\drivers\tssecsrv.sys - ok 14:11:41.0300 4428 [ 0B6231BF38174A1628C4AC812CC75804 ] C:\Windows\System32\SessEnv.dll 14:11:41.0300 4428 C:\Windows\System32\SessEnv.dll - ok 14:11:41.0316 4428 [ E61608AA35E98999AF9AAEEEA6114B0A ] C:\Windows\System32\drivers\rdpwd.sys 14:11:41.0316 4428 C:\Windows\System32\drivers\rdpwd.sys - ok 14:11:41.0316 4428 [ 025E7DBDB98866ED3CB2D4DDA70B364D ] C:\Windows\System32\runonce.exe 14:11:41.0316 4428 C:\Windows\System32\runonce.exe - ok 14:11:41.0316 4428 [ D44741F65A1D71F65814A12CF6E2400A ] C:\Windows\SysWOW64\runonce.exe 14:11:41.0316 4428 C:\Windows\SysWOW64\runonce.exe - ok 14:11:41.0331 4428 [ 12C45E3CB6D65F73209549E2D02ECA7A ] C:\Windows\SysWOW64\propsys.dll 14:11:41.0331 4428 C:\Windows\SysWOW64\propsys.dll - ok 14:11:41.0331 4428 [ AD7B9C14083B52BC532FBA5948342B98 ] C:\Windows\SysWOW64\cmd.exe 14:11:41.0331 4428 C:\Windows\SysWOW64\cmd.exe - ok 14:11:41.0331 4428 [ 326C7F76A29897A892AA7726E91C1C67 ] C:\Windows\SysWOW64\winbrand.dll 14:11:41.0331 4428 C:\Windows\SysWOW64\winbrand.dll - ok 14:11:41.0347 4428 [ 4B78B431F225FD8624C5655CB1DE7B61 ] C:\Windows\System32\aelupsvc.dll 14:11:41.0347 4428 C:\Windows\System32\aelupsvc.dll - ok 14:11:41.0347 4428 [ 37F358CBD2A1D82C56A542325DA6D368 ] C:\Windows\SysWOW64\ieframe.dll 14:11:41.0347 4428 C:\Windows\SysWOW64\ieframe.dll - ok 14:11:41.0347 4428 [ E64D9EC8018C55873B40FDEE9DBEF5B3 ] C:\Windows\System32\PortableDeviceApi.dll 14:11:41.0347 4428 C:\Windows\System32\PortableDeviceApi.dll - ok 14:11:41.0363 4428 [ 9BC93C9ACFA34DB5A41B89357B31E4ED ] C:\Windows\System32\FwRemoteSvr.dll 14:11:41.0363 4428 C:\Windows\System32\FwRemoteSvr.dll - ok 14:11:41.0363 4428 [ 8E01332CC4B68BC6B5B7EFFE374442AA ] C:\Windows\SysWOW64\oleacc.dll 14:11:41.0363 4428 C:\Windows\SysWOW64\oleacc.dll - ok 14:11:41.0363 4428 [ BE247AE996A9FDE007A27B51413A6C79 ] C:\Windows\SysWOW64\shdocvw.dll 14:11:41.0363 4428 C:\Windows\SysWOW64\shdocvw.dll - ok 14:11:41.0363 4428 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\Users\Webb\AppData\Local\Temp\D7571601-6271-4813-84C6-6B3CD7101659.exe 14:11:41.0363 4428 C:\Users\Webb\AppData\Local\Temp\D7571601-6271-4813-84C6-6B3CD7101659.exe - ok 14:11:41.0378 4428 [ 10F815BE90A66AAFC6C713D1BD626064 ] C:\Windows\System32\pnidui.dll 14:11:41.0378 4428 C:\Windows\System32\pnidui.dll - ok 14:11:41.0378 4428 [ 591FE0A6CEB19BF886CEB1331F591940 ] C:\Windows\SysWOW64\ncrypt.dll 14:11:41.0378 4428 C:\Windows\SysWOW64\ncrypt.dll - ok 14:11:41.0378 4428 [ CE71B9119A258EDD0A05B37D7B0F92E3 ] C:\Windows\SysWOW64\bcrypt.dll 14:11:41.0378 4428 C:\Windows\SysWOW64\bcrypt.dll - ok 14:11:41.0394 4428 [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\SysWOW64\bcryptprimitives.dll 14:11:41.0394 4428 C:\Windows\SysWOW64\bcryptprimitives.dll - ok 14:11:41.0394 4428 [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\SysWOW64\gpapi.dll 14:11:41.0394 4428 C:\Windows\SysWOW64\gpapi.dll - ok 14:11:41.0394 4428 [ CA79539D3D4C0BA66F0F051A5EE5E923 ] C:\Windows\SysWOW64\cryptnet.dll 14:11:41.0394 4428 C:\Windows\SysWOW64\cryptnet.dll - ok 14:11:41.0409 4428 [ 1DB71A41DAEE6B3F8CD0DDA8209FA2D5 ] C:\Windows\SysWOW64\WindowsCodecs.dll 14:11:41.0409 4428 C:\Windows\SysWOW64\WindowsCodecs.dll - ok 14:11:41.0409 4428 [ 846D0E4DB261CFAF363902E41498E961 ] C:\Windows\SysWOW64\EhStorShell.dll 14:11:41.0409 4428 C:\Windows\SysWOW64\EhStorShell.dll - ok 14:11:41.0409 4428 [ 03F3B770DFBED6131653CEDA8CA780F0 ] C:\Windows\SysWOW64\ntshrui.dll 14:11:41.0409 4428 C:\Windows\SysWOW64\ntshrui.dll - ok 14:11:41.0425 4428 [ 827CB0D6C3F8057EA037FF271F8E9795 ] C:\Windows\SysWOW64\imageres.dll 14:11:41.0425 4428 C:\Windows\SysWOW64\imageres.dll - ok 14:11:41.0425 4428 [ 8B74CEC6980D4816B0037AE9A27E538F ] C:\Windows\SysWOW64\slc.dll 14:11:41.0425 4428 C:\Windows\SysWOW64\slc.dll - ok 14:11:41.0425 4428 [ 1EB82516F21F27EED1833B4F9FD9614E ] C:\Windows\System32\wmp.dll 14:11:41.0425 4428 C:\Windows\System32\wmp.dll - ok 14:11:41.0425 4428 [ A293DCD756D04D8492A750D03B9A297C ] C:\Windows\System32\umrdp.dll 14:11:41.0425 4428 C:\Windows\System32\umrdp.dll - ok 14:11:41.0441 4428 [ E1B22739C933BE33F53DB58C5393ADD3 ] C:\Windows\System32\Apphlpdm.dll 14:11:41.0441 4428 C:\Windows\System32\Apphlpdm.dll - ok 14:11:41.0441 4428 [ AFA79C343F9D1555F7E5D5FA70BB2A14 ] C:\Windows\System32\PortableDeviceConnectApi.dll 14:11:41.0441 4428 C:\Windows\System32\PortableDeviceConnectApi.dll - ok 14:11:41.0441 4428 [ 45CFBFA8EDC3DF4E2B7FB0D0260FE051 ] C:\Windows\System32\localspl.dll 14:11:41.0441 4428 C:\Windows\System32\localspl.dll - ok 14:11:41.0456 4428 [ C5AC93CF3BA30D367FB49148A2B673B9 ] C:\Windows\System32\PrintIsolationProxy.dll 14:11:41.0456 4428 C:\Windows\System32\PrintIsolationProxy.dll - ok 14:11:41.0456 4428 [ 3285481F5C12305CA104A6C493CA5A0B ] C:\Windows\System32\spoolss.dll 14:11:41.0456 4428 C:\Windows\System32\spoolss.dll - ok 14:11:41.0456 4428 [ EC98366AD462383659681BDFFD384CED ] C:\Windows\System32\CNBLM4.DLL 14:11:41.0456 4428 C:\Windows\System32\CNBLM4.DLL - ok 14:11:41.0472 4428 [ 19E41CCCEE697CC9465396B370929792 ] C:\Windows\System32\FXSMON.dll 14:11:41.0472 4428 C:\Windows\System32\FXSMON.dll - ok 14:11:41.0472 4428 [ 32A3C8600AF124CBAAD845F13CFAE3CB ] C:\Windows\System32\tcpmon.dll 14:11:41.0472 4428 C:\Windows\System32\tcpmon.dll - ok 14:11:41.0472 4428 [ 93518C6EDE0B61BCBD02BDB02BD05FEE ] C:\Windows\System32\snmpapi.dll 14:11:41.0472 4428 C:\Windows\System32\snmpapi.dll - ok 14:11:41.0487 4428 [ FFF9D00CF16397C64317F213484F94BD ] C:\Windows\System32\wsnmp32.dll 14:11:41.0487 4428 C:\Windows\System32\wsnmp32.dll - ok 14:11:41.0487 4428 [ DF72A9936D0C3F517083119648814B09 ] C:\Windows\System32\usbmon.dll 14:11:41.0487 4428 C:\Windows\System32\usbmon.dll - ok 14:11:41.0487 4428 [ A1D7E3ADCDB07DDB6F423862DCB1A52B ] C:\Windows\System32\WSDMon.dll 14:11:41.0487 4428 C:\Windows\System32\WSDMon.dll - ok 14:11:41.0487 4428 [ 4581716B4BF76ACFD8E167EB0B26D82A ] C:\Windows\System32\fdPnp.dll 14:11:41.0487 4428 C:\Windows\System32\fdPnp.dll - ok 14:11:41.0503 4428 [ 1D626FE2E13C1CE49CA0136CFF214E93 ] C:\Windows\System32\spool\prtprocs\x64\winprint.dll 14:11:41.0503 4428 C:\Windows\System32\spool\prtprocs\x64\winprint.dll - ok 14:11:41.0503 4428 [ 389B0EEE1FFB490D76A556F04C0B268E ] C:\Windows\System32\spool\prtprocs\x64\CNBPP4.DLL 14:11:41.0503 4428 C:\Windows\System32\spool\prtprocs\x64\CNBPP4.DLL - ok 14:11:41.0503 4428 [ 507D5567A0A4EE86C4B0CE2CE1777025 ] C:\Windows\System32\inetpp.dll 14:11:41.0503 4428 C:\Windows\System32\inetpp.dll - ok 14:11:41.0519 4428 [ 548CB980D7876E207CC9F8B60C1587A3 ] C:\Windows\System32\win32spl.dll 14:11:41.0519 4428 C:\Windows\System32\win32spl.dll - ok 14:11:41.0519 4428 [ E629F1A051C82795DDFFD3E8D4855811 ] C:\Windows\System32\dimsjob.dll 14:11:41.0519 4428 C:\Windows\System32\dimsjob.dll - ok 14:11:41.0519 4428 [ 35CB97CBC3EDC463418ED4997AAB29B6 ] C:\Windows\System32\pautoenr.dll 14:11:41.0519 4428 C:\Windows\System32\pautoenr.dll - ok 14:11:41.0534 4428 [ 94DFBB481BF51158B216E23C5C1C9D6E ] C:\Windows\System32\certcli.dll 14:11:41.0534 4428 C:\Windows\System32\certcli.dll - ok 14:11:41.0534 4428 [ 263B26106606A010CF877472B535E4BB ] C:\Windows\System32\CertEnroll.dll 14:11:41.0534 4428 C:\Windows\System32\CertEnroll.dll - ok 14:11:41.0534 4428 [ 162D247E995EAEBF3EF4289069E1111C ] C:\Windows\SysWOW64\devrtl.dll 14:11:41.0534 4428 C:\Windows\SysWOW64\devrtl.dll - ok 14:11:41.0550 4428 [ D56C13F26ADCB3BC0455DB42883F6E7D ] C:\Windows\System32\iedkcs32.dll 14:11:41.0550 4428 C:\Windows\System32\iedkcs32.dll - ok 14:11:41.0550 4428 [ 6D220604AA4240303DD8DEAEAB428377 ] C:\Windows\System32\ie4uinit.exe 14:11:41.0550 4428 C:\Windows\System32\ie4uinit.exe - ok 14:11:41.0550 4428 [ 2C647ABE9A424E55B5F3DAE4629B4277 ] C:\Windows\System32\themeui.dll 14:11:41.0550 4428 C:\Windows\System32\themeui.dll - ok 14:11:41.0565 4428 [ FB10715E4099AF9FA389C71873245226 ] C:\Windows\System32\timedate.cpl 14:11:41.0565 4428 C:\Windows\System32\timedate.cpl - ok 14:11:41.0565 4428 [ E6F0F82788E8BD0F7A616350EFA0761C ] C:\Windows\System32\actxprxy.dll 14:11:41.0565 4428 C:\Windows\System32\actxprxy.dll - ok 14:11:41.0565 4428 [ C4F40F6CACD796A8E16671D0E9A2F319 ] C:\Windows\System32\shdocvw.dll 14:11:41.0565 4428 C:\Windows\System32\shdocvw.dll - ok 14:11:41.0581 4428 [ A0A65D306A5490D2EB8E7DE66898ECFD ] C:\Windows\System32\linkinfo.dll 14:11:41.0581 4428 C:\Windows\System32\linkinfo.dll - ok 14:11:41.0581 4428 [ 3504B34CD2DE00BA3CC1A195F1B739BD ] C:\Windows\System32\gameux.dll 14:11:41.0581 4428 C:\Windows\System32\gameux.dll - ok 14:11:41.0581 4428 [ 1EAC1A8CA6874BF5B15E2EFB9A9A7B86 ] C:\Windows\System32\msftedit.dll 14:11:41.0581 4428 C:\Windows\System32\msftedit.dll - ok 14:11:41.0581 4428 [ 7CB3ACB163DE051169095DC6507B8977 ] C:\Windows\System32\msls31.dll 14:11:41.0581 4428 C:\Windows\System32\msls31.dll - ok 14:11:41.0597 4428 [ 7DBA84667DC18877AEF693E3543DFAD7 ] C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll 14:11:41.0597 4428 C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll - ok 14:11:41.0597 4428 [ 69754747274B76E7FAF287239333D7E6 ] C:\Windows\System32\msiltcfg.dll 14:11:41.0597 4428 C:\Windows\System32\msiltcfg.dll - ok 14:11:41.0597 4428 [ 4C2C4640BF23AAFCF90519E0F34436CE ] C:\Windows\System32\DeviceCenter.dll 14:11:41.0597 4428 C:\Windows\System32\DeviceCenter.dll - ok 14:11:41.0612 4428 [ 405F4D32D2185F1F1BD753D8EEAFFB3A ] C:\Windows\System32\networkexplorer.dll 14:11:41.0612 4428 C:\Windows\System32\networkexplorer.dll - ok 14:11:41.0612 4428 [ 4F7A4BC2C730D881C48D22A6E7EF547C ] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe 14:11:41.0612 4428 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe - ok 14:11:41.0612 4428 [ 24F4B480F335A6C724AF352253C5D98B ] C:\Windows\System32\thumbcache.dll 14:11:41.0612 4428 C:\Windows\System32\thumbcache.dll - ok 14:11:41.0628 4428 [ 263E9A047D17CD50BAA9D3C02910D18D ] C:\Windows\System32\oledlg.dll 14:11:41.0628 4428 C:\Windows\System32\oledlg.dll - ok 14:11:41.0628 4428 [ 4B4F81C294B9A07479F4F4F8FF20E58C ] C:\Program Files (x86)\Garmin\gStart.exe 14:11:41.0628 4428 C:\Program Files (x86)\Garmin\gStart.exe - ok 14:11:41.0628 4428 [ 32DA0F05975B3426C0AD76296ABF3073 ] C:\Program Files (x86)\Garmin\gStart_Lang.dll 14:11:41.0628 4428 C:\Program Files (x86)\Garmin\gStart_Lang.dll - ok 14:11:41.0643 4428 [ 17482ECBD12AF528EA626CFA87361BB0 ] C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe 14:11:41.0643 4428 C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe - ok 14:11:41.0643 4428 [ E999032BA2304BFAA471AE444AE86C49 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe 14:11:41.0643 4428 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe - ok 14:11:41.0643 4428 [ 0AEE5668EB59912F32FF245BFA72465F ] C:\Program Files (x86)\QuickTime\QTTask.exe 14:11:41.0643 4428 C:\Program Files (x86)\QuickTime\QTTask.exe - ok 14:11:41.0659 4428 [ 0B5511674394666E9D221F8681B2C2E6 ] C:\Windows\System32\consent.exe 14:11:41.0659 4428 C:\Windows\System32\consent.exe - ok 14:11:41.0659 4428 [ EAAD988F5D1C6904DF8D59382D326371 ] C:\Windows\SysWOW64\atiadlxy.dll 14:11:41.0659 4428 C:\Windows\SysWOW64\atiadlxy.dll - ok 14:11:41.0659 4428 [ 0CFBE2D135A73CA98381FC8CC8BC5A03 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe 14:11:41.0659 4428 C:\Program Files (x86)\iTunes\iTunesHelper.exe - ok 14:11:41.0659 4428 [ 18673B7DDECFB675A989EB2B7C51A7F1 ] C:\Program Files\COMODO\COMODO Internet Security\cmdhtml.dll 14:11:41.0659 4428 C:\Program Files\COMODO\COMODO Internet Security\cmdhtml.dll - ok 14:11:41.0675 4428 [ 55520AF0F65D5BD7A337DCEDDE886125 ] C:\Program Files (x86)\iTunes\iTunesHelper.dll 14:11:41.0675 4428 C:\Program Files (x86)\iTunes\iTunesHelper.dll - ok 14:11:41.0675 4428 [ 848BC9A0BB2361E549FD4C22D7548FB8 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\AppleVersions.dll 14:11:41.0675 4428 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\AppleVersions.dll - ok 14:11:41.0675 4428 [ 795AEA2511A1C5082FA690D6BD8D202E ] C:\Program Files (x86)\iTunes\iTunesHelper.Resources\iTunesHelper.dll 14:11:41.0675 4428 C:\Program Files (x86)\iTunes\iTunesHelper.Resources\iTunesHelper.dll - ok 14:11:41.0690 4428 [ E7704CBF568815C1CAA6E513387BD3F2 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 14:11:41.0690 4428 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe - ok 14:11:41.0690 4428 [ 4F99047D255B77FDA6E51EA97721E3D8 ] C:\Program Files (x86)\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll 14:11:41.0690 4428 C:\Program Files (x86)\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll - ok 14:11:41.0690 4428 [ 1EAE09FD191DA65EFF54AF9A2E899711 ] C:\Program Files (x86)\Sierra Wireless Inc\Watcher\WaHelper.exe 14:11:41.0690 4428 C:\Program Files (x86)\Sierra Wireless Inc\Watcher\WaHelper.exe - ok 14:11:41.0706 4428 [ 505F022493D471025ADD399A4162208B ] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe 14:11:41.0706 4428 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe - ok 14:11:41.0706 4428 [ B8E421C0890356CD4A793D8A346D9096 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe 14:11:41.0706 4428 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok 14:11:41.0706 4428 [ B77081F8221968C7DAB794B0BA55C43E ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 14:11:41.0706 4428 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe - ok 14:11:41.0721 4428 [ 083649EF692A066880C9326020915AFE ] C:\Program Files\Alwil Software\Avast5\AvastUI.exe 14:11:41.0721 4428 C:\Program Files\Alwil Software\Avast5\AvastUI.exe - ok 14:11:41.0721 4428 [ 179EED57FED3C7422A559633641032BA ] C:\Program Files\Alwil Software\Avast5\aswUtil.dll 14:11:41.0721 4428 C:\Program Files\Alwil Software\Avast5\aswUtil.dll - ok 14:11:41.0721 4428 [ 50925A12AD9A8F45609E914D9F941E68 ] C:\Program Files\COMODO\COMODO Internet Security\themes\black.theme 14:11:41.0721 4428 C:\Program Files\COMODO\COMODO Internet Security\themes\black.theme - ok 14:11:41.0737 4428 [ CA6ADE4F7761BB15B3325356DC3B82BB ] C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll 14:11:41.0737 4428 C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll - ok 14:11:41.0737 4428 [ E2C48CD0132D4D1DC7D0DF9A6BEF686A ] C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80u.dll 14:11:41.0737 4428 C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80u.dll - ok 14:11:41.0737 4428 [ 1473768973453DE50DC738C2955FC4DD ] C:\Windows\System32\wdmaud.drv 14:11:41.0737 4428 C:\Windows\System32\wdmaud.drv - ok 14:11:41.0753 4428 [ 8560FFFC8EB3A806DCD4F82252CFC8C6 ] C:\Windows\System32\ksuser.dll 14:11:41.0753 4428 C:\Windows\System32\ksuser.dll - ok 14:11:41.0753 4428 [ 25BEF4C3E9417AE09B017CCFB66B4383 ] C:\Program Files\COMODO\COMODO Internet Security\themes\blue.theme 14:11:41.0753 4428 C:\Program Files\COMODO\COMODO Internet Security\themes\blue.theme - ok 14:11:41.0753 4428 [ DC220AE6F64819099F7EBD6F137E32E7 ] C:\Windows\System32\AudioSes.dll 14:11:41.0753 4428 C:\Windows\System32\AudioSes.dll - ok 14:11:41.0768 4428 [ D79D19EC66106119DCD45D042C6B5170 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\88f8a6436dc95497fce0dae347646e53\System.Drawing.ni.dll 14:11:41.0768 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\88f8a6436dc95497fce0dae347646e53\System.Drawing.ni.dll - ok 14:11:41.0768 4428 [ C7EDDAC1E795976CDF62D785836FE38D ] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe 14:11:41.0768 4428 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe - ok 14:11:41.0768 4428 [ 28A09777D2D952122567A8A82F1A2C7B ] C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll 14:11:41.0768 4428 C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll - ok 14:11:41.0784 4428 [ 1B7C3A37362C7B2890168C5FC61C8D9B ] C:\Windows\System32\msacm32.drv 14:11:41.0784 4428 C:\Windows\System32\msacm32.drv - ok 14:11:41.0784 4428 [ CC30AA4EF49CA0B3B1C1CBCE325C36AD ] C:\Program Files\COMODO\COMODO Internet Security\themes\default.theme 14:11:41.0784 4428 C:\Program Files\COMODO\COMODO Internet Security\themes\default.theme - ok 14:11:41.0784 4428 [ CA2A0750ED830678997695FF61B04C30 ] C:\Windows\System32\midimap.dll 14:11:41.0784 4428 C:\Windows\System32\midimap.dll - ok 14:11:41.0799 4428 [ 10AC5CE9F78DC281A1BBD9B8CC587B8A ] C:\Windows\System32\msacm32.dll 14:11:41.0799 4428 C:\Windows\System32\msacm32.dll - ok 14:11:41.0799 4428 [ 5EDBB34736DD7AC1A73CF8792A835E10 ] C:\Windows\System32\AudioEng.dll 14:11:41.0799 4428 C:\Windows\System32\AudioEng.dll - ok 14:11:41.0799 4428 [ 5E04C53224E7D946F35DC1208835FD95 ] C:\Program Files\COMODO\COMODO Internet Security\themes\metal.theme 14:11:41.0799 4428 C:\Program Files\COMODO\COMODO Internet Security\themes\metal.theme - ok 14:11:41.0815 4428 [ C1395286B822E306B4FE1568A8A77813 ] C:\Windows\System32\AUDIOKSE.dll 14:11:41.0815 4428 C:\Windows\System32\AUDIOKSE.dll - ok 14:11:41.0815 4428 [ 1EA7969E3271CBC59E1730697DC74682 ] C:\Windows\System32\qmgr.dll 14:11:41.0815 4428 C:\Windows\System32\qmgr.dll - ok 14:11:41.0815 4428 [ D9431DCF90B0253773F51FDEFE7FD42F ] C:\Windows\System32\bitsigd.dll 14:11:41.0815 4428 C:\Windows\System32\bitsigd.dll - ok 14:11:41.0831 4428 [ 29409ED7400CA5BCCC30C0EE5147A60D ] C:\Windows\System32\bitsperf.dll 14:11:41.0831 4428 C:\Windows\System32\bitsperf.dll - ok 14:11:41.0831 4428 [ AC5DF873913B00E554D8F553459BC431 ] C:\Windows\System32\qmgrprxy.dll 14:11:41.0831 4428 C:\Windows\System32\qmgrprxy.dll - ok 14:11:41.0831 4428 [ 85B45B4B285B159ACDB355FC8C1E8925 ] C:\Windows\SysWOW64\qmgrprxy.dll 14:11:41.0831 4428 C:\Windows\SysWOW64\qmgrprxy.dll - ok 14:11:41.0846 4428 [ 1D856E6E7490447FCFAA46E09A2BF9C9 ] C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.qts 14:11:41.0846 4428 C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.qts - ok 14:11:41.0846 4428 [ E424B3EF666B184CEE0B6871AAA8C9F6 ] C:\Windows\System32\msimg32.dll 14:11:41.0846 4428 C:\Windows\System32\msimg32.dll - ok 14:11:41.0846 4428 [ 6F3C559B82F2912354BE5B098744CC8C ] C:\Windows\System32\WMALFXGFXDSP.dll 14:11:41.0846 4428 C:\Windows\System32\WMALFXGFXDSP.dll - ok 14:11:41.0846 4428 [ C3761661C17C2248A9379A8FB89E3DE1 ] C:\Windows\System32\stobject.dll 14:11:41.0846 4428 C:\Windows\System32\stobject.dll - ok 14:11:41.0862 4428 [ F832EEEA97CDDA1AF577E721F652A0D1 ] C:\Windows\System32\batmeter.dll 14:11:41.0862 4428 C:\Windows\System32\batmeter.dll - ok 14:11:41.0862 4428 [ FBFCA1A574D47EE575448B719CBBF2E4 ] C:\Windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ENU.DLL 14:11:41.0862 4428 C:\Windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ENU.DLL - ok 14:11:41.0862 4428 [ 13790C4FB6311ECE6D6763A7EC2313FB ] C:\Program Files\Alwil Software\Avast5\aswAra.dll 14:11:41.0862 4428 C:\Program Files\Alwil Software\Avast5\aswAra.dll - ok 14:11:41.0877 4428 [ F0E7DEC6F7A3610949BDED0CA8CCB3EA ] C:\Program Files\Alwil Software\Avast5\aswData.dll 14:11:41.0877 4428 C:\Program Files\Alwil Software\Avast5\aswData.dll - ok 14:11:41.0877 4428 [ AB6E3DF509C6BD59062F685A40395C23 ] C:\Program Files\Alwil Software\Avast5\1033\uiLangRes.dll 14:11:41.0877 4428 C:\Program Files\Alwil Software\Avast5\1033\uiLangRes.dll - ok 14:11:41.0877 4428 [ 2D2A6EC8EAD30EC3ACE2FD6FB1B3E122 ] C:\Windows\System32\prnfldr.dll 14:11:41.0877 4428 C:\Windows\System32\prnfldr.dll - ok 14:11:41.0893 4428 [ AB04C6CE5DF23819B914F822E9AA0EDF ] C:\Program Files\Alwil Software\Avast5\CommonRes.dll 14:11:41.0893 4428 C:\Program Files\Alwil Software\Avast5\CommonRes.dll - ok 14:11:41.0893 4428 [ 2A436796758BF2555A26C770FE8A6FEE ] C:\Windows\System32\fdProxy.dll 14:11:41.0893 4428 C:\Windows\System32\fdProxy.dll - ok 14:11:41.0893 4428 [ 42A9CB6906D9A8BEDC83B57163E62924 ] C:\Windows\System32\DXP.dll 14:11:41.0893 4428 C:\Windows\System32\DXP.dll - ok 14:11:41.0893 4428 [ 2BC7C9FD0A9F2C9AFC373F3AD1EE3891 ] C:\Windows\System32\Syncreg.dll 14:11:41.0893 4428 C:\Windows\System32\Syncreg.dll - ok 14:11:41.0909 4428 [ EADFC95980BC24DF3C7EE5B2CD38F043 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\d6af7216038720b1adeca71e81c14bd6\System.Windows.Forms.ni.dll 14:11:41.0909 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\d6af7216038720b1adeca71e81c14bd6\System.Windows.Forms.ni.dll - ok 14:11:41.0909 4428 [ C836175870E00ACC546066632E15BD10 ] C:\Windows\ehome\ehSSO.dll 14:11:41.0909 4428 C:\Windows\ehome\ehSSO.dll - ok 14:11:41.0909 4428 [ 10035E4C014522FE740172FF0B4FF43E ] C:\Windows\ehome\ehtray.exe 14:11:41.0909 4428 C:\Windows\ehome\ehtray.exe - ok 14:11:41.0924 4428 [ E7368F0A8D19445EAF5C5D0DBB8B8DAB ] C:\Windows\System32\AltTab.dll 14:11:41.0924 4428 C:\Windows\System32\AltTab.dll - ok 14:11:41.0924 4428 [ C8FDF0FA9E97E2FAAF3F814716AAA881 ] C:\Windows\System32\WPDShServiceObj.dll 14:11:41.0924 4428 C:\Windows\System32\WPDShServiceObj.dll - ok 14:11:41.0924 4428 [ AFDAE59FE562A7CDB44F9D4ABEDAC316 ] C:\Program Files (x86)\QuickTime\QTSystem\QTCF.dll 14:11:41.0924 4428 C:\Program Files (x86)\QuickTime\QTSystem\QTCF.dll - ok 14:11:41.0940 4428 [ 4F3CD1C59EA71401E155C432BCECE180 ] C:\Windows\System32\PortableDeviceTypes.dll 14:11:41.0940 4428 C:\Windows\System32\PortableDeviceTypes.dll - ok 14:11:41.0940 4428 [ B9F0A4020AA98B7A20287BF7FE99A1FD ] C:\Windows\System32\QUTIL.DLL 14:11:41.0940 4428 C:\Windows\System32\QUTIL.DLL - ok 14:11:41.0940 4428 [ 234AFA322624B3203A2E720F08292B03 ] C:\Windows\System32\cscobj.dll 14:11:41.0940 4428 C:\Windows\System32\cscobj.dll - ok 14:11:41.0955 4428 [ E0B340996A41C9A75DFA3B99BBA9C500 ] C:\Windows\System32\SearchIndexer.exe 14:11:41.0955 4428 C:\Windows\System32\SearchIndexer.exe - ok 14:11:41.0955 4428 [ 5CC7AF82752165A2A966BF557E2C7EB5 ] C:\Windows\ehome\ehProxy.dll 14:11:41.0955 4428 C:\Windows\ehome\ehProxy.dll - ok 14:11:41.0955 4428 [ 4E5FE39C1076D115EC8BFCFE14D75B80 ] C:\Windows\SysWOW64\credssp.dll 14:11:41.0955 4428 C:\Windows\SysWOW64\credssp.dll - ok 14:11:41.0971 4428 [ 7717F84F483002815490033BF069DABD ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll 14:11:41.0971 4428 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll - ok 14:11:41.0971 4428 [ DFFAE10E3A1B0C664B9383B7C1809B0A ] C:\Windows\ehome\ehrec.exe 14:11:41.0971 4428 C:\Windows\ehome\ehrec.exe - ok 14:11:41.0971 4428 [ 8569E35D00F45972E506502EEE622BA4 ] C:\Windows\System32\srchadmin.dll 14:11:41.0971 4428 C:\Windows\System32\srchadmin.dll - ok 14:11:41.0987 4428 [ 0E85C11F8850D524B02181C6E02BA9AE ] C:\Windows\SysWOW64\dsound.dll 14:11:41.0987 4428 C:\Windows\SysWOW64\dsound.dll - ok 14:11:41.0987 4428 [ 92DBF0A4C9239169010FC6E07859C82E ] C:\Windows\System32\ActionCenter.dll 14:11:41.0987 4428 C:\Windows\System32\ActionCenter.dll - ok 14:11:41.0987 4428 [ 357BE883C5236BFC7341CB9E82308908 ] C:\Windows\System32\wlanapi.dll 14:11:41.0987 4428 C:\Windows\System32\wlanapi.dll - ok 14:11:41.0987 4428 [ 589DF683A6C81424A6CECE52ABF98A50 ] C:\Windows\System32\tquery.dll 14:11:41.0987 4428 C:\Windows\System32\tquery.dll - ok 14:11:42.0002 4428 [ D855B0E63ECAFE9EBD086AF6691E0016 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll 14:11:42.0002 4428 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll - ok 14:11:42.0002 4428 [ D2155709E336C3BC15729EB87FEC6064 ] C:\Windows\System32\rasdlg.dll 14:11:42.0002 4428 C:\Windows\System32\rasdlg.dll - ok 14:11:42.0002 4428 [ 7FDE85776B7A59B5F426262A7719B8C6 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\ehCIR\0b01f92505de7e89aeb9a71160c3b4a9\ehCIR.ni.dll 14:11:42.0002 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\ehCIR\0b01f92505de7e89aeb9a71160c3b4a9\ehCIR.ni.dll - ok 14:11:42.0018 4428 [ C746F3BF98E92FB137B5BD2B8B5925BD ] C:\Windows\System32\FXSST.dll 14:11:42.0018 4428 C:\Windows\System32\FXSST.dll - ok 14:11:42.0018 4428 [ DB661831A20B7B58995C352F33593F8E ] C:\Windows\assembly\NativeImages_v2.0.50727_64\ehiProxy\b3d4face190a4aaff574574d4d8f6f6b\ehiProxy.ni.dll 14:11:42.0018 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\ehiProxy\b3d4face190a4aaff574574d4d8f6f6b\ehiProxy.ni.dll - ok 14:11:42.0018 4428 [ 650CAEA856943E29F25A25D31E004B18 ] C:\Windows\System32\FXSAPI.dll 14:11:42.0018 4428 C:\Windows\System32\FXSAPI.dll - ok 14:11:42.0033 4428 [ DF3BF36F93945062B85B02EA408E716F ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll 14:11:42.0033 4428 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll - ok 14:11:42.0033 4428 [ C8E8B8239FCF17BEA10E751BE5854631 ] C:\Windows\System32\FXSRESM.dll 14:11:42.0033 4428 C:\Windows\System32\FXSRESM.dll - ok 14:11:42.0033 4428 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] C:\Windows\System32\FXSSVC.exe 14:11:42.0033 4428 C:\Windows\System32\FXSSVC.exe - ok 14:11:42.0049 4428 [ 90044039365B06CECDD8E347AC08BBAE ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 14:11:42.0049 4428 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll - ok 14:11:42.0049 4428 [ 18901D2086FBA7D1847CEA87A64EE0D3 ] C:\Program Files (x86)\MediaBrowser\MediaBrowser\MediaBrowserService.exe 14:11:42.0049 4428 C:\Program Files (x86)\MediaBrowser\MediaBrowser\MediaBrowserService.exe - ok 14:11:42.0049 4428 [ 415565755E342CF2BEFE89B778F6EDFA ] C:\Windows\assembly\NativeImages_v2.0.50727_64\mcepg\7c3c9c6ffadcac54f468f7db41ece8b8\mcepg.ni.dll 14:11:42.0049 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\mcepg\7c3c9c6ffadcac54f468f7db41ece8b8\mcepg.ni.dll - ok 14:11:42.0065 4428 [ F9AFD12BB4B1CFA5FCC0A5B37C604FD2 ] C:\Windows\System32\dot3api.dll 14:11:42.0065 4428 C:\Windows\System32\dot3api.dll - ok 14:11:42.0065 4428 [ 0DA37FC5BFEB4827104B0920A352A9AB ] C:\Program Files\Windows Home Server\WHSTrayApp.exe 14:11:42.0065 4428 C:\Program Files\Windows Home Server\WHSTrayApp.exe - ok 14:11:42.0065 4428 [ 25280FDB1E2F008577B1D66A99973C4E ] C:\Windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\72b219b4add947fa64428f282995e6bb\mcstoredb.ni.dll 14:11:42.0065 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\72b219b4add947fa64428f282995e6bb\mcstoredb.ni.dll - ok 14:11:42.0080 4428 [ E4FCA0F99A41E460C84016DEFD31E6EF ] C:\Windows\System32\wlanhlp.dll 14:11:42.0080 4428 C:\Windows\System32\wlanhlp.dll - ok 14:11:42.0080 4428 [ 198552AEFECA69D646867EC8D792DE95 ] C:\Windows\SysWOW64\ddraw.dll 14:11:42.0080 4428 C:\Windows\SysWOW64\ddraw.dll - ok 14:11:42.0080 4428 [ D32088C67317F5B64C13352E6EB5FFB1 ] C:\Windows\assembly\GAC_64\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll 14:11:42.0080 4428 C:\Windows\assembly\GAC_64\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll - ok 14:11:42.0080 4428 [ AA61A7047E854A9E914FDD17C2F35675 ] C:\Windows\System32\sqlceoledb30.dll 14:11:42.0080 4428 C:\Windows\System32\sqlceoledb30.dll - ok 14:11:42.0096 4428 [ 9C75CB8B98610F0CD85D99BB5876308B ] C:\Windows\System32\sqlcese30.dll 14:11:42.0096 4428 C:\Windows\System32\sqlcese30.dll - ok 14:11:42.0096 4428 [ 7568CC720ACE4D03B84AF97817E745EF ] C:\Windows\System32\mssrch.dll 14:11:42.0096 4428 C:\Windows\System32\mssrch.dll - ok 14:11:42.0096 4428 [ 3121A79D13A61562BE9CC902CD46B542 ] C:\Windows\System32\msidle.dll 14:11:42.0096 4428 C:\Windows\System32\msidle.dll - ok 14:11:42.0111 4428 [ ACE1BB07E0377E37A2C514CD2EC119B1 ] C:\Windows\System32\mssprxy.dll 14:11:42.0111 4428 C:\Windows\System32\mssprxy.dll - ok 14:11:42.0111 4428 [ 76F39902E25F43FE9450AD3D6A14D0D8 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\60ab562d9fe10d1782ed705ef2beb95a\WindowsBase.ni.dll 14:11:42.0111 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\60ab562d9fe10d1782ed705ef2beb95a\WindowsBase.ni.dll - ok 14:11:42.0111 4428 [ E5744D18C88737C6356D0A8D6D49D512 ] C:\Windows\System32\sqlceqp30.dll 14:11:42.0111 4428 C:\Windows\System32\sqlceqp30.dll - ok 14:11:42.0127 4428 [ 6699A112A3BDC9B52338512894EBA9D6 ] C:\Program Files\Windows Media Player\wmpnscfg.exe 14:11:42.0127 4428 C:\Program Files\Windows Media Player\wmpnscfg.exe - ok 14:11:42.0127 4428 [ FB355B817AE641BBAE08607E58CB5CE2 ] C:\Windows\System32\hhctrl.ocx 14:11:42.0127 4428 C:\Windows\System32\hhctrl.ocx - ok 14:11:42.0127 4428 [ 5DA219F57A9076FB6FBD3C9C3713A672 ] C:\Windows\System32\WWanAPI.dll 14:11:42.0127 4428 C:\Windows\System32\WWanAPI.dll - ok 14:11:42.0143 4428 [ C7494C67A6BF6FE914808E42F8265FEF ] C:\Program Files\Windows Media Player\wmpnssci.dll 14:11:42.0143 4428 C:\Program Files\Windows Media Player\wmpnssci.dll - ok 14:11:42.0143 4428 [ 55E5B32AE8D1F51A63C82919656FD275 ] C:\Windows\SysWOW64\dciman32.dll 14:11:42.0143 4428 C:\Windows\SysWOW64\dciman32.dll - ok 14:11:42.0143 4428 [ E6748A0ADC22F0595E31448CAC746D3F ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll 14:11:42.0143 4428 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll - ok 14:11:42.0158 4428 [ 62C7AACC746C9723468A8F2169ED3E85 ] C:\Windows\System32\wwapi.dll 14:11:42.0158 4428 C:\Windows\System32\wwapi.dll - ok 14:11:42.0158 4428 [ 094497FEA17EFF31DDA242C67C0E474A ] C:\Program Files (x86)\ZeeVee\ZvRemote\ZvRemote.exe 14:11:42.0158 4428 C:\Program Files (x86)\ZeeVee\ZvRemote\ZvRemote.exe - ok 14:11:42.0158 4428 [ E985F13877D4AC8BE9921543FB24663D ] C:\Program Files\Windows Home Server\WHSNotificationSink.dll 14:11:42.0158 4428 C:\Program Files\Windows Home Server\WHSNotificationSink.dll - ok 14:11:42.0158 4428 [ 6B851E682A36453E1B1EE297FFB6E2AB ] C:\Windows\System32\QAGENT.DLL 14:11:42.0158 4428 C:\Windows\System32\QAGENT.DLL - ok 14:11:42.0174 4428 [ 14318553F4D761CFA76389EA4480442A ] C:\Program Files\Windows Home Server\TransportServiceProxy.dll 14:11:42.0174 4428 C:\Program Files\Windows Home Server\TransportServiceProxy.dll - ok 14:11:42.0174 4428 [ 0AA46EC73FAA75DDDB96BA0901088817 ] C:\Program Files\Windows Home Server\BackupApi.dll 14:11:42.0174 4428 C:\Program Files\Windows Home Server\BackupApi.dll - ok 14:11:42.0174 4428 [ CCE5D71F19AB70D969F9819B5C88438D ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 14:11:42.0174 4428 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe - ok 14:11:42.0189 4428 [ C9FB9038B15036CA28CF0B4BE2BED9BD ] C:\Windows\System32\en-US\tquery.dll.mui 14:11:42.0189 4428 C:\Windows\System32\en-US\tquery.dll.mui - ok 14:11:42.0189 4428 [ F7A256EC899C72B4ECDD2C02CB592EFD ] C:\Windows\System32\bthprops.cpl 14:11:42.0189 4428 C:\Windows\System32\bthprops.cpl - ok 14:11:42.0189 4428 [ A9F3BFC9345F49614D5859EC95B9E994 ] C:\Program Files\Windows Media Player\wmpnetwk.exe 14:11:42.0189 4428 C:\Program Files\Windows Media Player\wmpnetwk.exe - ok 14:11:42.0205 4428 [ E36112A8A6C7F840169A7E92C12F4203 ] C:\Windows\System32\wsock32.dll 14:11:42.0205 4428 C:\Windows\System32\wsock32.dll - ok 14:11:42.0205 4428 [ 423982DD851406A52B6399DDB196C606 ] C:\Windows\System32\wmdrmdev.dll 14:11:42.0205 4428 C:\Windows\System32\wmdrmdev.dll - ok 14:11:42.0205 4428 [ F8E8676D1B6B2CC12DF9AA6B1A43D929 ] C:\Program Files\iPod\bin\iPodService.exe 14:11:42.0205 4428 C:\Program Files\iPod\bin\iPodService.exe - ok 14:11:42.0221 4428 [ 55E3C4F4D953D8518EBDC5EA9AD786CE ] C:\Windows\System32\ieframe.dll 14:11:42.0221 4428 C:\Windows\System32\ieframe.dll - ok 14:11:42.0221 4428 [ 2C1055E2C6D42753241FB2A129136994 ] C:\Windows\System32\drmv2clt.dll 14:11:42.0221 4428 C:\Windows\System32\drmv2clt.dll - ok 14:11:42.0221 4428 [ 25DEF2EF843275862FFBF55487CEFDDD ] C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_5_502_135.ocx 14:11:42.0221 4428 C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_5_502_135.ocx - ok 14:11:42.0236 4428 [ E19AD0D49BFF5938B3E374873AC174DE ] C:\Windows\System32\wmploc.DLL 14:11:42.0236 4428 C:\Windows\System32\wmploc.DLL - ok 14:11:42.0236 4428 [ 7F17EBCE1B017CDDD3B359137380DD7A ] C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll 14:11:42.0236 4428 C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll - ok 14:11:42.0236 4428 [ 9349D633F833994F040C47F4820433EC ] C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll 14:11:42.0236 4428 C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll - ok 14:11:42.0252 4428 [ 919001D2BB17DF06CA3F8AC16AD039F6 ] C:\Windows\SysWOW64\sxs.dll 14:11:42.0252 4428 C:\Windows\SysWOW64\sxs.dll - ok 14:11:42.0252 4428 [ 72AB8C3F8AB7B550A896357C9E0896DA ] C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\2abfa3ca7ad3cc6f199158e6663f3006\PresentationCore.ni.dll 14:11:42.0252 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\2abfa3ca7ad3cc6f199158e6663f3006\PresentationCore.ni.dll - ok 14:11:42.0252 4428 [ 252B8748C25F5A5E5B8892F4257A10B3 ] C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-20\Indiv01_64.key 14:11:42.0252 4428 C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-20\Indiv01_64.key - ok 14:11:42.0267 4428 [ E63EAF09FC29954D7F8EAB2DEF495062 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web\193e9d54d5a1785730cc76195c3ed9c6\System.Web.ni.dll 14:11:42.0267 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web\193e9d54d5a1785730cc76195c3ed9c6\System.Web.ni.dll - ok 14:11:42.0267 4428 [ C733EBBDD79892B96C9980EBDC0CA704 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\c217382951ed46e82a9a3e27bd6379e7\PresentationFramework.ni.dll 14:11:42.0267 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\c217382951ed46e82a9a3e27bd6379e7\PresentationFramework.ni.dll - ok 14:11:42.0267 4428 [ C264145F107437CBD3B30303733AEE4F ] C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll 14:11:42.0267 4428 C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll - ok 14:11:42.0283 4428 [ 5D0E28A22860E487148B2820309C0063 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\ac14913a11af4bfae0b8eb913a46a161\System.Configuration.ni.dll 14:11:42.0283 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\ac14913a11af4bfae0b8eb913a46a161\System.Configuration.ni.dll - ok 14:11:42.0283 4428 [ C1D9E25FC988516DF703D6E12ACA915F ] C:\Program Files\Internet Explorer\ieproxy.dll 14:11:42.0283 4428 C:\Program Files\Internet Explorer\ieproxy.dll - ok 14:11:42.0283 4428 [ 64DEC20C088832E46DEF5B5A5B28E028 ] C:\Windows\System32\atipdl64.dll 14:11:42.0283 4428 C:\Windows\System32\atipdl64.dll - ok 14:11:42.0299 4428 [ 7F8678C59F188528D60104E697C2361E ] C:\Windows\SysWOW64\mscms.dll 14:11:42.0299 4428 C:\Windows\SysWOW64\mscms.dll - ok 14:11:42.0299 4428 [ 355A138ABDFD43FBABCAE3A1B06AB93D ] C:\Windows\System32\wmpps.dll 14:11:42.0299 4428 C:\Windows\System32\wmpps.dll - ok 14:11:42.0299 4428 [ F149E8CAE538DBF7059B00326673F602 ] C:\Windows\System32\wmpmde.dll 14:11:42.0299 4428 C:\Windows\System32\wmpmde.dll - ok 14:11:42.0299 4428 [ 47B8DEBEC68FACCD026F99CAE8698C93 ] C:\Windows\System32\webcheck.dll 14:11:42.0299 4428 C:\Windows\System32\webcheck.dll - ok 14:11:42.0314 4428 [ D9E21CBF9E6A87847AFFD39EA3FA28EE ] C:\Windows\System32\SearchProtocolHost.exe 14:11:42.0314 4428 C:\Windows\System32\SearchProtocolHost.exe - ok 14:11:42.0314 4428 [ D2A5B2B09F2AF5ED13BF494508B09788 ] C:\Windows\System32\msshooks.dll 14:11:42.0314 4428 C:\Windows\System32\msshooks.dll - ok 14:11:42.0314 4428 [ 220159496484D34009DE71CA1A68E0D4 ] C:\Windows\System32\wbem\NCProv.dll 14:11:42.0314 4428 C:\Windows\System32\wbem\NCProv.dll - ok 14:11:42.0330 4428 [ 8494E126F0B10180F3293AF861CE1F7A ] C:\Windows\System32\mlang.dll 14:11:42.0330 4428 C:\Windows\System32\mlang.dll - ok 14:11:42.0330 4428 [ 83D0C449C534CC014799BEC0A060726C ] C:\Program Files\Alwil Software\Avast5\defs\12123000\uiext.dll 14:11:42.0330 4428 C:\Program Files\Alwil Software\Avast5\defs\12123000\uiext.dll - ok 14:11:42.0330 4428 [ 49A3AD5CE578CD77F445F3D244AEAB2D ] C:\Windows\System32\SearchFilterHost.exe
- December 30, 2012
- 22 replies
lsass.exe using exorbitant memory

supturb89 replied to supturb89's topic in Resolved Malware Removal Logs

more TDSKiller 14:11:33.0953 4428 WdiSystemHost - ok 14:11:33.0984 4428 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 14:11:34.0046 4428 WebClient - ok 14:11:34.0062 4428 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 14:11:34.0124 4428 Wecsvc - ok 14:11:34.0155 4428 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 14:11:34.0202 4428 wercplsupport - ok 14:11:34.0233 4428 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 14:11:34.0265 4428 WerSvc - ok 14:11:34.0280 4428 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 14:11:34.0311 4428 WfpLwf - ok 14:11:34.0374 4428 [ 1EF54B3220EBF3794439EB072B350F3E ] WHSConnector C:\Program Files\Windows Home Server\WHSConnector.exe 14:11:34.0389 4428 WHSConnector - ok 14:11:34.0405 4428 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 14:11:34.0421 4428 WIMMount - ok 14:11:34.0452 4428 WinDefend - ok 14:11:34.0452 4428 WinHttpAutoProxySvc - ok 14:11:34.0499 4428 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 14:11:34.0561 4428 Winmgmt - ok 14:11:34.0623 4428 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 14:11:34.0733 4428 WinRM - ok 14:11:34.0779 4428 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 14:11:34.0795 4428 WinUsb - ok 14:11:34.0842 4428 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 14:11:34.0873 4428 Wlansvc - ok 14:11:34.0935 4428 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 14:11:34.0951 4428 wlcrasvc - ok 14:11:35.0060 4428 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 14:11:35.0107 4428 wlidsvc - ok 14:11:35.0138 4428 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 14:11:35.0169 4428 WmiAcpi - ok 14:11:35.0201 4428 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 14:11:35.0232 4428 wmiApSrv - ok 14:11:35.0279 4428 WMPNetworkSvc - ok 14:11:35.0294 4428 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 14:11:35.0310 4428 WPCSvc - ok 14:11:35.0341 4428 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 14:11:35.0372 4428 WPDBusEnum - ok 14:11:35.0419 4428 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 14:11:35.0450 4428 ws2ifsl - ok 14:11:35.0466 4428 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll 14:11:35.0497 4428 wscsvc - ok 14:11:35.0497 4428 WSearch - ok 14:11:35.0637 4428 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 14:11:35.0684 4428 wuauserv - ok 14:11:35.0715 4428 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 14:11:35.0747 4428 WudfPf - ok 14:11:35.0778 4428 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 14:11:35.0809 4428 WUDFRd - ok 14:11:35.0840 4428 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 14:11:35.0871 4428 wudfsvc - ok 14:11:35.0887 4428 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 14:11:35.0949 4428 WwanSvc - ok 14:11:35.0965 4428 ================ Scan global =============================== 14:11:35.0981 4428 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 14:11:36.0012 4428 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll 14:11:36.0043 4428 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll 14:11:36.0059 4428 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 14:11:36.0137 4428 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 14:11:36.0137 4428 [Global] - ok 14:11:36.0137 4428 ================ Scan MBR ================================== 14:11:36.0152 4428 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 14:11:36.0854 4428 \Device\Harddisk0\DR0 - ok 14:11:37.0135 4428 [ 973E9BA32FDBB305C552ED3E1EBF0686 ] \Device\Harddisk1\DR1 14:11:37.0619 4428 \Device\Harddisk1\DR1 - ok 14:11:37.0619 4428 ================ Scan VBR ================================== 14:11:37.0634 4428 [ A2759C58FFBFCA8425E25DA4176B27C5 ] \Device\Harddisk0\DR0\Partition1 14:11:37.0650 4428 \Device\Harddisk0\DR0\Partition1 - ok 14:11:37.0650 4428 [ 135DD926E5C6BA97CACDFA51CFF160B8 ] \Device\Harddisk1\DR1\Partition1 14:11:37.0665 4428 \Device\Harddisk1\DR1\Partition1 - ok 14:11:37.0665 4428 ================ Scan active images ======================== 14:11:37.0665 4428 [ 02062C0B390B7729EDC9E69C680A6F3C ] C:\Windows\System32\drivers\atapi.sys 14:11:37.0665 4428 C:\Windows\System32\drivers\atapi.sys - ok 14:11:37.0665 4428 [ 3E588B60EC061686BA05D33574A344C6 ] C:\Windows\System32\drivers\crashdmp.sys 14:11:37.0665 4428 C:\Windows\System32\drivers\crashdmp.sys - ok 14:11:37.0665 4428 [ 839B5FE3D48E9F35B22C21A3D5103F6C ] C:\Windows\System32\drivers\Dumpata.sys 14:11:37.0665 4428 C:\Windows\System32\drivers\Dumpata.sys - ok 14:11:37.0681 4428 [ 814DB88F2641691575A455CF25354098 ] C:\Windows\System32\drivers\dumpfve.sys 14:11:37.0681 4428 C:\Windows\System32\drivers\dumpfve.sys - ok 14:11:37.0681 4428 [ F036CE71586E93D94DAB220D7BDF4416 ] C:\Windows\System32\drivers\cdrom.sys 14:11:37.0681 4428 C:\Windows\System32\drivers\cdrom.sys - ok 14:11:37.0681 4428 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] C:\Windows\System32\drivers\aswSnx.sys 14:11:37.0681 4428 C:\Windows\System32\drivers\aswSnx.sys - ok 14:11:37.0697 4428 [ 16A47CE2DECC9B099349A5F840654746 ] C:\Windows\System32\drivers\beep.sys 14:11:37.0697 4428 C:\Windows\System32\drivers\beep.sys - ok 14:11:37.0697 4428 [ 919ACCC22ABDC1C3CA68326C0E5DEAF9 ] C:\Windows\System32\drivers\cmdGuard.sys 14:11:37.0697 4428 C:\Windows\System32\drivers\cmdGuard.sys - ok 14:11:37.0697 4428 [ 9899284589F75FA8724FF3D16AED75C1 ] C:\Windows\System32\drivers\null.sys 14:11:37.0697 4428 C:\Windows\System32\drivers\null.sys - ok 14:11:37.0712 4428 [ 53E92A310193CB3C03BEA963DE7D9CFC ] C:\Windows\System32\drivers\vga.sys 14:11:37.0712 4428 C:\Windows\System32\drivers\vga.sys - ok 14:11:37.0712 4428 [ E7353D59C9842BC7299FAEB7E7E09340 ] C:\Windows\System32\drivers\videoprt.sys 14:11:37.0712 4428 C:\Windows\System32\drivers\videoprt.sys - ok 14:11:37.0712 4428 [ FC438D1430B28618E2D0C7C332A710AD ] C:\Windows\System32\drivers\watchdog.sys 14:11:37.0712 4428 C:\Windows\System32\drivers\watchdog.sys - ok 14:11:37.0728 4428 [ CEA6CC257FC9B7715F1C2B4849286D24 ] C:\Windows\System32\drivers\RDPCDD.sys 14:11:37.0728 4428 C:\Windows\System32\drivers\RDPCDD.sys - ok 14:11:37.0728 4428 [ BB5971A4F00659529A5C44831AF22365 ] C:\Windows\System32\drivers\RDPENCDD.sys 14:11:37.0728 4428 C:\Windows\System32\drivers\RDPENCDD.sys - ok 14:11:37.0728 4428 [ 216F3FA57533D98E1F74DED70113177A ] C:\Windows\System32\drivers\RDPREFMP.sys 14:11:37.0728 4428 C:\Windows\System32\drivers\RDPREFMP.sys - ok 14:11:37.0743 4428 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] C:\Windows\System32\drivers\msfs.sys 14:11:37.0743 4428 C:\Windows\System32\drivers\msfs.sys - ok 14:11:37.0743 4428 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] C:\Windows\System32\drivers\npfs.sys 14:11:37.0743 4428 C:\Windows\System32\drivers\npfs.sys - ok 14:11:37.0743 4428 [ 6F020A220388ECA0AB6062DC27BD16B6 ] C:\Windows\System32\drivers\tdi.sys 14:11:37.0743 4428 C:\Windows\System32\drivers\tdi.sys - ok 14:11:37.0759 4428 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] C:\Windows\System32\drivers\tdx.sys 14:11:37.0759 4428 C:\Windows\System32\drivers\tdx.sys - ok 14:11:37.0759 4428 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] C:\Windows\System32\drivers\aswTdi.sys 14:11:37.0759 4428 C:\Windows\System32\drivers\aswTdi.sys - ok 14:11:37.0759 4428 [ F8FECE0F1D44C4A58778083B00EEADAC ] C:\Windows\System32\drivers\cmdhlp.sys 14:11:37.0759 4428 C:\Windows\System32\drivers\cmdhlp.sys - ok 14:11:37.0759 4428 [ 1C7857B62DE5994A75B054A9FD4C3825 ] C:\Windows\System32\drivers\afd.sys 14:11:37.0759 4428 C:\Windows\System32\drivers\afd.sys - ok 14:11:37.0775 4428 [ 57768C7DB4681F2510F247F82EF31D4F ] C:\Windows\System32\drivers\aswRdr2.sys 14:11:37.0775 4428 C:\Windows\System32\drivers\aswRdr2.sys - ok 14:11:37.0775 4428 [ 09594D1089C523423B32A4229263F068 ] C:\Windows\System32\drivers\netbt.sys 14:11:37.0775 4428 C:\Windows\System32\drivers\netbt.sys - ok 14:11:37.0775 4428 [ 611B23304BF067451A9FDEE01FBDD725 ] C:\Windows\System32\drivers\wfplwf.sys 14:11:37.0775 4428 C:\Windows\System32\drivers\wfplwf.sys - ok 14:11:37.0790 4428 [ 6BCC1D7D2FD2453957C5479A32364E52 ] C:\Windows\System32\drivers\ws2ifsl.sys 14:11:37.0790 4428 C:\Windows\System32\drivers\ws2ifsl.sys - ok 14:11:37.0790 4428 [ 0557CF5A2556BD58E26384169D72438D ] C:\Windows\System32\drivers\pacer.sys 14:11:37.0790 4428 C:\Windows\System32\drivers\pacer.sys - ok 14:11:37.0790 4428 [ 6A3D66263414FF0D6FA754C646612F3F ] C:\Windows\System32\drivers\vwififlt.sys 14:11:37.0790 4428 C:\Windows\System32\drivers\vwififlt.sys - ok 14:11:37.0806 4428 [ C4E67D3037DC79E39D7136581A947F50 ] C:\Windows\System32\drivers\inspect.sys 14:11:37.0806 4428 C:\Windows\System32\drivers\inspect.sys - ok 14:11:37.0806 4428 [ 86743D9F5D2B1048062B14B1D84501C4 ] C:\Windows\System32\drivers\netbios.sys 14:11:37.0806 4428 C:\Windows\System32\drivers\netbios.sys - ok 14:11:37.0806 4428 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] C:\Windows\System32\drivers\serial.sys 14:11:37.0806 4428 C:\Windows\System32\drivers\serial.sys - ok 14:11:37.0821 4428 [ 356AFD78A6ED4457169241AC3965230C ] C:\Windows\System32\drivers\wanarp.sys 14:11:37.0821 4428 C:\Windows\System32\drivers\wanarp.sys - ok 14:11:37.0821 4428 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] C:\Windows\System32\drivers\termdd.sys 14:11:37.0821 4428 C:\Windows\System32\drivers\termdd.sys - ok 14:11:37.0821 4428 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] C:\Windows\System32\drivers\mssmbios.sys 14:11:37.0821 4428 C:\Windows\System32\drivers\mssmbios.sys - ok 14:11:37.0837 4428 [ E7F5AE18AF4168178A642A9247C63001 ] C:\Windows\System32\drivers\nsiproxy.sys 14:11:37.0837 4428 C:\Windows\System32\drivers\nsiproxy.sys - ok 14:11:37.0837 4428 [ 77F665941019A1594D887A74F301FA2F ] C:\Windows\System32\drivers\rdbss.sys 14:11:37.0837 4428 C:\Windows\System32\drivers\rdbss.sys - ok 14:11:37.0837 4428 [ 13096B05847EC78F0977F2C0F79E9AB3 ] C:\Windows\System32\drivers\discache.sys 14:11:37.0837 4428 C:\Windows\System32\drivers\discache.sys - ok 14:11:37.0853 4428 [ A05FC7ECA0966EBB70E4D17B855A853B ] C:\Windows\System32\drivers\ElbyCDIO.sys 14:11:37.0853 4428 C:\Windows\System32\drivers\ElbyCDIO.sys - ok 14:11:37.0853 4428 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] C:\Windows\System32\drivers\csc.sys 14:11:37.0853 4428 C:\Windows\System32\drivers\csc.sys - ok 14:11:37.0853 4428 [ 61583EE3C3A17003C4ACD0475646B4D3 ] C:\Windows\System32\drivers\blbdrive.sys 14:11:37.0853 4428 C:\Windows\System32\drivers\blbdrive.sys - ok 14:11:37.0868 4428 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] C:\Windows\System32\drivers\dfsc.sys 14:11:37.0868 4428 C:\Windows\System32\drivers\dfsc.sys - ok 14:11:37.0868 4428 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] C:\Windows\System32\drivers\aswSP.sys 14:11:37.0868 4428 C:\Windows\System32\drivers\aswSP.sys - ok 14:11:37.0868 4428 [ 68726474C69B738EAC3A62E06B33ADDC ] C:\Windows\SysWOW64\drivers\AsIO.sys 14:11:37.0868 4428 C:\Windows\SysWOW64\drivers\AsIO.sys - ok 14:11:37.0884 4428 [ 3566A8DAAFA27AF944F5D705EAA64894 ] C:\Windows\System32\drivers\tunnel.sys 14:11:37.0884 4428 C:\Windows\System32\drivers\tunnel.sys - ok 14:11:37.0884 4428 [ 7024F087CFF1833A806193EF9D22CDA9 ] C:\Windows\System32\drivers\amdk8.sys 14:11:37.0884 4428 C:\Windows\System32\drivers\amdk8.sys - ok 14:11:37.0884 4428 [ F712C26D40BF3CD2C020BB518E8150B1 ] C:\Windows\System32\drivers\atikmpag.sys 14:11:37.0884 4428 C:\Windows\System32\drivers\atikmpag.sys - ok 14:11:37.0899 4428 [ CF95B85FF8D128385ABD411C8CA74DED ] C:\Windows\System32\ntdll.dll 14:11:37.0899 4428 C:\Windows\System32\ntdll.dll - ok 14:11:37.0899 4428 [ 1911A3356FA3F77CCC825CCBAC038C2A ] C:\Windows\System32\smss.exe 14:11:37.0899 4428 C:\Windows\System32\smss.exe - ok 14:11:37.0899 4428 [ 3B536A8BEC3B4F23FFDFD78B11A2AB93 ] C:\Windows\System32\autochk.exe 14:11:37.0899 4428 C:\Windows\System32\autochk.exe - ok 14:11:37.0915 4428 [ 522A8BD1414CC7517FAEC907F138DB9C ] C:\Windows\System32\drivers\atikmdag.sys 14:11:37.0915 4428 C:\Windows\System32\drivers\atikmdag.sys - ok 14:11:37.0915 4428 [ F5BEE30450E18E6B83A5012C100616FD ] C:\Windows\System32\drivers\dxgkrnl.sys 14:11:37.0915 4428 C:\Windows\System32\drivers\dxgkrnl.sys - ok 14:11:37.0915 4428 [ 9CD68BDDF322535C02ADC8331013D13D ] C:\Windows\System32\drivers\dxgmms1.sys 14:11:37.0915 4428 C:\Windows\System32\drivers\dxgmms1.sys - ok 14:11:37.0915 4428 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] C:\Windows\System32\drivers\hdaudbus.sys 14:11:37.0915 4428 C:\Windows\System32\drivers\hdaudbus.sys - ok 14:11:37.0931 4428 [ B49DC435AE3695BAC5623DD94B05732D ] C:\Windows\System32\drivers\Rt64win7.sys 14:11:37.0931 4428 C:\Windows\System32\drivers\Rt64win7.sys - ok 14:11:37.0931 4428 [ 821E7E501226EE344FDB0F40EE46109D ] C:\Windows\System32\drivers\AnyDVD.sys 14:11:37.0931 4428 C:\Windows\System32\drivers\AnyDVD.sys - ok 14:11:37.0931 4428 [ E403AACF8C7BB11375122D2464560311 ] C:\Windows\System32\drivers\GEARAspiWDM.sys 14:11:37.0931 4428 C:\Windows\System32\drivers\GEARAspiWDM.sys - ok 14:11:37.0946 4428 [ AE259C75F9A0B057B6BF9E9695632B09 ] C:\Windows\System32\drivers\usbport.sys 14:11:37.0946 4428 C:\Windows\System32\drivers\usbport.sys - ok 14:11:37.0946 4428 [ 9840FC418B4CBD632D3D0A667A725C31 ] C:\Windows\System32\drivers\usbohci.sys 14:11:37.0946 4428 C:\Windows\System32\drivers\usbohci.sys - ok 14:11:37.0946 4428 [ 7ECFF9B22276B73F43A99A15A6094E90 ] C:\Windows\System32\drivers\agilevpn.sys 14:11:37.0946 4428 C:\Windows\System32\drivers\agilevpn.sys - ok 14:11:37.0962 4428 [ 19B006B181E3875FD254F7B67ACF1E7C ] C:\Windows\System32\drivers\ASACPI.sys 14:11:37.0962 4428 C:\Windows\System32\drivers\ASACPI.sys - ok 14:11:37.0962 4428 [ 03EDB043586CCEBA243D689BDDA370A8 ] C:\Windows\System32\drivers\CompositeBus.sys 14:11:37.0962 4428 C:\Windows\System32\drivers\CompositeBus.sys - ok 14:11:37.0962 4428 [ 0086431C29C35BE1DBC43F52CC273887 ] C:\Windows\System32\drivers\parport.sys 14:11:37.0962 4428 C:\Windows\System32\drivers\parport.sys - ok 14:11:37.0977 4428 [ CB624C0035412AF0DEBEC78C41F5CA1B ] C:\Windows\System32\drivers\serenum.sys 14:11:37.0977 4428 C:\Windows\System32\drivers\serenum.sys - ok 14:11:37.0977 4428 [ C025055FE7B87701EB042095DF1A2D7B ] C:\Windows\System32\drivers\usbehci.sys 14:11:37.0977 4428 C:\Windows\System32\drivers\usbehci.sys - ok 14:11:37.0977 4428 [ F6FF8944478594D0E414D3F048F0D778 ] C:\Windows\System32\drivers\wmiacpi.sys 14:11:37.0977 4428 C:\Windows\System32\drivers\wmiacpi.sys - ok 14:11:37.0993 4428 [ 30639C932D9FEF22B31268FE25A1B6E5 ] C:\Windows\System32\drivers\ndistapi.sys 14:11:37.0993 4428 C:\Windows\System32\drivers\ndistapi.sys - ok 14:11:37.0993 4428 [ 53F7305169863F0A2BDDC49E116C2E11 ] C:\Windows\System32\drivers\ndiswan.sys 14:11:37.0993 4428 C:\Windows\System32\drivers\ndiswan.sys - ok 14:11:37.0993 4428 [ 471815800AE33E6F1C32FB1B97C490CA ] C:\Windows\System32\drivers\rasl2tp.sys 14:11:37.0993 4428 C:\Windows\System32\drivers\rasl2tp.sys - ok 14:11:38.0009 4428 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] C:\Windows\System32\drivers\raspppoe.sys 14:11:38.0009 4428 C:\Windows\System32\drivers\raspppoe.sys - ok 14:11:38.0009 4428 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] C:\Windows\System32\drivers\kbdclass.sys 14:11:38.0009 4428 C:\Windows\System32\drivers\kbdclass.sys - ok 14:11:38.0009 4428 [ 7D27EA49F3C1F687D357E77A470AEA99 ] C:\Windows\System32\drivers\mouclass.sys 14:11:38.0009 4428 C:\Windows\System32\drivers\mouclass.sys - ok 14:11:38.0024 4428 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] C:\Windows\System32\drivers\raspptp.sys 14:11:38.0024 4428 C:\Windows\System32\drivers\raspptp.sys - ok 14:11:38.0024 4428 [ E8B1E447B008D07FF47D016C2B0EEECB ] C:\Windows\System32\drivers\rassstp.sys 14:11:38.0024 4428 C:\Windows\System32\drivers\rassstp.sys - ok 14:11:38.0024 4428 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] C:\Windows\System32\drivers\rdpbus.sys 14:11:38.0024 4428 C:\Windows\System32\drivers\rdpbus.sys - ok 14:11:38.0024 4428 [ 24FBF5CC5C04150073C315A7C83521EE ] C:\Windows\System32\drivers\ks.sys 14:11:38.0024 4428 C:\Windows\System32\drivers\ks.sys - ok 14:11:38.0040 4428 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] C:\Windows\System32\drivers\swenum.sys 14:11:38.0040 4428 C:\Windows\System32\drivers\swenum.sys - ok 14:11:38.0040 4428 [ DC54A574663A895C8763AF0FA1FF7561 ] C:\Windows\System32\drivers\umbus.sys 14:11:38.0040 4428 C:\Windows\System32\drivers\umbus.sys - ok 14:11:38.0040 4428 [ 4E4FFB09D895AA000DD56D1404F69A7E ] C:\Windows\System32\Wldap32.dll 14:11:38.0040 4428 C:\Windows\System32\Wldap32.dll - ok 14:11:38.0055 4428 [ 044FE45FFD6AD40E3BBBE60B7F41BABE ] C:\Windows\System32\nsi.dll 14:11:38.0055 4428 C:\Windows\System32\nsi.dll - ok 14:11:38.0055 4428 [ 287C6C9410B111B68B52CA298F7B8C24 ] C:\Windows\System32\drivers\usbhub.sys 14:11:38.0055 4428 C:\Windows\System32\drivers\usbhub.sys - ok 14:11:38.0055 4428 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] C:\Windows\System32\drivers\ndproxy.sys 14:11:38.0055 4428 C:\Windows\System32\drivers\ndproxy.sys - ok 14:11:38.0071 4428 [ 21D26064AEDB4988F785BB4A3A2C051E ] C:\Windows\System32\drivers\drmk.sys 14:11:38.0071 4428 C:\Windows\System32\drivers\drmk.sys - ok 14:11:38.0071 4428 [ E02B26650ACC2F4901342D4A66774AD7 ] C:\Windows\System32\drivers\AtihdW76.sys 14:11:38.0071 4428 C:\Windows\System32\drivers\AtihdW76.sys - ok 14:11:38.0071 4428 [ 6869281E78CB31A43E969F06B57347C4 ] C:\Windows\System32\drivers\ksthunk.sys 14:11:38.0071 4428 C:\Windows\System32\drivers\ksthunk.sys - ok 14:11:38.0087 4428 [ 32E11315B5126921FFD9074840EF13D3 ] C:\Windows\System32\drivers\portcls.sys 14:11:38.0087 4428 C:\Windows\System32\drivers\portcls.sys - ok 14:11:38.0087 4428 [ 975761C778E33CD22498059B91E7373A ] C:\Windows\System32\drivers\HdAudio.sys 14:11:38.0087 4428 C:\Windows\System32\drivers\HdAudio.sys - ok 14:11:38.0087 4428 [ 1084AA52CCC324EA54C7121FA24C2221 ] C:\Windows\System32\gdi32.dll 14:11:38.0087 4428 C:\Windows\System32\gdi32.dll - ok 14:11:38.0102 4428 [ FF4232A1A64012BAA1FD97C7B67DF593 ] C:\Windows\System32\drivers\udfs.sys 14:11:38.0102 4428 C:\Windows\System32\drivers\udfs.sys - ok 14:11:38.0102 4428 [ 5D8E6C95156ED1F79A63D1EADE6F9ED5 ] C:\Windows\System32\setupapi.dll 14:11:38.0102 4428 C:\Windows\System32\setupapi.dll - ok 14:11:38.0102 4428 [ 1DC3504CA4C57900F1557E9A3F01D272 ] C:\Windows\System32\kernel32.dll 14:11:38.0102 4428 C:\Windows\System32\kernel32.dll - ok 14:11:38.0102 4428 [ 6DF46D2BD74E3DA1B45F08F10D172732 ] C:\Windows\System32\advapi32.dll 14:11:38.0102 4428 C:\Windows\System32\advapi32.dll - ok 14:11:38.0118 4428 [ D87E1E59C73C1F98D5DED5B3850C40F5 ] C:\Windows\System32\psapi.dll 14:11:38.0118 4428 C:\Windows\System32\psapi.dll - ok 14:11:38.0118 4428 [ 28C0B5024F5C5A438E78B188CFC81B7F ] C:\Windows\System32\normaliz.dll 14:11:38.0118 4428 C:\Windows\System32\normaliz.dll - ok 14:11:38.0118 4428 [ C06B32165E23A72A898B7A89679AD754 ] C:\Windows\System32\oleaut32.dll 14:11:38.0118 4428 C:\Windows\System32\oleaut32.dll - ok 14:11:38.0133 4428 [ 0611473C1AD9E2D991CD9482068417F7 ] C:\Windows\System32\rpcrt4.dll 14:11:38.0133 4428 C:\Windows\System32\rpcrt4.dll - ok 14:11:38.0133 4428 [ 83404DCBCE4925B6A5A77C5170F46D86 ] C:\Windows\System32\sechost.dll 14:11:38.0133 4428 C:\Windows\System32\sechost.dll - ok 14:11:38.0133 4428 [ F7CE0C81C545364020ED8203CF0A633E ] C:\Windows\System32\difxapi.dll 14:11:38.0133 4428 C:\Windows\System32\difxapi.dll - ok 14:11:38.0149 4428 [ C41A504715F1BC09105D1FE8B46E9B2C ] C:\Windows\System32\iertutil.dll 14:11:38.0149 4428 C:\Windows\System32\iertutil.dll - ok 14:11:38.0149 4428 [ 7E04D13661FB771CA4FDBB836AD0BA49 ] C:\Windows\System32\wininet.dll 14:11:38.0149 4428 C:\Windows\System32\wininet.dll - ok 14:11:38.0149 4428 [ 2F8B1E3EE3545D3B5A8D56FA1AE07B65 ] C:\Windows\System32\usp10.dll 14:11:38.0149 4428 C:\Windows\System32\usp10.dll - ok 14:11:38.0165 4428 [ C6689007B3A749C49A5438DCF36E0CE4 ] C:\Windows\System32\shell32.dll 14:11:38.0165 4428 C:\Windows\System32\shell32.dll - ok 14:11:38.0165 4428 [ AA2C08CE85653B1A0D2E4AB407FA176C ] C:\Windows\System32\imm32.dll 14:11:38.0165 4428 C:\Windows\System32\imm32.dll - ok 14:11:38.0165 4428 [ D202223587518B13D72D68937B7E3F70 ] C:\Windows\System32\lpk.dll 14:11:38.0165 4428 C:\Windows\System32\lpk.dll - ok 14:11:38.0180 4428 [ C431EAF5CAA1C82CAC2534A2EAB348A3 ] C:\Windows\System32\msctf.dll 14:11:38.0180 4428 C:\Windows\System32\msctf.dll - ok 14:11:38.0180 4428 [ EAF32CB8C1F810E4715B4DFBE785C7FF ] C:\Windows\System32\shlwapi.dll 14:11:38.0180 4428 C:\Windows\System32\shlwapi.dll - ok 14:11:38.0180 4428 [ 74E96226CB92225E40AACC0E42D27AC0 ] C:\Windows\System32\urlmon.dll 14:11:38.0180 4428 C:\Windows\System32\urlmon.dll - ok 14:11:38.0180 4428 [ 25983DE69B57142039AC8D95E71CD9C9 ] C:\Windows\System32\clbcatq.dll 14:11:38.0180 4428 C:\Windows\System32\clbcatq.dll - ok 14:11:38.0196 4428 [ 9835E63E09F824D22B689D2BB789BAB9 ] C:\Windows\System32\comdlg32.dll 14:11:38.0196 4428 C:\Windows\System32\comdlg32.dll - ok 14:11:38.0196 4428 [ 6C60B5ACA7442EFB794082CDACFC001C ] C:\Windows\System32\ole32.dll 14:11:38.0196 4428 C:\Windows\System32\ole32.dll - ok 14:11:38.0196 4428 [ A1BE6A720D02E37F72E9CD89AE9CB3CF ] C:\Windows\System32\imagehlp.dll 14:11:38.0196 4428 C:\Windows\System32\imagehlp.dll - ok 14:11:38.0211 4428 [ FE70103391A64039A921DBFFF9C7AB1B ] C:\Windows\System32\user32.dll 14:11:38.0211 4428 C:\Windows\System32\user32.dll - ok 14:11:38.0211 4428 [ 4BBFA57F594F7E8A8EDC8F377184C3F0 ] C:\Windows\System32\ws2_32.dll 14:11:38.0211 4428 C:\Windows\System32\ws2_32.dll - ok 14:11:38.0211 4428 [ C391FC68282A000CDF953F8B6B55D2EF ] C:\Windows\System32\msvcrt.dll 14:11:38.0211 4428 C:\Windows\System32\msvcrt.dll - ok 14:11:38.0227 4428 [ 06FEC9E8117103BB1141A560E98077DA ] C:\Windows\System32\devobj.dll 14:11:38.0227 4428 C:\Windows\System32\devobj.dll - ok 14:11:38.0227 4428 [ 12EE6FE9268CEE6D90FDCCBF89236C65 ] C:\Windows\System32\crypt32.dll 14:11:38.0227 4428 C:\Windows\System32\crypt32.dll - ok 14:11:38.0227 4428 [ 2477A28081BDAEE622CF045ACF8EE124 ] C:\Windows\System32\cfgmgr32.dll 14:11:38.0227 4428 C:\Windows\System32\cfgmgr32.dll - ok 14:11:38.0243 4428 [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\System32\comctl32.dll 14:11:38.0243 4428 C:\Windows\System32\comctl32.dll - ok 14:11:38.0243 4428 [ AA06902362B1422D7A7DA7061E07C624 ] C:\Windows\System32\wintrust.dll 14:11:38.0243 4428 C:\Windows\System32\wintrust.dll - ok 14:11:38.0243 4428 [ 6F2E324703E6D22B9934C33DA48F1F01 ] C:\Windows\System32\KernelBase.dll 14:11:38.0243 4428 C:\Windows\System32\KernelBase.dll - ok 14:11:38.0258 4428 [ 884415BD4269C02EAF8E2613BF85500D ] C:\Windows\System32\msasn1.dll 14:11:38.0258 4428 C:\Windows\System32\msasn1.dll - ok 14:11:38.0258 4428 [ CCA2AB1752A61F29C3C941CD79D78CEA ] C:\Windows\System32\drivers\usbd.sys 14:11:38.0258 4428 C:\Windows\System32\drivers\usbd.sys - ok 14:11:38.0258 4428 [ 6F1A3157A1C89435352CEB543CDB359C ] C:\Windows\System32\drivers\usbccgp.sys 14:11:38.0258 4428 C:\Windows\System32\drivers\usbccgp.sys - ok 14:11:38.0274 4428 [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\SysWOW64\normaliz.dll 14:11:38.0274 4428 C:\Windows\SysWOW64\normaliz.dll - ok 14:11:38.0274 4428 [ 8B0E40E7E8BBF5ACF390465609D89FF1 ] C:\Windows\System32\drivers\hidclass.sys 14:11:38.0274 4428 C:\Windows\System32\drivers\hidclass.sys - ok 14:11:38.0274 4428 [ 49EE2E52E6CD03947DAD72F65367BE06 ] C:\Windows\System32\drivers\hidparse.sys 14:11:38.0274 4428 C:\Windows\System32\drivers\hidparse.sys - ok 14:11:38.0289 4428 [ 9592090A7E2B61CD582B612B6DF70536 ] C:\Windows\System32\drivers\hidusb.sys 14:11:38.0289 4428 C:\Windows\System32\drivers\hidusb.sys - ok 14:11:38.0289 4428 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] C:\Windows\System32\drivers\kbdhid.sys 14:11:38.0289 4428 C:\Windows\System32\drivers\kbdhid.sys - ok 14:11:38.0289 4428 [ BF24D6F2ED97FE830BFD52B246F98E67 ] C:\Windows\System32\drivers\dxapi.sys 14:11:38.0289 4428 C:\Windows\System32\drivers\dxapi.sys - ok 14:11:38.0289 4428 [ C58923115CDE6071C3BF2FF063546E9F ] C:\Windows\System32\win32k.sys 14:11:38.0289 4428 C:\Windows\System32\win32k.sys - ok 14:11:38.0305 4428 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] C:\Windows\System32\drivers\mouhid.sys 14:11:38.0305 4428 C:\Windows\System32\drivers\mouhid.sys - ok 14:11:38.0305 4428 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\System32\basesrv.dll 14:11:38.0305 4428 C:\Windows\System32\basesrv.dll - ok 14:11:38.0305 4428 [ 96F587CA26A6AA894BD8CACE4540CFFC ] C:\Windows\System32\csrsrv.dll 14:11:38.0305 4428 C:\Windows\System32\csrsrv.dll - ok 14:11:38.0321 4428 [ 60C2862B4BF0FD9F582EF344C2B1EC72 ] C:\Windows\System32\csrss.exe 14:11:38.0321 4428 C:\Windows\System32\csrss.exe - ok 14:11:38.0321 4428 [ FED648B01349A3C8395A5169DB5FB7D6 ] C:\Windows\System32\drivers\USBSTOR.SYS 14:11:38.0321 4428 C:\Windows\System32\drivers\USBSTOR.SYS - ok 14:11:38.0321 4428 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\System32\winsrv.dll 14:11:38.0321 4428 C:\Windows\System32\winsrv.dll - ok 14:11:38.0336 4428 [ B03D591DC7DA45ECE20B3B467E6AADAA ] C:\Windows\System32\drivers\monitor.sys 14:11:38.0336 4428 C:\Windows\System32\drivers\monitor.sys - ok 14:11:38.0336 4428 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\System32\sxssrv.dll 14:11:38.0336 4428 C:\Windows\System32\sxssrv.dll - ok 14:11:38.0336 4428 [ F29FE765E1448EF371CFE05BFAC74ADB ] C:\Windows\System32\tsddd.dll 14:11:38.0336 4428 C:\Windows\System32\tsddd.dll - ok 14:11:38.0352 4428 [ 2C942733A5983DD4502219FF37C7EBC7 ] C:\Windows\System32\profapi.dll 14:11:38.0352 4428 C:\Windows\System32\profapi.dll - ok 14:11:38.0352 4428 [ 94355C28C1970635A31B3FE52EB7CEBA ] C:\Windows\System32\wininit.exe 14:11:38.0352 4428 C:\Windows\System32\wininit.exe - ok 14:11:38.0352 4428 [ C2A8CB1275ECB85D246A9ECC02A728E3 ] C:\Windows\System32\RpcRtRemote.dll 14:11:38.0352 4428 C:\Windows\System32\RpcRtRemote.dll - ok 14:11:38.0367 4428 [ 78523A26F5604C0568FE9D1CE86E36F4 ] C:\Windows\System32\KBDUS.DLL 14:11:38.0367 4428 C:\Windows\System32\KBDUS.DLL - ok 14:11:38.0367 4428 [ 05569A79BF4693670B709144382D02D4 ] C:\Windows\System32\cdd.dll 14:11:38.0367 4428 C:\Windows\System32\cdd.dll - ok 14:11:38.0367 4428 [ B26B1801356760841C3BC69F9F91537F ] C:\Windows\System32\WlS0WndH.dll 14:11:38.0367 4428 C:\Windows\System32\WlS0WndH.dll - ok 14:11:38.0383 4428 [ 9CEAD32E79A62150FE9F8557E58E008B ] C:\Windows\System32\sxs.dll 14:11:38.0383 4428 C:\Windows\System32\sxs.dll - ok 14:11:38.0383 4428 [ 784FA3DF338E2E8F5F0389D6FAC428AF ] C:\Windows\System32\cryptbase.dll 14:11:38.0383 4428 C:\Windows\System32\cryptbase.dll - ok 14:11:38.0383 4428 [ 90499F3163A9F815CF196A205EA3CD5D ] C:\Windows\System32\apphelp.dll 14:11:38.0383 4428 C:\Windows\System32\apphelp.dll - ok 14:11:38.0383 4428 [ 9662EE182644511439F1C53745DC1C88 ] C:\Windows\System32\lsm.exe 14:11:38.0383 4428 C:\Windows\System32\lsm.exe - ok 14:11:38.0399 4428 [ E914A50A151DFFE63D3935226DB5E2C1 ] C:\Windows\System32\scext.dll 14:11:38.0399 4428 C:\Windows\System32\scext.dll - ok 14:11:38.0399 4428 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\System32\services.exe 14:11:38.0399 4428 C:\Windows\System32\services.exe - ok 14:11:38.0399 4428 [ B66BC8B20B7F33975865B1DF99783FD8 ] C:\Windows\System32\sspicli.dll 14:11:38.0399 4428 C:\Windows\System32\sspicli.dll - ok 14:11:38.0414 4428 [ 66A6063D0BAAD3F7B2B9868859E0743B ] C:\Windows\System32\lsasrv.dll 14:11:38.0414 4428 C:\Windows\System32\lsasrv.dll - ok 14:11:38.0414 4428 [ C118A82CD78818C29AB228366EBF81C3 ] C:\Windows\System32\lsass.exe 14:11:38.0414 4428 C:\Windows\System32\lsass.exe - ok 14:11:38.0414 4428 [ BBCDF350817BA86416C0F06B6981BE8D ] C:\Windows\System32\scesrv.dll 14:11:38.0414 4428 C:\Windows\System32\scesrv.dll - ok 14:11:38.0430 4428 [ 0144D8D75A0B12938AEEE859E3310A46 ] C:\Windows\System32\secur32.dll 14:11:38.0430 4428 C:\Windows\System32\secur32.dll - ok 14:11:38.0430 4428 [ 3A0CE5FE781708CD6ABD55313607EC8B ] C:\Windows\System32\sspisrv.dll 14:11:38.0430 4428 C:\Windows\System32\sspisrv.dll - ok 14:11:38.0430 4428 [ 68083118797CAF30FB2EA3E71494D67E ] C:\Windows\System32\sysntfy.dll 14:11:38.0430 4428 C:\Windows\System32\sysntfy.dll - ok 14:11:38.0445 4428 [ DEE7267C5D232A3B816866872CE199E6 ] C:\Windows\System32\wmsgapi.dll 14:11:38.0445 4428 C:\Windows\System32\wmsgapi.dll - ok 14:11:38.0445 4428 [ A744BA6E04C8AA4592818178DBF89521 ] C:\Windows\System32\samsrv.dll 14:11:38.0445 4428 C:\Windows\System32\samsrv.dll - ok 14:11:38.0445 4428 [ 3A9C9BAF610B0DD4967086040B3B62A9 ] C:\Windows\System32\srvcli.dll 14:11:38.0445 4428 C:\Windows\System32\srvcli.dll - ok 14:11:38.0445 4428 [ 2D066FBE63F7026C43C662C094B98076 ] C:\Windows\System32\bridgeres.dll 14:11:38.0445 4428 C:\Windows\System32\bridgeres.dll - ok 14:11:38.0461 4428 [ 3A061472B38233BAFF9CFEFF2E49C46B ] C:\Windows\System32\cryptdll.dll 14:11:38.0461 4428 C:\Windows\System32\cryptdll.dll - ok 14:11:38.0461 4428 [ 3C073B0C596A0AF84933E7406766B040 ] C:\Windows\System32\wevtapi.dll 14:11:38.0461 4428 C:\Windows\System32\wevtapi.dll - ok 14:11:38.0461 4428 [ 7FBEBD2229EA5FD48D41B199EC2D541C ] C:\Windows\System32\authz.dll 14:11:38.0461 4428 C:\Windows\System32\authz.dll - ok 14:11:38.0477 4428 [ 86FE1B1F8FD42CD0DB641AB1CDB13093 ] C:\Windows\System32\cngaudit.dll 14:11:38.0477 4428 C:\Windows\System32\cngaudit.dll - ok 14:11:38.0477 4428 [ 400645085A91BF3EB0271329B95AE0BE ] C:\Windows\System32\ncrypt.dll 14:11:38.0477 4428 C:\Windows\System32\ncrypt.dll - ok 14:11:38.0477 4428 [ B9A95365E52F421A20E1501935FADDA5 ] C:\Windows\System32\bcrypt.dll 14:11:38.0477 4428 C:\Windows\System32\bcrypt.dll - ok 14:11:38.0492 4428 [ 02B64609F865A39365FF88580DF11738 ] C:\Windows\System32\msprivs.dll 14:11:38.0492 4428 C:\Windows\System32\msprivs.dll - ok 14:11:38.0492 4428 [ 1151B1BAA6F350B1DB6598E0FEA7C457 ] C:\Windows\System32\winlogon.exe 14:11:38.0492 4428 C:\Windows\System32\winlogon.exe - ok 14:11:38.0492 4428 [ C6505DE3561537BA1004D638C2F93F2F ] C:\Windows\System32\netjoin.dll 14:11:38.0492 4428 C:\Windows\System32\netjoin.dll - ok 14:11:38.0492 4428 [ 0D9764D58C5EFD672B7184854B152E5E ] C:\Windows\System32\winsta.dll 14:11:38.0492 4428 C:\Windows\System32\winsta.dll - ok 14:11:38.0508 4428 [ 44E1A196DFCB53B01FE4B855C3B56A15 ] C:\Windows\System32\kerberos.dll 14:11:38.0508 4428 C:\Windows\System32\kerberos.dll - ok 14:11:38.0508 4428 [ 50532FCD7ECF02DD169CE5C485F02534 ] C:\Windows\System32\negoexts.dll 14:11:38.0508 4428 C:\Windows\System32\negoexts.dll - ok 14:11:38.0508 4428 [ D0C2FBB6D97416B0166478FC7AE2B212 ] C:\Windows\System32\cryptsp.dll 14:11:38.0508 4428 C:\Windows\System32\cryptsp.dll - ok 14:11:38.0523 4428 [ 1D5185A4C7E6695431AE4B55C3D7D333 ] C:\Windows\System32\mswsock.dll 14:11:38.0523 4428 C:\Windows\System32\mswsock.dll - ok 14:11:38.0523 4428 [ 94E026870A55AAEAFF7853C1754091E9 ] C:\Windows\System32\version.dll 14:11:38.0523 4428 C:\Windows\System32\version.dll - ok 14:11:38.0523 4428 [ EC7CBFF96B05ECF3D366355B3C64ADCF ] C:\Windows\System32\wship6.dll 14:11:38.0523 4428 C:\Windows\System32\wship6.dll - ok 14:11:38.0539 4428 [ EF12B8385AA2849999008A977918F96B ] C:\Windows\System32\msv1_0.dll 14:11:38.0539 4428 C:\Windows\System32\msv1_0.dll - ok 14:11:38.0539 4428 [ AA339DD8BB128EF66660DFBBB59043D3 ] C:\Windows\System32\netlogon.dll 14:11:38.0539 4428 C:\Windows\System32\netlogon.dll - ok 14:11:38.0539 4428 [ 492D07D79E7024CA310867B526D9636D ] C:\Windows\System32\dnsapi.dll 14:11:38.0539 4428 C:\Windows\System32\dnsapi.dll - ok 14:11:38.0555 4428 [ 8FFE297B8449386E7B6851458B6E474E ] C:\Windows\System32\logoncli.dll 14:11:38.0555 4428 C:\Windows\System32\logoncli.dll - ok 14:11:38.0555 4428 [ 1573C45E65DE32B1BC3572634F8F1E8E ] C:\Windows\System32\schannel.dll 14:11:38.0555 4428 C:\Windows\System32\schannel.dll - ok 14:11:38.0555 4428 [ 95FB6CA4374E343DDD653FCC43F9D26B ] C:\Windows\System32\wdigest.dll 14:11:38.0555 4428 C:\Windows\System32\wdigest.dll - ok 14:11:38.0570 4428 [ 5D8874A8C11DDDDE29E12DE0E2013493 ] C:\Windows\System32\rsaenh.dll 14:11:38.0570 4428 C:\Windows\System32\rsaenh.dll - ok 14:11:38.0570 4428 [ 8A25506B6948EFBD5A7F37E53CCD36D9 ] C:\Windows\System32\TSpkg.dll 14:11:38.0570 4428 C:\Windows\System32\TSpkg.dll - ok 14:11:38.0570 4428 [ E08088A97F95345E181C3DFCE2C615EF ] C:\Windows\System32\pku2u.dll 14:11:38.0570 4428 C:\Windows\System32\pku2u.dll - ok 14:11:38.0586 4428 [ 55C892560C1B42BC57FB61AEFCED2F22 ] C:\Windows\System32\LIVESSP.DLL 14:11:38.0586 4428 C:\Windows\System32\LIVESSP.DLL - ok 14:11:38.0586 4428 [ D6C7780A364C6BBACFA796BAB9F1B374 ] C:\Windows\System32\bcryptprimitives.dll 14:11:38.0586 4428 C:\Windows\System32\bcryptprimitives.dll - ok 14:11:38.0586 4428 [ 90BDEFC5DF334E5100EAA781D798DE1A ] C:\Windows\System32\efslsaext.dll 14:11:38.0586 4428 C:\Windows\System32\efslsaext.dll - ok 14:11:38.0586 4428 [ 52D3D5E3586988D4D9E34ACAAC33105C ] C:\Windows\System32\credssp.dll 14:11:38.0586 4428 C:\Windows\System32\credssp.dll - ok 14:11:38.0601 4428 [ ED78427259134C63ED69804D2132B86C ] C:\Windows\System32\scecli.dll 14:11:38.0601 4428 C:\Windows\System32\scecli.dll - ok 14:11:38.0601 4428 [ 7CC7DF5B654DA579613F811D8C637E29 ] C:\Windows\System32\ubpm.dll 14:11:38.0601 4428 C:\Windows\System32\ubpm.dll - ok 14:11:38.0601 4428 [ C78655BC80301D76ED4FEF1C1EA40A7D ] C:\Windows\System32\svchost.exe 14:11:38.0601 4428 C:\Windows\System32\svchost.exe - ok 14:11:38.0617 4428 [ E6EB44ABAAF1F330119F854856C53EBE ] C:\Windows\System32\SPInf.dll 14:11:38.0617 4428 C:\Windows\System32\SPInf.dll - ok 14:11:38.0617 4428 [ 25FBDEF06C4D92815B353F6E792C8129 ] C:\Windows\System32\umpnpmgr.dll 14:11:38.0617 4428 C:\Windows\System32\umpnpmgr.dll - ok 14:11:38.0617 4428 [ CD1B5AD07E5F7FEF30E055DCC9E96180 ] C:\Windows\System32\devrtl.dll 14:11:38.0617 4428 C:\Windows\System32\devrtl.dll - ok 14:11:38.0633 4428 [ 9C9307C95671AC962F3D6EB3A4A89BAE ] C:\Windows\System32\gpapi.dll 14:11:38.0633 4428 C:\Windows\System32\gpapi.dll - ok 14:11:38.0633 4428 [ 7A17485DC7D8A7AC81321A42CD034519 ] C:\Windows\System32\userenv.dll 14:11:38.0633 4428 C:\Windows\System32\userenv.dll - ok 14:11:38.0633 4428 [ F6C011B46FAEEF33536B2E80F48B5CBE ] C:\Windows\System32\pcwum.dll 14:11:38.0633 4428 C:\Windows\System32\pcwum.dll - ok 14:11:38.0648 4428 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] C:\Windows\System32\umpo.dll 14:11:38.0648 4428 C:\Windows\System32\umpo.dll - ok 14:11:38.0648 4428 [ 716175021BDA290504CE434273F666BC ] C:\Windows\System32\powrprof.dll 14:11:38.0648 4428 C:\Windows\System32\powrprof.dll - ok 14:11:38.0648 4428 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] C:\Windows\System32\drivers\luafv.sys 14:11:38.0648 4428 C:\Windows\System32\drivers\luafv.sys - ok 14:11:38.0664 4428 [ B50CDD87772D6A11CB90924AAD399DF8 ] C:\Windows\System32\drivers\aswMonFlt.sys 14:11:38.0664 4428 C:\Windows\System32\drivers\aswMonFlt.sys - ok 14:11:38.0664 4428 [ 56139566E462C1FB1775E140D4EE6B22 ] C:\Program Files (x86)\COMODO\COMODO livePCsupport\CLPSLS.exe 14:11:38.0664 4428 C:\Program Files (x86)\COMODO\COMODO livePCsupport\CLPSLS.exe - ok 14:11:38.0664 4428 [ E73B0F1819602CB6EF176FB78D76A47B ] C:\Windows\SysWOW64\ntdll.dll 14:11:38.0664 4428 C:\Windows\SysWOW64\ntdll.dll - ok 14:11:38.0679 4428 [ 15B30F15BD13640B337A0FC37BD48CDE ] C:\Windows\System32\wow64.dll 14:11:38.0679 4428 C:\Windows\System32\wow64.dll - ok 14:11:38.0679 4428 [ 2970785A72054740E1A5DCEB32485486 ] C:\Windows\System32\wow64win.dll 14:11:38.0679 4428 C:\Windows\System32\wow64win.dll - ok 14:11:38.0679 4428 [ 98168B9B0656A01A321FF1BECB2C03E1 ] C:\Windows\System32\wow64cpu.dll 14:11:38.0679 4428 C:\Windows\System32\wow64cpu.dll - ok 14:11:38.0695 4428 [ D4F3176082566CEFA633B4945802D4C4 ] C:\Windows\SysWOW64\kernel32.dll 14:11:38.0695 4428 C:\Windows\SysWOW64\kernel32.dll - ok 14:11:38.0695 4428 [ 95E2376B3323F062EB562B8586D0F14A ] C:\Windows\SysWOW64\advapi32.dll 14:11:38.0695 4428 C:\Windows\SysWOW64\advapi32.dll - ok 14:11:38.0695 4428 [ 0978C2B33BDD0A7E6C563AA337DC8BA0 ] C:\Windows\SysWOW64\KernelBase.dll 14:11:38.0695 4428 C:\Windows\SysWOW64\KernelBase.dll - ok 14:11:38.0711 4428 [ 9DC80A8AAAAAC397BDAB3C67165A824E ] C:\Windows\SysWOW64\msvcrt.dll 14:11:38.0711 4428 C:\Windows\SysWOW64\msvcrt.dll - ok 14:11:38.0711 4428 [ C5AD8083CF94201F1F8084ECC696A8B7 ] C:\Windows\SysWOW64\rpcrt4.dll 14:11:38.0711 4428 C:\Windows\SysWOW64\rpcrt4.dll - ok 14:11:38.0711 4428 [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\SysWOW64\sechost.dll 14:11:38.0711 4428 C:\Windows\SysWOW64\sechost.dll - ok 14:11:38.0711 4428 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] C:\Windows\System32\drivers\aswFsBlk.sys 14:11:38.0711 4428 C:\Windows\System32\drivers\aswFsBlk.sys - ok 14:11:38.0726 4428 [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\SysWOW64\cryptbase.dll 14:11:38.0726 4428 C:\Windows\SysWOW64\cryptbase.dll - ok 14:11:38.0726 4428 [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\SysWOW64\profapi.dll 14:11:38.0726 4428 C:\Windows\SysWOW64\profapi.dll - ok 14:11:38.0726 4428 [ EDA7AD21DF8945528F01F0A86D69E524 ] C:\Windows\SysWOW64\sspicli.dll 14:11:38.0726 4428 C:\Windows\SysWOW64\sspicli.dll - ok 14:11:38.0742 4428 [ D15618A0FF8DBC2C5BF3726BACC75A0B ] C:\Windows\SysWOW64\userenv.dll 14:11:38.0742 4428 C:\Windows\SysWOW64\userenv.dll - ok 14:11:38.0742 4428 [ 6A6B2EE4565A178035BE2A4FF6F2C968 ] C:\Windows\SysWOW64\wtsapi32.dll 14:11:38.0742 4428 C:\Windows\SysWOW64\wtsapi32.dll - ok 14:11:38.0742 4428 [ 5C627D1B1138676C0A7AB2C2C190D123 ] C:\Windows\System32\rpcss.dll 14:11:38.0742 4428 C:\Windows\System32\rpcss.dll - ok 14:11:38.0757 4428 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] C:\Windows\System32\RpcEpMap.dll 14:11:38.0757 4428 C:\Windows\System32\RpcEpMap.dll - ok 14:11:38.0757 4428 [ 31559F3244C6BC00A52030CAA83B6B91 ] C:\Windows\System32\WSHTCPIP.DLL 14:11:38.0757 4428 C:\Windows\System32\WSHTCPIP.DLL - ok 14:11:38.0757 4428 [ 16E964ABF6D1E0F0CC7822FCA9BA754D ] C:\Windows\System32\wshqos.dll 14:11:38.0757 4428 C:\Windows\System32\wshqos.dll - ok 14:11:38.0773 4428 [ 65FB5097D9EE7E3A99E932CFA0E4B344 ] C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe 14:11:38.0773 4428 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe - ok 14:11:38.0773 4428 [ 9AD9E06F8656F296D91FAE8EE5B95A27 ] C:\Windows\System32\FirewallAPI.dll 14:11:38.0773 4428 C:\Windows\System32\FirewallAPI.dll - ok 14:11:38.0773 4428 [ 715F03B4C7223349768013EA95D9E5B7 ] C:\Windows\System32\LogonUI.exe 14:11:38.0773 4428 C:\Windows\System32\LogonUI.exe - ok 14:11:38.0789 4428 [ 1F4492FE41767CDB8B89D17655847CDD ] C:\Windows\System32\ntmarta.dll 14:11:38.0789 4428 C:\Windows\System32\ntmarta.dll - ok 14:11:38.0789 4428 [ 0BEE002C68E28CE6DA161DCF1376D7D7 ] C:\Windows\System32\authui.dll 14:11:38.0789 4428 C:\Windows\System32\authui.dll - ok 14:11:38.0789 4428 [ A7A8CA53D9C9FD90C07AB0EB38E5316B ] C:\Windows\System32\dbghelp.dll 14:11:38.0789 4428 C:\Windows\System32\dbghelp.dll - ok 14:11:38.0804 4428 [ F3D202F53A222D5F6944D459B73CF967 ] C:\Windows\System32\fltLib.dll 14:11:38.0804 4428 C:\Windows\System32\fltLib.dll - ok 14:11:38.0804 4428 [ BD3674BE7FC9D8D3732C83E8499576ED ] C:\Windows\System32\wtsapi32.dll 14:11:38.0804 4428 C:\Windows\System32\wtsapi32.dll - ok 14:11:38.0804 4428 [ 5EB6E9C8BE1ACC5830780E0F9A846255 ] C:\Windows\System32\msi.dll 14:11:38.0804 4428 C:\Windows\System32\msi.dll - ok 14:11:38.0820 4428 [ EF2AE43BCD46ABB13FC3E5B2B1935C73 ] C:\Windows\System32\winmm.dll 14:11:38.0820 4428 C:\Windows\System32\winmm.dll - ok 14:11:38.0820 4428 [ EEEA40F0EDB0A6E5359E539E15D0BC77 ] C:\Windows\System32\netapi32.dll 14:11:38.0820 4428 C:\Windows\System32\netapi32.dll - ok 14:11:38.0820 4428 [ 6CECA4C6A489C9B2E6073AFDAAE3F607 ] C:\Windows\System32\netutils.dll 14:11:38.0820 4428 C:\Windows\System32\netutils.dll - ok 14:11:38.0835 4428 [ 3C91392D448F6E5D525A85B7550D8BA9 ] C:\Windows\System32\wkscli.dll 14:11:38.0835 4428 C:\Windows\System32\wkscli.dll - ok 14:11:38.0835 4428 [ 6CEF7856A3EFAC59470F6208F0F585CE ] C:\Windows\System32\mpr.dll 14:11:38.0835 4428 C:\Windows\System32\mpr.dll - ok 14:11:38.0835 4428 [ CF636C92B762B26F0B39B38E92380A09 ] C:\Windows\System32\oleacc.dll 14:11:38.0835 4428 C:\Windows\System32\oleacc.dll - ok 14:11:38.0851 4428 [ 0015ACFBBDD164A8A730009908868CA7 ] C:\Windows\System32\winspool.drv 14:11:38.0851 4428 C:\Windows\System32\winspool.drv - ok 14:11:38.0851 4428 [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll 14:11:38.0851 4428 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll - ok 14:11:38.0851 4428 [ 019CD868461B646E09BDF04474C19341 ] C:\Windows\System32\rasapi32.dll 14:11:38.0851 4428 C:\Windows\System32\rasapi32.dll - ok 14:11:38.0867 4428 [ B28DEEC597C8DEB70C744C7CF9210E3E ] C:\Windows\System32\rasman.dll 14:11:38.0867 4428 C:\Windows\System32\rasman.dll - ok 14:11:38.0867 4428 [ 9DB705936111BB34B11BB3EEB345AAF6 ] C:\Program Files\COMODO\COMODO Internet Security\framework.dll 14:11:38.0867 4428 C:\Program Files\COMODO\COMODO Internet Security\framework.dll - ok 14:11:38.0867 4428 [ DEAFA4336865C8667B8DAC16D62DBEDC ] C:\Program Files\COMODO\COMODO Internet Security\scanners\rkdscan.dll 14:11:38.0867 4428 C:\Program Files\COMODO\COMODO Internet Security\scanners\rkdscan.dll - ok 14:11:38.0882 4428 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] C:\Windows\System32\cryptsvc.dll 14:11:38.0882 4428 C:\Windows\System32\cryptsvc.dll - ok 14:11:38.0882 4428 [ 666A60F6F5E719856FF6254E0966EFF7 ] C:\Windows\System32\wbem\wbemprox.dll 14:11:38.0882 4428 C:\Windows\System32\wbem\wbemprox.dll - ok 14:11:38.0882 4428 [ 8792BAB371B4B1589E015B6FD1ED3B15 ] C:\Windows\System32\cryptnet.dll 14:11:38.0882 4428 C:\Windows\System32\cryptnet.dll - ok 14:11:38.0898 4428 [ 54716D9BB43733578A5647E9B121141F ] C:\Windows\System32\atiesrxx.exe 14:11:38.0898 4428 C:\Windows\System32\atiesrxx.exe - ok 14:11:38.0898 4428 [ 7DB5AA22A8A8E5C2D335F44853C1F6DE ] C:\Windows\System32\wbemcomn.dll 14:11:38.0898 4428 C:\Windows\System32\wbemcomn.dll - ok 14:11:38.0898 4428 [ 6011714C8C5C55CBFFAD24D61E879FBD ] C:\Windows\System32\wevtsvc.dll 14:11:38.0898 4428 C:\Windows\System32\wevtsvc.dll - ok 14:11:38.0913 4428 [ F23FEF6D569FCE88671949894A8BECF1 ] C:\Windows\System32\audiosrv.dll 14:11:38.0913 4428 C:\Windows\System32\audiosrv.dll - ok 14:11:38.0913 4428 [ 227E2C382A1E02F8D4965E664D3BBE43 ] C:\Windows\System32\MMDevAPI.dll 14:11:38.0913 4428 C:\Windows\System32\MMDevAPI.dll - ok 14:11:38.0913 4428 [ F06BB4E336EA57511FDBAFAFCC47DE62 ] C:\Windows\System32\propsys.dll 14:11:38.0913 4428 C:\Windows\System32\propsys.dll - ok 14:11:38.0929 4428 [ 78A1E65207484B7F8D3217507745F47C ] C:\Windows\System32\avrt.dll 14:11:38.0929 4428 C:\Windows\System32\avrt.dll - ok 14:11:38.0929 4428 [ E40E80D0304A73E8D269F7141D77250B ] C:\Windows\System32\mmcss.dll 14:11:38.0929 4428 C:\Windows\System32\mmcss.dll - ok 14:11:38.0929 4428 [ B3BFBD758506ECB50C5804AAA76318F9 ] C:\Windows\System32\cryptui.dll 14:11:38.0929 4428 C:\Windows\System32\cryptui.dll - ok 14:11:38.0929 4428 [ D5CCA1453B98A5801E6D5FF0FF89DC6C ] C:\Windows\System32\audiodg.exe 14:11:38.0929 4428 C:\Windows\System32\audiodg.exe - ok 14:11:38.0945 4428 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] C:\Windows\System32\cscsvc.dll 14:11:38.0945 4428 C:\Windows\System32\cscsvc.dll - ok 14:11:38.0945 4428 [ 29910D50542B1AA0F162EF3339C61B6D ] C:\Windows\System32\PeerDist.dll 14:11:38.0945 4428 C:\Windows\System32\PeerDist.dll - ok 14:11:38.0945 4428 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] C:\Windows\System32\gpsvc.dll 14:11:38.0945 4428 C:\Windows\System32\gpsvc.dll - ok 14:11:38.0960 4428 [ 46BB91A169B9B31FF44EB04C48EC1D41 ] C:\Windows\System32\nlaapi.dll 14:11:38.0960 4428 C:\Windows\System32\nlaapi.dll - ok 14:11:38.0960 4428 [ BAAFAF9CEAEC0B73C2A3550A01F6CECB ] C:\Windows\System32\taskschd.dll 14:11:38.0960 4428 C:\Windows\System32\taskschd.dll - ok 14:11:38.0960 4428 [ 862596399AAFD2A21DB2AF9270CD4F70 ] C:\Windows\System32\mstask.dll 14:11:38.0960 4428 C:\Windows\System32\mstask.dll - ok 14:11:38.0976 4428 [ 58775492FFD419248B08325E583C527F ] C:\Windows\System32\atl.dll 14:11:38.0976 4428 C:\Windows\System32\atl.dll - ok 14:11:38.0976 4428 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] C:\Windows\System32\profsvc.dll 14:11:38.0976 4428 C:\Windows\System32\profsvc.dll - ok 14:11:38.0976 4428 [ F0344071948D1A1FA732231785A0664C ] C:\Windows\System32\themeservice.dll 14:11:38.0976 4428 C:\Windows\System32\themeservice.dll - ok 14:11:38.0991 4428 [ A77BE7CB3222B4FB0AC6C71D1C2698D4 ] C:\Windows\System32\dsrole.dll 14:11:38.0991 4428 C:\Windows\System32\dsrole.dll - ok 14:11:38.0991 4428 [ BE097F5BB10F9079FCEB2DC4E7E20F02 ] C:\Windows\System32\slc.dll 14:11:38.0991 4428 C:\Windows\System32\slc.dll - ok 14:11:38.0991 4428 [ 4166F82BE4D24938977DD1746BE9B8A0 ] C:\Windows\System32\es.dll 14:11:38.0991 4428 C:\Windows\System32\es.dll - ok 14:11:39.0007 4428 [ 588CD0C78A7FAAE4186B5EEA0AF3ED67 ] C:\Windows\System32\adtschema.dll 14:11:39.0007 4428 C:\Windows\System32\adtschema.dll - ok 14:11:39.0007 4428 [ 1A47D52E303B7543E4E6026595B95422 ] C:\Windows\System32\comres.dll 14:11:39.0007 4428 C:\Windows\System32\comres.dll - ok 14:11:39.0007 4428 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] C:\Windows\System32\wlansvc.dll 14:11:39.0007 4428 C:\Windows\System32\wlansvc.dll - ok 14:11:39.0023 4428 [ FE05D03B73000CFF476E1D29109F3A84 ] C:\Program Files\Windows Defender\MpEvMsg.dll 14:11:39.0023 4428 C:\Program Files\Windows Defender\MpEvMsg.dll - ok 14:11:39.0023 4428 [ DA6B67270FD9DB3697B20FCE94950741 ] C:\Windows\System32\drivers\fltMgr.sys 14:11:39.0023 4428 C:\Windows\System32\drivers\fltMgr.sys - ok 14:11:39.0023 4428 [ A3DB3C17EE6CAE65D53602B4E80BCCBC ] C:\Windows\System32\PSHED.DLL 14:11:39.0023 4428 C:\Windows\System32\PSHED.DLL - ok 14:11:39.0038 4428 [ C32AB8FA018EF34C0F113BD501436D21 ] C:\Windows\System32\Sens.dll 14:11:39.0038 4428 C:\Windows\System32\Sens.dll - ok 14:11:39.0038 4428 [ 0E2F58F6E698EDCB9E58FAD0CBCD0567 ] C:\Windows\System32\vssapi.dll 14:11:39.0038 4428 C:\Windows\System32\vssapi.dll - ok 14:11:39.0038 4428 [ FC51229C7D4AFA0D6F186133728B95AB ] C:\Windows\System32\samcli.dll 14:11:39.0038 4428 C:\Windows\System32\samcli.dll - ok 14:11:39.0038 4428 [ 5B3EBFC3DA142324B388DDCC4465E1FF ] C:\Windows\System32\samlib.dll 14:11:39.0038 4428 C:\Windows\System32\samlib.dll - ok 14:11:39.0054 4428 [ 287923557447D7E4BDD7E65B1F0F5428 ] C:\Windows\System32\vsstrace.dll 14:11:39.0054 4428 C:\Windows\System32\vsstrace.dll - ok 14:11:39.0054 4428 [ 7FA8FDC2C2A27817FD0F624E78D3B50C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll 14:11:39.0054 4428 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll - ok 14:11:39.0054 4428 [ 4E9C2DB10F7E6AE91BF761139D4B745B ] C:\Windows\System32\shacct.dll 14:11:39.0054 4428 C:\Windows\System32\shacct.dll - ok 14:11:39.0069 4428 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] C:\Windows\System32\uxsms.dll 14:11:39.0069 4428 C:\Windows\System32\uxsms.dll - ok 14:11:39.0069 4428 [ 1538831CF8AD2979A04C423779465827 ] C:\Windows\System32\drivers\lltdio.sys 14:11:39.0069 4428 C:\Windows\System32\drivers\lltdio.sys - ok 14:11:39.0069 4428 [ 136185F9FB2CC61E573E676AA5402356 ] C:\Windows\System32\drivers\ndisuio.sys 14:11:39.0069 4428 C:\Windows\System32\drivers\ndisuio.sys - ok 14:11:39.0085 4428 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] C:\Windows\System32\drivers\nwifi.sys 14:11:39.0085 4428 C:\Windows\System32\drivers\nwifi.sys - ok 14:11:39.0085 4428 [ DDC86E4F8E7456261E637E3552E804FF ] C:\Windows\System32\drivers\rspndr.sys 14:11:39.0085 4428 C:\Windows\System32\drivers\rspndr.sys - ok 14:11:39.0085 4428 [ 2B81776DA02017A37FE26C662827470E ] C:\Windows\System32\IPHLPAPI.DLL 14:11:39.0085 4428 C:\Windows\System32\IPHLPAPI.DLL - ok 14:11:39.0101 4428 [ F993A32249B66C9D622EA5592A8B76B8 ] C:\Windows\System32\lmhsvc.dll 14:11:39.0101 4428 C:\Windows\System32\lmhsvc.dll - ok 14:11:39.0101 4428 [ D54BFDF3E0C953F823B3D0BFE4732528 ] C:\Windows\System32\nsisvc.dll 14:11:39.0101 4428 C:\Windows\System32\nsisvc.dll - ok 14:11:39.0101 4428 [ D29E998E8277666982B4F0303BF4E7AF ] C:\Windows\System32\uxtheme.dll 14:11:39.0101 4428 C:\Windows\System32\uxtheme.dll - ok 14:11:39.0116 4428 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] C:\Windows\System32\dhcpcore.dll 14:11:39.0116 4428 C:\Windows\System32\dhcpcore.dll - ok 14:11:39.0116 4428 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] C:\Windows\System32\dnsrslvr.dll 14:11:39.0116 4428 C:\Windows\System32\dnsrslvr.dll - ok 14:11:39.0116 4428 [ 87356377F31DA5F20A833811CD59499C ] C:\Windows\System32\eapphost.dll 14:11:39.0116 4428 C:\Windows\System32\eapphost.dll - ok 14:11:39.0132 4428 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] C:\Windows\System32\eapsvc.dll 14:11:39.0132 4428 C:\Windows\System32\eapsvc.dll - ok 14:11:39.0132 4428 [ F9EC845C5EECF20E9A67F9F805F2EF1F ] C:\Windows\System32\keyiso.dll 14:11:39.0132 4428 C:\Windows\System32\keyiso.dll - ok 14:11:39.0132 4428 [ B73A6E4B319AFFE64582AC5C1801BB3F ] C:\Windows\System32\nrpsrv.dll 14:11:39.0132 4428 C:\Windows\System32\nrpsrv.dll - ok 14:11:39.0147 4428 [ 4C9210E8F4E052F6A4EB87716DA0C24C ] C:\Windows\System32\winnsi.dll 14:11:39.0147 4428 C:\Windows\System32\winnsi.dll - ok 14:11:39.0147 4428 [ 179E8401224D557ECFF3695F2016EA5B ] C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll 14:11:39.0147 4428 C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll - ok 14:11:39.0147 4428 [ 3CB6A7286422C72C34DAB54A5DFF1A34 ] C:\Windows\System32\dui70.dll 14:11:39.0147 4428 C:\Windows\System32\dui70.dll - ok 14:11:39.0163 4428 [ 0040C486584A8E582C861CFB57AB5387 ] C:\Windows\System32\FWPUCLNT.DLL 14:11:39.0163 4428 C:\Windows\System32\FWPUCLNT.DLL - ok 14:11:39.0163 4428 [ 9FCA3A84338ADEF2AFF67CDA46EF8539 ] C:\Windows\System32\umb.dll 14:11:39.0163 4428 C:\Windows\System32\umb.dll - ok 14:11:39.0163 4428 [ A648C4A06DE367065B24056D067B4460 ] C:\Windows\System32\wlanmsm.dll 14:11:39.0163 4428 C:\Windows\System32\wlanmsm.dll - ok 14:11:39.0163 4428 [ 3CC16A849E6092E43909F48EF0E60306 ] C:\Windows\System32\dhcpcore6.dll 14:11:39.0163 4428 C:\Windows\System32\dhcpcore6.dll - ok 14:11:39.0179 4428 [ 885D0942E0F28DB90919BE3129ECF279 ] C:\Windows\System32\dnsext.dll 14:11:39.0179 4428 C:\Windows\System32\dnsext.dll - ok 14:11:39.0179 4428 [ 06A1386B6E3A0CBC368665C1840906F4 ] C:\Windows\System32\wlansec.dll 14:11:39.0179 4428 C:\Windows\System32\wlansec.dll - ok 14:11:39.0179 4428 [ 3C06D5A929B798D0B13F6481242A0FD2 ] C:\Windows\System32\dhcpcsvc6.dll 14:11:39.0179 4428 C:\Windows\System32\dhcpcsvc6.dll - ok 14:11:39.0194 4428 [ F568F7C08458D69E4FCD8675BBB107E4 ] C:\Windows\System32\dhcpcsvc.dll 14:11:39.0194 4428 C:\Windows\System32\dhcpcsvc.dll - ok 14:11:39.0194 4428 [ 8CCDE014A4CDF84564E03ACE064CA753 ] C:\Windows\System32\duser.dll 14:11:39.0194 4428 C:\Windows\System32\duser.dll - ok 14:11:39.0194 4428 [ 0D753307D274F3688BD21C377B616700 ] C:\Windows\System32\eappcfg.dll 14:11:39.0194 4428 C:\Windows\System32\eappcfg.dll - ok 14:11:39.0210 4428 [ 65522E77A1360DBC8D199DA3BF5EFFE4 ] C:\Windows\System32\eappprxy.dll 14:11:39.0210 4428 C:\Windows\System32\eappprxy.dll - ok 14:11:39.0210 4428 [ 73FCB7919DEE80EE556F2E498594EBAE ] C:\Windows\System32\onex.dll 14:11:39.0210 4428 C:\Windows\System32\onex.dll - ok 14:11:39.0210 4428 [ D7F1EF374A90709B31591823B002F918 ] C:\Windows\System32\SndVolSSO.dll 14:11:39.0210 4428 C:\Windows\System32\SndVolSSO.dll - ok 14:11:39.0225 4428 [ 896F15A6434D93EDB42519D5E18E6B50 ] C:\Windows\System32\hid.dll 14:11:39.0225 4428 C:\Windows\System32\hid.dll - ok 14:11:39.0225 4428 [ 97E43F324BE1503CB2FFB058534688DA ] C:\Windows\System32\l2gpstore.dll 14:11:39.0225 4428 C:\Windows\System32\l2gpstore.dll - ok 14:11:39.0225 4428 [ 7D5645EE0EA77D539828433D9B95F5EB ] C:\Windows\System32\WinSCard.dll 14:11:39.0225 4428 C:\Windows\System32\WinSCard.dll - ok 14:11:39.0241 4428 [ 7F1B4C6FF3B85F9ADF74055187B8A22C ] C:\Windows\System32\wlanutil.dll 14:11:39.0241 4428 C:\Windows\System32\wlanutil.dll - ok 14:11:39.0241 4428 [ 730BF204A595D5B6D7DC57A247CC741C ] C:\Windows\System32\wlgpclnt.dll 14:11:39.0241 4428 C:\Windows\System32\wlgpclnt.dll - ok 14:11:39.0241 4428 [ DA1B7075260F3872585BFCDD668C648B ] C:\Windows\System32\dwmapi.dll 14:11:39.0241 4428 C:\Windows\System32\dwmapi.dll - ok 14:11:39.0241 4428 [ 4FFDE68C4B7C9993FA551E7E36DDB34D ] C:\Windows\System32\msxml6.dll 14:11:39.0241 4428 C:\Windows\System32\msxml6.dll - ok 14:11:39.0257 4428 [ 6F8B48F3D343E4B186AB6A9E302B7E16 ] C:\Windows\System32\xmllite.dll 14:11:39.0257 4428 C:\Windows\System32\xmllite.dll - ok 14:11:39.0257 4428 [ 26B73A85855681500BCC25C7CD9FF5B1 ] C:\Windows\System32\WindowsCodecs.dll 14:11:39.0257 4428 C:\Windows\System32\WindowsCodecs.dll - ok 14:11:39.0257 4428 [ 8FA553E9AE69808D99C164733A0F9590 ] C:\Program Files\Alwil Software\Avast5\AvastSvc.exe 14:11:39.0257 4428 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe - ok 14:11:39.0272 4428 [ 7FF15A4F092CD4A96055BA69F903E3E9 ] C:\Windows\SysWOW64\ws2_32.dll 14:11:39.0272 4428 C:\Windows\SysWOW64\ws2_32.dll - ok 14:11:39.0272 4428 [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\SysWOW64\nsi.dll 14:11:39.0272 4428 C:\Windows\SysWOW64\nsi.dll - ok 14:11:39.0272 4428 [ 9F2BACD5E1776A4BB7CC0EC3C3A4F96D ] C:\Windows\System32\winbrand.dll 14:11:39.0272 4428 C:\Windows\System32\winbrand.dll - ok 14:11:39.0288 4428 [ EB398DED91CFF2F425610EAA2CCF2A23 ] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll 14:11:39.0288 4428 C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll - ok 14:11:39.0288 4428 [ CA2985996BB49924B677113DF95CFEA7 ] C:\Windows\System32\SmartcardCredentialProvider.dll 14:11:39.0288 4428 C:\Windows\System32\SmartcardCredentialProvider.dll - ok 14:11:39.0288 4428 [ C2762A57DF0EE85E63CE4893C5215313 ] C:\Windows\System32\VaultCredProvider.dll 14:11:39.0288 4428 C:\Windows\System32\VaultCredProvider.dll - ok 14:11:39.0303 4428 [ BF352E73615F5461AA6884472435A544 ] C:\Windows\System32\BioCredProv.dll 14:11:39.0303 4428 C:\Windows\System32\BioCredProv.dll - ok 14:11:39.0303 4428 [ 796B8123A7859AFD3A4AE10514DBAEB5 ] C:\Windows\System32\winbio.dll 14:11:39.0303 4428 C:\Windows\System32\winbio.dll - ok 14:11:39.0303 4428 [ CC0AB40F02D2C2A12209715A3C1B07B8 ] C:\Windows\System32\credui.dll 14:11:39.0303 4428 C:\Windows\System32\credui.dll - ok 14:11:39.0319 4428 [ 44B9C66177651F3F53C87B665D58D17A ] C:\Windows\System32\vaultcli.dll 14:11:39.0319 4428 C:\Windows\System32\vaultcli.dll - ok 14:11:39.0319 4428 [ 972C3301DB3DA91AE06A95F6B4160B1B ] C:\Windows\System32\certCredProvider.dll 14:11:39.0319 4428 C:\Windows\System32\certCredProvider.dll - ok 14:11:39.0319 4428 [ 7097425051CE67B450EBF2B1390AE492 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL 14:11:39.0319 4428 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL - ok 14:11:39.0335 4428 [ 87FA0C48C3B2E9FEE518818FE26B15B5 ] C:\Windows\System32\rasplap.dll 14:11:39.0335 4428 C:\Windows\System32\rasplap.dll - ok 14:11:39.0335 4428 [ B53C4B69B695EDA1B7E41D35CA4244E2 ] C:\Windows\System32\rtutils.dll 14:11:39.0335 4428 C:\Windows\System32\rtutils.dll - ok 14:11:39.0335 4428 [ 9BC8610C32C96A2983A65DC21CAFA921 ] C:\Windows\System32\UXInit.dll 14:11:39.0335 4428 C:\Windows\System32\UXInit.dll - ok 14:11:39.0350 4428 [ 34988E1741CA36740284D902F8CC5A2E ] C:\Windows\System32\atieclxx.exe 14:11:39.0350 4428 C:\Windows\System32\atieclxx.exe - ok 14:11:39.0350 4428 [ 178B51198B7B46CD3C5E744474459A63 ] C:\Program Files\Alwil Software\Avast5\aswCmnOS.dll 14:11:39.0350 4428 C:\Program Files\Alwil Software\Avast5\aswCmnOS.dll - ok 14:11:39.0350 4428 [ BABE99A18A382A5E2F99B48E0BC3E0D4 ] C:\Program Files\Alwil Software\Avast5\aswCmnIS.dll 14:11:39.0350 4428 C:\Program Files\Alwil Software\Avast5\aswCmnIS.dll - ok 14:11:39.0366 4428 [ 9C998DB6710BE03FAA3C7D2E506FA774 ] C:\Windows\System32\atiadlxx.dll 14:11:39.0366 4428 C:\Windows\System32\atiadlxx.dll - ok 14:11:39.0366 4428 [ 5AA945234E9D4CCE4F715276B9AA712C ] C:\Windows\System32\imageres.dll 14:11:39.0366 4428 C:\Windows\System32\imageres.dll - ok 14:11:39.0366 4428 [ B0945E538CF906BBDDC5A11C8EE868CC ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll 14:11:39.0366 4428 C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok 14:11:39.0381 4428 [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll 14:11:39.0381 4428 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll - ok 14:11:39.0381 4428 [ A8EDB86FC2A4D6D1285E4C70384AC35A ] C:\Windows\System32\dllhost.exe 14:11:39.0381 4428 C:\Windows\System32\dllhost.exe - ok 14:11:39.0381 4428 [ A0A2C1D812C231C9BFE119FDC68E341B ] C:\Windows\System32\IDStore.dll 14:11:39.0381 4428 C:\Windows\System32\IDStore.dll - ok 14:11:39.0381 4428 [ 23566F9723771108D2E6CD768AC27407 ] C:\Windows\System32\AtBroker.exe 14:11:39.0381 4428 C:\Windows\System32\AtBroker.exe - ok 14:11:39.0397 4428 [ BAFE84E637BF7388C96EF48D4D3FDD53 ] C:\Windows\System32\userinit.exe 14:11:39.0397 4428 C:\Windows\System32\userinit.exe - ok 14:11:39.0397 4428 [ F162D5F5E845B9DC352DD1BAD8CEF1BC ] C:\Windows\System32\dwm.exe 14:11:39.0397 4428 C:\Windows\System32\dwm.exe - ok 14:11:39.0397 4428 [ 4BA77A5EF71C14C764B0ED4701683E3E ] C:\Windows\System32\dwmcore.dll 14:11:39.0397 4428 C:\Windows\System32\dwmcore.dll - ok 14:11:39.0413 4428 [ FCFCD1101C5DA23B4B95F93D02B2C169 ] C:\Windows\System32\dwmredir.dll 14:11:39.0413 4428 C:\Windows\System32\dwmredir.dll - ok 14:11:39.0413 4428 [ 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 ] C:\Windows\SysWOW64\user32.dll 14:11:39.0413 4428 C:\Windows\SysWOW64\user32.dll - ok 14:11:39.0413 4428 [ D6D3AD7BF1D6F6CE9547613ED5E170A2 ] C:\Windows\SysWOW64\gdi32.dll 14:11:39.0413 4428 C:\Windows\SysWOW64\gdi32.dll - ok 14:11:39.0428 4428 [ 384721EF4024890092625E20CADFAF85 ] C:\Windows\SysWOW64\lpk.dll 14:11:39.0428 4428 C:\Windows\SysWOW64\lpk.dll - ok 14:11:39.0428 4428 [ 804AAAFEBB3AD5F49334DD906BCB1DE5 ] C:\Windows\SysWOW64\usp10.dll 14:11:39.0428 4428 C:\Windows\SysWOW64\usp10.dll - ok 14:11:39.0428 4428 [ E1374D37477322D4956604711008C69D ] C:\Windows\System32\d3d10_1.dll 14:11:39.0428 4428 C:\Windows\System32\d3d10_1.dll - ok 14:11:39.0444 4428 [ 426BA4E737A7988FD1202AF2F2B2F4A6 ] C:\Windows\System32\d3d10_1core.dll 14:11:39.0444 4428 C:\Windows\System32\d3d10_1core.dll - ok 14:11:39.0444 4428 [ F404E59DB6A0F122AB26BF4F3E2FD0FA ] C:\Windows\System32\dxgi.dll 14:11:39.0444 4428 C:\Windows\System32\dxgi.dll - ok 14:11:39.0444 4428 [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll 14:11:39.0444 4428 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll - ok 14:11:39.0459 4428 [ 332FEAB1435662FC6C672E25BEB37BE3 ] C:\Windows\explorer.exe 14:11:39.0459 4428 C:\Windows\explorer.exe - ok 14:11:39.0459 4428 [ 73B1901F324E07D6CB46F5CDB2FFE37A ] C:\Windows\System32\aticfx64.dll 14:11:39.0459 4428 C:\Windows\System32\aticfx64.dll - ok 14:11:39.0459 4428 [ 142D78D1D776122DFB0ECFFC0809E4C6 ] C:\Windows\System32\atidxx64.dll 14:11:39.0459 4428 C:\Windows\System32\atidxx64.dll - ok 14:11:39.0475 4428 [ F0C432F39962CC51F357619BA785A74C ] C:\Windows\System32\atiuxp64.dll 14:11:39.0475 4428 C:\Windows\System32\atiuxp64.dll - ok 14:11:39.0475 4428 [ 49E5753D923F1AC63B22D3DCB0B47E00 ] C:\Windows\System32\uDWM.dll 14:11:39.0475 4428 C:\Windows\System32\uDWM.dll - ok 14:11:39.0475 4428 [ 55AFA63F5F2A6CED0C09E2AFE57ECA8D ] C:\Program Files\Alwil Software\Avast5\ashBase.dll 14:11:39.0475 4428 C:\Program Files\Alwil Software\Avast5\ashBase.dll - ok 14:11:39.0491 4428 [ C515CAEC6B3C6970007954C0250A124C ] C:\Program Files\Alwil Software\Avast5\aswEngLdr.dll 14:11:39.0491 4428 C:\Program Files\Alwil Software\Avast5\aswEngLdr.dll - ok 14:11:39.0491 4428 [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\SysWOW64\psapi.dll 14:11:39.0491 4428 C:\Windows\SysWOW64\psapi.dll - ok 14:11:39.0491 4428 [ 702254574E7E52052DE39408457B7149 ] C:\Windows\SysWOW64\version.dll 14:11:39.0491 4428 C:\Windows\SysWOW64\version.dll - ok 14:11:39.0506 4428 [ 42C671E0525618E23371D0E68282F37C ] C:\Windows\SysWOW64\wininet.dll 14:11:39.0506 4428 C:\Windows\SysWOW64\wininet.dll - ok 14:11:39.0506 4428 [ DF13A51A5C591887D2EC6AE64CEED0FA ] C:\Windows\SysWOW64\wsock32.dll 14:11:39.0506 4428 C:\Windows\SysWOW64\wsock32.dll - ok 14:11:39.0506 4428 [ 8CC3C111D653E96F3EA1590891491D71 ] C:\Windows\SysWOW64\shlwapi.dll 14:11:39.0506 4428 C:\Windows\SysWOW64\shlwapi.dll - ok 14:11:39.0506 4428 [ 557A086A4659799D63A9CE474ADFEBE8 ] C:\Windows\SysWOW64\urlmon.dll 14:11:39.0506 4428 C:\Windows\SysWOW64\urlmon.dll - ok 14:11:39.0522 4428 [ 928CF7268086631F54C3D8E17238C6DD ] C:\Windows\SysWOW64\ole32.dll 14:11:39.0522 4428 C:\Windows\SysWOW64\ole32.dll - ok 14:11:39.0522 4428 [ 6C765E82B57F2E66CE9C54AC238471D9 ] C:\Windows\SysWOW64\oleaut32.dll 14:11:39.0522 4428 C:\Windows\SysWOW64\oleaut32.dll - ok 14:11:39.0522 4428 [ 60D21799A4AF4EDCE65FB98830E4B0C8 ] C:\Windows\SysWOW64\crypt32.dll 14:11:39.0522 4428 C:\Windows\SysWOW64\crypt32.dll - ok 14:11:39.0537 4428 [ C5D48985BADF6CFEDCBCCDD5D92F526D ] C:\Windows\SysWOW64\iertutil.dll 14:11:39.0537 4428 C:\Windows\SysWOW64\iertutil.dll - ok 14:11:39.0537 4428 [ 938F39B50BAFE13D6F58C7790682C010 ] C:\Windows\SysWOW64\msasn1.dll 14:11:39.0537 4428 C:\Windows\SysWOW64\msasn1.dll - ok 14:11:39.0537 4428 [ EED05D42D91835064703E2318552ED25 ] C:\Windows\System32\ExplorerFrame.dll 14:11:39.0537 4428 C:\Windows\System32\ExplorerFrame.dll - ok 14:11:39.0553 4428 [ 867C93CE4B4CCFCDE65CE48A769CD227 ] C:\Program Files\Alwil Software\Avast5\ashShA64.dll 14:11:39.0553 4428 C:\Program Files\Alwil Software\Avast5\ashShA64.dll - ok 14:11:39.0553 4428 [ B316906B4A04DD39985350D29DE31068 ] C:\PROGRA~1\ALWILS~1\Avast5\1033\Base.dll 14:11:39.0553 4428 C:\PROGRA~1\ALWILS~1\Avast5\1033\Base.dll - ok 14:11:39.0553 4428 [ 024352FEEC9042260BB4CFB4D79A206B ] C:\Windows\System32\EhStorShell.dll 14:11:39.0553 4428 C:\Windows\System32\EhStorShell.dll - ok 14:11:39.0569 4428 [ 7EE5F17A21D9A9101207DF4BC37B085D ] C:\Windows\System32\cscdll.dll 14:11:39.0569 4428 C:\Windows\System32\cscdll.dll - ok 14:11:39.0569 4428 [ 32802C0F6FC7C8F561B9D91F52A46421 ] C:\Windows\System32\cscui.dll 14:11:39.0569 4428 C:\Windows\System32\cscui.dll - ok 14:11:39.0569 4428 [ 1BF0CB861A48FEB1638228760750F3CB ] C:\Windows\System32\cscapi.dll 14:11:39.0569 4428 C:\Windows\System32\cscapi.dll - ok 14:11:39.0584 4428 [ 037A719DAD50603202C978CD802623E4 ] C:\Windows\System32\ntshrui.dll 14:11:39.0584 4428 C:\Windows\System32\ntshrui.dll - ok 14:11:39.0584 4428 [ 1D63F4366288B8A7595397E27010FD44 ] C:\Windows\System32\IconCodecService.dll 14:11:39.0584 4428 C:\Windows\System32\IconCodecService.dll - ok 14:11:39.0584 4428 [ A6F09E5669D9A19035F6D942CAA15882 ] C:\Windows\SysWOW64\imm32.dll 14:11:39.0584 4428 C:\Windows\SysWOW64\imm32.dll - ok 14:11:39.0584 4428 [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\SysWOW64\msctf.dll 14:11:39.0584 4428 C:\Windows\SysWOW64\msctf.dll - ok 14:11:39.0600 4428 [ 53223B673A3FA2F9A4D1C31C8D3F6CD8 ] C:\Windows\SysWOW64\dbghelp.dll 14:11:39.0600 4428 C:\Windows\SysWOW64\dbghelp.dll - ok 14:11:39.0600 4428 [ 977C54291BFA6FEE7FF865630E51757B ] C:\Program Files\Alwil Software\Avast5\ashServ.dll 14:11:39.0600 4428 C:\Program Files\Alwil Software\Avast5\ashServ.dll - ok 14:11:39.0600 4428 [ AAF932B4011D14052955D4B212A4DA8D ] C:\Windows\System32\shsvcs.dll 14:11:39.0600 4428 C:\Windows\System32\shsvcs.dll - ok 14:11:39.0615 4428 [ 465BEA35F7ED4A4A57686DEA7EA10F47 ] C:\Windows\SysWOW64\cscapi.dll 14:11:39.0615 4428 C:\Windows\SysWOW64\cscapi.dll - ok 14:11:39.0615 4428 [ 2FCA0D2C59A855C54BAFA22AA329DF0F ] C:\Windows\SysWOW64\netapi32.dll 14:11:39.0615 4428 C:\Windows\SysWOW64\netapi32.dll - ok 14:11:39.0615 4428 [ 20B3934DB73EABA2B49B7177873CB81F ] C:\Windows\SysWOW64\netutils.dll 14:11:39.0615 4428 C:\Windows\SysWOW64\netutils.dll - ok 14:11:39.0631 4428 [ 5CCDCD40E732D54E0F7451AC66AC1C87 ] C:\Windows\SysWOW64\srvcli.dll 14:11:39.0631 4428 C:\Windows\SysWOW64\srvcli.dll - ok 14:11:39.0631 4428 [ E5A4A1326A02F8E7B59E6C3270CE7202 ] C:\Windows\SysWOW64\wkscli.dll 14:11:39.0631 4428 C:\Windows\SysWOW64\wkscli.dll - ok 14:11:39.0631 4428 [ 16CE3ED063923253905341C9AF850FE7 ] C:\Program Files\Alwil Software\Avast5\ashTask.dll 14:11:39.0631 4428 C:\Program Files\Alwil Software\Avast5\ashTask.dll - ok 14:11:39.0647 4428 [ 4FF19AC422B7709D786DE58B385C9647 ] C:\Program Files\Alwil Software\Avast5\ashTaskEx.dll 14:11:39.0647 4428 C:\Program Files\Alwil Software\Avast5\ashTaskEx.dll - ok 14:11:39.0647 4428 [ 045EE3DC56B12B404DC07848D8597C66 ] C:\Program Files\Alwil Software\Avast5\aswAux.dll 14:11:39.0647 4428 C:\Program Files\Alwil Software\Avast5\aswAux.dll - ok 14:11:39.0647 4428 [ FCA9CC8611654B790DD6242BF862B7F5 ] C:\Program Files\Alwil Software\Avast5\aswLog.dll 14:11:39.0647 4428 C:\Program Files\Alwil Software\Avast5\aswLog.dll - ok 14:11:39.0662 4428 [ 6F367A9B88CFDD46F42C1D11E5CB7964 ] C:\Program Files\Alwil Software\Avast5\Aavm4h.dll 14:11:39.0662 4428 C:\Program Files\Alwil Software\Avast5\Aavm4h.dll - ok 14:11:39.0662 4428 [ 12B9869E74F9E698F550F04F8989C591 ] C:\Program Files\Alwil Software\Avast5\aswProperty.dll 14:11:39.0662 4428 C:\Program Files\Alwil Software\Avast5\aswProperty.dll - ok 14:11:39.0662 4428 [ F186897E0A3B9D0784041221D0265069 ] C:\Program Files\Alwil Software\Avast5\aswSqLt.dll 14:11:39.0662 4428 C:\Program Files\Alwil Software\Avast5\aswSqLt.dll - ok 14:11:39.0678 4428 [ C2434DEA392826C1687D9BD7FA4845BC ] C:\Program Files\Alwil Software\Avast5\AavmRpch.dll 14:11:39.0678 4428 C:\Program Files\Alwil Software\Avast5\AavmRpch.dll - ok 14:11:39.0678 4428 [ 264B5D8F4C70A26749FF2CEDDE06BA30 ] C:\Program Files\Alwil Software\Avast5\aswDld.dll 14:11:39.0678 4428 C:\Program Files\Alwil Software\Avast5\aswDld.dll - ok 14:11:39.0678 4428 [ 902F670F58193A2BC30AA342B11B2C7B ] C:\Program Files\Alwil Software\Avast5\aswIdle.dll 14:11:39.0678 4428 C:\Program Files\Alwil Software\Avast5\aswIdle.dll - ok 14:11:39.0693 4428 [ 273FD83FC8C4E12F8C55381674F92A44 ] C:\Program Files\Alwil Software\Avast5\aswStrm.dll
- December 30, 2012
- 22 replies
lsass.exe using exorbitant memory

supturb89 replied to supturb89's topic in Resolved Malware Removal Logs

Gringo, I have run TDSSkiller and aswMBR and am posting the logs. After running them I opened my task manager and notice that the lsass.exe process is no longer running? 14:08:38.0499 3964 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 14:08:40.0511 3964 ============================================================ 14:08:40.0511 3964 Current date / time: 2012/12/30 14:08:40.0511 14:08:40.0511 3964 SystemInfo: 14:08:40.0511 3964 14:08:40.0511 3964 OS Version: 6.1.7601 ServicePack: 1.0 14:08:40.0511 3964 Product type: Workstation 14:08:40.0511 3964 ComputerName: HTPC 14:08:40.0511 3964 UserName: Webb 14:08:40.0511 3964 Windows directory: C:\Windows 14:08:40.0511 3964 System windows directory: C:\Windows 14:08:40.0511 3964 Running under WOW64 14:08:40.0511 3964 Processor architecture: Intel x64 14:08:40.0511 3964 Number of processors: 2 14:08:40.0511 3964 Page size: 0x1000 14:08:40.0511 3964 Boot type: Normal boot 14:08:40.0511 3964 ============================================================ 14:09:34.0191 3964 BG loaded 14:09:34.0784 3964 Drive \Device\Harddisk0\DR0 - Size: 0x3A70C70000 (233.76 Gb), SectorSize: 0x200, Cylinders: 0x7733, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 14:09:34.0909 3964 Drive \Device\Harddisk1\DR1 - Size: 0x7470C05E00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 14:09:35.0174 3964 ============================================================ 14:09:35.0174 3964 \Device\Harddisk0\DR0: 14:09:35.0205 3964 MBR partitions: 14:09:35.0205 3964 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x16FAE6FF 14:09:35.0236 3964 \Device\Harddisk1\DR1: 14:09:35.0236 3964 MBR partitions: 14:09:35.0236 3964 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02 14:09:35.0236 3964 ============================================================ 14:09:35.0314 3964 C: <-> \Device\Harddisk0\DR0\Partition1 14:09:35.0345 3964 E: <-> \Device\Harddisk1\DR1\Partition1 14:09:35.0345 3964 ============================================================ 14:09:35.0345 3964 Initialize success 14:09:35.0345 3964 ============================================================ 14:10:53.0377 4428 ============================================================ 14:10:53.0377 4428 Scan started 14:10:53.0377 4428 Mode: Manual; SigCheck; TDLFS; 14:10:53.0377 4428 ============================================================ 14:10:55.0155 4428 ================ Scan system memory ======================== 14:10:55.0155 4428 System memory - ok 14:10:55.0155 4428 ================ Scan services ============================= 14:10:56.0325 4428 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 14:10:56.0450 4428 1394ohci - ok 14:10:56.0528 4428 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 14:10:56.0559 4428 ACPI - ok 14:10:56.0590 4428 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 14:10:56.0653 4428 AcpiPmi - ok 14:10:57.0745 4428 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 14:10:57.0776 4428 AdobeFlashPlayerUpdateSvc - ok 14:10:57.0948 4428 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 14:10:57.0994 4428 adp94xx - ok 14:10:58.0072 4428 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 14:10:58.0104 4428 adpahci - ok 14:10:58.0150 4428 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 14:10:58.0182 4428 adpu320 - ok 14:10:58.0228 4428 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 14:10:58.0275 4428 AeLookupSvc - ok 14:10:58.0384 4428 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 14:10:58.0447 4428 AFD - ok 14:10:58.0494 4428 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 14:10:58.0525 4428 agp440 - ok 14:10:58.0572 4428 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 14:10:58.0634 4428 ALG - ok 14:10:58.0681 4428 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 14:10:58.0712 4428 aliide - ok 14:10:58.0821 4428 [ 54716D9BB43733578A5647E9B121141F ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 14:10:58.0884 4428 AMD External Events Utility - ok 14:10:58.0915 4428 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 14:10:58.0946 4428 amdide - ok 14:10:59.0008 4428 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 14:10:59.0071 4428 AmdK8 - ok 14:11:00.0381 4428 [ 522A8BD1414CC7517FAEC907F138DB9C ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 14:11:00.0506 4428 amdkmdag - ok 14:11:00.0537 4428 [ F712C26D40BF3CD2C020BB518E8150B1 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 14:11:00.0584 4428 amdkmdap - ok 14:11:00.0631 4428 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 14:11:00.0662 4428 AmdPPM - ok 14:11:00.0724 4428 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 14:11:00.0740 4428 amdsata - ok 14:11:00.0834 4428 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 14:11:00.0880 4428 amdsbs - ok 14:11:00.0912 4428 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 14:11:00.0927 4428 amdxata - ok 14:11:01.0130 4428 [ 821E7E501226EE344FDB0F40EE46109D ] AnyDVD C:\Windows\system32\Drivers\AnyDVD.sys 14:11:01.0161 4428 AnyDVD - ok 14:11:01.0239 4428 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 14:11:01.0333 4428 AppID - ok 14:11:01.0380 4428 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 14:11:01.0442 4428 AppIDSvc - ok 14:11:01.0520 4428 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 14:11:01.0567 4428 Appinfo - ok 14:11:01.0848 4428 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 14:11:01.0879 4428 Apple Mobile Device - ok 14:11:02.0019 4428 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll 14:11:02.0050 4428 AppMgmt - ok 14:11:02.0113 4428 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 14:11:02.0144 4428 arc - ok 14:11:02.0175 4428 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 14:11:02.0206 4428 arcsas - ok 14:11:02.0378 4428 [ 9149EC69ACD3EFC97B01D5A1BAEB3B57 ] arXfrSvc C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe 14:11:02.0394 4428 arXfrSvc - ok 14:11:02.0487 4428 [ 68726474C69B738EAC3A62E06B33ADDC ] AsIO C:\Windows\syswow64\drivers\AsIO.sys 14:11:02.0503 4428 AsIO - ok 14:11:02.0581 4428 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys 14:11:02.0581 4428 aswFsBlk - ok 14:11:02.0659 4428 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys 14:11:02.0659 4428 aswMonFlt - ok 14:11:02.0706 4428 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys 14:11:02.0721 4428 aswRdr - ok 14:11:02.0971 4428 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys 14:11:02.0986 4428 aswSnx - ok 14:11:03.0018 4428 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys 14:11:03.0033 4428 aswSP - ok 14:11:03.0064 4428 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys 14:11:03.0080 4428 aswTdi - ok 14:11:03.0111 4428 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 14:11:03.0158 4428 AsyncMac - ok 14:11:03.0189 4428 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 14:11:03.0205 4428 atapi - ok 14:11:03.0392 4428 [ E02B26650ACC2F4901342D4A66774AD7 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys 14:11:03.0408 4428 AtiHDAudioService - ok 14:11:03.0454 4428 [ 7E2F5A758F63F80F8B03F889B4E6B19F ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys 14:11:03.0486 4428 AtiHdmiService - ok 14:11:03.0548 4428 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys 14:11:03.0579 4428 AtiPcie - ok 14:11:03.0626 4428 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 14:11:03.0704 4428 AudioEndpointBuilder - ok 14:11:03.0766 4428 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 14:11:03.0813 4428 AudioSrv - ok 14:11:03.0985 4428 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe 14:11:04.0000 4428 avast! Antivirus - ok 14:11:04.0078 4428 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 14:11:04.0125 4428 AxInstSV - ok 14:11:04.0266 4428 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 14:11:04.0312 4428 b06bdrv - ok 14:11:04.0437 4428 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 14:11:04.0484 4428 b57nd60a - ok 14:11:04.0515 4428 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 14:11:04.0562 4428 BDESVC - ok 14:11:04.0609 4428 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 14:11:04.0687 4428 Beep - ok 14:11:04.0812 4428 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 14:11:04.0890 4428 BFE - ok 14:11:04.0999 4428 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll 14:11:05.0077 4428 BITS - ok 14:11:05.0124 4428 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 14:11:05.0155 4428 blbdrive - ok 14:11:05.0295 4428 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe 14:11:05.0311 4428 Bonjour Service - ok 14:11:05.0342 4428 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 14:11:05.0373 4428 bowser - ok 14:11:05.0420 4428 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 14:11:05.0498 4428 BrFiltLo - ok 14:11:05.0514 4428 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 14:11:05.0545 4428 BrFiltUp - ok 14:11:05.0576 4428 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 14:11:05.0670 4428 BridgeMP - ok 14:11:05.0701 4428 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 14:11:05.0763 4428 Browser - ok 14:11:05.0794 4428 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 14:11:05.0872 4428 Brserid - ok 14:11:05.0888 4428 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 14:11:05.0950 4428 BrSerWdm - ok 14:11:05.0966 4428 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 14:11:06.0013 4428 BrUsbMdm - ok 14:11:06.0028 4428 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 14:11:06.0075 4428 BrUsbSer - ok 14:11:06.0153 4428 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 14:11:06.0216 4428 BTHMODEM - ok 14:11:06.0247 4428 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 14:11:06.0309 4428 bthserv - ok 14:11:06.0325 4428 catchme - ok 14:11:06.0372 4428 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 14:11:06.0434 4428 cdfs - ok 14:11:06.0496 4428 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 14:11:06.0528 4428 cdrom - ok 14:11:06.0590 4428 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 14:11:06.0652 4428 CertPropSvc - ok 14:11:06.0746 4428 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 14:11:06.0777 4428 circlass - ok 14:11:06.0886 4428 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 14:11:06.0918 4428 CLFS - ok 14:11:07.0027 4428 [ 56139566E462C1FB1775E140D4EE6B22 ] CLPSLS C:\Program Files (x86)\COMODO\COMODO livePCsupport\CLPSLS.exe 14:11:07.0042 4428 CLPSLS - ok 14:11:07.0292 4428 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 14:11:07.0354 4428 clr_optimization_v2.0.50727_32 - ok 14:11:07.0526 4428 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 14:11:07.0557 4428 clr_optimization_v2.0.50727_64 - ok 14:11:07.0651 4428 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 14:11:07.0744 4428 clr_optimization_v4.0.30319_32 - ok 14:11:07.0822 4428 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 14:11:07.0838 4428 clr_optimization_v4.0.30319_64 - ok 14:11:07.0885 4428 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 14:11:07.0916 4428 CmBatt - ok 14:11:08.0571 4428 [ 65FB5097D9EE7E3A99E932CFA0E4B344 ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe 14:11:08.0618 4428 cmdAgent - ok 14:11:08.0758 4428 [ 919ACCC22ABDC1C3CA68326C0E5DEAF9 ] cmdGuard C:\Windows\system32\DRIVERS\cmdguard.sys 14:11:08.0774 4428 cmdGuard - ok 14:11:08.0790 4428 [ F8FECE0F1D44C4A58778083B00EEADAC ] cmdHlp C:\Windows\system32\DRIVERS\cmdhlp.sys 14:11:08.0805 4428 cmdHlp - ok 14:11:08.0836 4428 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 14:11:08.0852 4428 cmdide - ok 14:11:08.0961 4428 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 14:11:08.0992 4428 CNG - ok 14:11:09.0039 4428 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 14:11:09.0070 4428 Compbatt - ok 14:11:09.0133 4428 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 14:11:09.0164 4428 CompositeBus - ok 14:11:09.0180 4428 COMSysApp - ok 14:11:09.0211 4428 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 14:11:09.0242 4428 crcdisk - ok 14:11:09.0320 4428 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 14:11:09.0367 4428 CryptSvc - ok 14:11:09.0476 4428 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys 14:11:09.0523 4428 CSC - ok 14:11:09.0554 4428 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll 14:11:09.0601 4428 CscService - ok 14:11:09.0694 4428 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 14:11:09.0741 4428 DcomLaunch - ok 14:11:09.0897 4428 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 14:11:09.0944 4428 defragsvc - ok 14:11:09.0991 4428 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 14:11:10.0038 4428 DfsC - ok 14:11:10.0131 4428 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 14:11:10.0194 4428 Dhcp - ok 14:11:10.0209 4428 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 14:11:10.0256 4428 discache - ok 14:11:10.0303 4428 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 14:11:10.0334 4428 Disk - ok 14:11:10.0381 4428 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 14:11:10.0412 4428 Dnscache - ok 14:11:10.0490 4428 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 14:11:10.0537 4428 dot3svc - ok 14:11:10.0568 4428 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 14:11:10.0615 4428 DPS - ok 14:11:10.0677 4428 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 14:11:10.0724 4428 drmkaud - ok 14:11:10.0896 4428 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 14:11:10.0927 4428 DXGKrnl - ok 14:11:10.0942 4428 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 14:11:11.0036 4428 EapHost - ok 14:11:11.0613 4428 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 14:11:11.0707 4428 ebdrv - ok 14:11:11.0754 4428 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 14:11:11.0800 4428 EFS - ok 14:11:12.0081 4428 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 14:11:12.0112 4428 ehRecvr - ok 14:11:12.0253 4428 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 14:11:12.0268 4428 ehSched - ok 14:11:12.0378 4428 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys 14:11:12.0393 4428 ElbyCDIO - ok 14:11:12.0534 4428 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 14:11:12.0565 4428 elxstor - ok 14:11:12.0612 4428 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 14:11:12.0658 4428 ErrDev - ok 14:11:12.0783 4428 [ 94B3C06DCF580695EBA5304F3C750256 ] esClient C:\Program Files\Windows Home Server\esClient.exe 14:11:12.0799 4428 esClient - ok 14:11:12.0924 4428 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 14:11:12.0970 4428 EventSystem - ok 14:11:12.0986 4428 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 14:11:13.0048 4428 exfat - ok 14:11:13.0111 4428 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 14:11:13.0173 4428 fastfat - ok 14:11:13.0392 4428 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 14:11:13.0423 4428 Fax - ok 14:11:13.0454 4428 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 14:11:13.0485 4428 fdc - ok 14:11:13.0516 4428 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 14:11:13.0563 4428 fdPHost - ok 14:11:13.0579 4428 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 14:11:13.0626 4428 FDResPub - ok 14:11:13.0657 4428 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 14:11:13.0672 4428 FileInfo - ok 14:11:13.0688 4428 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 14:11:13.0750 4428 Filetrace - ok 14:11:13.0766 4428 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 14:11:13.0797 4428 flpydisk - ok 14:11:13.0891 4428 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 14:11:13.0906 4428 FltMgr - ok 14:11:14.0031 4428 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 14:11:14.0062 4428 FontCache - ok 14:11:14.0156 4428 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 14:11:14.0172 4428 FontCache3.0.0.0 - ok 14:11:14.0187 4428 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 14:11:14.0218 4428 FsDepends - ok 14:11:14.0250 4428 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 14:11:14.0265 4428 Fs_Rec - ok 14:11:14.0359 4428 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 14:11:14.0390 4428 fvevol - ok 14:11:14.0452 4428 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 14:11:14.0484 4428 gagp30kx - ok 14:11:14.0546 4428 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 14:11:14.0562 4428 GEARAspiWDM - ok 14:11:14.0718 4428 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 14:11:14.0764 4428 gpsvc - ok 14:11:14.0889 4428 [ 2ED7FF3E1ADA4092632393781518B3A7 ] grmnusb C:\Windows\system32\drivers\grmnusb.sys 14:11:14.0905 4428 grmnusb - ok 14:11:15.0061 4428 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 14:11:15.0076 4428 gupdate - ok 14:11:15.0154 4428 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 14:11:15.0170 4428 gupdatem - ok 14:11:15.0186 4428 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 14:11:15.0232 4428 hcw85cir - ok 14:11:15.0342 4428 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 14:11:15.0373 4428 HdAudAddService - ok 14:11:15.0404 4428 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 14:11:15.0435 4428 HDAudBus - ok 14:11:15.0466 4428 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 14:11:15.0482 4428 HidBatt - ok 14:11:15.0513 4428 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 14:11:15.0560 4428 HidBth - ok 14:11:15.0591 4428 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 14:11:15.0638 4428 HidIr - ok 14:11:15.0669 4428 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll 14:11:15.0716 4428 hidserv - ok 14:11:15.0747 4428 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 14:11:15.0763 4428 HidUsb - ok 14:11:15.0794 4428 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 14:11:15.0888 4428 hkmsvc - ok 14:11:15.0919 4428 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 14:11:15.0950 4428 HomeGroupListener - ok 14:11:15.0997 4428 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 14:11:16.0044 4428 HomeGroupProvider - ok 14:11:16.0075 4428 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 14:11:16.0090 4428 HpSAMD - ok 14:11:16.0137 4428 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 14:11:16.0200 4428 HTTP - ok 14:11:16.0231 4428 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 14:11:16.0246 4428 hwpolicy - ok 14:11:16.0309 4428 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 14:11:16.0324 4428 i8042prt - ok 14:11:16.0356 4428 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 14:11:16.0387 4428 iaStorV - ok 14:11:16.0449 4428 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 14:11:16.0496 4428 idsvc - ok 14:11:16.0512 4428 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 14:11:16.0527 4428 iirsp - ok 14:11:16.0559 4428 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 14:11:16.0605 4428 IKEEXT - ok 14:11:16.0652 4428 [ C4E67D3037DC79E39D7136581A947F50 ] inspect C:\Windows\system32\DRIVERS\inspect.sys 14:11:16.0668 4428 inspect - ok 14:11:16.0699 4428 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 14:11:16.0715 4428 intelide - ok 14:11:16.0746 4428 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 14:11:16.0777 4428 intelppm - ok 14:11:16.0808 4428 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 14:11:16.0855 4428 IPBusEnum - ok 14:11:16.0902 4428 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 14:11:17.0058 4428 IpFilterDriver - ok 14:11:17.0214 4428 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 14:11:17.0245 4428 iphlpsvc - ok 14:11:17.0292 4428 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 14:11:17.0323 4428 IPMIDRV - ok 14:11:17.0339 4428 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 14:11:17.0401 4428 IPNAT - ok 14:11:17.0463 4428 [ F8E8676D1B6B2CC12DF9AA6B1A43D929 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 14:11:17.0495 4428 iPod Service - ok 14:11:17.0526 4428 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 14:11:18.0228 4428 IRENUM - ok 14:11:18.0275 4428 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 14:11:18.0290 4428 isapnp - ok 14:11:18.0321 4428 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 14:11:18.0353 4428 iScsiPrt - ok 14:11:18.0384 4428 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 14:11:18.0399 4428 kbdclass - ok 14:11:18.0415 4428 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 14:11:18.0446 4428 kbdhid - ok 14:11:18.0462 4428 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 14:11:18.0477 4428 KeyIso - ok 14:11:18.0524 4428 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 14:11:18.0540 4428 KSecDD - ok 14:11:18.0571 4428 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 14:11:18.0602 4428 KSecPkg - ok 14:11:18.0633 4428 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 14:11:18.0680 4428 ksthunk - ok 14:11:18.0743 4428 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 14:11:18.0789 4428 KtmRm - ok 14:11:18.0836 4428 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll 14:11:18.0883 4428 LanmanServer - ok 14:11:18.0914 4428 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 14:11:18.0977 4428 LanmanWorkstation - ok 14:11:19.0023 4428 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 14:11:19.0086 4428 lltdio - ok 14:11:19.0133 4428 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 14:11:19.0211 4428 lltdsvc - ok 14:11:19.0226 4428 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 14:11:19.0273 4428 lmhosts - ok 14:11:19.0304 4428 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 14:11:19.0320 4428 LSI_FC - ok 14:11:19.0335 4428 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 14:11:19.0351 4428 LSI_SAS - ok 14:11:19.0351 4428 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 14:11:19.0367 4428 LSI_SAS2 - ok 14:11:19.0382 4428 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 14:11:19.0398 4428 LSI_SCSI - ok 14:11:19.0429 4428 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 14:11:19.0476 4428 luafv - ok 14:11:19.0601 4428 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 14:11:19.0616 4428 Mcx2Svc - ok 14:11:19.0647 4428 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 14:11:19.0647 4428 megasas - ok 14:11:19.0679 4428 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 14:11:19.0694 4428 MegaSR - ok 14:11:19.0725 4428 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 14:11:19.0772 4428 MMCSS - ok 14:11:19.0788 4428 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 14:11:19.0850 4428 Modem - ok 14:11:19.0866 4428 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 14:11:19.0913 4428 monitor - ok 14:11:19.0928 4428 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 14:11:19.0944 4428 mouclass - ok 14:11:19.0959 4428 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 14:11:19.0991 4428 mouhid - ok 14:11:20.0022 4428 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 14:11:20.0053 4428 mountmgr - ok 14:11:20.0162 4428 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 14:11:20.0193 4428 MozillaMaintenance - ok 14:11:20.0256 4428 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 14:11:20.0271 4428 mpio - ok 14:11:20.0287 4428 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 14:11:20.0334 4428 mpsdrv - ok 14:11:20.0396 4428 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 14:11:20.0474 4428 MpsSvc - ok 14:11:20.0505 4428 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 14:11:20.0552 4428 MRxDAV - ok 14:11:20.0583 4428 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 14:11:20.0615 4428 mrxsmb - ok 14:11:20.0661 4428 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 14:11:20.0693 4428 mrxsmb10 - ok 14:11:20.0708 4428 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 14:11:20.0724 4428 mrxsmb20 - ok 14:11:20.0755 4428 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 14:11:20.0771 4428 msahci - ok 14:11:20.0786 4428 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 14:11:20.0802 4428 msdsm - ok 14:11:20.0817 4428 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 14:11:20.0849 4428 MSDTC - ok 14:11:20.0895 4428 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 14:11:20.0927 4428 Msfs - ok 14:11:20.0942 4428 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 14:11:20.0989 4428 mshidkmdf - ok 14:11:21.0020 4428 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 14:11:21.0036 4428 msisadrv - ok 14:11:21.0051 4428 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 14:11:21.0114 4428 MSiSCSI - ok 14:11:21.0114 4428 msiserver - ok 14:11:21.0145 4428 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 14:11:21.0192 4428 MSKSSRV - ok 14:11:21.0223 4428 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 14:11:21.0254 4428 MSPCLOCK - ok 14:11:21.0270 4428 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 14:11:21.0332 4428 MSPQM - ok 14:11:21.0379 4428 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 14:11:21.0395 4428 MsRPC - ok 14:11:21.0426 4428 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 14:11:21.0426 4428 mssmbios - ok 14:11:21.0441 4428 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 14:11:21.0488 4428 MSTEE - ok 14:11:21.0504 4428 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 14:11:21.0535 4428 MTConfig - ok 14:11:21.0597 4428 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys 14:11:21.0613 4428 MTsensor - ok 14:11:21.0629 4428 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 14:11:21.0644 4428 Mup - ok 14:11:21.0707 4428 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 14:11:21.0769 4428 napagent - ok 14:11:21.0800 4428 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 14:11:21.0831 4428 NativeWifiP - ok 14:11:21.0878 4428 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 14:11:21.0925 4428 NDIS - ok 14:11:21.0956 4428 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 14:11:22.0019 4428 NdisCap - ok 14:11:22.0050 4428 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 14:11:22.0081 4428 NdisTapi - ok 14:11:22.0112 4428 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 14:11:22.0159 4428 Ndisuio - ok 14:11:22.0190 4428 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 14:11:22.0253 4428 NdisWan - ok 14:11:22.0268 4428 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 14:11:22.0315 4428 NDProxy - ok 14:11:22.0346 4428 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 14:11:22.0377 4428 NetBIOS - ok 14:11:22.0409 4428 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 14:11:22.0440 4428 NetBT - ok 14:11:22.0455 4428 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 14:11:22.0471 4428 Netlogon - ok 14:11:22.0518 4428 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 14:11:22.0565 4428 Netman - ok 14:11:22.0611 4428 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 14:11:22.0658 4428 netprofm - ok 14:11:22.0705 4428 [ 618C55B392238B9467F9113E13525C49 ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys 14:11:22.0752 4428 netr28ux - ok 14:11:22.0799 4428 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 14:11:22.0814 4428 NetTcpPortSharing - ok 14:11:22.0830 4428 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 14:11:22.0845 4428 nfrd960 - ok 14:11:22.0877 4428 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 14:11:22.0908 4428 NlaSvc - ok 14:11:22.0923 4428 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 14:11:22.0970 4428 Npfs - ok 14:11:22.0986 4428 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 14:11:23.0033 4428 nsi - ok 14:11:23.0033 4428 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 14:11:23.0079 4428 nsiproxy - ok 14:11:23.0157 4428 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 14:11:23.0220 4428 Ntfs - ok 14:11:23.0235 4428 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 14:11:23.0267 4428 Null - ok 14:11:23.0282 4428 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 14:11:23.0298 4428 nvraid - ok 14:11:23.0329 4428 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 14:11:23.0345 4428 nvstor - ok 14:11:23.0376 4428 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 14:11:23.0391 4428 nv_agp - ok 14:11:23.0423 4428 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 14:11:23.0454 4428 ohci1394 - ok 14:11:23.0469 4428 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 14:11:23.0501 4428 p2pimsvc - ok 14:11:23.0547 4428 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 14:11:23.0563 4428 p2psvc - ok 14:11:23.0579 4428 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 14:11:23.0594 4428 Parport - ok 14:11:23.0625 4428 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 14:11:23.0641 4428 partmgr - ok 14:11:23.0672 4428 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 14:11:23.0703 4428 PcaSvc - ok 14:11:23.0719 4428 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 14:11:23.0735 4428 pci - ok 14:11:23.0750 4428 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 14:11:23.0766 4428 pciide - ok 14:11:23.0781 4428 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 14:11:23.0813 4428 pcmcia - ok 14:11:23.0828 4428 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 14:11:23.0828 4428 pcw - ok 14:11:23.0859 4428 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 14:11:23.0906 4428 PEAUTH - ok 14:11:23.0969 4428 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 14:11:24.0031 4428 PeerDistSvc - ok 14:11:24.0109 4428 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 14:11:24.0140 4428 PerfHost - ok 14:11:24.0187 4428 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 14:11:24.0249 4428 pla - ok 14:11:24.0296 4428 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 14:11:24.0327 4428 PlugPlay - ok 14:11:24.0343 4428 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 14:11:24.0374 4428 PNRPAutoReg - ok 14:11:24.0405 4428 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 14:11:24.0421 4428 PNRPsvc - ok 14:11:24.0452 4428 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 14:11:24.0499 4428 PolicyAgent - ok 14:11:24.0530 4428 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 14:11:24.0577 4428 Power - ok 14:11:24.0624 4428 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 14:11:24.0655 4428 PptpMiniport - ok 14:11:24.0671 4428 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 14:11:24.0702 4428 Processor - ok 14:11:24.0749 4428 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 14:11:24.0764 4428 ProfSvc - ok 14:11:24.0764 4428 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 14:11:24.0780 4428 ProtectedStorage - ok 14:11:24.0858 4428 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 14:11:24.0905 4428 Psched - ok 14:11:24.0951 4428 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 14:11:25.0014 4428 ql2300 - ok 14:11:25.0045 4428 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 14:11:25.0061 4428 ql40xx - ok 14:11:25.0092 4428 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 14:11:25.0123 4428 QWAVE - ok 14:11:25.0154 4428 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 14:11:25.0217 4428 QWAVEdrv - ok 14:11:25.0232 4428 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 14:11:25.0279 4428 RasAcd - ok 14:11:25.0326 4428 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 14:11:25.0373 4428 RasAgileVpn - ok 14:11:25.0388 4428 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 14:11:25.0451 4428 RasAuto - ok 14:11:25.0497 4428 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 14:11:25.0544 4428 Rasl2tp - ok 14:11:25.0591 4428 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 14:11:25.0622 4428 RasMan - ok 14:11:25.0653 4428 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 14:11:25.0700 4428 RasPppoe - ok 14:11:25.0716 4428 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 14:11:25.0763 4428 RasSstp - ok 14:11:25.0794 4428 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 14:11:25.0841 4428 rdbss - ok 14:11:25.0856 4428 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 14:11:25.0887 4428 rdpbus - ok 14:11:25.0903 4428 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 14:11:25.0950 4428 RDPCDD - ok 14:11:25.0981 4428 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 14:11:25.0997 4428 RDPDR - ok 14:11:26.0012 4428 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 14:11:26.0059 4428 RDPENCDD - ok 14:11:26.0075 4428 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 14:11:26.0106 4428 RDPREFMP - ok 14:11:26.0153 4428 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 14:11:26.0184 4428 RdpVideoMiniport - ok 14:11:26.0215 4428 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 14:11:26.0246 4428 RDPWD - ok 14:11:26.0277 4428 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 14:11:26.0293 4428 rdyboost - ok 14:11:26.0324 4428 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 14:11:26.0355 4428 RemoteAccess - ok 14:11:26.0387 4428 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 14:11:26.0433 4428 RemoteRegistry - ok 14:11:26.0465 4428 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 14:11:26.0511 4428 RpcEptMapper - ok 14:11:26.0543 4428 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 14:11:26.0574 4428 RpcLocator - ok 14:11:26.0605 4428 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll 14:11:26.0636 4428 RpcSs - ok 14:11:26.0667 4428 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 14:11:26.0699 4428 rspndr - ok 14:11:26.0730 4428 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 14:11:26.0761 4428 RTL8167 - ok 14:11:26.0777 4428 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 14:11:26.0808 4428 s3cap - ok 14:11:26.0823 4428 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 14:11:26.0839 4428 SamSs - ok 14:11:26.0886 4428 [ 5EFBBFCC6ADAC121C8E2FE76641ED329 ] SANDRA C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\WNt500x64\Sandra.sys 14:11:26.0901 4428 SANDRA - ok 14:11:26.0917 4428 [ 6E72B22D71A62B7C9162361E5FD0DE9D ] SandraAgentSrv C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe 14:11:26.0933 4428 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - warning 14:11:26.0933 4428 SandraAgentSrv - detected UnsignedFile.Multi.Generic (1) 14:11:26.0964 4428 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 14:11:26.0979 4428 sbp2port - ok 14:11:27.0011 4428 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 14:11:27.0057 4428 SCardSvr - ok 14:11:27.0089 4428 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 14:11:27.0135 4428 scfilter - ok 14:11:27.0167 4428 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 14:11:27.0229 4428 Schedule - ok 14:11:27.0260 4428 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 14:11:27.0291 4428 SCPolicySvc - ok 14:11:27.0323 4428 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 14:11:27.0354 4428 SDRSVC - ok 14:11:27.0385 4428 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 14:11:27.0416 4428 secdrv - ok 14:11:27.0447 4428 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 14:11:27.0494 4428 seclogon - ok 14:11:27.0525 4428 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll 14:11:27.0572 4428 SENS - ok 14:11:27.0588 4428 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 14:11:27.0619 4428 SensrSvc - ok 14:11:27.0635 4428 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 14:11:27.0666 4428 Serenum - ok 14:11:27.0681 4428 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 14:11:27.0697 4428 Serial - ok 14:11:27.0728 4428 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 14:11:27.0759 4428 sermouse - ok 14:11:27.0791 4428 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 14:11:27.0837 4428 SessionEnv - ok 14:11:27.0869 4428 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 14:11:27.0900 4428 sffdisk - ok 14:11:27.0900 4428 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 14:11:27.0931 4428 sffp_mmc - ok 14:11:27.0947 4428 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 14:11:27.0978 4428 sffp_sd - ok 14:11:27.0993 4428 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 14:11:28.0025 4428 sfloppy - ok 14:11:28.0056 4428 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 14:11:28.0087 4428 SharedAccess - ok 14:11:28.0118 4428 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 14:11:28.0181 4428 ShellHWDetection - ok 14:11:28.0196 4428 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 14:11:28.0212 4428 SiSRaid2 - ok 14:11:28.0227 4428 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 14:11:28.0243 4428 SiSRaid4 - ok 14:11:28.0274 4428 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 14:11:28.0305 4428 Smb - ok 14:11:28.0337 4428 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 14:11:28.0368 4428 SNMPTRAP - ok 14:11:28.0383 4428 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 14:11:28.0399 4428 spldr - ok 14:11:28.0430 4428 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 14:11:28.0461 4428 Spooler - ok 14:11:28.0555 4428 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 14:11:28.0617 4428 sppsvc - ok 14:11:28.0633 4428 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 14:11:28.0695 4428 sppuinotify - ok 14:11:28.0727 4428 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 14:11:28.0742 4428 srv - ok 14:11:28.0773 4428 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 14:11:28.0789 4428 srv2 - ok 14:11:28.0805 4428 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 14:11:28.0820 4428 srvnet - ok 14:11:28.0851 4428 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 14:11:28.0898 4428 SSDPSRV - ok 14:11:28.0914 4428 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 14:11:28.0961 4428 SstpSvc - ok 14:11:28.0976 4428 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 14:11:28.0992 4428 stexstor - ok 14:11:29.0023 4428 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 14:11:29.0054 4428 stisvc - ok 14:11:29.0101 4428 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 14:11:29.0117 4428 storflt - ok 14:11:29.0148 4428 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys 14:11:29.0163 4428 storvsc - ok 14:11:29.0195 4428 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 14:11:29.0210 4428 swenum - ok 14:11:29.0241 4428 [ D294DB3E6B227BA511A454DF4B9A5856 ] swmsflt C:\Windows\System32\drivers\swmsflt.sys 14:11:29.0257 4428 swmsflt - ok 14:11:29.0288 4428 [ 7DAF66ED79A8EE340E6C22252A97DE08 ] SWMX00 C:\Windows\system32\DRIVERS\swmx00.sys 14:11:29.0304 4428 SWMX00 - ok 14:11:29.0335 4428 [ 4A827A6BE651DA66AA85D17726743BF5 ] SWNC5E00 C:\Windows\system32\DRIVERS\SWNC5E00.sys 14:11:29.0366 4428 SWNC5E00 - ok 14:11:29.0413 4428 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 14:11:29.0475 4428 swprv - ok 14:11:29.0475 4428 SWUMX20 - ok 14:11:29.0538 4428 Synth3dVsc - ok 14:11:29.0600 4428 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 14:11:29.0647 4428 SysMain - ok 14:11:29.0678 4428 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 14:11:29.0709 4428 TabletInputService - ok 14:11:29.0741 4428 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 14:11:29.0803 4428 TapiSrv - ok 14:11:29.0819 4428 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 14:11:29.0865 4428 TBS - ok 14:11:29.0928 4428 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 14:11:30.0006 4428 Tcpip - ok 14:11:30.0068 4428 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 14:11:30.0099 4428 TCPIP6 - ok 14:11:30.0131 4428 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 14:11:30.0162 4428 tcpipreg - ok 14:11:30.0193 4428 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 14:11:30.0224 4428 TDPIPE - ok 14:11:30.0240 4428 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 14:11:30.0271 4428 TDTCP - ok 14:11:30.0302 4428 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 14:11:30.0333 4428 tdx - ok 14:11:30.0349 4428 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 14:11:30.0365 4428 TermDD - ok 14:11:30.0396 4428 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 14:11:30.0443 4428 TermService - ok 14:11:30.0458 4428 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 14:11:30.0489 4428 Themes - ok 14:11:30.0521 4428 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 14:11:30.0552 4428 THREADORDER - ok 14:11:30.0567 4428 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 14:11:30.0614 4428 TrkWks - ok 14:11:30.0677 4428 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 14:11:30.0708 4428 TrustedInstaller - ok 14:11:30.0739 4428 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 14:11:30.0786 4428 tssecsrv - ok 14:11:30.0801 4428 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 14:11:30.0833 4428 TsUsbFlt - ok 14:11:30.0833 4428 tsusbhub - ok 14:11:30.0879 4428 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 14:11:30.0911 4428 tunnel - ok 14:11:30.0926 4428 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 14:11:30.0942 4428 uagp35 - ok 14:11:30.0973 4428 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 14:11:31.0020 4428 udfs - ok 14:11:31.0051 4428 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 14:11:31.0082 4428 UI0Detect - ok 14:11:31.0098 4428 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 14:11:31.0113 4428 uliagpkx - ok 14:11:31.0145 4428 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 14:11:31.0160 4428 umbus - ok 14:11:31.0176 4428 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 14:11:31.0207 4428 UmPass - ok 14:11:31.0223 4428 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll 14:11:31.0254 4428 UmRdpService - ok 14:11:31.0285 4428 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 14:11:31.0347 4428 upnphost - ok 14:11:31.0394 4428 [ 54D4B48D443E7228BF64CF7CDC3118AC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 14:11:31.0410 4428 USBAAPL64 - ok 14:11:31.0441 4428 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 14:11:31.0457 4428 usbccgp - ok 14:11:31.0488 4428 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 14:11:31.0503 4428 usbcir - ok 14:11:31.0519 4428 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 14:11:31.0550 4428 usbehci - ok 14:11:31.0581 4428 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 14:11:31.0613 4428 usbhub - ok 14:11:31.0628 4428 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 14:11:31.0644 4428 usbohci - ok 14:11:31.0659 4428 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 14:11:31.0706 4428 usbprint - ok 14:11:31.0722 4428 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:11:31.0753 4428 USBSTOR - ok 14:11:31.0769 4428 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 14:11:31.0784 4428 usbuhci - ok 14:11:31.0784 4428 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 14:11:31.0847 4428 UxSms - ok 14:11:31.0862 4428 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 14:11:31.0878 4428 VaultSvc - ok 14:11:31.0909 4428 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 14:11:31.0925 4428 vdrvroot - ok 14:11:31.0956 4428 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 14:11:32.0034 4428 vds - ok 14:11:32.0049 4428 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 14:11:32.0081 4428 vga - ok 14:11:32.0081 4428 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 14:11:32.0127 4428 VgaSave - ok 14:11:32.0159 4428 VGPU - ok 14:11:32.0190 4428 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 14:11:32.0205 4428 vhdmp - ok 14:11:32.0221 4428 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 14:11:32.0237 4428 viaide - ok 14:11:32.0268 4428 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys 14:11:32.0283 4428 vmbus - ok 14:11:32.0299 4428 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 14:11:32.0346 4428 VMBusHID - ok 14:11:32.0361 4428 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 14:11:32.0377 4428 volmgr - ok 14:11:32.0408 4428 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 14:11:32.0439 4428 volmgrx - ok 14:11:32.0471 4428 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 14:11:32.0502 4428 volsnap - ok 14:11:32.0533 4428 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 14:11:32.0549 4428 vsmraid - ok 14:11:32.0767 4428 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 14:11:32.0845 4428 VSS - ok 14:11:32.0861 4428 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 14:11:32.0892 4428 vwifibus - ok 14:11:32.0923 4428 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 14:11:32.0954 4428 vwififlt - ok 14:11:32.0985 4428 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 14:11:33.0063 4428 W32Time - ok 14:11:33.0095 4428 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 14:11:33.0126 4428 WacomPen - ok 14:11:33.0157 4428 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 14:11:33.0204 4428 WANARP - ok 14:11:33.0219 4428 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 14:11:33.0251 4428 Wanarpv6 - ok 14:11:33.0297 4428 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 14:11:33.0360 4428 WatAdminSvc - ok 14:11:33.0438 4428 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 14:11:33.0500 4428 wbengine - ok 14:11:33.0516 4428 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 14:11:33.0547 4428 WbioSrvc - ok 14:11:33.0609 4428 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 14:11:33.0641 4428 wcncsvc - ok 14:11:33.0656 4428 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 14:11:33.0672 4428 WcsPlugInService - ok 14:11:33.0687 4428 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 14:11:33.0703 4428 Wd - ok 14:11:33.0828 4428 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 14:11:33.0875 4428 Wdf01000 - ok 14:11:33.0890 4428 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 14:11:33.0921 4428 WdiServiceHost - ok 14:11:33.0921 4428 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
- December 30, 2012
- 22 replies
lsass.exe using exorbitant memory

supturb89 replied to supturb89's topic in Resolved Malware Removal Logs

Gringo, After running the programs in your first post I replied back that the lsass.exe process was running normal again. That was true for a short time, but as time went by the process started to increase its memory usage. Upon waking this morning it was back up to around 2.8 million K and my computer was really sluggish. I have run Combofix like you asked but the problem still persists. ComboFix 12-12-30.01 - Webb 12/30/2012 8:00.1.2 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.901 [GMT -6:00] Running from: c:\users\Webb\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\xmlA717.tmp c:\programdata\xmlAC94.tmp c:\programdata\xmlB79D.tmp c:\users\Webb\AppData\Local\Microsoft\Windows\Temporary Internet Files\install_flash_player_10_active_x.msi . . ((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-30 ))))))))))))))))))))))))))))))) . . 2012-12-30 14:08 . 2012-12-30 14:08 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-30 11:10 . 2012-12-30 11:10 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CBDA262E-5FCC-4B41-B1E7-7BEC5A2B2BA5}\offreg.dll 2012-12-29 03:03 . 2012-12-29 03:03 -------- d-----w- c:\users\Webb\AppData\Roaming\Malwarebytes 2012-12-29 03:03 . 2012-12-29 03:03 -------- d-----w- c:\programdata\Malwarebytes 2012-12-29 03:03 . 2012-12-29 03:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-12-29 03:03 . 2012-12-14 22:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-29 03:02 . 2012-12-29 03:02 -------- d-----w- c:\users\Webb\AppData\Local\Programs 2012-12-28 18:41 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CBDA262E-5FCC-4B41-B1E7-7BEC5A2B2BA5}\mpengine.dll 2012-12-21 13:54 . 2012-12-21 13:56 -------- d-----w- c:\program files (x86)\Google 2012-12-21 09:00 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-21 09:00 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-21 09:00 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 09:00 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-11 19:07 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-11 19:07 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-12-11 19:05 . 2012-10-04 16:47 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-12 11:13 . 2012-04-07 13:19 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-12-12 11:13 . 2011-05-21 19:42 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-12 09:01 . 2010-04-23 02:37 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-11-07 23:38 . 2010-04-09 06:25 94288 ----a-w- c:\windows\system32\drivers\inspect.sys 2012-11-07 23:38 . 2010-04-09 06:25 38144 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2012-11-07 23:37 . 2010-04-09 06:25 584056 ----a-w- c:\windows\system32\drivers\cmdGuard.sys 2012-11-07 23:37 . 2010-04-09 06:25 22736 ----a-w- c:\windows\system32\drivers\cmderd.sys 2012-11-07 23:37 . 2012-01-18 13:15 41240 ----a-w- c:\windows\system32\cmdcsr.dll 2012-11-07 23:37 . 2010-04-09 06:26 301264 ----a-w- c:\windows\SysWow64\guard32.dll 2012-11-07 23:37 . 2010-04-09 06:26 390392 ----a-w- c:\windows\system32\guard64.dll 2012-10-30 23:51 . 2010-04-23 02:32 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-10-30 23:51 . 2011-03-09 01:52 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-10-30 23:51 . 2010-04-23 02:32 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-10-30 23:51 . 2010-04-23 02:32 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-10-30 23:51 . 2010-04-23 02:32 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-10-30 23:51 . 2010-07-24 02:43 41224 ----a-w- c:\windows\avastSS.scr 2012-10-30 23:50 . 2010-04-23 02:31 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-10-30 23:50 . 2011-02-13 22:36 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-10-19 15:29 . 2012-10-19 15:29 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin 2012-10-19 11:18 . 2012-10-19 11:18 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-10-19 11:18 . 2010-04-25 02:57 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-10-16 08:38 . 2012-11-27 18:55 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-27 18:55 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-27 18:55 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-15 16:59 . 2012-04-07 13:20 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-10-09 18:17 . 2012-11-14 10:50 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-10-09 18:17 . 2012-11-14 10:50 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-10-09 17:40 . 2012-11-14 10:50 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40 . 2012-11-14 10:50 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll 2012-10-04 20:29 . 2012-03-15 06:40 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2012-10-04 20:28 . 2012-02-19 21:32 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-10-04 20:28 . 2012-02-19 21:32 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-10-04 20:28 . 2012-02-19 21:32 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-10-04 16:40 . 2012-12-11 19:05 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-10-03 17:56 . 2012-11-14 10:49 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-10-03 17:44 . 2012-11-14 10:49 70656 ----a-w- c:\windows\system32\nlaapi.dll 2012-10-03 17:44 . 2012-11-14 10:49 303104 ----a-w- c:\windows\system32\nlasvc.dll 2012-10-03 17:44 . 2012-11-14 10:49 246272 ----a-w- c:\windows\system32\netcorehc.dll 2012-10-03 17:44 . 2012-11-14 10:49 18944 ----a-w- c:\windows\system32\netevent.dll 2012-10-03 17:44 . 2012-11-14 10:49 216576 ----a-w- c:\windows\system32\ncsi.dll 2012-10-03 17:42 . 2012-11-14 10:49 569344 ----a-w- c:\windows\system32\iphlpsvc.dll 2012-10-03 16:42 . 2012-11-14 10:49 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll 2012-10-03 16:42 . 2012-11-14 10:49 18944 ----a-w- c:\windows\SysWow64\netevent.dll 2012-10-03 16:42 . 2012-11-14 10:49 156672 ----a-w- c:\windows\SysWow64\ncsi.dll 2012-10-03 16:07 . 2012-11-14 10:49 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2010-12-07 22:27 . 2010-11-21 17:11 331249 ----a-w- c:\program files (x86)\Clown_BD_v0.79.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "gStart"="c:\program files (x86)\Garmin\gStart.exe" [2008-08-13 1891416] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-27 98304] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160] "WatcherHelper"="c:\program files (x86)\Sierra Wireless Inc\Watcher\WaHelper.exe" [2009-06-12 53248] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "osk.exe"="osk.exe" [2009-07-14 646144] "Application Restart 0"="c:\windows\System32\osk.exe" [2009-07-14 646144] . c:\users\Webb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ ZvRemote.lnk - c:\program files (x86)\ZeeVee\ZvRemote\ZvRemote.exe [2010-2-10 1565944] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Air Mouse.lnk - c:\program files (x86)\Air Mouse\Air Mouse\Air Mouse.exe [2010-6-27 1018856] Media Browser Service.lnk - c:\program files (x86)\MediaBrowser\MediaBrowser\MediaBrowserService.exe [2012-1-14 135168] Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2012-1-2 666992] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992] R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe [2009-08-24 93336] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-02-18 51712] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-23 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-11-07 584056] S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-11-07 38144] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-27 203776] S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2011-01-10 231280] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600] S2 CLPSLS;COMODO livePCsupport Service;c:\program files (x86)\COMODO\COMODO livePCsupport\CLPSLS.exe [2010-02-19 148744] S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [2011-01-10 109936] S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2011-01-10 489840] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040] . . Contents of the 'Scheduled Tasks' folder . 2012-12-30 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 11:13] . 2012-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-21 13:54] . 2012-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-21 13:54] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 23:50 133400 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 9577680] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\guard64.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Webb\AppData\Roaming\Mozilla\Firefox\Profiles\ek5gyir8.default\ FF - prefs.js: browser.startup.homepage - www.google.com . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file) Wow6432Node-HKLM-Run-AirCardEnabler - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-12-30 08:11:09 ComboFix-quarantined-files.txt 2012-12-30 14:11 . Pre-Run: 99,370,250,240 bytes free Post-Run: 99,080,904,704 bytes free . - - End Of File - - 8E977CADB4359AFEAC8BC7F2C3078E16
- December 30, 2012
- 22 replies
lsass.exe using exorbitant memory

supturb89 replied to supturb89's topic in Resolved Malware Removal Logs

Gringo, Thank you for the reply. I ran the programs you asked and as of now the lsass.exe process is not eating up the memory it was (currently using 5800K). Here are the logs: Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Firewall Disabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 Java 6 Update 37 Java version out of Date! Adobe Flash Player 11.5.502.135 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (17.0.1) Google Chrome 23.0.1271.97 ````````Process Check: objlist.exe by Laurent```````` Comodo Firewall cmdagent.exe Comodo Firewall cfp.exe Alwil Software Avast5 AvastSvc.exe Alwil Software Avast5 AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` # AdwCleaner v2.104 - Logfile created 12/29/2012 at 15:52:43 # Updated 29/12/2012 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (64 bits) # User : Webb - HTPC # Boot Mode : Normal # Running from : C:\Users\Webb\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Windows\SysWOW64\conduitEngine.tmp Folder Deleted : C:\Users\Webb\AppData\Local\Conduit Folder Deleted : C:\Users\Webb\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj Folder Deleted : C:\Users\Webb\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Webb\AppData\Roaming\Mozilla\Firefox\Profiles\ek5gyir8.default\Conduit Folder Deleted : C:\Users\Webb\AppData\Roaming\Mozilla\Firefox\Profiles\ek5gyir8.default\ConduitCommon Folder Deleted : C:\Users\Webb\AppData\Roaming\Mozilla\Firefox\Profiles\ek5gyir8.default\ConduitEngine Folder Deleted : C:\Users\Webb\AppData\Roaming\Mozilla\Firefox\Profiles\ek5gyir8.default\CT2786678 Folder Deleted : C:\Users\Webb\AppData\Roaming\Mozilla\Firefox\Profiles\ek5gyir8.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} Folder Deleted : C:\Users\Webb\AppData\Roaming\Mozilla\Firefox\Profiles\ek5gyir8.default\extensions\engine@conduit.com ***** [Registry] ***** Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678 Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 [OK] Registry is clean. -\\ Mozilla Firefox v17.0.1 (en-US) File : C:\Users\Webb\AppData\Roaming\Mozilla\Firefox\Profiles\ek5gyir8.default\prefs.js Deleted : user_pref("CT2786678..clientLogIsEnabled", false); Deleted : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT2786678.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Deleted : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT2786678.AppTrackingLastCheckTime", "Sat Jul 02 2011 07:21:15 GMT-0500 (Central Daylight[...] Deleted : user_pref("CT2786678.BrowserCompStateIsOpen_129579220236217502", true); Deleted : user_pref("CT2786678.CTID", "CT2786678"); Deleted : user_pref("CT2786678.CurrentServerDate", "29-12-2012"); Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2786678.DialogsGetterLastCheckTime", "Fri Dec 28 2012 20:56:22 GMT-0600 (Central Standa[...] Deleted : user_pref("CT2786678.DownloadReferralCookieData", ""); Deleted : user_pref("CT2786678.EMailNotifierPollDate", "Fri Jul 01 2011 18:17:12 GMT-0500 (Central Daylight Ti[...] Deleted : user_pref("CT2786678.FeedLastCount5690698542593514850", 159); Deleted : user_pref("CT2786678.FeedPollDate2429156812186649977", "Fri Jul 01 2011 18:17:13 GMT-0500 (Central D[...] Deleted : user_pref("CT2786678.FeedPollDate2429156813040823546", "Fri Jul 01 2011 18:17:13 GMT-0500 (Central D[...] Deleted : user_pref("CT2786678.FeedPollDate2429156813130095866", "Fri Jul 01 2011 18:17:13 GMT-0500 (Central D[...] Deleted : user_pref("CT2786678.FeedPollDate2429156813224203613", "Fri Jul 01 2011 18:17:13 GMT-0500 (Central D[...] Deleted : user_pref("CT2786678.FeedPollDate2429156813230837251", "Fri Jul 01 2011 18:17:13 GMT-0500 (Central D[...] Deleted : user_pref("CT2786678.FeedPollDate2429156813454291735", "Fri Jul 01 2011 18:17:13 GMT-0500 (Central D[...] Deleted : user_pref("CT2786678.FeedPollDate2429156813729834876", "Fri Jul 01 2011 18:17:13 GMT-0500 (Central D[...] Deleted : user_pref("CT2786678.FeedPollDate2429156813860870021", "Fri Jul 01 2011 18:17:14 GMT-0500 (Central D[...] Deleted : user_pref("CT2786678.FeedPollDate2429156814264681793", "Fri Jul 01 2011 18:17:13 GMT-0500 (Central D[...] Deleted : user_pref("CT2786678.FeedPollDate2429156814863075366", "Fri Jul 01 2011 18:17:13 GMT-0500 (Central D[...] Deleted : user_pref("CT2786678.FeedPollDate2429156815257761081", "Fri Jul 01 2011 18:17:13 GMT-0500 (Central D[...] Deleted : user_pref("CT2786678.FeedTTL2429156813040823546", 15); Deleted : user_pref("CT2786678.FeedTTL2429156813130095866", 10); Deleted : user_pref("CT2786678.FeedTTL2429156813454291735", 5); Deleted : user_pref("CT2786678.FeedTTL2429156814264681793", 5); Deleted : user_pref("CT2786678.FirstServerDate", "2-7-2011"); Deleted : user_pref("CT2786678.FirstTime", true); Deleted : user_pref("CT2786678.FirstTimeFF3", true); Deleted : user_pref("CT2786678.FixPageNotFoundErrors", false); Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT2786678.HasUserGlobalKeys", true); Deleted : user_pref("CT2786678.HomePageProtectorEnabled", false); Deleted : user_pref("CT2786678.Initialize", true); Deleted : user_pref("CT2786678.InitializeCommonPrefs", true); Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT2786678.InstallationType", "UnknownIntegration"); Deleted : user_pref("CT2786678.InstalledDate", "Fri Jul 01 2011 18:17:12 GMT-0500 (Central Daylight Time)"); Deleted : user_pref("CT2786678.IsAlertDBUpdated", true); Deleted : user_pref("CT2786678.IsGrouping", false); Deleted : user_pref("CT2786678.IsInitSetupIni", true); Deleted : user_pref("CT2786678.IsMulticommunity", false); Deleted : user_pref("CT2786678.IsOpenThankYouPage", true); Deleted : user_pref("CT2786678.IsOpenUninstallPage", false); Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Fri Dec 28 2012 20:56:20 GMT-0600 (Central Standar[...] Deleted : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT2786678.LastLogin_3.13.0.6", "Tue Sep 18 2012 20:15:12 GMT-0500 (Central Daylight Time)[...] Deleted : user_pref("CT2786678.LastLogin_3.15.1.0", "Sat Dec 29 2012 13:44:30 GMT-0600 (Central Standard Time)[...] Deleted : user_pref("CT2786678.LastLogin_3.5.0.12", "Sat Jul 02 2011 07:21:05 GMT-0500 (Central Daylight Time)[...] Deleted : user_pref("CT2786678.LatestVersion", "3.16.0.3"); Deleted : user_pref("CT2786678.Locale", "en"); Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT2786678.MCDetectTooltipShow", false); Deleted : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT2786678.MyStuffEnabledAtInstallation", true); Deleted : user_pref("CT2786678.OriginalFirstVersion", "3.5.0.12"); Deleted : user_pref("CT2786678.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties"); Deleted : user_pref("CT2786678.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT278[...] Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true); Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Fri Dec 28 2012 20:56:17 GMT-0600 (Central Stand[...] Deleted : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Deleted : user_pref("CT2786678.SearchInNewTabUserEnabled", false); Deleted : user_pref("CT2786678.SearchProtectorEnabled", false); Deleted : user_pref("CT2786678.SearchProtectorToolbarDisabled", false); Deleted : user_pref("CT2786678.ServiceMapLastCheckTime", "Fri Dec 28 2012 20:56:18 GMT-0600 (Central Standard [...] Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Sat Dec 29 2012 09:44:28 GMT-0600 (Central Standard Ti[...] Deleted : user_pref("CT2786678.SettingsLastUpdate", "1356550082"); Deleted : user_pref("CT2786678.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Fri Jul 01 2011 18:17:11 GMT-0500 (Central Day[...] Deleted : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1246786978"); Deleted : user_pref("CT2786678.ToolbarShrinkedFromSetup", false); Deleted : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678"); Deleted : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Deleted : user_pref("CT2786678.UserID", "UN21299609397261965"); Deleted : user_pref("CT2786678.WeatherNetwork", ""); Deleted : user_pref("CT2786678.WeatherPollDate", "Fri Jul 01 2011 18:17:13 GMT-0500 (Central Daylight Time)"); Deleted : user_pref("CT2786678.WeatherUnit", "F"); Deleted : user_pref("CT2786678.alertChannelId", "1178763"); Deleted : user_pref("CT2786678.approveUntrustedApps", false); Deleted : user_pref("CT2786678.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...] Deleted : user_pref("CT2786678.backendstorage.url_history", "687474703A2F2F69736F68756E742E636F6D2F746F7272656[...] Deleted : user_pref("CT2786678.backendstorage.url_history_time", "31333039353632363232383137"); Deleted : user_pref("CT2786678.components.1000034", false); Deleted : user_pref("CT2786678.components.1000234", false); Deleted : user_pref("CT2786678.components.129295698017012804", false); Deleted : user_pref("CT2786678.components.129309485163350924", false); Deleted : user_pref("CT2786678.components.129309489763975460", false); Deleted : user_pref("CT2786678.components.129315411424256896", false); Deleted : user_pref("CT2786678.components.129513460540910967", false); Deleted : user_pref("CT2786678.components.129526967958500204", false); Deleted : user_pref("CT2786678.components.5690698542593514850", false); Deleted : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Deleted : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Sat Jul 02 2011 07:21:05 GMT-0500 (Central [...] Deleted : user_pref("CT2786678.homepageProtectorEnableByLogin", true); Deleted : user_pref("CT2786678.initDone", true); Deleted : user_pref("CT2786678.isAppTrackingManagerOn", true); Deleted : user_pref("CT2786678.myStuffEnabled", true); Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT2786678.oldAppsList", "129295695672325902,129295695672325903,111,1000234,12929569801701[...] Deleted : user_pref("CT2786678.revertSettingsEnabled", false); Deleted : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10); Deleted : user_pref("CT2786678.searchProtectorEnableByLogin", true); Deleted : user_pref("CT2786678.testingCtid", ""); Deleted : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Fri Dec 28 2012 20:56:18 GMT-0600 (Central S[...] Deleted : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Fri Jul 01 2011 18:17:13 GMT-0500 (Central D[...] Deleted : user_pref("CT2786678.usagesFlag", 2); Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2786678/CT2786678[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/US", "\"0\"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2786678/CT2786678[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"bb9[...] Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine"); Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com"); Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine"); Deleted : user_pref("CommunityToolbar.IsEngineShown", true); Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Webb\\AppData\\Roaming\\Mozilla\\Fi[...] Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.5.0.12"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine"); Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...] Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2786678,ConduitEngine"); Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2786678,ConduitEngine"); Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2786678"); Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Fri Jul 01 2011 18:17:12 GMT-05[...] Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Mar 02 2012 18:45:17 GMT-0600 (Centr[...] Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.locale", "en"); Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Mar 02 2012 18:45:09 GMT-0600 (Central S[...] Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611"); Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false); Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Deleted : user_pref("CommunityToolbar.alert.userId", "40b35769-2d50-4383-812c-16c8d9ea92aa"); Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Jul 01 2011 18:17:13 GMT-0500 (Cen[...] Deleted : user_pref("CommunityToolbar.globalUserId", "1f3741a7-815c-494a-b0b6-1287d12f89d1"); Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Jul 01 2011 18:17:1[...] Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440); Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sat Jul 02 2011 07:21:13 GMT-050[...] Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("CommunityToolbar.notifications.locale", "en"); Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Jul 01 2011 18:17:12 GMT-0500 (C[...] Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1305622559"); Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Deleted : user_pref("CommunityToolbar.notifications.userId", "7a8314af-ff7a-4f72-97e8-bc5e0d1c09cb"); Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Thu Mar 01 2012 18:45:19 GMT-0600 (Central Stan[...] Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine"); Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Thu Mar 01 2012 18:45:09 GMT-0600 (Central St[...] Deleted : user_pref("ConduitEngine.FirstServerDate", "07/02/2011 02"); Deleted : user_pref("ConduitEngine.FirstTime", true); Deleted : user_pref("ConduitEngine.FirstTimeFF3", true); Deleted : user_pref("ConduitEngine.FixPageNotFoundErrors", false); Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true); Deleted : user_pref("ConduitEngine.Initialize", true); Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true); Deleted : user_pref("ConduitEngine.InstallationType", "UnknownIntegration"); Deleted : user_pref("ConduitEngine.InstalledDate", "Fri Jul 01 2011 18:17:13 GMT-0500 (Central Daylight Time)"[...] Deleted : user_pref("ConduitEngine.IsMulticommunity", false); Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false); Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", false); Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Fri Mar 02 2012 18:45:10 GMT-0600 (Central Sta[...] Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sat Mar 03 2012 06:45:09 GMT-0600 (Central Standard Ti[...] Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true); Deleted : user_pref("ConduitEngine.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...] Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Mar 03 2012 06:45:09 GMT-0600 (Central Standar[...] Deleted : user_pref("ConduitEngine.UserID", "UN54517739767074751"); Deleted : user_pref("ConduitEngine.engineLocale", "en-US"); Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Fri Mar 02 2012 18:45:11 GMT-0600 (Centr[...] Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sat Mar 03 2012 06:45:09 GMT-0600 (Cent[...] Deleted : user_pref("ConduitEngine.initDone", true); Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true); -\\ Google Chrome v23.0.1271.97 File : C:\Users\Webb\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [20234 octets] - [29/12/2012 15:52:43] ########## EOF - C:\AdwCleaner[s1].txt - [20295 octets] ########## RogueKiller V8.4.1 [Dec 28 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Webb [Admin rights] Mode : Scan -- Date : 12/29/2012 15:59:28 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 8 ¤¤¤ [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 192.168.1.105 HOMESERVER #Windows Home Server# ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD2500YD-01NVB1 ATA Device +++++ --- User --- [MBR] 52b9e6ab410f29e12965d7f2704820f4 [bSP] 5239ee995432644c26a960e1f84967b8 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 188252 Mo 1 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 385543935 | Size: 51113 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_12292012_02d1559.txt >> RKreport[1]_S_12292012_02d1559.txt Thanks! Aaron
- December 29, 2012
- 22 replies
lsass.exe using exorbitant memory

supturb89 posted a topic in Resolved Malware Removal Logs

Hello, I have recently started to notice my HTPC running very slowly. Upon inspection of the task manager I have discoved that the lsass.exe process is consuming large amounts of memory, most often as high as 3 million bytes. I have run MB and nothing was found. I'm hopng to get some more in-depth advice on what to do next. I am including the requested logs. thank you Aaron DDS DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_37 Run by Webb at 11:13:26 on 2012-12-29 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.874 [GMT -6:00] . AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\COMODO\COMODO livePCsupport\CLPSLS.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files\Windows Home Server\esClient.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Windows Home Server\WHSConnector.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files (x86)\Garmin\gStart.exe C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\MediaBrowser\MediaBrowser\MediaBrowserService.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Windows Home Server\WHSTrayApp.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files (x86)\ZeeVee\ZvRemote\ZvRemote.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\iPod\bin\iPodService.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\eHome\EHShell.exe C:\Windows\ehome\ehsched.exe C:\Windows\eHome\EhTray.exe C:\Windows\ehome\ehVid.exe C:\Windows\eHome\ehExtHost.exe C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\Windows\notepad.exe C:\Windows\notepad.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\taskmgr.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned> mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll uRun: [gStart] C:\Program Files (x86)\Garmin\gStart.exe mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [AirCardEnabler] <no file> dRunOnce: [osk.exe] osk.exe dRunOnce: [Application Restart #0] C:\Windows\System32\osk.exe StartupFolder: C:\Users\Webb\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ZvRemote.lnk - C:\Program Files (x86)\ZeeVee\ZvRemote\ZvRemote.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AIRMOU~1.LNK - C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MEDIAB~1.LNK - C:\Program Files (x86)\MediaBrowser\MediaBrowser\MediaBrowserService.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINDOW~1.LNK - C:\Windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{CF7093E3-9D75-48C1-87A4-676EF6186AFB} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{E89CDB43-70DF-472F-B0FB-FD2047B10812} : DHCPNameServer = 192.168.1.1 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs= C:\Windows\SysWOW64\guard32.dll SSODL: WebCheck - <orphaned> x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: BrowserHelper Class: {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-TB: Home Server Banner: {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab x64-DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> Hosts: 192.168.1.105 HOMESERVER #Windows Home Server# ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Webb\AppData\Roaming\Mozilla\Firefox\Profiles\ek5gyir8.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - component: C:\Users\Webb\AppData\Roaming\Mozilla\Firefox\Profiles\ek5gyir8.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.dll FF - component: C:\Users\Webb\AppData\Roaming\Mozilla\Firefox\Profiles\ek5gyir8.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll FF - component: C:\Users\Webb\AppData\Roaming\Mozilla\Firefox\Profiles\ek5gyir8.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Webb\AppData\Roaming\Mozilla\Firefox\Profiles\ek5gyir8.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\plugins\np-mswmp.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-3-8 984144] R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-4-22 370288] R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2010-4-9 584056] R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2010-4-9 38144] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-10-26 203776] R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-4-22 25232] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-4-22 71600] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-12-21 44808] R2 CLPSLS;COMODO livePCsupport Service;C:\Program Files (x86)\COMODO\COMODO livePCsupport\CLPSLS.exe [2010-2-19 148744] R2 esClient;Windows Media Center Client Service;C:\Program Files\Windows Home Server\esClient.exe [2011-1-10 109936] R2 WHSConnector;Windows Home Server Connector Service;C:\Program Files\Windows Home Server\WHSConnector.exe [2011-1-10 489840] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-9-24 116752] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-4-22 215040] S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2011-1-10 231280] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-7-7 20992] S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe [2010-5-1 93336] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-7 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-22 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-12-29 09:38:25 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CBDA262E-5FCC-4B41-B1E7-7BEC5A2B2BA5}\offreg.dll 2012-12-29 03:03:34 -------- d-----w- C:\Users\Webb\AppData\Roaming\Malwarebytes 2012-12-29 03:03:16 -------- d-----w- C:\ProgramData\Malwarebytes 2012-12-29 03:03:14 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-12-29 03:03:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-12-29 03:02:59 -------- d-----w- C:\Users\Webb\AppData\Local\Programs 2012-12-28 18:41:39 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CBDA262E-5FCC-4B41-B1E7-7BEC5A2B2BA5}\mpengine.dll 2012-12-21 09:00:37 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-21 09:00:37 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-21 09:00:35 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-21 09:00:33 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-11 19:07:16 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-12-11 19:07:16 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-12-11 19:05:59 338432 ----a-w- C:\Windows\System32\conhost.exe . ==================== Find3M ==================== . 2012-12-12 11:13:13 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-12 11:13:13 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-11-12 12:28:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2012-11-12 11:52:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-11-07 23:38:00 38144 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys 2012-11-07 23:37:59 584056 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys 2012-11-07 23:37:57 22736 ----a-w- C:\Windows\System32\drivers\cmderd.sys 2012-11-07 23:37:36 41240 ----a-w- C:\Windows\System32\cmdcsr.dll 2012-11-07 23:37:34 301264 ----a-w- C:\Windows\SysWow64\guard32.dll 2012-11-07 23:37:31 390392 ----a-w- C:\Windows\System32\guard64.dll 2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll 2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll 2012-10-30 23:51:55 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2012-10-30 23:51:55 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2012-10-30 23:51:07 41224 ----a-w- C:\Windows\avastSS.scr 2012-10-27 06:26:55 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-10-27 05:51:21 1188864 ----a-w- C:\Windows\System32\wininet.dll 2012-10-19 11:18:52 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2012-10-19 11:18:52 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll 2012-10-15 16:59:28 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll 2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll 2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll 2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll 2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll 2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll 2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll 2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll 2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll 2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll 2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll 2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys 2010-12-07 22:27:54 331249 ----a-w- C:\Program Files (x86)\Clown_BD_v0.79.exe . ============= FINISH: 11:14:21.15 =============== Attach . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 4/22/2010 6:38:06 PM System Uptime: 12/28/2012 9:23:52 PM (14 hours ago) . Motherboard: ASUSTeK Computer INC. | | M4A785-M Processor: AMD Athlon™ 64 X2 Dual Core Processor 5600+ | AM2 | 2800/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 184 GiB total, 92.835 GiB free. D: is CDROM (UDF) E: is FIXED (NTFS) - 466 GiB total, 446.529 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP350: 12/18/2012 12:50:38 PM - Windows Update RP351: 12/21/2012 3:00:11 AM - Windows Update RP352: 12/25/2012 12:34:33 AM - Windows Update RP353: 12/28/2012 12:33:05 PM - Restore Operation RP354: 12/28/2012 12:33:40 PM - Windows Update RP355: 12/28/2012 12:41:03 PM - Windows Update . ==== Installed Programs ====================== . µTorrent Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 9.5.0 AMD Drag and Drop Transcoding AnyDVD Apple Application Support Apple Mobile Device Support Apple Software Update ATI Catalyst Install Manager avast! Free Antivirus Bonjour Boxee BoxeeIntegration Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy ccc-core-static ccc-utility64 CCC Help English COMODO Internet Security COMODO livePCsupport D3DX10 EPU-4 Engine ffdshow x64 v1.1.3439 [2010-05-14] G-Force Garmin Training Center Garmin USB Drivers Google Chrome Google Update Helper Homeworld Theme - Windows 7 Media Center Internet TV for Windows Media Center iTunes Java Auto Updater Java™ 6 Update 23 (64-bit) Java™ 6 Update 37 MakeMKV v1.7.7 Malwarebytes Anti-Malware version 1.70.0.1100 Media Browser Media Player Classic - Home Cinema v1.5.2.3173 x64 MediaInfo 0.7.31 Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 MKVtoolnix 4.0.0 Mobile Mouse Server Mozilla Firefox 17.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT Netflix in Windows Media Center Notepad++ PC Probe II QuickTime Realtek 8136 8168 8169 Ethernet Driver Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Sierra Wireless Watcher SiSoftware Sandra Lite 2010c Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) VLC media player 1.0.5 WhiteCap Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) Windows Home Server Connector Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Media Center Add-in for Flash WMV9/VC-1 Video Playback XBMC XBMCIntegration Zinc Zinc Launcher ZvRemote . ==== Event Viewer Messages From Past Week ======== . 12/28/2012 9:25:01 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Center TV Archive Transfer Service service to connect. 12/28/2012 9:25:01 PM, Error: Service Control Manager [7000] - The Windows Media Center TV Archive Transfer Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 12/27/2012 12:28:49 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 12/26/2012 12:38:48 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The pipe has been ended. 12/26/2012 12:38:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "109" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69} 12/23/2012 3:06:42 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.103. The computer with the IP address 192.168.1.102 did not allow the name to be claimed by this computer. 12/23/2012 2:14:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wlidsvc service. . ==== End Of File =========================== Thanks!
- December 29, 2012
- 22 replies

Sign In

supturb89

Posts

Joined

Last visited

Reputation

lsass.exe using exorbitant memory

lsass.exe using exorbitant memory

lsass.exe using exorbitant memory

lsass.exe using exorbitant memory

lsass.exe using exorbitant memory

lsass.exe using exorbitant memory

lsass.exe using exorbitant memory

lsass.exe using exorbitant memory

lsass.exe using exorbitant memory

lsass.exe using exorbitant memory

lsass.exe using exorbitant memory

lsass.exe using exorbitant memory

lsass.exe using exorbitant memory

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information