Jump to content

lsass.exe using exorbitant memory


Recommended Posts

Hello,

I have recently started to notice my HTPC running very slowly. Upon inspection of the task manager I have discoved that the lsass.exe process is consuming large amounts of memory, most often as high as 3 million bytes. I have run MB and nothing was found. I'm hopng to get some more in-depth advice on what to do next. I am including the requested logs.

thank you

Aaron

DDS

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_37

Run by Webb at 11:13:26 on 2012-12-29

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.874 [GMT -6:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\COMODO\COMODO livePCsupport\CLPSLS.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files\Windows Home Server\esClient.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Windows Home Server\WHSConnector.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files (x86)\Garmin\gStart.exe

C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\MediaBrowser\MediaBrowser\MediaBrowserService.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Windows Home Server\WHSTrayApp.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files (x86)\ZeeVee\ZvRemote\ZvRemote.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\eHome\EHShell.exe

C:\Windows\ehome\ehsched.exe

C:\Windows\eHome\EhTray.exe

C:\Windows\ehome\ehVid.exe

C:\Windows\eHome\ehExtHost.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Windows\notepad.exe

C:\Windows\notepad.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\taskmgr.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned>

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

uRun: [gStart] C:\Program Files (x86)\Garmin\gStart.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [AirCardEnabler] <no file>

dRunOnce: [osk.exe] osk.exe

dRunOnce: [Application Restart #0] C:\Windows\System32\osk.exe

StartupFolder: C:\Users\Webb\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ZvRemote.lnk - C:\Program Files (x86)\ZeeVee\ZvRemote\ZvRemote.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AIRMOU~1.LNK - C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MEDIAB~1.LNK - C:\Program Files (x86)\MediaBrowser\MediaBrowser\MediaBrowserService.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINDOW~1.LNK - C:\Windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{CF7093E3-9D75-48C1-87A4-676EF6186AFB} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{E89CDB43-70DF-472F-B0FB-FD2047B10812} : DHCPNameServer = 192.168.1.1

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs= C:\Windows\SysWOW64\guard32.dll

SSODL: WebCheck - <orphaned>

x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: BrowserHelper Class: {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll

x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-TB: Home Server Banner: {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll

x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll

x64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

Hosts: 192.168.1.105 HOMESERVER #Windows Home Server#

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Webb\AppData\Roaming\Mozilla\Firefox\Profiles\ek5gyir8.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - component: C:\Users\Webb\AppData\Roaming\Mozilla\Firefox\Profiles\ek5gyir8.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.dll

FF - component: C:\Users\Webb\AppData\Roaming\Mozilla\Firefox\Profiles\ek5gyir8.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll

FF - component: C:\Users\Webb\AppData\Roaming\Mozilla\Firefox\Profiles\ek5gyir8.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Webb\AppData\Roaming\Mozilla\Firefox\Profiles\ek5gyir8.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\plugins\np-mswmp.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-3-8 984144]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-4-22 370288]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2010-4-9 584056]

R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2010-4-9 38144]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-10-26 203776]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-4-22 25232]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-4-22 71600]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-12-21 44808]

R2 CLPSLS;COMODO livePCsupport Service;C:\Program Files (x86)\COMODO\COMODO livePCsupport\CLPSLS.exe [2010-2-19 148744]

R2 esClient;Windows Media Center Client Service;C:\Program Files\Windows Home Server\esClient.exe [2011-1-10 109936]

R2 WHSConnector;Windows Home Server Connector Service;C:\Program Files\Windows Home Server\WHSConnector.exe [2011-1-10 489840]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-9-24 116752]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-4-22 215040]

S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2011-1-10 231280]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-7-7 20992]

S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe [2010-5-1 93336]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-7 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-22 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-12-29 09:38:25 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CBDA262E-5FCC-4B41-B1E7-7BEC5A2B2BA5}\offreg.dll

2012-12-29 03:03:34 -------- d-----w- C:\Users\Webb\AppData\Roaming\Malwarebytes

2012-12-29 03:03:16 -------- d-----w- C:\ProgramData\Malwarebytes

2012-12-29 03:03:14 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-12-29 03:03:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-12-29 03:02:59 -------- d-----w- C:\Users\Webb\AppData\Local\Programs

2012-12-28 18:41:39 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CBDA262E-5FCC-4B41-B1E7-7BEC5A2B2BA5}\mpengine.dll

2012-12-21 09:00:37 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-21 09:00:37 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-21 09:00:35 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-21 09:00:33 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-11 19:07:16 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-12-11 19:07:16 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-12-11 19:05:59 338432 ----a-w- C:\Windows\System32\conhost.exe

.

==================== Find3M ====================

.

2012-12-12 11:13:13 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-12 11:13:13 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-11-12 12:28:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2012-11-12 11:52:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-11-07 23:38:00 38144 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys

2012-11-07 23:37:59 584056 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys

2012-11-07 23:37:57 22736 ----a-w- C:\Windows\System32\drivers\cmderd.sys

2012-11-07 23:37:36 41240 ----a-w- C:\Windows\System32\cmdcsr.dll

2012-11-07 23:37:34 301264 ----a-w- C:\Windows\SysWow64\guard32.dll

2012-11-07 23:37:31 390392 ----a-w- C:\Windows\System32\guard64.dll

2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll

2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

2012-10-30 23:51:55 984144 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2012-10-30 23:51:55 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2012-10-30 23:51:07 41224 ----a-w- C:\Windows\avastSS.scr

2012-10-27 06:26:55 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-10-27 05:51:21 1188864 ----a-w- C:\Windows\System32\wininet.dll

2012-10-19 11:18:52 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2012-10-19 11:18:52 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll

2012-10-15 16:59:28 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll

2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll

2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll

2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll

2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll

2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll

2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll

2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll

2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll

2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll

2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll

2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll

2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll

2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys

2010-12-07 22:27:54 331249 ----a-w- C:\Program Files (x86)\Clown_BD_v0.79.exe

.

============= FINISH: 11:14:21.15 ===============

Attach

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 4/22/2010 6:38:06 PM

System Uptime: 12/28/2012 9:23:52 PM (14 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | M4A785-M

Processor: AMD Athlon™ 64 X2 Dual Core Processor 5600+ | AM2 | 2800/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 184 GiB total, 92.835 GiB free.

D: is CDROM (UDF)

E: is FIXED (NTFS) - 466 GiB total, 446.529 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP350: 12/18/2012 12:50:38 PM - Windows Update

RP351: 12/21/2012 3:00:11 AM - Windows Update

RP352: 12/25/2012 12:34:33 AM - Windows Update

RP353: 12/28/2012 12:33:05 PM - Restore Operation

RP354: 12/28/2012 12:33:40 PM - Windows Update

RP355: 12/28/2012 12:41:03 PM - Windows Update

.

==== Installed Programs ======================

.

µTorrent

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.0

AMD Drag and Drop Transcoding

AnyDVD

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI Catalyst Install Manager

avast! Free Antivirus

Bonjour

Boxee

BoxeeIntegration

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

ccc-core-static

ccc-utility64

CCC Help English

COMODO Internet Security

COMODO livePCsupport

D3DX10

EPU-4 Engine

ffdshow x64 v1.1.3439 [2010-05-14]

G-Force

Garmin Training Center

Garmin USB Drivers

Google Chrome

Google Update Helper

Homeworld Theme - Windows 7 Media Center

Internet TV for Windows Media Center

iTunes

Java Auto Updater

Java™ 6 Update 23 (64-bit)

Java™ 6 Update 37

MakeMKV v1.7.7

Malwarebytes Anti-Malware version 1.70.0.1100

Media Browser

Media Player Classic - Home Cinema v1.5.2.3173 x64

MediaInfo 0.7.31

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

MKVtoolnix 4.0.0

Mobile Mouse Server

Mozilla Firefox 17.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

Netflix in Windows Media Center

Notepad++

PC Probe II

QuickTime

Realtek 8136 8168 8169 Ethernet Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Sierra Wireless Watcher

SiSoftware Sandra Lite 2010c

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

VLC media player 1.0.5

WhiteCap

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

Windows Home Server Connector

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Media Center Add-in for Flash

WMV9/VC-1 Video Playback

XBMC

XBMCIntegration

Zinc

Zinc Launcher

ZvRemote

.

==== Event Viewer Messages From Past Week ========

.

12/28/2012 9:25:01 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Center TV Archive Transfer Service service to connect.

12/28/2012 9:25:01 PM, Error: Service Control Manager [7000] - The Windows Media Center TV Archive Transfer Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/27/2012 12:28:49 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

12/26/2012 12:38:48 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The pipe has been ended.

12/26/2012 12:38:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "109" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

12/23/2012 3:06:42 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.103. The computer with the IP address 192.168.1.102 did not allow the name to be claimed by this computer.

12/23/2012 2:14:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wlidsvc service.

.

==== End Of File ===========================

Thanks!

Link to post
Share on other sites

  • Staff

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

    [*]Please do not attach logs or use code boxes, just copy and paste the text.

    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

    [*]Please read every post completely before doing anything.

    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

    [*]Please provide feedback about your experience as we go.

    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from
here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download
AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+

Gringo

Link to post
Share on other sites

Gringo,

Thank you for the reply. I ran the programs you asked and as of now the lsass.exe process is not eating up the memory it was (currently using 5800K). Here are the logs:

Results of screen317's Security Check version 0.99.56

Windows 7 Service Pack 1 x64 (UAC is disabled!)

Internet Explorer 8 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Windows Firewall Disabled!

avast! Antivirus

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.70.0.1100

Java 6 Update 37

Java version out of Date!

Adobe Flash Player 11.5.502.135

Adobe Reader 9 Adobe Reader out of Date!

Mozilla Firefox (17.0.1)

Google Chrome 23.0.1271.97

````````Process Check: objlist.exe by Laurent````````

Comodo Firewall cmdagent.exe

Comodo Firewall cfp.exe

Alwil Software Avast5 AvastSvc.exe

Alwil Software Avast5 AvastUI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

# AdwCleaner v2.104 - Logfile created 12/29/2012 at 15:52:43

# Updated 29/12/2012 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)

# User : Webb - HTPC

# Boot Mode : Normal

# Running from : C:\Users\Webb\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Windows\SysWOW64\conduitEngine.tmp

Folder Deleted : C:\Users\Webb\AppData\Local\Conduit

Folder Deleted : C:\Users\Webb\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj

Folder Deleted : C:\Users\Webb\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Webb\AppData\Roaming\Mozilla\Firefox\Profiles\ek5gyir8.default\Conduit

Folder Deleted : C:\Users\Webb\AppData\Roaming\Mozilla\Firefox\Profiles\ek5gyir8.default\ConduitCommon

Folder Deleted : C:\Users\Webb\AppData\Roaming\Mozilla\Firefox\Profiles\ek5gyir8.default\ConduitEngine

Folder Deleted : C:\Users\Webb\AppData\Roaming\Mozilla\Firefox\Profiles\ek5gyir8.default\CT2786678

Folder Deleted : C:\Users\Webb\AppData\Roaming\Mozilla\Firefox\Profiles\ek5gyir8.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

Folder Deleted : C:\Users\Webb\AppData\Roaming\Mozilla\Firefox\Profiles\ek5gyir8.default\extensions\engine@conduit.com

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Users\Webb\AppData\Roaming\Mozilla\Firefox\Profiles\ek5gyir8.default\prefs.js

Deleted : user_pref("CT2786678..clientLogIsEnabled", false);

Deleted : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Deleted : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Deleted : user_pref("CT2786678.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

Deleted : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Deleted : user_pref("CT2786678.AppTrackingLastCheckTime", "Sat Jul 02 2011 07:21:15 GMT-0500 (Central Daylight[...]

Deleted : user_pref("CT2786678.BrowserCompStateIsOpen_129579220236217502", true);

Deleted : user_pref("CT2786678.CTID", "CT2786678");

Deleted : user_pref("CT2786678.CurrentServerDate", "29-12-2012");

Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR");

Deleted : user_pref("CT2786678.DialogsGetterLastCheckTime", "Fri Dec 28 2012 20:56:22 GMT-0600 (Central Standa[...]

Deleted : user_pref("CT2786678.DownloadReferralCookieData", "");

Deleted : user_pref("CT2786678.EMailNotifierPollDate", "Fri Jul 01 2011 18:17:12 GMT-0500 (Central Daylight Ti[...]

Deleted : user_pref("CT2786678.FeedLastCount5690698542593514850", 159);

Deleted : user_pref("CT2786678.FeedPollDate2429156812186649977", "Fri Jul 01 2011 18:17:13 GMT-0500 (Central D[...]

Deleted : user_pref("CT2786678.FeedPollDate2429156813040823546", "Fri Jul 01 2011 18:17:13 GMT-0500 (Central D[...]

Deleted : user_pref("CT2786678.FeedPollDate2429156813130095866", "Fri Jul 01 2011 18:17:13 GMT-0500 (Central D[...]

Deleted : user_pref("CT2786678.FeedPollDate2429156813224203613", "Fri Jul 01 2011 18:17:13 GMT-0500 (Central D[...]

Deleted : user_pref("CT2786678.FeedPollDate2429156813230837251", "Fri Jul 01 2011 18:17:13 GMT-0500 (Central D[...]

Deleted : user_pref("CT2786678.FeedPollDate2429156813454291735", "Fri Jul 01 2011 18:17:13 GMT-0500 (Central D[...]

Deleted : user_pref("CT2786678.FeedPollDate2429156813729834876", "Fri Jul 01 2011 18:17:13 GMT-0500 (Central D[...]

Deleted : user_pref("CT2786678.FeedPollDate2429156813860870021", "Fri Jul 01 2011 18:17:14 GMT-0500 (Central D[...]

Deleted : user_pref("CT2786678.FeedPollDate2429156814264681793", "Fri Jul 01 2011 18:17:13 GMT-0500 (Central D[...]

Deleted : user_pref("CT2786678.FeedPollDate2429156814863075366", "Fri Jul 01 2011 18:17:13 GMT-0500 (Central D[...]

Deleted : user_pref("CT2786678.FeedPollDate2429156815257761081", "Fri Jul 01 2011 18:17:13 GMT-0500 (Central D[...]

Deleted : user_pref("CT2786678.FeedTTL2429156813040823546", 15);

Deleted : user_pref("CT2786678.FeedTTL2429156813130095866", 10);

Deleted : user_pref("CT2786678.FeedTTL2429156813454291735", 5);

Deleted : user_pref("CT2786678.FeedTTL2429156814264681793", 5);

Deleted : user_pref("CT2786678.FirstServerDate", "2-7-2011");

Deleted : user_pref("CT2786678.FirstTime", true);

Deleted : user_pref("CT2786678.FirstTimeFF3", true);

Deleted : user_pref("CT2786678.FixPageNotFoundErrors", false);

Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440);

Deleted : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Deleted : user_pref("CT2786678.HasUserGlobalKeys", true);

Deleted : user_pref("CT2786678.HomePageProtectorEnabled", false);

Deleted : user_pref("CT2786678.Initialize", true);

Deleted : user_pref("CT2786678.InitializeCommonPrefs", true);

Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);

Deleted : user_pref("CT2786678.InstallationType", "UnknownIntegration");

Deleted : user_pref("CT2786678.InstalledDate", "Fri Jul 01 2011 18:17:12 GMT-0500 (Central Daylight Time)");

Deleted : user_pref("CT2786678.IsAlertDBUpdated", true);

Deleted : user_pref("CT2786678.IsGrouping", false);

Deleted : user_pref("CT2786678.IsInitSetupIni", true);

Deleted : user_pref("CT2786678.IsMulticommunity", false);

Deleted : user_pref("CT2786678.IsOpenThankYouPage", true);

Deleted : user_pref("CT2786678.IsOpenUninstallPage", false);

Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Fri Dec 28 2012 20:56:20 GMT-0600 (Central Standar[...]

Deleted : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);

Deleted : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Deleted : user_pref("CT2786678.LastLogin_3.13.0.6", "Tue Sep 18 2012 20:15:12 GMT-0500 (Central Daylight Time)[...]

Deleted : user_pref("CT2786678.LastLogin_3.15.1.0", "Sat Dec 29 2012 13:44:30 GMT-0600 (Central Standard Time)[...]

Deleted : user_pref("CT2786678.LastLogin_3.5.0.12", "Sat Jul 02 2011 07:21:05 GMT-0500 (Central Daylight Time)[...]

Deleted : user_pref("CT2786678.LatestVersion", "3.16.0.3");

Deleted : user_pref("CT2786678.Locale", "en");

Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83");

Deleted : user_pref("CT2786678.MCDetectTooltipShow", false);

Deleted : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295");

Deleted : user_pref("CT2786678.MyStuffEnabledAtInstallation", true);

Deleted : user_pref("CT2786678.OriginalFirstVersion", "3.5.0.12");

Deleted : user_pref("CT2786678.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");

Deleted : user_pref("CT2786678.SearchFromAddressBarIsInit", true);

Deleted : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT278[...]

Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true);

Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);

Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Fri Dec 28 2012 20:56:17 GMT-0600 (Central Stand[...]

Deleted : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Deleted : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]

Deleted : user_pref("CT2786678.SearchInNewTabUserEnabled", false);

Deleted : user_pref("CT2786678.SearchProtectorEnabled", false);

Deleted : user_pref("CT2786678.SearchProtectorToolbarDisabled", false);

Deleted : user_pref("CT2786678.ServiceMapLastCheckTime", "Fri Dec 28 2012 20:56:18 GMT-0600 (Central Standard [...]

Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Sat Dec 29 2012 09:44:28 GMT-0600 (Central Standard Ti[...]

Deleted : user_pref("CT2786678.SettingsLastUpdate", "1356550082");

Deleted : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);

Deleted : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Fri Jul 01 2011 18:17:11 GMT-0500 (Central Day[...]

Deleted : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1246786978");

Deleted : user_pref("CT2786678.ToolbarShrinkedFromSetup", false);

Deleted : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");

Deleted : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Deleted : user_pref("CT2786678.UserID", "UN21299609397261965");

Deleted : user_pref("CT2786678.WeatherNetwork", "");

Deleted : user_pref("CT2786678.WeatherPollDate", "Fri Jul 01 2011 18:17:13 GMT-0500 (Central Daylight Time)");

Deleted : user_pref("CT2786678.WeatherUnit", "F");

Deleted : user_pref("CT2786678.alertChannelId", "1178763");

Deleted : user_pref("CT2786678.approveUntrustedApps", false);

Deleted : user_pref("CT2786678.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]

Deleted : user_pref("CT2786678.backendstorage.url_history", "687474703A2F2F69736F68756E742E636F6D2F746F7272656[...]

Deleted : user_pref("CT2786678.backendstorage.url_history_time", "31333039353632363232383137");

Deleted : user_pref("CT2786678.components.1000034", false);

Deleted : user_pref("CT2786678.components.1000234", false);

Deleted : user_pref("CT2786678.components.129295698017012804", false);

Deleted : user_pref("CT2786678.components.129309485163350924", false);

Deleted : user_pref("CT2786678.components.129309489763975460", false);

Deleted : user_pref("CT2786678.components.129315411424256896", false);

Deleted : user_pref("CT2786678.components.129513460540910967", false);

Deleted : user_pref("CT2786678.components.129526967958500204", false);

Deleted : user_pref("CT2786678.components.5690698542593514850", false);

Deleted : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Deleted : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Sat Jul 02 2011 07:21:05 GMT-0500 (Central [...]

Deleted : user_pref("CT2786678.homepageProtectorEnableByLogin", true);

Deleted : user_pref("CT2786678.initDone", true);

Deleted : user_pref("CT2786678.isAppTrackingManagerOn", true);

Deleted : user_pref("CT2786678.myStuffEnabled", true);

Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400);

Deleted : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);

Deleted : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Deleted : user_pref("CT2786678.oldAppsList", "129295695672325902,129295695672325903,111,1000234,12929569801701[...]

Deleted : user_pref("CT2786678.revertSettingsEnabled", false);

Deleted : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10);

Deleted : user_pref("CT2786678.searchProtectorEnableByLogin", true);

Deleted : user_pref("CT2786678.testingCtid", "");

Deleted : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Fri Dec 28 2012 20:56:18 GMT-0600 (Central S[...]

Deleted : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Fri Jul 01 2011 18:17:13 GMT-0500 (Central D[...]

Deleted : user_pref("CT2786678.usagesFlag", 2);

Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2786678/CT2786678[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/US", "\"0\"[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", [...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678",[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2786678/CT2786678[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"bb9[...]

Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");

Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");

Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");

Deleted : user_pref("CommunityToolbar.IsEngineShown", true);

Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);

Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Webb\\AppData\\Roaming\\Mozilla\\Fi[...]

Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.5.0.12");

Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");

Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");

Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");

Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]

Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2786678,ConduitEngine");

Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2786678,ConduitEngine");

Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2786678");

Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Fri Jul 01 2011 18:17:12 GMT-05[...]

Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);

Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Mar 02 2012 18:45:17 GMT-0600 (Centr[...]

Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");

Deleted : user_pref("CommunityToolbar.alert.locale", "en");

Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);

Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Mar 02 2012 18:45:09 GMT-0600 (Central S[...]

Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");

Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);

Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");

Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);

Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);

Deleted : user_pref("CommunityToolbar.alert.userId", "40b35769-2d50-4383-812c-16c8d9ea92aa");

Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Jul 01 2011 18:17:13 GMT-0500 (Cen[...]

Deleted : user_pref("CommunityToolbar.globalUserId", "1f3741a7-815c-494a-b0b6-1287d12f89d1");

Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Jul 01 2011 18:17:1[...]

Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);

Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sat Jul 02 2011 07:21:13 GMT-050[...]

Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");

Deleted : user_pref("CommunityToolbar.notifications.locale", "en");

Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);

Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Jul 01 2011 18:17:12 GMT-0500 (C[...]

Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1305622559");

Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");

Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);

Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

Deleted : user_pref("CommunityToolbar.notifications.userId", "7a8314af-ff7a-4f72-97e8-bc5e0d1c09cb");

Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Thu Mar 01 2012 18:45:19 GMT-0600 (Central Stan[...]

Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");

Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Thu Mar 01 2012 18:45:09 GMT-0600 (Central St[...]

Deleted : user_pref("ConduitEngine.FirstServerDate", "07/02/2011 02");

Deleted : user_pref("ConduitEngine.FirstTime", true);

Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);

Deleted : user_pref("ConduitEngine.FixPageNotFoundErrors", false);

Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);

Deleted : user_pref("ConduitEngine.Initialize", true);

Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);

Deleted : user_pref("ConduitEngine.InstallationType", "UnknownIntegration");

Deleted : user_pref("ConduitEngine.InstalledDate", "Fri Jul 01 2011 18:17:13 GMT-0500 (Central Daylight Time)"[...]

Deleted : user_pref("ConduitEngine.IsMulticommunity", false);

Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);

Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", false);

Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Fri Mar 02 2012 18:45:10 GMT-0600 (Central Sta[...]

Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sat Mar 03 2012 06:45:09 GMT-0600 (Central Standard Ti[...]

Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);

Deleted : user_pref("ConduitEngine.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...]

Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Mar 03 2012 06:45:09 GMT-0600 (Central Standar[...]

Deleted : user_pref("ConduitEngine.UserID", "UN54517739767074751");

Deleted : user_pref("ConduitEngine.engineLocale", "en-US");

Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Fri Mar 02 2012 18:45:11 GMT-0600 (Centr[...]

Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sat Mar 03 2012 06:45:09 GMT-0600 (Cent[...]

Deleted : user_pref("ConduitEngine.initDone", true);

Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Webb\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [20234 octets] - [29/12/2012 15:52:43]

########## EOF - C:\AdwCleaner[s1].txt - [20295 octets] ##########

RogueKiller V8.4.1 [Dec 28 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Webb [Admin rights]

Mode : Scan -- Date : 12/29/2012 15:59:28

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

192.168.1.105 HOMESERVER #Windows Home Server#

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500YD-01NVB1 ATA Device +++++

--- User ---

[MBR] 52b9e6ab410f29e12965d7f2704820f4

[bSP] 5239ee995432644c26a960e1f84967b8 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 188252 Mo

1 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 385543935 | Size: 51113 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_12292012_02d1559.txt >>

RKreport[1]_S_12292012_02d1559.txt

Thanks!

Aaron

Link to post
Share on other sites

  • Staff

Hello

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Link to post
Share on other sites

Gringo,

After running the programs in your first post I replied back that the lsass.exe process was running normal again. That was true for a short time, but as time went by the process started to increase its memory usage. Upon waking this morning it was back up to around 2.8 million K and my computer was really sluggish. I have run Combofix like you asked but the problem still persists.

ComboFix 12-12-30.01 - Webb 12/30/2012 8:00.1.2 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.901 [GMT -6:00]

Running from: c:\users\Webb\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\xmlA717.tmp

c:\programdata\xmlAC94.tmp

c:\programdata\xmlB79D.tmp

c:\users\Webb\AppData\Local\Microsoft\Windows\Temporary Internet Files\install_flash_player_10_active_x.msi

.

.

((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-30 )))))))))))))))))))))))))))))))

.

.

2012-12-30 14:08 . 2012-12-30 14:08 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-30 11:10 . 2012-12-30 11:10 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CBDA262E-5FCC-4B41-B1E7-7BEC5A2B2BA5}\offreg.dll

2012-12-29 03:03 . 2012-12-29 03:03 -------- d-----w- c:\users\Webb\AppData\Roaming\Malwarebytes

2012-12-29 03:03 . 2012-12-29 03:03 -------- d-----w- c:\programdata\Malwarebytes

2012-12-29 03:03 . 2012-12-29 03:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-12-29 03:03 . 2012-12-14 22:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-29 03:02 . 2012-12-29 03:02 -------- d-----w- c:\users\Webb\AppData\Local\Programs

2012-12-28 18:41 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CBDA262E-5FCC-4B41-B1E7-7BEC5A2B2BA5}\mpengine.dll

2012-12-21 13:54 . 2012-12-21 13:56 -------- d-----w- c:\program files (x86)\Google

2012-12-21 09:00 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-21 09:00 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-21 09:00 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-21 09:00 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-11 19:07 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-11 19:07 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-12-11 19:05 . 2012-10-04 16:47 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-12 11:13 . 2012-04-07 13:19 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-12 11:13 . 2011-05-21 19:42 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-12 09:01 . 2010-04-23 02:37 67413224 ----a-w- c:\windows\system32\MRT.exe

2012-11-07 23:38 . 2010-04-09 06:25 94288 ----a-w- c:\windows\system32\drivers\inspect.sys

2012-11-07 23:38 . 2010-04-09 06:25 38144 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2012-11-07 23:37 . 2010-04-09 06:25 584056 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2012-11-07 23:37 . 2010-04-09 06:25 22736 ----a-w- c:\windows\system32\drivers\cmderd.sys

2012-11-07 23:37 . 2012-01-18 13:15 41240 ----a-w- c:\windows\system32\cmdcsr.dll

2012-11-07 23:37 . 2010-04-09 06:26 301264 ----a-w- c:\windows\SysWow64\guard32.dll

2012-11-07 23:37 . 2010-04-09 06:26 390392 ----a-w- c:\windows\system32\guard64.dll

2012-10-30 23:51 . 2010-04-23 02:32 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-10-30 23:51 . 2011-03-09 01:52 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-10-30 23:51 . 2010-04-23 02:32 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-10-30 23:51 . 2010-04-23 02:32 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-10-30 23:51 . 2010-04-23 02:32 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-10-30 23:51 . 2010-07-24 02:43 41224 ----a-w- c:\windows\avastSS.scr

2012-10-30 23:50 . 2010-04-23 02:31 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-10-30 23:50 . 2011-02-13 22:36 285328 ----a-w- c:\windows\system32\aswBoot.exe

2012-10-19 15:29 . 2012-10-19 15:29 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin

2012-10-19 11:18 . 2012-10-19 11:18 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-10-19 11:18 . 2010-04-25 02:57 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-10-16 08:38 . 2012-11-27 18:55 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-11-27 18:55 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-11-27 18:55 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-15 16:59 . 2012-04-07 13:20 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-10-09 18:17 . 2012-11-14 10:50 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-10-09 18:17 . 2012-11-14 10:50 226816 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-10-09 17:40 . 2012-11-14 10:50 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40 . 2012-11-14 10:50 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll

2012-10-04 20:29 . 2012-03-15 06:40 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2012-10-04 20:28 . 2012-02-19 21:32 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2012-10-04 20:28 . 2012-02-19 21:32 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2012-10-04 20:28 . 2012-02-19 21:32 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-10-04 16:40 . 2012-12-11 19:05 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-10-03 17:56 . 2012-11-14 10:49 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-10-03 17:44 . 2012-11-14 10:49 70656 ----a-w- c:\windows\system32\nlaapi.dll

2012-10-03 17:44 . 2012-11-14 10:49 303104 ----a-w- c:\windows\system32\nlasvc.dll

2012-10-03 17:44 . 2012-11-14 10:49 246272 ----a-w- c:\windows\system32\netcorehc.dll

2012-10-03 17:44 . 2012-11-14 10:49 18944 ----a-w- c:\windows\system32\netevent.dll

2012-10-03 17:44 . 2012-11-14 10:49 216576 ----a-w- c:\windows\system32\ncsi.dll

2012-10-03 17:42 . 2012-11-14 10:49 569344 ----a-w- c:\windows\system32\iphlpsvc.dll

2012-10-03 16:42 . 2012-11-14 10:49 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll

2012-10-03 16:42 . 2012-11-14 10:49 18944 ----a-w- c:\windows\SysWow64\netevent.dll

2012-10-03 16:42 . 2012-11-14 10:49 156672 ----a-w- c:\windows\SysWow64\ncsi.dll

2012-10-03 16:07 . 2012-11-14 10:49 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2010-12-07 22:27 . 2010-11-21 17:11 331249 ----a-w- c:\program files (x86)\Clown_BD_v0.79.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"gStart"="c:\program files (x86)\Garmin\gStart.exe" [2008-08-13 1891416]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-27 98304]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]

"WatcherHelper"="c:\program files (x86)\Sierra Wireless Inc\Watcher\WaHelper.exe" [2009-06-12 53248]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]

"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"osk.exe"="osk.exe" [2009-07-14 646144]

"Application Restart 0"="c:\windows\System32\osk.exe" [2009-07-14 646144]

.

c:\users\Webb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

ZvRemote.lnk - c:\program files (x86)\ZeeVee\ZvRemote\ZvRemote.exe [2010-2-10 1565944]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Air Mouse.lnk - c:\program files (x86)\Air Mouse\Air Mouse\Air Mouse.exe [2010-6-27 1018856]

Media Browser Service.lnk - c:\program files (x86)\MediaBrowser\MediaBrowser\MediaBrowserService.exe [2012-1-14 135168]

Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2012-1-2 666992]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]

R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe [2009-08-24 93336]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-02-18 51712]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-23 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-11-07 584056]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-11-07 38144]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-27 203776]

S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2011-01-10 231280]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]

S2 CLPSLS;COMODO livePCsupport Service;c:\program files (x86)\COMODO\COMODO livePCsupport\CLPSLS.exe [2010-02-19 148744]

S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [2011-01-10 109936]

S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2011-01-10 489840]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-30 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 11:13]

.

2012-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-21 13:54]

.

2012-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-21 13:54]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 23:50 133400 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 9577680]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\guard64.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Webb\AppData\Roaming\Mozilla\Firefox\Profiles\ek5gyir8.default\

FF - prefs.js: browser.startup.homepage - www.google.com

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

Wow6432Node-HKLM-Run-AirCardEnabler - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-12-30 08:11:09

ComboFix-quarantined-files.txt 2012-12-30 14:11

.

Pre-Run: 99,370,250,240 bytes free

Post-Run: 99,080,904,704 bytes free

.

- - End Of File - - 8E977CADB4359AFEAC8BC7F2C3078E16

Link to post
Share on other sites

  • Staff

Greetings

I want you to run these next,

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.

  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo

Link to post
Share on other sites

Gringo,

I have run TDSSkiller and aswMBR and am posting the logs. After running them I opened my task manager and notice that the lsass.exe process is no longer running?

14:08:38.0499 3964 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

14:08:40.0511 3964 ============================================================

14:08:40.0511 3964 Current date / time: 2012/12/30 14:08:40.0511

14:08:40.0511 3964 SystemInfo:

14:08:40.0511 3964

14:08:40.0511 3964 OS Version: 6.1.7601 ServicePack: 1.0

14:08:40.0511 3964 Product type: Workstation

14:08:40.0511 3964 ComputerName: HTPC

14:08:40.0511 3964 UserName: Webb

14:08:40.0511 3964 Windows directory: C:\Windows

14:08:40.0511 3964 System windows directory: C:\Windows

14:08:40.0511 3964 Running under WOW64

14:08:40.0511 3964 Processor architecture: Intel x64

14:08:40.0511 3964 Number of processors: 2

14:08:40.0511 3964 Page size: 0x1000

14:08:40.0511 3964 Boot type: Normal boot

14:08:40.0511 3964 ============================================================

14:09:34.0191 3964 BG loaded

14:09:34.0784 3964 Drive \Device\Harddisk0\DR0 - Size: 0x3A70C70000 (233.76 Gb), SectorSize: 0x200, Cylinders: 0x7733, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

14:09:34.0909 3964 Drive \Device\Harddisk1\DR1 - Size: 0x7470C05E00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

14:09:35.0174 3964 ============================================================

14:09:35.0174 3964 \Device\Harddisk0\DR0:

14:09:35.0205 3964 MBR partitions:

14:09:35.0205 3964 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x16FAE6FF

14:09:35.0236 3964 \Device\Harddisk1\DR1:

14:09:35.0236 3964 MBR partitions:

14:09:35.0236 3964 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02

14:09:35.0236 3964 ============================================================

14:09:35.0314 3964 C: <-> \Device\Harddisk0\DR0\Partition1

14:09:35.0345 3964 E: <-> \Device\Harddisk1\DR1\Partition1

14:09:35.0345 3964 ============================================================

14:09:35.0345 3964 Initialize success

14:09:35.0345 3964 ============================================================

14:10:53.0377 4428 ============================================================

14:10:53.0377 4428 Scan started

14:10:53.0377 4428 Mode: Manual; SigCheck; TDLFS;

14:10:53.0377 4428 ============================================================

14:10:55.0155 4428 ================ Scan system memory ========================

14:10:55.0155 4428 System memory - ok

14:10:55.0155 4428 ================ Scan services =============================

14:10:56.0325 4428 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

14:10:56.0450 4428 1394ohci - ok

14:10:56.0528 4428 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

14:10:56.0559 4428 ACPI - ok

14:10:56.0590 4428 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

14:10:56.0653 4428 AcpiPmi - ok

14:10:57.0745 4428 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

14:10:57.0776 4428 AdobeFlashPlayerUpdateSvc - ok

14:10:57.0948 4428 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

14:10:57.0994 4428 adp94xx - ok

14:10:58.0072 4428 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

14:10:58.0104 4428 adpahci - ok

14:10:58.0150 4428 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

14:10:58.0182 4428 adpu320 - ok

14:10:58.0228 4428 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

14:10:58.0275 4428 AeLookupSvc - ok

14:10:58.0384 4428 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

14:10:58.0447 4428 AFD - ok

14:10:58.0494 4428 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

14:10:58.0525 4428 agp440 - ok

14:10:58.0572 4428 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

14:10:58.0634 4428 ALG - ok

14:10:58.0681 4428 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

14:10:58.0712 4428 aliide - ok

14:10:58.0821 4428 [ 54716D9BB43733578A5647E9B121141F ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

14:10:58.0884 4428 AMD External Events Utility - ok

14:10:58.0915 4428 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

14:10:58.0946 4428 amdide - ok

14:10:59.0008 4428 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

14:10:59.0071 4428 AmdK8 - ok

14:11:00.0381 4428 [ 522A8BD1414CC7517FAEC907F138DB9C ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys

14:11:00.0506 4428 amdkmdag - ok

14:11:00.0537 4428 [ F712C26D40BF3CD2C020BB518E8150B1 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys

14:11:00.0584 4428 amdkmdap - ok

14:11:00.0631 4428 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

14:11:00.0662 4428 AmdPPM - ok

14:11:00.0724 4428 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

14:11:00.0740 4428 amdsata - ok

14:11:00.0834 4428 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

14:11:00.0880 4428 amdsbs - ok

14:11:00.0912 4428 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

14:11:00.0927 4428 amdxata - ok

14:11:01.0130 4428 [ 821E7E501226EE344FDB0F40EE46109D ] AnyDVD C:\Windows\system32\Drivers\AnyDVD.sys

14:11:01.0161 4428 AnyDVD - ok

14:11:01.0239 4428 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

14:11:01.0333 4428 AppID - ok

14:11:01.0380 4428 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

14:11:01.0442 4428 AppIDSvc - ok

14:11:01.0520 4428 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

14:11:01.0567 4428 Appinfo - ok

14:11:01.0848 4428 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

14:11:01.0879 4428 Apple Mobile Device - ok

14:11:02.0019 4428 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll

14:11:02.0050 4428 AppMgmt - ok

14:11:02.0113 4428 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

14:11:02.0144 4428 arc - ok

14:11:02.0175 4428 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

14:11:02.0206 4428 arcsas - ok

14:11:02.0378 4428 [ 9149EC69ACD3EFC97B01D5A1BAEB3B57 ] arXfrSvc C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe

14:11:02.0394 4428 arXfrSvc - ok

14:11:02.0487 4428 [ 68726474C69B738EAC3A62E06B33ADDC ] AsIO C:\Windows\syswow64\drivers\AsIO.sys

14:11:02.0503 4428 AsIO - ok

14:11:02.0581 4428 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys

14:11:02.0581 4428 aswFsBlk - ok

14:11:02.0659 4428 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys

14:11:02.0659 4428 aswMonFlt - ok

14:11:02.0706 4428 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys

14:11:02.0721 4428 aswRdr - ok

14:11:02.0971 4428 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys

14:11:02.0986 4428 aswSnx - ok

14:11:03.0018 4428 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys

14:11:03.0033 4428 aswSP - ok

14:11:03.0064 4428 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys

14:11:03.0080 4428 aswTdi - ok

14:11:03.0111 4428 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

14:11:03.0158 4428 AsyncMac - ok

14:11:03.0189 4428 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

14:11:03.0205 4428 atapi - ok

14:11:03.0392 4428 [ E02B26650ACC2F4901342D4A66774AD7 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys

14:11:03.0408 4428 AtiHDAudioService - ok

14:11:03.0454 4428 [ 7E2F5A758F63F80F8B03F889B4E6B19F ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys

14:11:03.0486 4428 AtiHdmiService - ok

14:11:03.0548 4428 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys

14:11:03.0579 4428 AtiPcie - ok

14:11:03.0626 4428 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

14:11:03.0704 4428 AudioEndpointBuilder - ok

14:11:03.0766 4428 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

14:11:03.0813 4428 AudioSrv - ok

14:11:03.0985 4428 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

14:11:04.0000 4428 avast! Antivirus - ok

14:11:04.0078 4428 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

14:11:04.0125 4428 AxInstSV - ok

14:11:04.0266 4428 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

14:11:04.0312 4428 b06bdrv - ok

14:11:04.0437 4428 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

14:11:04.0484 4428 b57nd60a - ok

14:11:04.0515 4428 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

14:11:04.0562 4428 BDESVC - ok

14:11:04.0609 4428 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

14:11:04.0687 4428 Beep - ok

14:11:04.0812 4428 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

14:11:04.0890 4428 BFE - ok

14:11:04.0999 4428 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll

14:11:05.0077 4428 BITS - ok

14:11:05.0124 4428 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

14:11:05.0155 4428 blbdrive - ok

14:11:05.0295 4428 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe

14:11:05.0311 4428 Bonjour Service - ok

14:11:05.0342 4428 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

14:11:05.0373 4428 bowser - ok

14:11:05.0420 4428 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

14:11:05.0498 4428 BrFiltLo - ok

14:11:05.0514 4428 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

14:11:05.0545 4428 BrFiltUp - ok

14:11:05.0576 4428 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

14:11:05.0670 4428 BridgeMP - ok

14:11:05.0701 4428 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

14:11:05.0763 4428 Browser - ok

14:11:05.0794 4428 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

14:11:05.0872 4428 Brserid - ok

14:11:05.0888 4428 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

14:11:05.0950 4428 BrSerWdm - ok

14:11:05.0966 4428 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

14:11:06.0013 4428 BrUsbMdm - ok

14:11:06.0028 4428 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

14:11:06.0075 4428 BrUsbSer - ok

14:11:06.0153 4428 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

14:11:06.0216 4428 BTHMODEM - ok

14:11:06.0247 4428 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

14:11:06.0309 4428 bthserv - ok

14:11:06.0325 4428 catchme - ok

14:11:06.0372 4428 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

14:11:06.0434 4428 cdfs - ok

14:11:06.0496 4428 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

14:11:06.0528 4428 cdrom - ok

14:11:06.0590 4428 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

14:11:06.0652 4428 CertPropSvc - ok

14:11:06.0746 4428 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

14:11:06.0777 4428 circlass - ok

14:11:06.0886 4428 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

14:11:06.0918 4428 CLFS - ok

14:11:07.0027 4428 [ 56139566E462C1FB1775E140D4EE6B22 ] CLPSLS C:\Program Files (x86)\COMODO\COMODO livePCsupport\CLPSLS.exe

14:11:07.0042 4428 CLPSLS - ok

14:11:07.0292 4428 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

14:11:07.0354 4428 clr_optimization_v2.0.50727_32 - ok

14:11:07.0526 4428 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

14:11:07.0557 4428 clr_optimization_v2.0.50727_64 - ok

14:11:07.0651 4428 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

14:11:07.0744 4428 clr_optimization_v4.0.30319_32 - ok

14:11:07.0822 4428 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

14:11:07.0838 4428 clr_optimization_v4.0.30319_64 - ok

14:11:07.0885 4428 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

14:11:07.0916 4428 CmBatt - ok

14:11:08.0571 4428 [ 65FB5097D9EE7E3A99E932CFA0E4B344 ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

14:11:08.0618 4428 cmdAgent - ok

14:11:08.0758 4428 [ 919ACCC22ABDC1C3CA68326C0E5DEAF9 ] cmdGuard C:\Windows\system32\DRIVERS\cmdguard.sys

14:11:08.0774 4428 cmdGuard - ok

14:11:08.0790 4428 [ F8FECE0F1D44C4A58778083B00EEADAC ] cmdHlp C:\Windows\system32\DRIVERS\cmdhlp.sys

14:11:08.0805 4428 cmdHlp - ok

14:11:08.0836 4428 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

14:11:08.0852 4428 cmdide - ok

14:11:08.0961 4428 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

14:11:08.0992 4428 CNG - ok

14:11:09.0039 4428 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

14:11:09.0070 4428 Compbatt - ok

14:11:09.0133 4428 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

14:11:09.0164 4428 CompositeBus - ok

14:11:09.0180 4428 COMSysApp - ok

14:11:09.0211 4428 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

14:11:09.0242 4428 crcdisk - ok

14:11:09.0320 4428 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

14:11:09.0367 4428 CryptSvc - ok

14:11:09.0476 4428 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys

14:11:09.0523 4428 CSC - ok

14:11:09.0554 4428 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll

14:11:09.0601 4428 CscService - ok

14:11:09.0694 4428 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

14:11:09.0741 4428 DcomLaunch - ok

14:11:09.0897 4428 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

14:11:09.0944 4428 defragsvc - ok

14:11:09.0991 4428 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

14:11:10.0038 4428 DfsC - ok

14:11:10.0131 4428 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

14:11:10.0194 4428 Dhcp - ok

14:11:10.0209 4428 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

14:11:10.0256 4428 discache - ok

14:11:10.0303 4428 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

14:11:10.0334 4428 Disk - ok

14:11:10.0381 4428 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

14:11:10.0412 4428 Dnscache - ok

14:11:10.0490 4428 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

14:11:10.0537 4428 dot3svc - ok

14:11:10.0568 4428 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

14:11:10.0615 4428 DPS - ok

14:11:10.0677 4428 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

14:11:10.0724 4428 drmkaud - ok

14:11:10.0896 4428 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

14:11:10.0927 4428 DXGKrnl - ok

14:11:10.0942 4428 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

14:11:11.0036 4428 EapHost - ok

14:11:11.0613 4428 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

14:11:11.0707 4428 ebdrv - ok

14:11:11.0754 4428 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

14:11:11.0800 4428 EFS - ok

14:11:12.0081 4428 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

14:11:12.0112 4428 ehRecvr - ok

14:11:12.0253 4428 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

14:11:12.0268 4428 ehSched - ok

14:11:12.0378 4428 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys

14:11:12.0393 4428 ElbyCDIO - ok

14:11:12.0534 4428 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

14:11:12.0565 4428 elxstor - ok

14:11:12.0612 4428 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

14:11:12.0658 4428 ErrDev - ok

14:11:12.0783 4428 [ 94B3C06DCF580695EBA5304F3C750256 ] esClient C:\Program Files\Windows Home Server\esClient.exe

14:11:12.0799 4428 esClient - ok

14:11:12.0924 4428 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

14:11:12.0970 4428 EventSystem - ok

14:11:12.0986 4428 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

14:11:13.0048 4428 exfat - ok

14:11:13.0111 4428 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

14:11:13.0173 4428 fastfat - ok

14:11:13.0392 4428 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

14:11:13.0423 4428 Fax - ok

14:11:13.0454 4428 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

14:11:13.0485 4428 fdc - ok

14:11:13.0516 4428 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

14:11:13.0563 4428 fdPHost - ok

14:11:13.0579 4428 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

14:11:13.0626 4428 FDResPub - ok

14:11:13.0657 4428 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

14:11:13.0672 4428 FileInfo - ok

14:11:13.0688 4428 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

14:11:13.0750 4428 Filetrace - ok

14:11:13.0766 4428 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

14:11:13.0797 4428 flpydisk - ok

14:11:13.0891 4428 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

14:11:13.0906 4428 FltMgr - ok

14:11:14.0031 4428 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

14:11:14.0062 4428 FontCache - ok

14:11:14.0156 4428 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

14:11:14.0172 4428 FontCache3.0.0.0 - ok

14:11:14.0187 4428 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

14:11:14.0218 4428 FsDepends - ok

14:11:14.0250 4428 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

14:11:14.0265 4428 Fs_Rec - ok

14:11:14.0359 4428 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

14:11:14.0390 4428 fvevol - ok

14:11:14.0452 4428 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

14:11:14.0484 4428 gagp30kx - ok

14:11:14.0546 4428 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

14:11:14.0562 4428 GEARAspiWDM - ok

14:11:14.0718 4428 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

14:11:14.0764 4428 gpsvc - ok

14:11:14.0889 4428 [ 2ED7FF3E1ADA4092632393781518B3A7 ] grmnusb C:\Windows\system32\drivers\grmnusb.sys

14:11:14.0905 4428 grmnusb - ok

14:11:15.0061 4428 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

14:11:15.0076 4428 gupdate - ok

14:11:15.0154 4428 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

14:11:15.0170 4428 gupdatem - ok

14:11:15.0186 4428 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

14:11:15.0232 4428 hcw85cir - ok

14:11:15.0342 4428 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

14:11:15.0373 4428 HdAudAddService - ok

14:11:15.0404 4428 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

14:11:15.0435 4428 HDAudBus - ok

14:11:15.0466 4428 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

14:11:15.0482 4428 HidBatt - ok

14:11:15.0513 4428 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

14:11:15.0560 4428 HidBth - ok

14:11:15.0591 4428 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

14:11:15.0638 4428 HidIr - ok

14:11:15.0669 4428 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll

14:11:15.0716 4428 hidserv - ok

14:11:15.0747 4428 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

14:11:15.0763 4428 HidUsb - ok

14:11:15.0794 4428 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

14:11:15.0888 4428 hkmsvc - ok

14:11:15.0919 4428 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

14:11:15.0950 4428 HomeGroupListener - ok

14:11:15.0997 4428 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

14:11:16.0044 4428 HomeGroupProvider - ok

14:11:16.0075 4428 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

14:11:16.0090 4428 HpSAMD - ok

14:11:16.0137 4428 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

14:11:16.0200 4428 HTTP - ok

14:11:16.0231 4428 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

14:11:16.0246 4428 hwpolicy - ok

14:11:16.0309 4428 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

14:11:16.0324 4428 i8042prt - ok

14:11:16.0356 4428 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

14:11:16.0387 4428 iaStorV - ok

14:11:16.0449 4428 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

14:11:16.0496 4428 idsvc - ok

14:11:16.0512 4428 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

14:11:16.0527 4428 iirsp - ok

14:11:16.0559 4428 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

14:11:16.0605 4428 IKEEXT - ok

14:11:16.0652 4428 [ C4E67D3037DC79E39D7136581A947F50 ] inspect C:\Windows\system32\DRIVERS\inspect.sys

14:11:16.0668 4428 inspect - ok

14:11:16.0699 4428 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

14:11:16.0715 4428 intelide - ok

14:11:16.0746 4428 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

14:11:16.0777 4428 intelppm - ok

14:11:16.0808 4428 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

14:11:16.0855 4428 IPBusEnum - ok

14:11:16.0902 4428 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

14:11:17.0058 4428 IpFilterDriver - ok

14:11:17.0214 4428 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

14:11:17.0245 4428 iphlpsvc - ok

14:11:17.0292 4428 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

14:11:17.0323 4428 IPMIDRV - ok

14:11:17.0339 4428 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

14:11:17.0401 4428 IPNAT - ok

14:11:17.0463 4428 [ F8E8676D1B6B2CC12DF9AA6B1A43D929 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

14:11:17.0495 4428 iPod Service - ok

14:11:17.0526 4428 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

14:11:18.0228 4428 IRENUM - ok

14:11:18.0275 4428 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

14:11:18.0290 4428 isapnp - ok

14:11:18.0321 4428 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

14:11:18.0353 4428 iScsiPrt - ok

14:11:18.0384 4428 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

14:11:18.0399 4428 kbdclass - ok

14:11:18.0415 4428 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

14:11:18.0446 4428 kbdhid - ok

14:11:18.0462 4428 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

14:11:18.0477 4428 KeyIso - ok

14:11:18.0524 4428 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

14:11:18.0540 4428 KSecDD - ok

14:11:18.0571 4428 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

14:11:18.0602 4428 KSecPkg - ok

14:11:18.0633 4428 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

14:11:18.0680 4428 ksthunk - ok

14:11:18.0743 4428 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

14:11:18.0789 4428 KtmRm - ok

14:11:18.0836 4428 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll

14:11:18.0883 4428 LanmanServer - ok

14:11:18.0914 4428 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

14:11:18.0977 4428 LanmanWorkstation - ok

14:11:19.0023 4428 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

14:11:19.0086 4428 lltdio - ok

14:11:19.0133 4428 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

14:11:19.0211 4428 lltdsvc - ok

14:11:19.0226 4428 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

14:11:19.0273 4428 lmhosts - ok

14:11:19.0304 4428 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

14:11:19.0320 4428 LSI_FC - ok

14:11:19.0335 4428 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

14:11:19.0351 4428 LSI_SAS - ok

14:11:19.0351 4428 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

14:11:19.0367 4428 LSI_SAS2 - ok

14:11:19.0382 4428 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

14:11:19.0398 4428 LSI_SCSI - ok

14:11:19.0429 4428 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

14:11:19.0476 4428 luafv - ok

14:11:19.0601 4428 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

14:11:19.0616 4428 Mcx2Svc - ok

14:11:19.0647 4428 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

14:11:19.0647 4428 megasas - ok

14:11:19.0679 4428 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

14:11:19.0694 4428 MegaSR - ok

14:11:19.0725 4428 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

14:11:19.0772 4428 MMCSS - ok

14:11:19.0788 4428 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

14:11:19.0850 4428 Modem - ok

14:11:19.0866 4428 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

14:11:19.0913 4428 monitor - ok

14:11:19.0928 4428 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

14:11:19.0944 4428 mouclass - ok

14:11:19.0959 4428 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

14:11:19.0991 4428 mouhid - ok

14:11:20.0022 4428 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

14:11:20.0053 4428 mountmgr - ok

14:11:20.0162 4428 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

14:11:20.0193 4428 MozillaMaintenance - ok

14:11:20.0256 4428 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

14:11:20.0271 4428 mpio - ok

14:11:20.0287 4428 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

14:11:20.0334 4428 mpsdrv - ok

14:11:20.0396 4428 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

14:11:20.0474 4428 MpsSvc - ok

14:11:20.0505 4428 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

14:11:20.0552 4428 MRxDAV - ok

14:11:20.0583 4428 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

14:11:20.0615 4428 mrxsmb - ok

14:11:20.0661 4428 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

14:11:20.0693 4428 mrxsmb10 - ok

14:11:20.0708 4428 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

14:11:20.0724 4428 mrxsmb20 - ok

14:11:20.0755 4428 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

14:11:20.0771 4428 msahci - ok

14:11:20.0786 4428 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

14:11:20.0802 4428 msdsm - ok

14:11:20.0817 4428 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

14:11:20.0849 4428 MSDTC - ok

14:11:20.0895 4428 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

14:11:20.0927 4428 Msfs - ok

14:11:20.0942 4428 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

14:11:20.0989 4428 mshidkmdf - ok

14:11:21.0020 4428 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

14:11:21.0036 4428 msisadrv - ok

14:11:21.0051 4428 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

14:11:21.0114 4428 MSiSCSI - ok

14:11:21.0114 4428 msiserver - ok

14:11:21.0145 4428 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

14:11:21.0192 4428 MSKSSRV - ok

14:11:21.0223 4428 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

14:11:21.0254 4428 MSPCLOCK - ok

14:11:21.0270 4428 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

14:11:21.0332 4428 MSPQM - ok

14:11:21.0379 4428 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

14:11:21.0395 4428 MsRPC - ok

14:11:21.0426 4428 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

14:11:21.0426 4428 mssmbios - ok

14:11:21.0441 4428 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

14:11:21.0488 4428 MSTEE - ok

14:11:21.0504 4428 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

14:11:21.0535 4428 MTConfig - ok

14:11:21.0597 4428 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys

14:11:21.0613 4428 MTsensor - ok

14:11:21.0629 4428 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

14:11:21.0644 4428 Mup - ok

14:11:21.0707 4428 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

14:11:21.0769 4428 napagent - ok

14:11:21.0800 4428 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

14:11:21.0831 4428 NativeWifiP - ok

14:11:21.0878 4428 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

14:11:21.0925 4428 NDIS - ok

14:11:21.0956 4428 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

14:11:22.0019 4428 NdisCap - ok

14:11:22.0050 4428 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

14:11:22.0081 4428 NdisTapi - ok

14:11:22.0112 4428 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

14:11:22.0159 4428 Ndisuio - ok

14:11:22.0190 4428 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

14:11:22.0253 4428 NdisWan - ok

14:11:22.0268 4428 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

14:11:22.0315 4428 NDProxy - ok

14:11:22.0346 4428 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

14:11:22.0377 4428 NetBIOS - ok

14:11:22.0409 4428 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

14:11:22.0440 4428 NetBT - ok

14:11:22.0455 4428 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

14:11:22.0471 4428 Netlogon - ok

14:11:22.0518 4428 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

14:11:22.0565 4428 Netman - ok

14:11:22.0611 4428 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

14:11:22.0658 4428 netprofm - ok

14:11:22.0705 4428 [ 618C55B392238B9467F9113E13525C49 ] netr28ux C:\Windows\system32\DRIVERS\netr28ux.sys

14:11:22.0752 4428 netr28ux - ok

14:11:22.0799 4428 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

14:11:22.0814 4428 NetTcpPortSharing - ok

14:11:22.0830 4428 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

14:11:22.0845 4428 nfrd960 - ok

14:11:22.0877 4428 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

14:11:22.0908 4428 NlaSvc - ok

14:11:22.0923 4428 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

14:11:22.0970 4428 Npfs - ok

14:11:22.0986 4428 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

14:11:23.0033 4428 nsi - ok

14:11:23.0033 4428 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

14:11:23.0079 4428 nsiproxy - ok

14:11:23.0157 4428 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

14:11:23.0220 4428 Ntfs - ok

14:11:23.0235 4428 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

14:11:23.0267 4428 Null - ok

14:11:23.0282 4428 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

14:11:23.0298 4428 nvraid - ok

14:11:23.0329 4428 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

14:11:23.0345 4428 nvstor - ok

14:11:23.0376 4428 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

14:11:23.0391 4428 nv_agp - ok

14:11:23.0423 4428 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

14:11:23.0454 4428 ohci1394 - ok

14:11:23.0469 4428 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

14:11:23.0501 4428 p2pimsvc - ok

14:11:23.0547 4428 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

14:11:23.0563 4428 p2psvc - ok

14:11:23.0579 4428 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

14:11:23.0594 4428 Parport - ok

14:11:23.0625 4428 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

14:11:23.0641 4428 partmgr - ok

14:11:23.0672 4428 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

14:11:23.0703 4428 PcaSvc - ok

14:11:23.0719 4428 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

14:11:23.0735 4428 pci - ok

14:11:23.0750 4428 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

14:11:23.0766 4428 pciide - ok

14:11:23.0781 4428 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

14:11:23.0813 4428 pcmcia - ok

14:11:23.0828 4428 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

14:11:23.0828 4428 pcw - ok

14:11:23.0859 4428 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

14:11:23.0906 4428 PEAUTH - ok

14:11:23.0969 4428 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll

14:11:24.0031 4428 PeerDistSvc - ok

14:11:24.0109 4428 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

14:11:24.0140 4428 PerfHost - ok

14:11:24.0187 4428 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

14:11:24.0249 4428 pla - ok

14:11:24.0296 4428 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

14:11:24.0327 4428 PlugPlay - ok

14:11:24.0343 4428 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

14:11:24.0374 4428 PNRPAutoReg - ok

14:11:24.0405 4428 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

14:11:24.0421 4428 PNRPsvc - ok

14:11:24.0452 4428 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

14:11:24.0499 4428 PolicyAgent - ok

14:11:24.0530 4428 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

14:11:24.0577 4428 Power - ok

14:11:24.0624 4428 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

14:11:24.0655 4428 PptpMiniport - ok

14:11:24.0671 4428 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

14:11:24.0702 4428 Processor - ok

14:11:24.0749 4428 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

14:11:24.0764 4428 ProfSvc - ok

14:11:24.0764 4428 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

14:11:24.0780 4428 ProtectedStorage - ok

14:11:24.0858 4428 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

14:11:24.0905 4428 Psched - ok

14:11:24.0951 4428 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

14:11:25.0014 4428 ql2300 - ok

14:11:25.0045 4428 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

14:11:25.0061 4428 ql40xx - ok

14:11:25.0092 4428 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

14:11:25.0123 4428 QWAVE - ok

14:11:25.0154 4428 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

14:11:25.0217 4428 QWAVEdrv - ok

14:11:25.0232 4428 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

14:11:25.0279 4428 RasAcd - ok

14:11:25.0326 4428 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

14:11:25.0373 4428 RasAgileVpn - ok

14:11:25.0388 4428 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

14:11:25.0451 4428 RasAuto - ok

14:11:25.0497 4428 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

14:11:25.0544 4428 Rasl2tp - ok

14:11:25.0591 4428 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

14:11:25.0622 4428 RasMan - ok

14:11:25.0653 4428 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

14:11:25.0700 4428 RasPppoe - ok

14:11:25.0716 4428 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

14:11:25.0763 4428 RasSstp - ok

14:11:25.0794 4428 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

14:11:25.0841 4428 rdbss - ok

14:11:25.0856 4428 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

14:11:25.0887 4428 rdpbus - ok

14:11:25.0903 4428 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

14:11:25.0950 4428 RDPCDD - ok

14:11:25.0981 4428 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys

14:11:25.0997 4428 RDPDR - ok

14:11:26.0012 4428 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

14:11:26.0059 4428 RDPENCDD - ok

14:11:26.0075 4428 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

14:11:26.0106 4428 RDPREFMP - ok

14:11:26.0153 4428 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys

14:11:26.0184 4428 RdpVideoMiniport - ok

14:11:26.0215 4428 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

14:11:26.0246 4428 RDPWD - ok

14:11:26.0277 4428 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

14:11:26.0293 4428 rdyboost - ok

14:11:26.0324 4428 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

14:11:26.0355 4428 RemoteAccess - ok

14:11:26.0387 4428 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

14:11:26.0433 4428 RemoteRegistry - ok

14:11:26.0465 4428 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

14:11:26.0511 4428 RpcEptMapper - ok

14:11:26.0543 4428 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

14:11:26.0574 4428 RpcLocator - ok

14:11:26.0605 4428 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll

14:11:26.0636 4428 RpcSs - ok

14:11:26.0667 4428 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

14:11:26.0699 4428 rspndr - ok

14:11:26.0730 4428 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

14:11:26.0761 4428 RTL8167 - ok

14:11:26.0777 4428 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys

14:11:26.0808 4428 s3cap - ok

14:11:26.0823 4428 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

14:11:26.0839 4428 SamSs - ok

14:11:26.0886 4428 [ 5EFBBFCC6ADAC121C8E2FE76641ED329 ] SANDRA C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\WNt500x64\Sandra.sys

14:11:26.0901 4428 SANDRA - ok

14:11:26.0917 4428 [ 6E72B22D71A62B7C9162361E5FD0DE9D ] SandraAgentSrv C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe

14:11:26.0933 4428 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - warning

14:11:26.0933 4428 SandraAgentSrv - detected UnsignedFile.Multi.Generic (1)

14:11:26.0964 4428 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

14:11:26.0979 4428 sbp2port - ok

14:11:27.0011 4428 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

14:11:27.0057 4428 SCardSvr - ok

14:11:27.0089 4428 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

14:11:27.0135 4428 scfilter - ok

14:11:27.0167 4428 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

14:11:27.0229 4428 Schedule - ok

14:11:27.0260 4428 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

14:11:27.0291 4428 SCPolicySvc - ok

14:11:27.0323 4428 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

14:11:27.0354 4428 SDRSVC - ok

14:11:27.0385 4428 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

14:11:27.0416 4428 secdrv - ok

14:11:27.0447 4428 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

14:11:27.0494 4428 seclogon - ok

14:11:27.0525 4428 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll

14:11:27.0572 4428 SENS - ok

14:11:27.0588 4428 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

14:11:27.0619 4428 SensrSvc - ok

14:11:27.0635 4428 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

14:11:27.0666 4428 Serenum - ok

14:11:27.0681 4428 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

14:11:27.0697 4428 Serial - ok

14:11:27.0728 4428 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

14:11:27.0759 4428 sermouse - ok

14:11:27.0791 4428 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

14:11:27.0837 4428 SessionEnv - ok

14:11:27.0869 4428 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

14:11:27.0900 4428 sffdisk - ok

14:11:27.0900 4428 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

14:11:27.0931 4428 sffp_mmc - ok

14:11:27.0947 4428 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

14:11:27.0978 4428 sffp_sd - ok

14:11:27.0993 4428 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

14:11:28.0025 4428 sfloppy - ok

14:11:28.0056 4428 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

14:11:28.0087 4428 SharedAccess - ok

14:11:28.0118 4428 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

14:11:28.0181 4428 ShellHWDetection - ok

14:11:28.0196 4428 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

14:11:28.0212 4428 SiSRaid2 - ok

14:11:28.0227 4428 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

14:11:28.0243 4428 SiSRaid4 - ok

14:11:28.0274 4428 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

14:11:28.0305 4428 Smb - ok

14:11:28.0337 4428 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

14:11:28.0368 4428 SNMPTRAP - ok

14:11:28.0383 4428 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

14:11:28.0399 4428 spldr - ok

14:11:28.0430 4428 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

14:11:28.0461 4428 Spooler - ok

14:11:28.0555 4428 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

14:11:28.0617 4428 sppsvc - ok

14:11:28.0633 4428 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

14:11:28.0695 4428 sppuinotify - ok

14:11:28.0727 4428 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

14:11:28.0742 4428 srv - ok

14:11:28.0773 4428 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

14:11:28.0789 4428 srv2 - ok

14:11:28.0805 4428 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

14:11:28.0820 4428 srvnet - ok

14:11:28.0851 4428 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

14:11:28.0898 4428 SSDPSRV - ok

14:11:28.0914 4428 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

14:11:28.0961 4428 SstpSvc - ok

14:11:28.0976 4428 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

14:11:28.0992 4428 stexstor - ok

14:11:29.0023 4428 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

14:11:29.0054 4428 stisvc - ok

14:11:29.0101 4428 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys

14:11:29.0117 4428 storflt - ok

14:11:29.0148 4428 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys

14:11:29.0163 4428 storvsc - ok

14:11:29.0195 4428 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

14:11:29.0210 4428 swenum - ok

14:11:29.0241 4428 [ D294DB3E6B227BA511A454DF4B9A5856 ] swmsflt C:\Windows\System32\drivers\swmsflt.sys

14:11:29.0257 4428 swmsflt - ok

14:11:29.0288 4428 [ 7DAF66ED79A8EE340E6C22252A97DE08 ] SWMX00 C:\Windows\system32\DRIVERS\swmx00.sys

14:11:29.0304 4428 SWMX00 - ok

14:11:29.0335 4428 [ 4A827A6BE651DA66AA85D17726743BF5 ] SWNC5E00 C:\Windows\system32\DRIVERS\SWNC5E00.sys

14:11:29.0366 4428 SWNC5E00 - ok

14:11:29.0413 4428 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

14:11:29.0475 4428 swprv - ok

14:11:29.0475 4428 SWUMX20 - ok

14:11:29.0538 4428 Synth3dVsc - ok

14:11:29.0600 4428 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

14:11:29.0647 4428 SysMain - ok

14:11:29.0678 4428 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

14:11:29.0709 4428 TabletInputService - ok

14:11:29.0741 4428 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

14:11:29.0803 4428 TapiSrv - ok

14:11:29.0819 4428 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

14:11:29.0865 4428 TBS - ok

14:11:29.0928 4428 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

14:11:30.0006 4428 Tcpip - ok

14:11:30.0068 4428 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

14:11:30.0099 4428 TCPIP6 - ok

14:11:30.0131 4428 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

14:11:30.0162 4428 tcpipreg - ok

14:11:30.0193 4428 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

14:11:30.0224 4428 TDPIPE - ok

14:11:30.0240 4428 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

14:11:30.0271 4428 TDTCP - ok

14:11:30.0302 4428 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

14:11:30.0333 4428 tdx - ok

14:11:30.0349 4428 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

14:11:30.0365 4428 TermDD - ok

14:11:30.0396 4428 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

14:11:30.0443 4428 TermService - ok

14:11:30.0458 4428 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

14:11:30.0489 4428 Themes - ok

14:11:30.0521 4428 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

14:11:30.0552 4428 THREADORDER - ok

14:11:30.0567 4428 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

14:11:30.0614 4428 TrkWks - ok

14:11:30.0677 4428 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

14:11:30.0708 4428 TrustedInstaller - ok

14:11:30.0739 4428 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

14:11:30.0786 4428 tssecsrv - ok

14:11:30.0801 4428 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

14:11:30.0833 4428 TsUsbFlt - ok

14:11:30.0833 4428 tsusbhub - ok

14:11:30.0879 4428 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

14:11:30.0911 4428 tunnel - ok

14:11:30.0926 4428 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

14:11:30.0942 4428 uagp35 - ok

14:11:30.0973 4428 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

14:11:31.0020 4428 udfs - ok

14:11:31.0051 4428 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

14:11:31.0082 4428 UI0Detect - ok

14:11:31.0098 4428 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

14:11:31.0113 4428 uliagpkx - ok

14:11:31.0145 4428 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys

14:11:31.0160 4428 umbus - ok

14:11:31.0176 4428 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

14:11:31.0207 4428 UmPass - ok

14:11:31.0223 4428 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll

14:11:31.0254 4428 UmRdpService - ok

14:11:31.0285 4428 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

14:11:31.0347 4428 upnphost - ok

14:11:31.0394 4428 [ 54D4B48D443E7228BF64CF7CDC3118AC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

14:11:31.0410 4428 USBAAPL64 - ok

14:11:31.0441 4428 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

14:11:31.0457 4428 usbccgp - ok

14:11:31.0488 4428 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

14:11:31.0503 4428 usbcir - ok

14:11:31.0519 4428 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

14:11:31.0550 4428 usbehci - ok

14:11:31.0581 4428 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

14:11:31.0613 4428 usbhub - ok

14:11:31.0628 4428 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

14:11:31.0644 4428 usbohci - ok

14:11:31.0659 4428 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

14:11:31.0706 4428 usbprint - ok

14:11:31.0722 4428 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

14:11:31.0753 4428 USBSTOR - ok

14:11:31.0769 4428 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

14:11:31.0784 4428 usbuhci - ok

14:11:31.0784 4428 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

14:11:31.0847 4428 UxSms - ok

14:11:31.0862 4428 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

14:11:31.0878 4428 VaultSvc - ok

14:11:31.0909 4428 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

14:11:31.0925 4428 vdrvroot - ok

14:11:31.0956 4428 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

14:11:32.0034 4428 vds - ok

14:11:32.0049 4428 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

14:11:32.0081 4428 vga - ok

14:11:32.0081 4428 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

14:11:32.0127 4428 VgaSave - ok

14:11:32.0159 4428 VGPU - ok

14:11:32.0190 4428 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

14:11:32.0205 4428 vhdmp - ok

14:11:32.0221 4428 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

14:11:32.0237 4428 viaide - ok

14:11:32.0268 4428 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys

14:11:32.0283 4428 vmbus - ok

14:11:32.0299 4428 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys

14:11:32.0346 4428 VMBusHID - ok

14:11:32.0361 4428 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

14:11:32.0377 4428 volmgr - ok

14:11:32.0408 4428 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

14:11:32.0439 4428 volmgrx - ok

14:11:32.0471 4428 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

14:11:32.0502 4428 volsnap - ok

14:11:32.0533 4428 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

14:11:32.0549 4428 vsmraid - ok

14:11:32.0767 4428 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

14:11:32.0845 4428 VSS - ok

14:11:32.0861 4428 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

14:11:32.0892 4428 vwifibus - ok

14:11:32.0923 4428 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

14:11:32.0954 4428 vwififlt - ok

14:11:32.0985 4428 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

14:11:33.0063 4428 W32Time - ok

14:11:33.0095 4428 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

14:11:33.0126 4428 WacomPen - ok

14:11:33.0157 4428 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

14:11:33.0204 4428 WANARP - ok

14:11:33.0219 4428 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

14:11:33.0251 4428 Wanarpv6 - ok

14:11:33.0297 4428 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

14:11:33.0360 4428 WatAdminSvc - ok

14:11:33.0438 4428 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

14:11:33.0500 4428 wbengine - ok

14:11:33.0516 4428 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

14:11:33.0547 4428 WbioSrvc - ok

14:11:33.0609 4428 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

14:11:33.0641 4428 wcncsvc - ok

14:11:33.0656 4428 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

14:11:33.0672 4428 WcsPlugInService - ok

14:11:33.0687 4428 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

14:11:33.0703 4428 Wd - ok

14:11:33.0828 4428 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

14:11:33.0875 4428 Wdf01000 - ok

14:11:33.0890 4428 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

14:11:33.0921 4428 WdiServiceHost - ok

14:11:33.0921 4428 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

Link to post
Share on other sites

more TDSKiller

14:11:33.0953 4428 WdiSystemHost - ok

14:11:33.0984 4428 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

14:11:34.0046 4428 WebClient - ok

14:11:34.0062 4428 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

14:11:34.0124 4428 Wecsvc - ok

14:11:34.0155 4428 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

14:11:34.0202 4428 wercplsupport - ok

14:11:34.0233 4428 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

14:11:34.0265 4428 WerSvc - ok

14:11:34.0280 4428 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

14:11:34.0311 4428 WfpLwf - ok

14:11:34.0374 4428 [ 1EF54B3220EBF3794439EB072B350F3E ] WHSConnector C:\Program Files\Windows Home Server\WHSConnector.exe

14:11:34.0389 4428 WHSConnector - ok

14:11:34.0405 4428 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

14:11:34.0421 4428 WIMMount - ok

14:11:34.0452 4428 WinDefend - ok

14:11:34.0452 4428 WinHttpAutoProxySvc - ok

14:11:34.0499 4428 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

14:11:34.0561 4428 Winmgmt - ok

14:11:34.0623 4428 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

14:11:34.0733 4428 WinRM - ok

14:11:34.0779 4428 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

14:11:34.0795 4428 WinUsb - ok

14:11:34.0842 4428 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

14:11:34.0873 4428 Wlansvc - ok

14:11:34.0935 4428 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

14:11:34.0951 4428 wlcrasvc - ok

14:11:35.0060 4428 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

14:11:35.0107 4428 wlidsvc - ok

14:11:35.0138 4428 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

14:11:35.0169 4428 WmiAcpi - ok

14:11:35.0201 4428 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

14:11:35.0232 4428 wmiApSrv - ok

14:11:35.0279 4428 WMPNetworkSvc - ok

14:11:35.0294 4428 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

14:11:35.0310 4428 WPCSvc - ok

14:11:35.0341 4428 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

14:11:35.0372 4428 WPDBusEnum - ok

14:11:35.0419 4428 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

14:11:35.0450 4428 ws2ifsl - ok

14:11:35.0466 4428 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll

14:11:35.0497 4428 wscsvc - ok

14:11:35.0497 4428 WSearch - ok

14:11:35.0637 4428 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

14:11:35.0684 4428 wuauserv - ok

14:11:35.0715 4428 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

14:11:35.0747 4428 WudfPf - ok

14:11:35.0778 4428 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

14:11:35.0809 4428 WUDFRd - ok

14:11:35.0840 4428 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

14:11:35.0871 4428 wudfsvc - ok

14:11:35.0887 4428 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

14:11:35.0949 4428 WwanSvc - ok

14:11:35.0965 4428 ================ Scan global ===============================

14:11:35.0981 4428 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

14:11:36.0012 4428 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll

14:11:36.0043 4428 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll

14:11:36.0059 4428 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

14:11:36.0137 4428 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

14:11:36.0137 4428 [Global] - ok

14:11:36.0137 4428 ================ Scan MBR ==================================

14:11:36.0152 4428 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

14:11:36.0854 4428 \Device\Harddisk0\DR0 - ok

14:11:37.0135 4428 [ 973E9BA32FDBB305C552ED3E1EBF0686 ] \Device\Harddisk1\DR1

14:11:37.0619 4428 \Device\Harddisk1\DR1 - ok

14:11:37.0619 4428 ================ Scan VBR ==================================

14:11:37.0634 4428 [ A2759C58FFBFCA8425E25DA4176B27C5 ] \Device\Harddisk0\DR0\Partition1

14:11:37.0650 4428 \Device\Harddisk0\DR0\Partition1 - ok

14:11:37.0650 4428 [ 135DD926E5C6BA97CACDFA51CFF160B8 ] \Device\Harddisk1\DR1\Partition1

14:11:37.0665 4428 \Device\Harddisk1\DR1\Partition1 - ok

14:11:37.0665 4428 ================ Scan active images ========================

14:11:37.0665 4428 [ 02062C0B390B7729EDC9E69C680A6F3C ] C:\Windows\System32\drivers\atapi.sys

14:11:37.0665 4428 C:\Windows\System32\drivers\atapi.sys - ok

14:11:37.0665 4428 [ 3E588B60EC061686BA05D33574A344C6 ] C:\Windows\System32\drivers\crashdmp.sys

14:11:37.0665 4428 C:\Windows\System32\drivers\crashdmp.sys - ok

14:11:37.0665 4428 [ 839B5FE3D48E9F35B22C21A3D5103F6C ] C:\Windows\System32\drivers\Dumpata.sys

14:11:37.0665 4428 C:\Windows\System32\drivers\Dumpata.sys - ok

14:11:37.0681 4428 [ 814DB88F2641691575A455CF25354098 ] C:\Windows\System32\drivers\dumpfve.sys

14:11:37.0681 4428 C:\Windows\System32\drivers\dumpfve.sys - ok

14:11:37.0681 4428 [ F036CE71586E93D94DAB220D7BDF4416 ] C:\Windows\System32\drivers\cdrom.sys

14:11:37.0681 4428 C:\Windows\System32\drivers\cdrom.sys - ok

14:11:37.0681 4428 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] C:\Windows\System32\drivers\aswSnx.sys

14:11:37.0681 4428 C:\Windows\System32\drivers\aswSnx.sys - ok

14:11:37.0697 4428 [ 16A47CE2DECC9B099349A5F840654746 ] C:\Windows\System32\drivers\beep.sys

14:11:37.0697 4428 C:\Windows\System32\drivers\beep.sys - ok

14:11:37.0697 4428 [ 919ACCC22ABDC1C3CA68326C0E5DEAF9 ] C:\Windows\System32\drivers\cmdGuard.sys

14:11:37.0697 4428 C:\Windows\System32\drivers\cmdGuard.sys - ok

14:11:37.0697 4428 [ 9899284589F75FA8724FF3D16AED75C1 ] C:\Windows\System32\drivers\null.sys

14:11:37.0697 4428 C:\Windows\System32\drivers\null.sys - ok

14:11:37.0712 4428 [ 53E92A310193CB3C03BEA963DE7D9CFC ] C:\Windows\System32\drivers\vga.sys

14:11:37.0712 4428 C:\Windows\System32\drivers\vga.sys - ok

14:11:37.0712 4428 [ E7353D59C9842BC7299FAEB7E7E09340 ] C:\Windows\System32\drivers\videoprt.sys

14:11:37.0712 4428 C:\Windows\System32\drivers\videoprt.sys - ok

14:11:37.0712 4428 [ FC438D1430B28618E2D0C7C332A710AD ] C:\Windows\System32\drivers\watchdog.sys

14:11:37.0712 4428 C:\Windows\System32\drivers\watchdog.sys - ok

14:11:37.0728 4428 [ CEA6CC257FC9B7715F1C2B4849286D24 ] C:\Windows\System32\drivers\RDPCDD.sys

14:11:37.0728 4428 C:\Windows\System32\drivers\RDPCDD.sys - ok

14:11:37.0728 4428 [ BB5971A4F00659529A5C44831AF22365 ] C:\Windows\System32\drivers\RDPENCDD.sys

14:11:37.0728 4428 C:\Windows\System32\drivers\RDPENCDD.sys - ok

14:11:37.0728 4428 [ 216F3FA57533D98E1F74DED70113177A ] C:\Windows\System32\drivers\RDPREFMP.sys

14:11:37.0728 4428 C:\Windows\System32\drivers\RDPREFMP.sys - ok

14:11:37.0743 4428 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] C:\Windows\System32\drivers\msfs.sys

14:11:37.0743 4428 C:\Windows\System32\drivers\msfs.sys - ok

14:11:37.0743 4428 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] C:\Windows\System32\drivers\npfs.sys

14:11:37.0743 4428 C:\Windows\System32\drivers\npfs.sys - ok

14:11:37.0743 4428 [ 6F020A220388ECA0AB6062DC27BD16B6 ] C:\Windows\System32\drivers\tdi.sys

14:11:37.0743 4428 C:\Windows\System32\drivers\tdi.sys - ok

14:11:37.0759 4428 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] C:\Windows\System32\drivers\tdx.sys

14:11:37.0759 4428 C:\Windows\System32\drivers\tdx.sys - ok

14:11:37.0759 4428 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] C:\Windows\System32\drivers\aswTdi.sys

14:11:37.0759 4428 C:\Windows\System32\drivers\aswTdi.sys - ok

14:11:37.0759 4428 [ F8FECE0F1D44C4A58778083B00EEADAC ] C:\Windows\System32\drivers\cmdhlp.sys

14:11:37.0759 4428 C:\Windows\System32\drivers\cmdhlp.sys - ok

14:11:37.0759 4428 [ 1C7857B62DE5994A75B054A9FD4C3825 ] C:\Windows\System32\drivers\afd.sys

14:11:37.0759 4428 C:\Windows\System32\drivers\afd.sys - ok

14:11:37.0775 4428 [ 57768C7DB4681F2510F247F82EF31D4F ] C:\Windows\System32\drivers\aswRdr2.sys

14:11:37.0775 4428 C:\Windows\System32\drivers\aswRdr2.sys - ok

14:11:37.0775 4428 [ 09594D1089C523423B32A4229263F068 ] C:\Windows\System32\drivers\netbt.sys

14:11:37.0775 4428 C:\Windows\System32\drivers\netbt.sys - ok

14:11:37.0775 4428 [ 611B23304BF067451A9FDEE01FBDD725 ] C:\Windows\System32\drivers\wfplwf.sys

14:11:37.0775 4428 C:\Windows\System32\drivers\wfplwf.sys - ok

14:11:37.0790 4428 [ 6BCC1D7D2FD2453957C5479A32364E52 ] C:\Windows\System32\drivers\ws2ifsl.sys

14:11:37.0790 4428 C:\Windows\System32\drivers\ws2ifsl.sys - ok

14:11:37.0790 4428 [ 0557CF5A2556BD58E26384169D72438D ] C:\Windows\System32\drivers\pacer.sys

14:11:37.0790 4428 C:\Windows\System32\drivers\pacer.sys - ok

14:11:37.0790 4428 [ 6A3D66263414FF0D6FA754C646612F3F ] C:\Windows\System32\drivers\vwififlt.sys

14:11:37.0790 4428 C:\Windows\System32\drivers\vwififlt.sys - ok

14:11:37.0806 4428 [ C4E67D3037DC79E39D7136581A947F50 ] C:\Windows\System32\drivers\inspect.sys

14:11:37.0806 4428 C:\Windows\System32\drivers\inspect.sys - ok

14:11:37.0806 4428 [ 86743D9F5D2B1048062B14B1D84501C4 ] C:\Windows\System32\drivers\netbios.sys

14:11:37.0806 4428 C:\Windows\System32\drivers\netbios.sys - ok

14:11:37.0806 4428 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] C:\Windows\System32\drivers\serial.sys

14:11:37.0806 4428 C:\Windows\System32\drivers\serial.sys - ok

14:11:37.0821 4428 [ 356AFD78A6ED4457169241AC3965230C ] C:\Windows\System32\drivers\wanarp.sys

14:11:37.0821 4428 C:\Windows\System32\drivers\wanarp.sys - ok

14:11:37.0821 4428 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] C:\Windows\System32\drivers\termdd.sys

14:11:37.0821 4428 C:\Windows\System32\drivers\termdd.sys - ok

14:11:37.0821 4428 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] C:\Windows\System32\drivers\mssmbios.sys

14:11:37.0821 4428 C:\Windows\System32\drivers\mssmbios.sys - ok

14:11:37.0837 4428 [ E7F5AE18AF4168178A642A9247C63001 ] C:\Windows\System32\drivers\nsiproxy.sys

14:11:37.0837 4428 C:\Windows\System32\drivers\nsiproxy.sys - ok

14:11:37.0837 4428 [ 77F665941019A1594D887A74F301FA2F ] C:\Windows\System32\drivers\rdbss.sys

14:11:37.0837 4428 C:\Windows\System32\drivers\rdbss.sys - ok

14:11:37.0837 4428 [ 13096B05847EC78F0977F2C0F79E9AB3 ] C:\Windows\System32\drivers\discache.sys

14:11:37.0837 4428 C:\Windows\System32\drivers\discache.sys - ok

14:11:37.0853 4428 [ A05FC7ECA0966EBB70E4D17B855A853B ] C:\Windows\System32\drivers\ElbyCDIO.sys

14:11:37.0853 4428 C:\Windows\System32\drivers\ElbyCDIO.sys - ok

14:11:37.0853 4428 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] C:\Windows\System32\drivers\csc.sys

14:11:37.0853 4428 C:\Windows\System32\drivers\csc.sys - ok

14:11:37.0853 4428 [ 61583EE3C3A17003C4ACD0475646B4D3 ] C:\Windows\System32\drivers\blbdrive.sys

14:11:37.0853 4428 C:\Windows\System32\drivers\blbdrive.sys - ok

14:11:37.0868 4428 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] C:\Windows\System32\drivers\dfsc.sys

14:11:37.0868 4428 C:\Windows\System32\drivers\dfsc.sys - ok

14:11:37.0868 4428 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] C:\Windows\System32\drivers\aswSP.sys

14:11:37.0868 4428 C:\Windows\System32\drivers\aswSP.sys - ok

14:11:37.0868 4428 [ 68726474C69B738EAC3A62E06B33ADDC ] C:\Windows\SysWOW64\drivers\AsIO.sys

14:11:37.0868 4428 C:\Windows\SysWOW64\drivers\AsIO.sys - ok

14:11:37.0884 4428 [ 3566A8DAAFA27AF944F5D705EAA64894 ] C:\Windows\System32\drivers\tunnel.sys

14:11:37.0884 4428 C:\Windows\System32\drivers\tunnel.sys - ok

14:11:37.0884 4428 [ 7024F087CFF1833A806193EF9D22CDA9 ] C:\Windows\System32\drivers\amdk8.sys

14:11:37.0884 4428 C:\Windows\System32\drivers\amdk8.sys - ok

14:11:37.0884 4428 [ F712C26D40BF3CD2C020BB518E8150B1 ] C:\Windows\System32\drivers\atikmpag.sys

14:11:37.0884 4428 C:\Windows\System32\drivers\atikmpag.sys - ok

14:11:37.0899 4428 [ CF95B85FF8D128385ABD411C8CA74DED ] C:\Windows\System32\ntdll.dll

14:11:37.0899 4428 C:\Windows\System32\ntdll.dll - ok

14:11:37.0899 4428 [ 1911A3356FA3F77CCC825CCBAC038C2A ] C:\Windows\System32\smss.exe

14:11:37.0899 4428 C:\Windows\System32\smss.exe - ok

14:11:37.0899 4428 [ 3B536A8BEC3B4F23FFDFD78B11A2AB93 ] C:\Windows\System32\autochk.exe

14:11:37.0899 4428 C:\Windows\System32\autochk.exe - ok

14:11:37.0915 4428 [ 522A8BD1414CC7517FAEC907F138DB9C ] C:\Windows\System32\drivers\atikmdag.sys

14:11:37.0915 4428 C:\Windows\System32\drivers\atikmdag.sys - ok

14:11:37.0915 4428 [ F5BEE30450E18E6B83A5012C100616FD ] C:\Windows\System32\drivers\dxgkrnl.sys

14:11:37.0915 4428 C:\Windows\System32\drivers\dxgkrnl.sys - ok

14:11:37.0915 4428 [ 9CD68BDDF322535C02ADC8331013D13D ] C:\Windows\System32\drivers\dxgmms1.sys

14:11:37.0915 4428 C:\Windows\System32\drivers\dxgmms1.sys - ok

14:11:37.0915 4428 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] C:\Windows\System32\drivers\hdaudbus.sys

14:11:37.0915 4428 C:\Windows\System32\drivers\hdaudbus.sys - ok

14:11:37.0931 4428 [ B49DC435AE3695BAC5623DD94B05732D ] C:\Windows\System32\drivers\Rt64win7.sys

14:11:37.0931 4428 C:\Windows\System32\drivers\Rt64win7.sys - ok

14:11:37.0931 4428 [ 821E7E501226EE344FDB0F40EE46109D ] C:\Windows\System32\drivers\AnyDVD.sys

14:11:37.0931 4428 C:\Windows\System32\drivers\AnyDVD.sys - ok

14:11:37.0931 4428 [ E403AACF8C7BB11375122D2464560311 ] C:\Windows\System32\drivers\GEARAspiWDM.sys

14:11:37.0931 4428 C:\Windows\System32\drivers\GEARAspiWDM.sys - ok

14:11:37.0946 4428 [ AE259C75F9A0B057B6BF9E9695632B09 ] C:\Windows\System32\drivers\usbport.sys

14:11:37.0946 4428 C:\Windows\System32\drivers\usbport.sys - ok

14:11:37.0946 4428 [ 9840FC418B4CBD632D3D0A667A725C31 ] C:\Windows\System32\drivers\usbohci.sys

14:11:37.0946 4428 C:\Windows\System32\drivers\usbohci.sys - ok

14:11:37.0946 4428 [ 7ECFF9B22276B73F43A99A15A6094E90 ] C:\Windows\System32\drivers\agilevpn.sys

14:11:37.0946 4428 C:\Windows\System32\drivers\agilevpn.sys - ok

14:11:37.0962 4428 [ 19B006B181E3875FD254F7B67ACF1E7C ] C:\Windows\System32\drivers\ASACPI.sys

14:11:37.0962 4428 C:\Windows\System32\drivers\ASACPI.sys - ok

14:11:37.0962 4428 [ 03EDB043586CCEBA243D689BDDA370A8 ] C:\Windows\System32\drivers\CompositeBus.sys

14:11:37.0962 4428 C:\Windows\System32\drivers\CompositeBus.sys - ok

14:11:37.0962 4428 [ 0086431C29C35BE1DBC43F52CC273887 ] C:\Windows\System32\drivers\parport.sys

14:11:37.0962 4428 C:\Windows\System32\drivers\parport.sys - ok

14:11:37.0977 4428 [ CB624C0035412AF0DEBEC78C41F5CA1B ] C:\Windows\System32\drivers\serenum.sys

14:11:37.0977 4428 C:\Windows\System32\drivers\serenum.sys - ok

14:11:37.0977 4428 [ C025055FE7B87701EB042095DF1A2D7B ] C:\Windows\System32\drivers\usbehci.sys

14:11:37.0977 4428 C:\Windows\System32\drivers\usbehci.sys - ok

14:11:37.0977 4428 [ F6FF8944478594D0E414D3F048F0D778 ] C:\Windows\System32\drivers\wmiacpi.sys

14:11:37.0977 4428 C:\Windows\System32\drivers\wmiacpi.sys - ok

14:11:37.0993 4428 [ 30639C932D9FEF22B31268FE25A1B6E5 ] C:\Windows\System32\drivers\ndistapi.sys

14:11:37.0993 4428 C:\Windows\System32\drivers\ndistapi.sys - ok

14:11:37.0993 4428 [ 53F7305169863F0A2BDDC49E116C2E11 ] C:\Windows\System32\drivers\ndiswan.sys

14:11:37.0993 4428 C:\Windows\System32\drivers\ndiswan.sys - ok

14:11:37.0993 4428 [ 471815800AE33E6F1C32FB1B97C490CA ] C:\Windows\System32\drivers\rasl2tp.sys

14:11:37.0993 4428 C:\Windows\System32\drivers\rasl2tp.sys - ok

14:11:38.0009 4428 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] C:\Windows\System32\drivers\raspppoe.sys

14:11:38.0009 4428 C:\Windows\System32\drivers\raspppoe.sys - ok

14:11:38.0009 4428 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] C:\Windows\System32\drivers\kbdclass.sys

14:11:38.0009 4428 C:\Windows\System32\drivers\kbdclass.sys - ok

14:11:38.0009 4428 [ 7D27EA49F3C1F687D357E77A470AEA99 ] C:\Windows\System32\drivers\mouclass.sys

14:11:38.0009 4428 C:\Windows\System32\drivers\mouclass.sys - ok

14:11:38.0024 4428 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] C:\Windows\System32\drivers\raspptp.sys

14:11:38.0024 4428 C:\Windows\System32\drivers\raspptp.sys - ok

14:11:38.0024 4428 [ E8B1E447B008D07FF47D016C2B0EEECB ] C:\Windows\System32\drivers\rassstp.sys

14:11:38.0024 4428 C:\Windows\System32\drivers\rassstp.sys - ok

14:11:38.0024 4428 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] C:\Windows\System32\drivers\rdpbus.sys

14:11:38.0024 4428 C:\Windows\System32\drivers\rdpbus.sys - ok

14:11:38.0024 4428 [ 24FBF5CC5C04150073C315A7C83521EE ] C:\Windows\System32\drivers\ks.sys

14:11:38.0024 4428 C:\Windows\System32\drivers\ks.sys - ok

14:11:38.0040 4428 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] C:\Windows\System32\drivers\swenum.sys

14:11:38.0040 4428 C:\Windows\System32\drivers\swenum.sys - ok

14:11:38.0040 4428 [ DC54A574663A895C8763AF0FA1FF7561 ] C:\Windows\System32\drivers\umbus.sys

14:11:38.0040 4428 C:\Windows\System32\drivers\umbus.sys - ok

14:11:38.0040 4428 [ 4E4FFB09D895AA000DD56D1404F69A7E ] C:\Windows\System32\Wldap32.dll

14:11:38.0040 4428 C:\Windows\System32\Wldap32.dll - ok

14:11:38.0055 4428 [ 044FE45FFD6AD40E3BBBE60B7F41BABE ] C:\Windows\System32\nsi.dll

14:11:38.0055 4428 C:\Windows\System32\nsi.dll - ok

14:11:38.0055 4428 [ 287C6C9410B111B68B52CA298F7B8C24 ] C:\Windows\System32\drivers\usbhub.sys

14:11:38.0055 4428 C:\Windows\System32\drivers\usbhub.sys - ok

14:11:38.0055 4428 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] C:\Windows\System32\drivers\ndproxy.sys

14:11:38.0055 4428 C:\Windows\System32\drivers\ndproxy.sys - ok

14:11:38.0071 4428 [ 21D26064AEDB4988F785BB4A3A2C051E ] C:\Windows\System32\drivers\drmk.sys

14:11:38.0071 4428 C:\Windows\System32\drivers\drmk.sys - ok

14:11:38.0071 4428 [ E02B26650ACC2F4901342D4A66774AD7 ] C:\Windows\System32\drivers\AtihdW76.sys

14:11:38.0071 4428 C:\Windows\System32\drivers\AtihdW76.sys - ok

14:11:38.0071 4428 [ 6869281E78CB31A43E969F06B57347C4 ] C:\Windows\System32\drivers\ksthunk.sys

14:11:38.0071 4428 C:\Windows\System32\drivers\ksthunk.sys - ok

14:11:38.0087 4428 [ 32E11315B5126921FFD9074840EF13D3 ] C:\Windows\System32\drivers\portcls.sys

14:11:38.0087 4428 C:\Windows\System32\drivers\portcls.sys - ok

14:11:38.0087 4428 [ 975761C778E33CD22498059B91E7373A ] C:\Windows\System32\drivers\HdAudio.sys

14:11:38.0087 4428 C:\Windows\System32\drivers\HdAudio.sys - ok

14:11:38.0087 4428 [ 1084AA52CCC324EA54C7121FA24C2221 ] C:\Windows\System32\gdi32.dll

14:11:38.0087 4428 C:\Windows\System32\gdi32.dll - ok

14:11:38.0102 4428 [ FF4232A1A64012BAA1FD97C7B67DF593 ] C:\Windows\System32\drivers\udfs.sys

14:11:38.0102 4428 C:\Windows\System32\drivers\udfs.sys - ok

14:11:38.0102 4428 [ 5D8E6C95156ED1F79A63D1EADE6F9ED5 ] C:\Windows\System32\setupapi.dll

14:11:38.0102 4428 C:\Windows\System32\setupapi.dll - ok

14:11:38.0102 4428 [ 1DC3504CA4C57900F1557E9A3F01D272 ] C:\Windows\System32\kernel32.dll

14:11:38.0102 4428 C:\Windows\System32\kernel32.dll - ok

14:11:38.0102 4428 [ 6DF46D2BD74E3DA1B45F08F10D172732 ] C:\Windows\System32\advapi32.dll

14:11:38.0102 4428 C:\Windows\System32\advapi32.dll - ok

14:11:38.0118 4428 [ D87E1E59C73C1F98D5DED5B3850C40F5 ] C:\Windows\System32\psapi.dll

14:11:38.0118 4428 C:\Windows\System32\psapi.dll - ok

14:11:38.0118 4428 [ 28C0B5024F5C5A438E78B188CFC81B7F ] C:\Windows\System32\normaliz.dll

14:11:38.0118 4428 C:\Windows\System32\normaliz.dll - ok

14:11:38.0118 4428 [ C06B32165E23A72A898B7A89679AD754 ] C:\Windows\System32\oleaut32.dll

14:11:38.0118 4428 C:\Windows\System32\oleaut32.dll - ok

14:11:38.0133 4428 [ 0611473C1AD9E2D991CD9482068417F7 ] C:\Windows\System32\rpcrt4.dll

14:11:38.0133 4428 C:\Windows\System32\rpcrt4.dll - ok

14:11:38.0133 4428 [ 83404DCBCE4925B6A5A77C5170F46D86 ] C:\Windows\System32\sechost.dll

14:11:38.0133 4428 C:\Windows\System32\sechost.dll - ok

14:11:38.0133 4428 [ F7CE0C81C545364020ED8203CF0A633E ] C:\Windows\System32\difxapi.dll

14:11:38.0133 4428 C:\Windows\System32\difxapi.dll - ok

14:11:38.0149 4428 [ C41A504715F1BC09105D1FE8B46E9B2C ] C:\Windows\System32\iertutil.dll

14:11:38.0149 4428 C:\Windows\System32\iertutil.dll - ok

14:11:38.0149 4428 [ 7E04D13661FB771CA4FDBB836AD0BA49 ] C:\Windows\System32\wininet.dll

14:11:38.0149 4428 C:\Windows\System32\wininet.dll - ok

14:11:38.0149 4428 [ 2F8B1E3EE3545D3B5A8D56FA1AE07B65 ] C:\Windows\System32\usp10.dll

14:11:38.0149 4428 C:\Windows\System32\usp10.dll - ok

14:11:38.0165 4428 [ C6689007B3A749C49A5438DCF36E0CE4 ] C:\Windows\System32\shell32.dll

14:11:38.0165 4428 C:\Windows\System32\shell32.dll - ok

14:11:38.0165 4428 [ AA2C08CE85653B1A0D2E4AB407FA176C ] C:\Windows\System32\imm32.dll

14:11:38.0165 4428 C:\Windows\System32\imm32.dll - ok

14:11:38.0165 4428 [ D202223587518B13D72D68937B7E3F70 ] C:\Windows\System32\lpk.dll

14:11:38.0165 4428 C:\Windows\System32\lpk.dll - ok

14:11:38.0180 4428 [ C431EAF5CAA1C82CAC2534A2EAB348A3 ] C:\Windows\System32\msctf.dll

14:11:38.0180 4428 C:\Windows\System32\msctf.dll - ok

14:11:38.0180 4428 [ EAF32CB8C1F810E4715B4DFBE785C7FF ] C:\Windows\System32\shlwapi.dll

14:11:38.0180 4428 C:\Windows\System32\shlwapi.dll - ok

14:11:38.0180 4428 [ 74E96226CB92225E40AACC0E42D27AC0 ] C:\Windows\System32\urlmon.dll

14:11:38.0180 4428 C:\Windows\System32\urlmon.dll - ok

14:11:38.0180 4428 [ 25983DE69B57142039AC8D95E71CD9C9 ] C:\Windows\System32\clbcatq.dll

14:11:38.0180 4428 C:\Windows\System32\clbcatq.dll - ok

14:11:38.0196 4428 [ 9835E63E09F824D22B689D2BB789BAB9 ] C:\Windows\System32\comdlg32.dll

14:11:38.0196 4428 C:\Windows\System32\comdlg32.dll - ok

14:11:38.0196 4428 [ 6C60B5ACA7442EFB794082CDACFC001C ] C:\Windows\System32\ole32.dll

14:11:38.0196 4428 C:\Windows\System32\ole32.dll - ok

14:11:38.0196 4428 [ A1BE6A720D02E37F72E9CD89AE9CB3CF ] C:\Windows\System32\imagehlp.dll

14:11:38.0196 4428 C:\Windows\System32\imagehlp.dll - ok

14:11:38.0211 4428 [ FE70103391A64039A921DBFFF9C7AB1B ] C:\Windows\System32\user32.dll

14:11:38.0211 4428 C:\Windows\System32\user32.dll - ok

14:11:38.0211 4428 [ 4BBFA57F594F7E8A8EDC8F377184C3F0 ] C:\Windows\System32\ws2_32.dll

14:11:38.0211 4428 C:\Windows\System32\ws2_32.dll - ok

14:11:38.0211 4428 [ C391FC68282A000CDF953F8B6B55D2EF ] C:\Windows\System32\msvcrt.dll

14:11:38.0211 4428 C:\Windows\System32\msvcrt.dll - ok

14:11:38.0227 4428 [ 06FEC9E8117103BB1141A560E98077DA ] C:\Windows\System32\devobj.dll

14:11:38.0227 4428 C:\Windows\System32\devobj.dll - ok

14:11:38.0227 4428 [ 12EE6FE9268CEE6D90FDCCBF89236C65 ] C:\Windows\System32\crypt32.dll

14:11:38.0227 4428 C:\Windows\System32\crypt32.dll - ok

14:11:38.0227 4428 [ 2477A28081BDAEE622CF045ACF8EE124 ] C:\Windows\System32\cfgmgr32.dll

14:11:38.0227 4428 C:\Windows\System32\cfgmgr32.dll - ok

14:11:38.0243 4428 [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\System32\comctl32.dll

14:11:38.0243 4428 C:\Windows\System32\comctl32.dll - ok

14:11:38.0243 4428 [ AA06902362B1422D7A7DA7061E07C624 ] C:\Windows\System32\wintrust.dll

14:11:38.0243 4428 C:\Windows\System32\wintrust.dll - ok

14:11:38.0243 4428 [ 6F2E324703E6D22B9934C33DA48F1F01 ] C:\Windows\System32\KernelBase.dll

14:11:38.0243 4428 C:\Windows\System32\KernelBase.dll - ok

14:11:38.0258 4428 [ 884415BD4269C02EAF8E2613BF85500D ] C:\Windows\System32\msasn1.dll

14:11:38.0258 4428 C:\Windows\System32\msasn1.dll - ok

14:11:38.0258 4428 [ CCA2AB1752A61F29C3C941CD79D78CEA ] C:\Windows\System32\drivers\usbd.sys

14:11:38.0258 4428 C:\Windows\System32\drivers\usbd.sys - ok

14:11:38.0258 4428 [ 6F1A3157A1C89435352CEB543CDB359C ] C:\Windows\System32\drivers\usbccgp.sys

14:11:38.0258 4428 C:\Windows\System32\drivers\usbccgp.sys - ok

14:11:38.0274 4428 [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\SysWOW64\normaliz.dll

14:11:38.0274 4428 C:\Windows\SysWOW64\normaliz.dll - ok

14:11:38.0274 4428 [ 8B0E40E7E8BBF5ACF390465609D89FF1 ] C:\Windows\System32\drivers\hidclass.sys

14:11:38.0274 4428 C:\Windows\System32\drivers\hidclass.sys - ok

14:11:38.0274 4428 [ 49EE2E52E6CD03947DAD72F65367BE06 ] C:\Windows\System32\drivers\hidparse.sys

14:11:38.0274 4428 C:\Windows\System32\drivers\hidparse.sys - ok

14:11:38.0289 4428 [ 9592090A7E2B61CD582B612B6DF70536 ] C:\Windows\System32\drivers\hidusb.sys

14:11:38.0289 4428 C:\Windows\System32\drivers\hidusb.sys - ok

14:11:38.0289 4428 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] C:\Windows\System32\drivers\kbdhid.sys

14:11:38.0289 4428 C:\Windows\System32\drivers\kbdhid.sys - ok

14:11:38.0289 4428 [ BF24D6F2ED97FE830BFD52B246F98E67 ] C:\Windows\System32\drivers\dxapi.sys

14:11:38.0289 4428 C:\Windows\System32\drivers\dxapi.sys - ok

14:11:38.0289 4428 [ C58923115CDE6071C3BF2FF063546E9F ] C:\Windows\System32\win32k.sys

14:11:38.0289 4428 C:\Windows\System32\win32k.sys - ok

14:11:38.0305 4428 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] C:\Windows\System32\drivers\mouhid.sys

14:11:38.0305 4428 C:\Windows\System32\drivers\mouhid.sys - ok

14:11:38.0305 4428 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\System32\basesrv.dll

14:11:38.0305 4428 C:\Windows\System32\basesrv.dll - ok

14:11:38.0305 4428 [ 96F587CA26A6AA894BD8CACE4540CFFC ] C:\Windows\System32\csrsrv.dll

14:11:38.0305 4428 C:\Windows\System32\csrsrv.dll - ok

14:11:38.0321 4428 [ 60C2862B4BF0FD9F582EF344C2B1EC72 ] C:\Windows\System32\csrss.exe

14:11:38.0321 4428 C:\Windows\System32\csrss.exe - ok

14:11:38.0321 4428 [ FED648B01349A3C8395A5169DB5FB7D6 ] C:\Windows\System32\drivers\USBSTOR.SYS

14:11:38.0321 4428 C:\Windows\System32\drivers\USBSTOR.SYS - ok

14:11:38.0321 4428 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\System32\winsrv.dll

14:11:38.0321 4428 C:\Windows\System32\winsrv.dll - ok

14:11:38.0336 4428 [ B03D591DC7DA45ECE20B3B467E6AADAA ] C:\Windows\System32\drivers\monitor.sys

14:11:38.0336 4428 C:\Windows\System32\drivers\monitor.sys - ok

14:11:38.0336 4428 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\System32\sxssrv.dll

14:11:38.0336 4428 C:\Windows\System32\sxssrv.dll - ok

14:11:38.0336 4428 [ F29FE765E1448EF371CFE05BFAC74ADB ] C:\Windows\System32\tsddd.dll

14:11:38.0336 4428 C:\Windows\System32\tsddd.dll - ok

14:11:38.0352 4428 [ 2C942733A5983DD4502219FF37C7EBC7 ] C:\Windows\System32\profapi.dll

14:11:38.0352 4428 C:\Windows\System32\profapi.dll - ok

14:11:38.0352 4428 [ 94355C28C1970635A31B3FE52EB7CEBA ] C:\Windows\System32\wininit.exe

14:11:38.0352 4428 C:\Windows\System32\wininit.exe - ok

14:11:38.0352 4428 [ C2A8CB1275ECB85D246A9ECC02A728E3 ] C:\Windows\System32\RpcRtRemote.dll

14:11:38.0352 4428 C:\Windows\System32\RpcRtRemote.dll - ok

14:11:38.0367 4428 [ 78523A26F5604C0568FE9D1CE86E36F4 ] C:\Windows\System32\KBDUS.DLL

14:11:38.0367 4428 C:\Windows\System32\KBDUS.DLL - ok

14:11:38.0367 4428 [ 05569A79BF4693670B709144382D02D4 ] C:\Windows\System32\cdd.dll

14:11:38.0367 4428 C:\Windows\System32\cdd.dll - ok

14:11:38.0367 4428 [ B26B1801356760841C3BC69F9F91537F ] C:\Windows\System32\WlS0WndH.dll

14:11:38.0367 4428 C:\Windows\System32\WlS0WndH.dll - ok

14:11:38.0383 4428 [ 9CEAD32E79A62150FE9F8557E58E008B ] C:\Windows\System32\sxs.dll

14:11:38.0383 4428 C:\Windows\System32\sxs.dll - ok

14:11:38.0383 4428 [ 784FA3DF338E2E8F5F0389D6FAC428AF ] C:\Windows\System32\cryptbase.dll

14:11:38.0383 4428 C:\Windows\System32\cryptbase.dll - ok

14:11:38.0383 4428 [ 90499F3163A9F815CF196A205EA3CD5D ] C:\Windows\System32\apphelp.dll

14:11:38.0383 4428 C:\Windows\System32\apphelp.dll - ok

14:11:38.0383 4428 [ 9662EE182644511439F1C53745DC1C88 ] C:\Windows\System32\lsm.exe

14:11:38.0383 4428 C:\Windows\System32\lsm.exe - ok

14:11:38.0399 4428 [ E914A50A151DFFE63D3935226DB5E2C1 ] C:\Windows\System32\scext.dll

14:11:38.0399 4428 C:\Windows\System32\scext.dll - ok

14:11:38.0399 4428 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\System32\services.exe

14:11:38.0399 4428 C:\Windows\System32\services.exe - ok

14:11:38.0399 4428 [ B66BC8B20B7F33975865B1DF99783FD8 ] C:\Windows\System32\sspicli.dll

14:11:38.0399 4428 C:\Windows\System32\sspicli.dll - ok

14:11:38.0414 4428 [ 66A6063D0BAAD3F7B2B9868859E0743B ] C:\Windows\System32\lsasrv.dll

14:11:38.0414 4428 C:\Windows\System32\lsasrv.dll - ok

14:11:38.0414 4428 [ C118A82CD78818C29AB228366EBF81C3 ] C:\Windows\System32\lsass.exe

14:11:38.0414 4428 C:\Windows\System32\lsass.exe - ok

14:11:38.0414 4428 [ BBCDF350817BA86416C0F06B6981BE8D ] C:\Windows\System32\scesrv.dll

14:11:38.0414 4428 C:\Windows\System32\scesrv.dll - ok

14:11:38.0430 4428 [ 0144D8D75A0B12938AEEE859E3310A46 ] C:\Windows\System32\secur32.dll

14:11:38.0430 4428 C:\Windows\System32\secur32.dll - ok

14:11:38.0430 4428 [ 3A0CE5FE781708CD6ABD55313607EC8B ] C:\Windows\System32\sspisrv.dll

14:11:38.0430 4428 C:\Windows\System32\sspisrv.dll - ok

14:11:38.0430 4428 [ 68083118797CAF30FB2EA3E71494D67E ] C:\Windows\System32\sysntfy.dll

14:11:38.0430 4428 C:\Windows\System32\sysntfy.dll - ok

14:11:38.0445 4428 [ DEE7267C5D232A3B816866872CE199E6 ] C:\Windows\System32\wmsgapi.dll

14:11:38.0445 4428 C:\Windows\System32\wmsgapi.dll - ok

14:11:38.0445 4428 [ A744BA6E04C8AA4592818178DBF89521 ] C:\Windows\System32\samsrv.dll

14:11:38.0445 4428 C:\Windows\System32\samsrv.dll - ok

14:11:38.0445 4428 [ 3A9C9BAF610B0DD4967086040B3B62A9 ] C:\Windows\System32\srvcli.dll

14:11:38.0445 4428 C:\Windows\System32\srvcli.dll - ok

14:11:38.0445 4428 [ 2D066FBE63F7026C43C662C094B98076 ] C:\Windows\System32\bridgeres.dll

14:11:38.0445 4428 C:\Windows\System32\bridgeres.dll - ok

14:11:38.0461 4428 [ 3A061472B38233BAFF9CFEFF2E49C46B ] C:\Windows\System32\cryptdll.dll

14:11:38.0461 4428 C:\Windows\System32\cryptdll.dll - ok

14:11:38.0461 4428 [ 3C073B0C596A0AF84933E7406766B040 ] C:\Windows\System32\wevtapi.dll

14:11:38.0461 4428 C:\Windows\System32\wevtapi.dll - ok

14:11:38.0461 4428 [ 7FBEBD2229EA5FD48D41B199EC2D541C ] C:\Windows\System32\authz.dll

14:11:38.0461 4428 C:\Windows\System32\authz.dll - ok

14:11:38.0477 4428 [ 86FE1B1F8FD42CD0DB641AB1CDB13093 ] C:\Windows\System32\cngaudit.dll

14:11:38.0477 4428 C:\Windows\System32\cngaudit.dll - ok

14:11:38.0477 4428 [ 400645085A91BF3EB0271329B95AE0BE ] C:\Windows\System32\ncrypt.dll

14:11:38.0477 4428 C:\Windows\System32\ncrypt.dll - ok

14:11:38.0477 4428 [ B9A95365E52F421A20E1501935FADDA5 ] C:\Windows\System32\bcrypt.dll

14:11:38.0477 4428 C:\Windows\System32\bcrypt.dll - ok

14:11:38.0492 4428 [ 02B64609F865A39365FF88580DF11738 ] C:\Windows\System32\msprivs.dll

14:11:38.0492 4428 C:\Windows\System32\msprivs.dll - ok

14:11:38.0492 4428 [ 1151B1BAA6F350B1DB6598E0FEA7C457 ] C:\Windows\System32\winlogon.exe

14:11:38.0492 4428 C:\Windows\System32\winlogon.exe - ok

14:11:38.0492 4428 [ C6505DE3561537BA1004D638C2F93F2F ] C:\Windows\System32\netjoin.dll

14:11:38.0492 4428 C:\Windows\System32\netjoin.dll - ok

14:11:38.0492 4428 [ 0D9764D58C5EFD672B7184854B152E5E ] C:\Windows\System32\winsta.dll

14:11:38.0492 4428 C:\Windows\System32\winsta.dll - ok

14:11:38.0508 4428 [ 44E1A196DFCB53B01FE4B855C3B56A15 ] C:\Windows\System32\kerberos.dll

14:11:38.0508 4428 C:\Windows\System32\kerberos.dll - ok

14:11:38.0508 4428 [ 50532FCD7ECF02DD169CE5C485F02534 ] C:\Windows\System32\negoexts.dll

14:11:38.0508 4428 C:\Windows\System32\negoexts.dll - ok

14:11:38.0508 4428 [ D0C2FBB6D97416B0166478FC7AE2B212 ] C:\Windows\System32\cryptsp.dll

14:11:38.0508 4428 C:\Windows\System32\cryptsp.dll - ok

14:11:38.0523 4428 [ 1D5185A4C7E6695431AE4B55C3D7D333 ] C:\Windows\System32\mswsock.dll

14:11:38.0523 4428 C:\Windows\System32\mswsock.dll - ok

14:11:38.0523 4428 [ 94E026870A55AAEAFF7853C1754091E9 ] C:\Windows\System32\version.dll

14:11:38.0523 4428 C:\Windows\System32\version.dll - ok

14:11:38.0523 4428 [ EC7CBFF96B05ECF3D366355B3C64ADCF ] C:\Windows\System32\wship6.dll

14:11:38.0523 4428 C:\Windows\System32\wship6.dll - ok

14:11:38.0539 4428 [ EF12B8385AA2849999008A977918F96B ] C:\Windows\System32\msv1_0.dll

14:11:38.0539 4428 C:\Windows\System32\msv1_0.dll - ok

14:11:38.0539 4428 [ AA339DD8BB128EF66660DFBBB59043D3 ] C:\Windows\System32\netlogon.dll

14:11:38.0539 4428 C:\Windows\System32\netlogon.dll - ok

14:11:38.0539 4428 [ 492D07D79E7024CA310867B526D9636D ] C:\Windows\System32\dnsapi.dll

14:11:38.0539 4428 C:\Windows\System32\dnsapi.dll - ok

14:11:38.0555 4428 [ 8FFE297B8449386E7B6851458B6E474E ] C:\Windows\System32\logoncli.dll

14:11:38.0555 4428 C:\Windows\System32\logoncli.dll - ok

14:11:38.0555 4428 [ 1573C45E65DE32B1BC3572634F8F1E8E ] C:\Windows\System32\schannel.dll

14:11:38.0555 4428 C:\Windows\System32\schannel.dll - ok

14:11:38.0555 4428 [ 95FB6CA4374E343DDD653FCC43F9D26B ] C:\Windows\System32\wdigest.dll

14:11:38.0555 4428 C:\Windows\System32\wdigest.dll - ok

14:11:38.0570 4428 [ 5D8874A8C11DDDDE29E12DE0E2013493 ] C:\Windows\System32\rsaenh.dll

14:11:38.0570 4428 C:\Windows\System32\rsaenh.dll - ok

14:11:38.0570 4428 [ 8A25506B6948EFBD5A7F37E53CCD36D9 ] C:\Windows\System32\TSpkg.dll

14:11:38.0570 4428 C:\Windows\System32\TSpkg.dll - ok

14:11:38.0570 4428 [ E08088A97F95345E181C3DFCE2C615EF ] C:\Windows\System32\pku2u.dll

14:11:38.0570 4428 C:\Windows\System32\pku2u.dll - ok

14:11:38.0586 4428 [ 55C892560C1B42BC57FB61AEFCED2F22 ] C:\Windows\System32\LIVESSP.DLL

14:11:38.0586 4428 C:\Windows\System32\LIVESSP.DLL - ok

14:11:38.0586 4428 [ D6C7780A364C6BBACFA796BAB9F1B374 ] C:\Windows\System32\bcryptprimitives.dll

14:11:38.0586 4428 C:\Windows\System32\bcryptprimitives.dll - ok

14:11:38.0586 4428 [ 90BDEFC5DF334E5100EAA781D798DE1A ] C:\Windows\System32\efslsaext.dll

14:11:38.0586 4428 C:\Windows\System32\efslsaext.dll - ok

14:11:38.0586 4428 [ 52D3D5E3586988D4D9E34ACAAC33105C ] C:\Windows\System32\credssp.dll

14:11:38.0586 4428 C:\Windows\System32\credssp.dll - ok

14:11:38.0601 4428 [ ED78427259134C63ED69804D2132B86C ] C:\Windows\System32\scecli.dll

14:11:38.0601 4428 C:\Windows\System32\scecli.dll - ok

14:11:38.0601 4428 [ 7CC7DF5B654DA579613F811D8C637E29 ] C:\Windows\System32\ubpm.dll

14:11:38.0601 4428 C:\Windows\System32\ubpm.dll - ok

14:11:38.0601 4428 [ C78655BC80301D76ED4FEF1C1EA40A7D ] C:\Windows\System32\svchost.exe

14:11:38.0601 4428 C:\Windows\System32\svchost.exe - ok

14:11:38.0617 4428 [ E6EB44ABAAF1F330119F854856C53EBE ] C:\Windows\System32\SPInf.dll

14:11:38.0617 4428 C:\Windows\System32\SPInf.dll - ok

14:11:38.0617 4428 [ 25FBDEF06C4D92815B353F6E792C8129 ] C:\Windows\System32\umpnpmgr.dll

14:11:38.0617 4428 C:\Windows\System32\umpnpmgr.dll - ok

14:11:38.0617 4428 [ CD1B5AD07E5F7FEF30E055DCC9E96180 ] C:\Windows\System32\devrtl.dll

14:11:38.0617 4428 C:\Windows\System32\devrtl.dll - ok

14:11:38.0633 4428 [ 9C9307C95671AC962F3D6EB3A4A89BAE ] C:\Windows\System32\gpapi.dll

14:11:38.0633 4428 C:\Windows\System32\gpapi.dll - ok

14:11:38.0633 4428 [ 7A17485DC7D8A7AC81321A42CD034519 ] C:\Windows\System32\userenv.dll

14:11:38.0633 4428 C:\Windows\System32\userenv.dll - ok

14:11:38.0633 4428 [ F6C011B46FAEEF33536B2E80F48B5CBE ] C:\Windows\System32\pcwum.dll

14:11:38.0633 4428 C:\Windows\System32\pcwum.dll - ok

14:11:38.0648 4428 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] C:\Windows\System32\umpo.dll

14:11:38.0648 4428 C:\Windows\System32\umpo.dll - ok

14:11:38.0648 4428 [ 716175021BDA290504CE434273F666BC ] C:\Windows\System32\powrprof.dll

14:11:38.0648 4428 C:\Windows\System32\powrprof.dll - ok

14:11:38.0648 4428 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] C:\Windows\System32\drivers\luafv.sys

14:11:38.0648 4428 C:\Windows\System32\drivers\luafv.sys - ok

14:11:38.0664 4428 [ B50CDD87772D6A11CB90924AAD399DF8 ] C:\Windows\System32\drivers\aswMonFlt.sys

14:11:38.0664 4428 C:\Windows\System32\drivers\aswMonFlt.sys - ok

14:11:38.0664 4428 [ 56139566E462C1FB1775E140D4EE6B22 ] C:\Program Files (x86)\COMODO\COMODO livePCsupport\CLPSLS.exe

14:11:38.0664 4428 C:\Program Files (x86)\COMODO\COMODO livePCsupport\CLPSLS.exe - ok

14:11:38.0664 4428 [ E73B0F1819602CB6EF176FB78D76A47B ] C:\Windows\SysWOW64\ntdll.dll

14:11:38.0664 4428 C:\Windows\SysWOW64\ntdll.dll - ok

14:11:38.0679 4428 [ 15B30F15BD13640B337A0FC37BD48CDE ] C:\Windows\System32\wow64.dll

14:11:38.0679 4428 C:\Windows\System32\wow64.dll - ok

14:11:38.0679 4428 [ 2970785A72054740E1A5DCEB32485486 ] C:\Windows\System32\wow64win.dll

14:11:38.0679 4428 C:\Windows\System32\wow64win.dll - ok

14:11:38.0679 4428 [ 98168B9B0656A01A321FF1BECB2C03E1 ] C:\Windows\System32\wow64cpu.dll

14:11:38.0679 4428 C:\Windows\System32\wow64cpu.dll - ok

14:11:38.0695 4428 [ D4F3176082566CEFA633B4945802D4C4 ] C:\Windows\SysWOW64\kernel32.dll

14:11:38.0695 4428 C:\Windows\SysWOW64\kernel32.dll - ok

14:11:38.0695 4428 [ 95E2376B3323F062EB562B8586D0F14A ] C:\Windows\SysWOW64\advapi32.dll

14:11:38.0695 4428 C:\Windows\SysWOW64\advapi32.dll - ok

14:11:38.0695 4428 [ 0978C2B33BDD0A7E6C563AA337DC8BA0 ] C:\Windows\SysWOW64\KernelBase.dll

14:11:38.0695 4428 C:\Windows\SysWOW64\KernelBase.dll - ok

14:11:38.0711 4428 [ 9DC80A8AAAAAC397BDAB3C67165A824E ] C:\Windows\SysWOW64\msvcrt.dll

14:11:38.0711 4428 C:\Windows\SysWOW64\msvcrt.dll - ok

14:11:38.0711 4428 [ C5AD8083CF94201F1F8084ECC696A8B7 ] C:\Windows\SysWOW64\rpcrt4.dll

14:11:38.0711 4428 C:\Windows\SysWOW64\rpcrt4.dll - ok

14:11:38.0711 4428 [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\SysWOW64\sechost.dll

14:11:38.0711 4428 C:\Windows\SysWOW64\sechost.dll - ok

14:11:38.0711 4428 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] C:\Windows\System32\drivers\aswFsBlk.sys

14:11:38.0711 4428 C:\Windows\System32\drivers\aswFsBlk.sys - ok

14:11:38.0726 4428 [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\SysWOW64\cryptbase.dll

14:11:38.0726 4428 C:\Windows\SysWOW64\cryptbase.dll - ok

14:11:38.0726 4428 [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\SysWOW64\profapi.dll

14:11:38.0726 4428 C:\Windows\SysWOW64\profapi.dll - ok

14:11:38.0726 4428 [ EDA7AD21DF8945528F01F0A86D69E524 ] C:\Windows\SysWOW64\sspicli.dll

14:11:38.0726 4428 C:\Windows\SysWOW64\sspicli.dll - ok

14:11:38.0742 4428 [ D15618A0FF8DBC2C5BF3726BACC75A0B ] C:\Windows\SysWOW64\userenv.dll

14:11:38.0742 4428 C:\Windows\SysWOW64\userenv.dll - ok

14:11:38.0742 4428 [ 6A6B2EE4565A178035BE2A4FF6F2C968 ] C:\Windows\SysWOW64\wtsapi32.dll

14:11:38.0742 4428 C:\Windows\SysWOW64\wtsapi32.dll - ok

14:11:38.0742 4428 [ 5C627D1B1138676C0A7AB2C2C190D123 ] C:\Windows\System32\rpcss.dll

14:11:38.0742 4428 C:\Windows\System32\rpcss.dll - ok

14:11:38.0757 4428 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] C:\Windows\System32\RpcEpMap.dll

14:11:38.0757 4428 C:\Windows\System32\RpcEpMap.dll - ok

14:11:38.0757 4428 [ 31559F3244C6BC00A52030CAA83B6B91 ] C:\Windows\System32\WSHTCPIP.DLL

14:11:38.0757 4428 C:\Windows\System32\WSHTCPIP.DLL - ok

14:11:38.0757 4428 [ 16E964ABF6D1E0F0CC7822FCA9BA754D ] C:\Windows\System32\wshqos.dll

14:11:38.0757 4428 C:\Windows\System32\wshqos.dll - ok

14:11:38.0773 4428 [ 65FB5097D9EE7E3A99E932CFA0E4B344 ] C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

14:11:38.0773 4428 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe - ok

14:11:38.0773 4428 [ 9AD9E06F8656F296D91FAE8EE5B95A27 ] C:\Windows\System32\FirewallAPI.dll

14:11:38.0773 4428 C:\Windows\System32\FirewallAPI.dll - ok

14:11:38.0773 4428 [ 715F03B4C7223349768013EA95D9E5B7 ] C:\Windows\System32\LogonUI.exe

14:11:38.0773 4428 C:\Windows\System32\LogonUI.exe - ok

14:11:38.0789 4428 [ 1F4492FE41767CDB8B89D17655847CDD ] C:\Windows\System32\ntmarta.dll

14:11:38.0789 4428 C:\Windows\System32\ntmarta.dll - ok

14:11:38.0789 4428 [ 0BEE002C68E28CE6DA161DCF1376D7D7 ] C:\Windows\System32\authui.dll

14:11:38.0789 4428 C:\Windows\System32\authui.dll - ok

14:11:38.0789 4428 [ A7A8CA53D9C9FD90C07AB0EB38E5316B ] C:\Windows\System32\dbghelp.dll

14:11:38.0789 4428 C:\Windows\System32\dbghelp.dll - ok

14:11:38.0804 4428 [ F3D202F53A222D5F6944D459B73CF967 ] C:\Windows\System32\fltLib.dll

14:11:38.0804 4428 C:\Windows\System32\fltLib.dll - ok

14:11:38.0804 4428 [ BD3674BE7FC9D8D3732C83E8499576ED ] C:\Windows\System32\wtsapi32.dll

14:11:38.0804 4428 C:\Windows\System32\wtsapi32.dll - ok

14:11:38.0804 4428 [ 5EB6E9C8BE1ACC5830780E0F9A846255 ] C:\Windows\System32\msi.dll

14:11:38.0804 4428 C:\Windows\System32\msi.dll - ok

14:11:38.0820 4428 [ EF2AE43BCD46ABB13FC3E5B2B1935C73 ] C:\Windows\System32\winmm.dll

14:11:38.0820 4428 C:\Windows\System32\winmm.dll - ok

14:11:38.0820 4428 [ EEEA40F0EDB0A6E5359E539E15D0BC77 ] C:\Windows\System32\netapi32.dll

14:11:38.0820 4428 C:\Windows\System32\netapi32.dll - ok

14:11:38.0820 4428 [ 6CECA4C6A489C9B2E6073AFDAAE3F607 ] C:\Windows\System32\netutils.dll

14:11:38.0820 4428 C:\Windows\System32\netutils.dll - ok

14:11:38.0835 4428 [ 3C91392D448F6E5D525A85B7550D8BA9 ] C:\Windows\System32\wkscli.dll

14:11:38.0835 4428 C:\Windows\System32\wkscli.dll - ok

14:11:38.0835 4428 [ 6CEF7856A3EFAC59470F6208F0F585CE ] C:\Windows\System32\mpr.dll

14:11:38.0835 4428 C:\Windows\System32\mpr.dll - ok

14:11:38.0835 4428 [ CF636C92B762B26F0B39B38E92380A09 ] C:\Windows\System32\oleacc.dll

14:11:38.0835 4428 C:\Windows\System32\oleacc.dll - ok

14:11:38.0851 4428 [ 0015ACFBBDD164A8A730009908868CA7 ] C:\Windows\System32\winspool.drv

14:11:38.0851 4428 C:\Windows\System32\winspool.drv - ok

14:11:38.0851 4428 [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll

14:11:38.0851 4428 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll - ok

14:11:38.0851 4428 [ 019CD868461B646E09BDF04474C19341 ] C:\Windows\System32\rasapi32.dll

14:11:38.0851 4428 C:\Windows\System32\rasapi32.dll - ok

14:11:38.0867 4428 [ B28DEEC597C8DEB70C744C7CF9210E3E ] C:\Windows\System32\rasman.dll

14:11:38.0867 4428 C:\Windows\System32\rasman.dll - ok

14:11:38.0867 4428 [ 9DB705936111BB34B11BB3EEB345AAF6 ] C:\Program Files\COMODO\COMODO Internet Security\framework.dll

14:11:38.0867 4428 C:\Program Files\COMODO\COMODO Internet Security\framework.dll - ok

14:11:38.0867 4428 [ DEAFA4336865C8667B8DAC16D62DBEDC ] C:\Program Files\COMODO\COMODO Internet Security\scanners\rkdscan.dll

14:11:38.0867 4428 C:\Program Files\COMODO\COMODO Internet Security\scanners\rkdscan.dll - ok

14:11:38.0882 4428 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] C:\Windows\System32\cryptsvc.dll

14:11:38.0882 4428 C:\Windows\System32\cryptsvc.dll - ok

14:11:38.0882 4428 [ 666A60F6F5E719856FF6254E0966EFF7 ] C:\Windows\System32\wbem\wbemprox.dll

14:11:38.0882 4428 C:\Windows\System32\wbem\wbemprox.dll - ok

14:11:38.0882 4428 [ 8792BAB371B4B1589E015B6FD1ED3B15 ] C:\Windows\System32\cryptnet.dll

14:11:38.0882 4428 C:\Windows\System32\cryptnet.dll - ok

14:11:38.0898 4428 [ 54716D9BB43733578A5647E9B121141F ] C:\Windows\System32\atiesrxx.exe

14:11:38.0898 4428 C:\Windows\System32\atiesrxx.exe - ok

14:11:38.0898 4428 [ 7DB5AA22A8A8E5C2D335F44853C1F6DE ] C:\Windows\System32\wbemcomn.dll

14:11:38.0898 4428 C:\Windows\System32\wbemcomn.dll - ok

14:11:38.0898 4428 [ 6011714C8C5C55CBFFAD24D61E879FBD ] C:\Windows\System32\wevtsvc.dll

14:11:38.0898 4428 C:\Windows\System32\wevtsvc.dll - ok

14:11:38.0913 4428 [ F23FEF6D569FCE88671949894A8BECF1 ] C:\Windows\System32\audiosrv.dll

14:11:38.0913 4428 C:\Windows\System32\audiosrv.dll - ok

14:11:38.0913 4428 [ 227E2C382A1E02F8D4965E664D3BBE43 ] C:\Windows\System32\MMDevAPI.dll

14:11:38.0913 4428 C:\Windows\System32\MMDevAPI.dll - ok

14:11:38.0913 4428 [ F06BB4E336EA57511FDBAFAFCC47DE62 ] C:\Windows\System32\propsys.dll

14:11:38.0913 4428 C:\Windows\System32\propsys.dll - ok

14:11:38.0929 4428 [ 78A1E65207484B7F8D3217507745F47C ] C:\Windows\System32\avrt.dll

14:11:38.0929 4428 C:\Windows\System32\avrt.dll - ok

14:11:38.0929 4428 [ E40E80D0304A73E8D269F7141D77250B ] C:\Windows\System32\mmcss.dll

14:11:38.0929 4428 C:\Windows\System32\mmcss.dll - ok

14:11:38.0929 4428 [ B3BFBD758506ECB50C5804AAA76318F9 ] C:\Windows\System32\cryptui.dll

14:11:38.0929 4428 C:\Windows\System32\cryptui.dll - ok

14:11:38.0929 4428 [ D5CCA1453B98A5801E6D5FF0FF89DC6C ] C:\Windows\System32\audiodg.exe

14:11:38.0929 4428 C:\Windows\System32\audiodg.exe - ok

14:11:38.0945 4428 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] C:\Windows\System32\cscsvc.dll

14:11:38.0945 4428 C:\Windows\System32\cscsvc.dll - ok

14:11:38.0945 4428 [ 29910D50542B1AA0F162EF3339C61B6D ] C:\Windows\System32\PeerDist.dll

14:11:38.0945 4428 C:\Windows\System32\PeerDist.dll - ok

14:11:38.0945 4428 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] C:\Windows\System32\gpsvc.dll

14:11:38.0945 4428 C:\Windows\System32\gpsvc.dll - ok

14:11:38.0960 4428 [ 46BB91A169B9B31FF44EB04C48EC1D41 ] C:\Windows\System32\nlaapi.dll

14:11:38.0960 4428 C:\Windows\System32\nlaapi.dll - ok

14:11:38.0960 4428 [ BAAFAF9CEAEC0B73C2A3550A01F6CECB ] C:\Windows\System32\taskschd.dll

14:11:38.0960 4428 C:\Windows\System32\taskschd.dll - ok

14:11:38.0960 4428 [ 862596399AAFD2A21DB2AF9270CD4F70 ] C:\Windows\System32\mstask.dll

14:11:38.0960 4428 C:\Windows\System32\mstask.dll - ok

14:11:38.0976 4428 [ 58775492FFD419248B08325E583C527F ] C:\Windows\System32\atl.dll

14:11:38.0976 4428 C:\Windows\System32\atl.dll - ok

14:11:38.0976 4428 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] C:\Windows\System32\profsvc.dll

14:11:38.0976 4428 C:\Windows\System32\profsvc.dll - ok

14:11:38.0976 4428 [ F0344071948D1A1FA732231785A0664C ] C:\Windows\System32\themeservice.dll

14:11:38.0976 4428 C:\Windows\System32\themeservice.dll - ok

14:11:38.0991 4428 [ A77BE7CB3222B4FB0AC6C71D1C2698D4 ] C:\Windows\System32\dsrole.dll

14:11:38.0991 4428 C:\Windows\System32\dsrole.dll - ok

14:11:38.0991 4428 [ BE097F5BB10F9079FCEB2DC4E7E20F02 ] C:\Windows\System32\slc.dll

14:11:38.0991 4428 C:\Windows\System32\slc.dll - ok

14:11:38.0991 4428 [ 4166F82BE4D24938977DD1746BE9B8A0 ] C:\Windows\System32\es.dll

14:11:38.0991 4428 C:\Windows\System32\es.dll - ok

14:11:39.0007 4428 [ 588CD0C78A7FAAE4186B5EEA0AF3ED67 ] C:\Windows\System32\adtschema.dll

14:11:39.0007 4428 C:\Windows\System32\adtschema.dll - ok

14:11:39.0007 4428 [ 1A47D52E303B7543E4E6026595B95422 ] C:\Windows\System32\comres.dll

14:11:39.0007 4428 C:\Windows\System32\comres.dll - ok

14:11:39.0007 4428 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] C:\Windows\System32\wlansvc.dll

14:11:39.0007 4428 C:\Windows\System32\wlansvc.dll - ok

14:11:39.0023 4428 [ FE05D03B73000CFF476E1D29109F3A84 ] C:\Program Files\Windows Defender\MpEvMsg.dll

14:11:39.0023 4428 C:\Program Files\Windows Defender\MpEvMsg.dll - ok

14:11:39.0023 4428 [ DA6B67270FD9DB3697B20FCE94950741 ] C:\Windows\System32\drivers\fltMgr.sys

14:11:39.0023 4428 C:\Windows\System32\drivers\fltMgr.sys - ok

14:11:39.0023 4428 [ A3DB3C17EE6CAE65D53602B4E80BCCBC ] C:\Windows\System32\PSHED.DLL

14:11:39.0023 4428 C:\Windows\System32\PSHED.DLL - ok

14:11:39.0038 4428 [ C32AB8FA018EF34C0F113BD501436D21 ] C:\Windows\System32\Sens.dll

14:11:39.0038 4428 C:\Windows\System32\Sens.dll - ok

14:11:39.0038 4428 [ 0E2F58F6E698EDCB9E58FAD0CBCD0567 ] C:\Windows\System32\vssapi.dll

14:11:39.0038 4428 C:\Windows\System32\vssapi.dll - ok

14:11:39.0038 4428 [ FC51229C7D4AFA0D6F186133728B95AB ] C:\Windows\System32\samcli.dll

14:11:39.0038 4428 C:\Windows\System32\samcli.dll - ok

14:11:39.0038 4428 [ 5B3EBFC3DA142324B388DDCC4465E1FF ] C:\Windows\System32\samlib.dll

14:11:39.0038 4428 C:\Windows\System32\samlib.dll - ok

14:11:39.0054 4428 [ 287923557447D7E4BDD7E65B1F0F5428 ] C:\Windows\System32\vsstrace.dll

14:11:39.0054 4428 C:\Windows\System32\vsstrace.dll - ok

14:11:39.0054 4428 [ 7FA8FDC2C2A27817FD0F624E78D3B50C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll

14:11:39.0054 4428 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll - ok

14:11:39.0054 4428 [ 4E9C2DB10F7E6AE91BF761139D4B745B ] C:\Windows\System32\shacct.dll

14:11:39.0054 4428 C:\Windows\System32\shacct.dll - ok

14:11:39.0069 4428 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] C:\Windows\System32\uxsms.dll

14:11:39.0069 4428 C:\Windows\System32\uxsms.dll - ok

14:11:39.0069 4428 [ 1538831CF8AD2979A04C423779465827 ] C:\Windows\System32\drivers\lltdio.sys

14:11:39.0069 4428 C:\Windows\System32\drivers\lltdio.sys - ok

14:11:39.0069 4428 [ 136185F9FB2CC61E573E676AA5402356 ] C:\Windows\System32\drivers\ndisuio.sys

14:11:39.0069 4428 C:\Windows\System32\drivers\ndisuio.sys - ok

14:11:39.0085 4428 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] C:\Windows\System32\drivers\nwifi.sys

14:11:39.0085 4428 C:\Windows\System32\drivers\nwifi.sys - ok

14:11:39.0085 4428 [ DDC86E4F8E7456261E637E3552E804FF ] C:\Windows\System32\drivers\rspndr.sys

14:11:39.0085 4428 C:\Windows\System32\drivers\rspndr.sys - ok

14:11:39.0085 4428 [ 2B81776DA02017A37FE26C662827470E ] C:\Windows\System32\IPHLPAPI.DLL

14:11:39.0085 4428 C:\Windows\System32\IPHLPAPI.DLL - ok

14:11:39.0101 4428 [ F993A32249B66C9D622EA5592A8B76B8 ] C:\Windows\System32\lmhsvc.dll

14:11:39.0101 4428 C:\Windows\System32\lmhsvc.dll - ok

14:11:39.0101 4428 [ D54BFDF3E0C953F823B3D0BFE4732528 ] C:\Windows\System32\nsisvc.dll

14:11:39.0101 4428 C:\Windows\System32\nsisvc.dll - ok

14:11:39.0101 4428 [ D29E998E8277666982B4F0303BF4E7AF ] C:\Windows\System32\uxtheme.dll

14:11:39.0101 4428 C:\Windows\System32\uxtheme.dll - ok

14:11:39.0116 4428 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] C:\Windows\System32\dhcpcore.dll

14:11:39.0116 4428 C:\Windows\System32\dhcpcore.dll - ok

14:11:39.0116 4428 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] C:\Windows\System32\dnsrslvr.dll

14:11:39.0116 4428 C:\Windows\System32\dnsrslvr.dll - ok

14:11:39.0116 4428 [ 87356377F31DA5F20A833811CD59499C ] C:\Windows\System32\eapphost.dll

14:11:39.0116 4428 C:\Windows\System32\eapphost.dll - ok

14:11:39.0132 4428 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] C:\Windows\System32\eapsvc.dll

14:11:39.0132 4428 C:\Windows\System32\eapsvc.dll - ok

14:11:39.0132 4428 [ F9EC845C5EECF20E9A67F9F805F2EF1F ] C:\Windows\System32\keyiso.dll

14:11:39.0132 4428 C:\Windows\System32\keyiso.dll - ok

14:11:39.0132 4428 [ B73A6E4B319AFFE64582AC5C1801BB3F ] C:\Windows\System32\nrpsrv.dll

14:11:39.0132 4428 C:\Windows\System32\nrpsrv.dll - ok

14:11:39.0147 4428 [ 4C9210E8F4E052F6A4EB87716DA0C24C ] C:\Windows\System32\winnsi.dll

14:11:39.0147 4428 C:\Windows\System32\winnsi.dll - ok

14:11:39.0147 4428 [ 179E8401224D557ECFF3695F2016EA5B ] C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll

14:11:39.0147 4428 C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll - ok

14:11:39.0147 4428 [ 3CB6A7286422C72C34DAB54A5DFF1A34 ] C:\Windows\System32\dui70.dll

14:11:39.0147 4428 C:\Windows\System32\dui70.dll - ok

14:11:39.0163 4428 [ 0040C486584A8E582C861CFB57AB5387 ] C:\Windows\System32\FWPUCLNT.DLL

14:11:39.0163 4428 C:\Windows\System32\FWPUCLNT.DLL - ok

14:11:39.0163 4428 [ 9FCA3A84338ADEF2AFF67CDA46EF8539 ] C:\Windows\System32\umb.dll

14:11:39.0163 4428 C:\Windows\System32\umb.dll - ok

14:11:39.0163 4428 [ A648C4A06DE367065B24056D067B4460 ] C:\Windows\System32\wlanmsm.dll

14:11:39.0163 4428 C:\Windows\System32\wlanmsm.dll - ok

14:11:39.0163 4428 [ 3CC16A849E6092E43909F48EF0E60306 ] C:\Windows\System32\dhcpcore6.dll

14:11:39.0163 4428 C:\Windows\System32\dhcpcore6.dll - ok

14:11:39.0179 4428 [ 885D0942E0F28DB90919BE3129ECF279 ] C:\Windows\System32\dnsext.dll

14:11:39.0179 4428 C:\Windows\System32\dnsext.dll - ok

14:11:39.0179 4428 [ 06A1386B6E3A0CBC368665C1840906F4 ] C:\Windows\System32\wlansec.dll

14:11:39.0179 4428 C:\Windows\System32\wlansec.dll - ok

14:11:39.0179 4428 [ 3C06D5A929B798D0B13F6481242A0FD2 ] C:\Windows\System32\dhcpcsvc6.dll

14:11:39.0179 4428 C:\Windows\System32\dhcpcsvc6.dll - ok

14:11:39.0194 4428 [ F568F7C08458D69E4FCD8675BBB107E4 ] C:\Windows\System32\dhcpcsvc.dll

14:11:39.0194 4428 C:\Windows\System32\dhcpcsvc.dll - ok

14:11:39.0194 4428 [ 8CCDE014A4CDF84564E03ACE064CA753 ] C:\Windows\System32\duser.dll

14:11:39.0194 4428 C:\Windows\System32\duser.dll - ok

14:11:39.0194 4428 [ 0D753307D274F3688BD21C377B616700 ] C:\Windows\System32\eappcfg.dll

14:11:39.0194 4428 C:\Windows\System32\eappcfg.dll - ok

14:11:39.0210 4428 [ 65522E77A1360DBC8D199DA3BF5EFFE4 ] C:\Windows\System32\eappprxy.dll

14:11:39.0210 4428 C:\Windows\System32\eappprxy.dll - ok

14:11:39.0210 4428 [ 73FCB7919DEE80EE556F2E498594EBAE ] C:\Windows\System32\onex.dll

14:11:39.0210 4428 C:\Windows\System32\onex.dll - ok

14:11:39.0210 4428 [ D7F1EF374A90709B31591823B002F918 ] C:\Windows\System32\SndVolSSO.dll

14:11:39.0210 4428 C:\Windows\System32\SndVolSSO.dll - ok

14:11:39.0225 4428 [ 896F15A6434D93EDB42519D5E18E6B50 ] C:\Windows\System32\hid.dll

14:11:39.0225 4428 C:\Windows\System32\hid.dll - ok

14:11:39.0225 4428 [ 97E43F324BE1503CB2FFB058534688DA ] C:\Windows\System32\l2gpstore.dll

14:11:39.0225 4428 C:\Windows\System32\l2gpstore.dll - ok

14:11:39.0225 4428 [ 7D5645EE0EA77D539828433D9B95F5EB ] C:\Windows\System32\WinSCard.dll

14:11:39.0225 4428 C:\Windows\System32\WinSCard.dll - ok

14:11:39.0241 4428 [ 7F1B4C6FF3B85F9ADF74055187B8A22C ] C:\Windows\System32\wlanutil.dll

14:11:39.0241 4428 C:\Windows\System32\wlanutil.dll - ok

14:11:39.0241 4428 [ 730BF204A595D5B6D7DC57A247CC741C ] C:\Windows\System32\wlgpclnt.dll

14:11:39.0241 4428 C:\Windows\System32\wlgpclnt.dll - ok

14:11:39.0241 4428 [ DA1B7075260F3872585BFCDD668C648B ] C:\Windows\System32\dwmapi.dll

14:11:39.0241 4428 C:\Windows\System32\dwmapi.dll - ok

14:11:39.0241 4428 [ 4FFDE68C4B7C9993FA551E7E36DDB34D ] C:\Windows\System32\msxml6.dll

14:11:39.0241 4428 C:\Windows\System32\msxml6.dll - ok

14:11:39.0257 4428 [ 6F8B48F3D343E4B186AB6A9E302B7E16 ] C:\Windows\System32\xmllite.dll

14:11:39.0257 4428 C:\Windows\System32\xmllite.dll - ok

14:11:39.0257 4428 [ 26B73A85855681500BCC25C7CD9FF5B1 ] C:\Windows\System32\WindowsCodecs.dll

14:11:39.0257 4428 C:\Windows\System32\WindowsCodecs.dll - ok

14:11:39.0257 4428 [ 8FA553E9AE69808D99C164733A0F9590 ] C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

14:11:39.0257 4428 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe - ok

14:11:39.0272 4428 [ 7FF15A4F092CD4A96055BA69F903E3E9 ] C:\Windows\SysWOW64\ws2_32.dll

14:11:39.0272 4428 C:\Windows\SysWOW64\ws2_32.dll - ok

14:11:39.0272 4428 [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\SysWOW64\nsi.dll

14:11:39.0272 4428 C:\Windows\SysWOW64\nsi.dll - ok

14:11:39.0272 4428 [ 9F2BACD5E1776A4BB7CC0EC3C3A4F96D ] C:\Windows\System32\winbrand.dll

14:11:39.0272 4428 C:\Windows\System32\winbrand.dll - ok

14:11:39.0288 4428 [ EB398DED91CFF2F425610EAA2CCF2A23 ] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll

14:11:39.0288 4428 C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll - ok

14:11:39.0288 4428 [ CA2985996BB49924B677113DF95CFEA7 ] C:\Windows\System32\SmartcardCredentialProvider.dll

14:11:39.0288 4428 C:\Windows\System32\SmartcardCredentialProvider.dll - ok

14:11:39.0288 4428 [ C2762A57DF0EE85E63CE4893C5215313 ] C:\Windows\System32\VaultCredProvider.dll

14:11:39.0288 4428 C:\Windows\System32\VaultCredProvider.dll - ok

14:11:39.0303 4428 [ BF352E73615F5461AA6884472435A544 ] C:\Windows\System32\BioCredProv.dll

14:11:39.0303 4428 C:\Windows\System32\BioCredProv.dll - ok

14:11:39.0303 4428 [ 796B8123A7859AFD3A4AE10514DBAEB5 ] C:\Windows\System32\winbio.dll

14:11:39.0303 4428 C:\Windows\System32\winbio.dll - ok

14:11:39.0303 4428 [ CC0AB40F02D2C2A12209715A3C1B07B8 ] C:\Windows\System32\credui.dll

14:11:39.0303 4428 C:\Windows\System32\credui.dll - ok

14:11:39.0319 4428 [ 44B9C66177651F3F53C87B665D58D17A ] C:\Windows\System32\vaultcli.dll

14:11:39.0319 4428 C:\Windows\System32\vaultcli.dll - ok

14:11:39.0319 4428 [ 972C3301DB3DA91AE06A95F6B4160B1B ] C:\Windows\System32\certCredProvider.dll

14:11:39.0319 4428 C:\Windows\System32\certCredProvider.dll - ok

14:11:39.0319 4428 [ 7097425051CE67B450EBF2B1390AE492 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL

14:11:39.0319 4428 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL - ok

14:11:39.0335 4428 [ 87FA0C48C3B2E9FEE518818FE26B15B5 ] C:\Windows\System32\rasplap.dll

14:11:39.0335 4428 C:\Windows\System32\rasplap.dll - ok

14:11:39.0335 4428 [ B53C4B69B695EDA1B7E41D35CA4244E2 ] C:\Windows\System32\rtutils.dll

14:11:39.0335 4428 C:\Windows\System32\rtutils.dll - ok

14:11:39.0335 4428 [ 9BC8610C32C96A2983A65DC21CAFA921 ] C:\Windows\System32\UXInit.dll

14:11:39.0335 4428 C:\Windows\System32\UXInit.dll - ok

14:11:39.0350 4428 [ 34988E1741CA36740284D902F8CC5A2E ] C:\Windows\System32\atieclxx.exe

14:11:39.0350 4428 C:\Windows\System32\atieclxx.exe - ok

14:11:39.0350 4428 [ 178B51198B7B46CD3C5E744474459A63 ] C:\Program Files\Alwil Software\Avast5\aswCmnOS.dll

14:11:39.0350 4428 C:\Program Files\Alwil Software\Avast5\aswCmnOS.dll - ok

14:11:39.0350 4428 [ BABE99A18A382A5E2F99B48E0BC3E0D4 ] C:\Program Files\Alwil Software\Avast5\aswCmnIS.dll

14:11:39.0350 4428 C:\Program Files\Alwil Software\Avast5\aswCmnIS.dll - ok

14:11:39.0366 4428 [ 9C998DB6710BE03FAA3C7D2E506FA774 ] C:\Windows\System32\atiadlxx.dll

14:11:39.0366 4428 C:\Windows\System32\atiadlxx.dll - ok

14:11:39.0366 4428 [ 5AA945234E9D4CCE4F715276B9AA712C ] C:\Windows\System32\imageres.dll

14:11:39.0366 4428 C:\Windows\System32\imageres.dll - ok

14:11:39.0366 4428 [ B0945E538CF906BBDDC5A11C8EE868CC ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll

14:11:39.0366 4428 C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok

14:11:39.0381 4428 [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll

14:11:39.0381 4428 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll - ok

14:11:39.0381 4428 [ A8EDB86FC2A4D6D1285E4C70384AC35A ] C:\Windows\System32\dllhost.exe

14:11:39.0381 4428 C:\Windows\System32\dllhost.exe - ok

14:11:39.0381 4428 [ A0A2C1D812C231C9BFE119FDC68E341B ] C:\Windows\System32\IDStore.dll

14:11:39.0381 4428 C:\Windows\System32\IDStore.dll - ok

14:11:39.0381 4428 [ 23566F9723771108D2E6CD768AC27407 ] C:\Windows\System32\AtBroker.exe

14:11:39.0381 4428 C:\Windows\System32\AtBroker.exe - ok

14:11:39.0397 4428 [ BAFE84E637BF7388C96EF48D4D3FDD53 ] C:\Windows\System32\userinit.exe

14:11:39.0397 4428 C:\Windows\System32\userinit.exe - ok

14:11:39.0397 4428 [ F162D5F5E845B9DC352DD1BAD8CEF1BC ] C:\Windows\System32\dwm.exe

14:11:39.0397 4428 C:\Windows\System32\dwm.exe - ok

14:11:39.0397 4428 [ 4BA77A5EF71C14C764B0ED4701683E3E ] C:\Windows\System32\dwmcore.dll

14:11:39.0397 4428 C:\Windows\System32\dwmcore.dll - ok

14:11:39.0413 4428 [ FCFCD1101C5DA23B4B95F93D02B2C169 ] C:\Windows\System32\dwmredir.dll

14:11:39.0413 4428 C:\Windows\System32\dwmredir.dll - ok

14:11:39.0413 4428 [ 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 ] C:\Windows\SysWOW64\user32.dll

14:11:39.0413 4428 C:\Windows\SysWOW64\user32.dll - ok

14:11:39.0413 4428 [ D6D3AD7BF1D6F6CE9547613ED5E170A2 ] C:\Windows\SysWOW64\gdi32.dll

14:11:39.0413 4428 C:\Windows\SysWOW64\gdi32.dll - ok

14:11:39.0428 4428 [ 384721EF4024890092625E20CADFAF85 ] C:\Windows\SysWOW64\lpk.dll

14:11:39.0428 4428 C:\Windows\SysWOW64\lpk.dll - ok

14:11:39.0428 4428 [ 804AAAFEBB3AD5F49334DD906BCB1DE5 ] C:\Windows\SysWOW64\usp10.dll

14:11:39.0428 4428 C:\Windows\SysWOW64\usp10.dll - ok

14:11:39.0428 4428 [ E1374D37477322D4956604711008C69D ] C:\Windows\System32\d3d10_1.dll

14:11:39.0428 4428 C:\Windows\System32\d3d10_1.dll - ok

14:11:39.0444 4428 [ 426BA4E737A7988FD1202AF2F2B2F4A6 ] C:\Windows\System32\d3d10_1core.dll

14:11:39.0444 4428 C:\Windows\System32\d3d10_1core.dll - ok

14:11:39.0444 4428 [ F404E59DB6A0F122AB26BF4F3E2FD0FA ] C:\Windows\System32\dxgi.dll

14:11:39.0444 4428 C:\Windows\System32\dxgi.dll - ok

14:11:39.0444 4428 [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll

14:11:39.0444 4428 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll - ok

14:11:39.0459 4428 [ 332FEAB1435662FC6C672E25BEB37BE3 ] C:\Windows\explorer.exe

14:11:39.0459 4428 C:\Windows\explorer.exe - ok

14:11:39.0459 4428 [ 73B1901F324E07D6CB46F5CDB2FFE37A ] C:\Windows\System32\aticfx64.dll

14:11:39.0459 4428 C:\Windows\System32\aticfx64.dll - ok

14:11:39.0459 4428 [ 142D78D1D776122DFB0ECFFC0809E4C6 ] C:\Windows\System32\atidxx64.dll

14:11:39.0459 4428 C:\Windows\System32\atidxx64.dll - ok

14:11:39.0475 4428 [ F0C432F39962CC51F357619BA785A74C ] C:\Windows\System32\atiuxp64.dll

14:11:39.0475 4428 C:\Windows\System32\atiuxp64.dll - ok

14:11:39.0475 4428 [ 49E5753D923F1AC63B22D3DCB0B47E00 ] C:\Windows\System32\uDWM.dll

14:11:39.0475 4428 C:\Windows\System32\uDWM.dll - ok

14:11:39.0475 4428 [ 55AFA63F5F2A6CED0C09E2AFE57ECA8D ] C:\Program Files\Alwil Software\Avast5\ashBase.dll

14:11:39.0475 4428 C:\Program Files\Alwil Software\Avast5\ashBase.dll - ok

14:11:39.0491 4428 [ C515CAEC6B3C6970007954C0250A124C ] C:\Program Files\Alwil Software\Avast5\aswEngLdr.dll

14:11:39.0491 4428 C:\Program Files\Alwil Software\Avast5\aswEngLdr.dll - ok

14:11:39.0491 4428 [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\SysWOW64\psapi.dll

14:11:39.0491 4428 C:\Windows\SysWOW64\psapi.dll - ok

14:11:39.0491 4428 [ 702254574E7E52052DE39408457B7149 ] C:\Windows\SysWOW64\version.dll

14:11:39.0491 4428 C:\Windows\SysWOW64\version.dll - ok

14:11:39.0506 4428 [ 42C671E0525618E23371D0E68282F37C ] C:\Windows\SysWOW64\wininet.dll

14:11:39.0506 4428 C:\Windows\SysWOW64\wininet.dll - ok

14:11:39.0506 4428 [ DF13A51A5C591887D2EC6AE64CEED0FA ] C:\Windows\SysWOW64\wsock32.dll

14:11:39.0506 4428 C:\Windows\SysWOW64\wsock32.dll - ok

14:11:39.0506 4428 [ 8CC3C111D653E96F3EA1590891491D71 ] C:\Windows\SysWOW64\shlwapi.dll

14:11:39.0506 4428 C:\Windows\SysWOW64\shlwapi.dll - ok

14:11:39.0506 4428 [ 557A086A4659799D63A9CE474ADFEBE8 ] C:\Windows\SysWOW64\urlmon.dll

14:11:39.0506 4428 C:\Windows\SysWOW64\urlmon.dll - ok

14:11:39.0522 4428 [ 928CF7268086631F54C3D8E17238C6DD ] C:\Windows\SysWOW64\ole32.dll

14:11:39.0522 4428 C:\Windows\SysWOW64\ole32.dll - ok

14:11:39.0522 4428 [ 6C765E82B57F2E66CE9C54AC238471D9 ] C:\Windows\SysWOW64\oleaut32.dll

14:11:39.0522 4428 C:\Windows\SysWOW64\oleaut32.dll - ok

14:11:39.0522 4428 [ 60D21799A4AF4EDCE65FB98830E4B0C8 ] C:\Windows\SysWOW64\crypt32.dll

14:11:39.0522 4428 C:\Windows\SysWOW64\crypt32.dll - ok

14:11:39.0537 4428 [ C5D48985BADF6CFEDCBCCDD5D92F526D ] C:\Windows\SysWOW64\iertutil.dll

14:11:39.0537 4428 C:\Windows\SysWOW64\iertutil.dll - ok

14:11:39.0537 4428 [ 938F39B50BAFE13D6F58C7790682C010 ] C:\Windows\SysWOW64\msasn1.dll

14:11:39.0537 4428 C:\Windows\SysWOW64\msasn1.dll - ok

14:11:39.0537 4428 [ EED05D42D91835064703E2318552ED25 ] C:\Windows\System32\ExplorerFrame.dll

14:11:39.0537 4428 C:\Windows\System32\ExplorerFrame.dll - ok

14:11:39.0553 4428 [ 867C93CE4B4CCFCDE65CE48A769CD227 ] C:\Program Files\Alwil Software\Avast5\ashShA64.dll

14:11:39.0553 4428 C:\Program Files\Alwil Software\Avast5\ashShA64.dll - ok

14:11:39.0553 4428 [ B316906B4A04DD39985350D29DE31068 ] C:\PROGRA~1\ALWILS~1\Avast5\1033\Base.dll

14:11:39.0553 4428 C:\PROGRA~1\ALWILS~1\Avast5\1033\Base.dll - ok

14:11:39.0553 4428 [ 024352FEEC9042260BB4CFB4D79A206B ] C:\Windows\System32\EhStorShell.dll

14:11:39.0553 4428 C:\Windows\System32\EhStorShell.dll - ok

14:11:39.0569 4428 [ 7EE5F17A21D9A9101207DF4BC37B085D ] C:\Windows\System32\cscdll.dll

14:11:39.0569 4428 C:\Windows\System32\cscdll.dll - ok

14:11:39.0569 4428 [ 32802C0F6FC7C8F561B9D91F52A46421 ] C:\Windows\System32\cscui.dll

14:11:39.0569 4428 C:\Windows\System32\cscui.dll - ok

14:11:39.0569 4428 [ 1BF0CB861A48FEB1638228760750F3CB ] C:\Windows\System32\cscapi.dll

14:11:39.0569 4428 C:\Windows\System32\cscapi.dll - ok

14:11:39.0584 4428 [ 037A719DAD50603202C978CD802623E4 ] C:\Windows\System32\ntshrui.dll

14:11:39.0584 4428 C:\Windows\System32\ntshrui.dll - ok

14:11:39.0584 4428 [ 1D63F4366288B8A7595397E27010FD44 ] C:\Windows\System32\IconCodecService.dll

14:11:39.0584 4428 C:\Windows\System32\IconCodecService.dll - ok

14:11:39.0584 4428 [ A6F09E5669D9A19035F6D942CAA15882 ] C:\Windows\SysWOW64\imm32.dll

14:11:39.0584 4428 C:\Windows\SysWOW64\imm32.dll - ok

14:11:39.0584 4428 [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\SysWOW64\msctf.dll

14:11:39.0584 4428 C:\Windows\SysWOW64\msctf.dll - ok

14:11:39.0600 4428 [ 53223B673A3FA2F9A4D1C31C8D3F6CD8 ] C:\Windows\SysWOW64\dbghelp.dll

14:11:39.0600 4428 C:\Windows\SysWOW64\dbghelp.dll - ok

14:11:39.0600 4428 [ 977C54291BFA6FEE7FF865630E51757B ] C:\Program Files\Alwil Software\Avast5\ashServ.dll

14:11:39.0600 4428 C:\Program Files\Alwil Software\Avast5\ashServ.dll - ok

14:11:39.0600 4428 [ AAF932B4011D14052955D4B212A4DA8D ] C:\Windows\System32\shsvcs.dll

14:11:39.0600 4428 C:\Windows\System32\shsvcs.dll - ok

14:11:39.0615 4428 [ 465BEA35F7ED4A4A57686DEA7EA10F47 ] C:\Windows\SysWOW64\cscapi.dll

14:11:39.0615 4428 C:\Windows\SysWOW64\cscapi.dll - ok

14:11:39.0615 4428 [ 2FCA0D2C59A855C54BAFA22AA329DF0F ] C:\Windows\SysWOW64\netapi32.dll

14:11:39.0615 4428 C:\Windows\SysWOW64\netapi32.dll - ok

14:11:39.0615 4428 [ 20B3934DB73EABA2B49B7177873CB81F ] C:\Windows\SysWOW64\netutils.dll

14:11:39.0615 4428 C:\Windows\SysWOW64\netutils.dll - ok

14:11:39.0631 4428 [ 5CCDCD40E732D54E0F7451AC66AC1C87 ] C:\Windows\SysWOW64\srvcli.dll

14:11:39.0631 4428 C:\Windows\SysWOW64\srvcli.dll - ok

14:11:39.0631 4428 [ E5A4A1326A02F8E7B59E6C3270CE7202 ] C:\Windows\SysWOW64\wkscli.dll

14:11:39.0631 4428 C:\Windows\SysWOW64\wkscli.dll - ok

14:11:39.0631 4428 [ 16CE3ED063923253905341C9AF850FE7 ] C:\Program Files\Alwil Software\Avast5\ashTask.dll

14:11:39.0631 4428 C:\Program Files\Alwil Software\Avast5\ashTask.dll - ok

14:11:39.0647 4428 [ 4FF19AC422B7709D786DE58B385C9647 ] C:\Program Files\Alwil Software\Avast5\ashTaskEx.dll

14:11:39.0647 4428 C:\Program Files\Alwil Software\Avast5\ashTaskEx.dll - ok

14:11:39.0647 4428 [ 045EE3DC56B12B404DC07848D8597C66 ] C:\Program Files\Alwil Software\Avast5\aswAux.dll

14:11:39.0647 4428 C:\Program Files\Alwil Software\Avast5\aswAux.dll - ok

14:11:39.0647 4428 [ FCA9CC8611654B790DD6242BF862B7F5 ] C:\Program Files\Alwil Software\Avast5\aswLog.dll

14:11:39.0647 4428 C:\Program Files\Alwil Software\Avast5\aswLog.dll - ok

14:11:39.0662 4428 [ 6F367A9B88CFDD46F42C1D11E5CB7964 ] C:\Program Files\Alwil Software\Avast5\Aavm4h.dll

14:11:39.0662 4428 C:\Program Files\Alwil Software\Avast5\Aavm4h.dll - ok

14:11:39.0662 4428 [ 12B9869E74F9E698F550F04F8989C591 ] C:\Program Files\Alwil Software\Avast5\aswProperty.dll

14:11:39.0662 4428 C:\Program Files\Alwil Software\Avast5\aswProperty.dll - ok

14:11:39.0662 4428 [ F186897E0A3B9D0784041221D0265069 ] C:\Program Files\Alwil Software\Avast5\aswSqLt.dll

14:11:39.0662 4428 C:\Program Files\Alwil Software\Avast5\aswSqLt.dll - ok

14:11:39.0678 4428 [ C2434DEA392826C1687D9BD7FA4845BC ] C:\Program Files\Alwil Software\Avast5\AavmRpch.dll

14:11:39.0678 4428 C:\Program Files\Alwil Software\Avast5\AavmRpch.dll - ok

14:11:39.0678 4428 [ 264B5D8F4C70A26749FF2CEDDE06BA30 ] C:\Program Files\Alwil Software\Avast5\aswDld.dll

14:11:39.0678 4428 C:\Program Files\Alwil Software\Avast5\aswDld.dll - ok

14:11:39.0678 4428 [ 902F670F58193A2BC30AA342B11B2C7B ] C:\Program Files\Alwil Software\Avast5\aswIdle.dll

14:11:39.0678 4428 C:\Program Files\Alwil Software\Avast5\aswIdle.dll - ok

14:11:39.0693 4428 [ 273FD83FC8C4E12F8C55381674F92A44 ] C:\Program Files\Alwil Software\Avast5\aswStrm.dll

Link to post
Share on other sites

more TDSKiller

14:11:39.0693 4428 C:\Program Files\Alwil Software\Avast5\aswStrm.dll - ok

14:11:39.0693 4428 [ F436E847FA799ECD75AD8C313673F450 ] C:\Windows\SysWOW64\cfgmgr32.dll

14:11:39.0693 4428 C:\Windows\SysWOW64\cfgmgr32.dll - ok

14:11:39.0693 4428 [ 262F6592C3299C005FD6BEC90FC4463A ] C:\Windows\System32\schedsvc.dll

14:11:39.0693 4428 C:\Windows\System32\schedsvc.dll - ok

14:11:39.0693 4428 [ 945E54F23C72D37B8CD1987AF0DB63BF ] C:\Windows\System32\fveapi.dll

14:11:39.0693 4428 C:\Windows\System32\fveapi.dll - ok

14:11:39.0709 4428 [ BC414631876B2F28B8DAB08E849C12C5 ] C:\Windows\System32\ktmw32.dll

14:11:39.0709 4428 C:\Windows\System32\ktmw32.dll - ok

14:11:39.0709 4428 [ 891ECFD08E2C538B7948CBC45106D697 ] C:\Windows\System32\fvecerts.dll

14:11:39.0709 4428 C:\Windows\System32\fvecerts.dll - ok

14:11:39.0709 4428 [ 694865362F0965779F92BCFE97712323 ] C:\Windows\System32\tbs.dll

14:11:39.0709 4428 C:\Windows\System32\tbs.dll - ok

14:11:39.0725 4428 [ 8269210DAF3B12BC8300631B28A2A442 ] C:\Windows\System32\wiarpc.dll

14:11:39.0725 4428 C:\Windows\System32\wiarpc.dll - ok

14:11:39.0725 4428 [ 6DC4A7242F565C9E9C9CCC7BB0FA75C7 ] C:\Windows\System32\taskcomp.dll

14:11:39.0725 4428 C:\Windows\System32\taskcomp.dll - ok

14:11:39.0725 4428 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] C:\Windows\System32\drivers\http.sys

14:11:39.0725 4428 C:\Windows\System32\drivers\http.sys - ok

14:11:39.0740 4428 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] C:\Windows\System32\spoolsv.exe

14:11:39.0740 4428 C:\Windows\System32\spoolsv.exe - ok

14:11:39.0740 4428 [ 517110BD83835338C037269E603DB55D ] C:\Windows\System32\taskhost.exe

14:11:39.0740 4428 C:\Windows\System32\taskhost.exe - ok

14:11:39.0740 4428 [ 94EEAC26F57811BD1AEFC164412F7FCE ] C:\Windows\System32\PlaySndSrv.dll

14:11:39.0740 4428 C:\Windows\System32\PlaySndSrv.dll - ok

14:11:39.0756 4428 [ 1F1CA9E99DD5BF918BE0BF30B5A42FDA ] C:\Windows\System32\MsCtfMonitor.dll

14:11:39.0756 4428 C:\Windows\System32\MsCtfMonitor.dll - ok

14:11:39.0756 4428 [ F09A9A1AD21FE618C4C8B0A0D830C886 ] C:\Windows\System32\msutb.dll

14:11:39.0756 4428 C:\Windows\System32\msutb.dll - ok

14:11:39.0756 4428 [ 9BB99503D6A4DD62569EDE9E5E2672A5 ] C:\Windows\System32\HotStartUserAgent.dll

14:11:39.0756 4428 C:\Windows\System32\HotStartUserAgent.dll - ok

14:11:39.0771 4428 [ 82974D6A2FD19445CC5171FC378668A4 ] C:\Windows\System32\BFE.DLL

14:11:39.0771 4428 C:\Windows\System32\BFE.DLL - ok

14:11:39.0771 4428 [ 6C02A83164F5CC0A262F4199F0871CF5 ] C:\Windows\System32\drivers\bowser.sys

14:11:39.0771 4428 C:\Windows\System32\drivers\bowser.sys - ok

14:11:39.0771 4428 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] C:\Windows\System32\drivers\mpsdrv.sys

14:11:39.0771 4428 C:\Windows\System32\drivers\mpsdrv.sys - ok

14:11:39.0771 4428 [ A5D9106A73DC88564C825D317CAC68AC ] C:\Windows\System32\drivers\mrxsmb.sys

14:11:39.0771 4428 C:\Windows\System32\drivers\mrxsmb.sys - ok

14:11:39.0787 4428 [ D711B3C1D5F42C0C2415687BE09FC163 ] C:\Windows\System32\drivers\mrxsmb10.sys

14:11:39.0787 4428 C:\Windows\System32\drivers\mrxsmb10.sys - ok

14:11:39.0787 4428 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] C:\Windows\System32\MPSSVC.dll

14:11:39.0787 4428 C:\Windows\System32\MPSSVC.dll - ok

14:11:39.0787 4428 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] C:\Windows\System32\drivers\mrxsmb20.sys

14:11:39.0787 4428 C:\Windows\System32\drivers\mrxsmb20.sys - ok

14:11:39.0803 4428 [ 851A1382EED3E3A7476DB004F4EE3E1A ] C:\Windows\System32\wkssvc.dll

14:11:39.0803 4428 C:\Windows\System32\wkssvc.dll - ok

14:11:39.0803 4428 [ C67F8A962B2534224D5908D16D2AD3CE ] C:\Windows\System32\wfapigp.dll

14:11:39.0803 4428 C:\Windows\System32\wfapigp.dll - ok

14:11:39.0803 4428 [ 1834B31C749B86DAC233BBBA1C03BC48 ] C:\Windows\System32\mscms.dll

14:11:39.0803 4428 C:\Windows\System32\mscms.dll - ok

14:11:39.0818 4428 [ 3AEAA8B561E63452C655DC0584922257 ] C:\Windows\System32\pcasvc.dll

14:11:39.0818 4428 C:\Windows\System32\pcasvc.dll - ok

14:11:39.0818 4428 [ 6313F223E817CC09AA41811DAA7F541D ] C:\Windows\System32\snmptrap.exe

14:11:39.0818 4428 C:\Windows\System32\snmptrap.exe - ok

14:11:39.0818 4428 [ 10EAB90C1AE8271B5FE5A8930987EE5C ] C:\Program Files\Windows Live\Mesh\WLRemoteServiceResource.dll

14:11:39.0818 4428 C:\Program Files\Windows Live\Mesh\WLRemoteServiceResource.dll - ok

14:11:39.0834 4428 [ 91A8E32B00BF7899EDAB6783287DDDA6 ] C:\Windows\System32\PeerDistSh.dll

14:11:39.0834 4428 C:\Windows\System32\PeerDistSh.dll - ok

14:11:39.0834 4428 [ 908ACB1F594274965A53926B10C81E89 ] C:\Windows\System32\provsvc.dll

14:11:39.0834 4428 C:\Windows\System32\provsvc.dll - ok

14:11:39.0834 4428 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] C:\Windows\System32\sstpsvc.dll

14:11:39.0834 4428 C:\Windows\System32\sstpsvc.dll - ok

14:11:39.0834 4428 [ 5997D769CDB108390DCFAEBF442BF816 ] C:\Windows\SysWOW64\RpcRtRemote.dll

14:11:39.0834 4428 C:\Windows\SysWOW64\RpcRtRemote.dll - ok

14:11:39.0849 4428 [ A8CDF3768604FF95B54669E20053D569 ] C:\Windows\SysWOW64\wscapi.dll

14:11:39.0849 4428 C:\Windows\SysWOW64\wscapi.dll - ok

14:11:39.0849 4428 [ 8258362DDB18B644A82D8B5061AD9426 ] C:\Windows\SysWOW64\wscisvif.dll

14:11:39.0849 4428 C:\Windows\SysWOW64\wscisvif.dll - ok

14:11:39.0849 4428 [ 20F6F19FE9E753F2780DC2FA083AD597 ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

14:11:39.0849 4428 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - ok

14:11:39.0865 4428 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll

14:11:39.0865 4428 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll - ok

14:11:39.0865 4428 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll

14:11:39.0865 4428 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - ok

14:11:39.0865 4428 [ 1EBE9524683C7C4EED8B8BC93FB6FBCC ] C:\Windows\SysWOW64\fltLib.dll

14:11:39.0865 4428 C:\Windows\SysWOW64\fltLib.dll - ok

14:11:39.0881 4428 [ 401107CE7913B526FD87CC53F23A102F ] C:\Windows\SysWOW64\guard32.dll

14:11:39.0881 4428 C:\Windows\SysWOW64\guard32.dll - ok

14:11:39.0881 4428 [ DDDD1D04D5F4360371BC99C7C476F70D ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll

14:11:39.0881 4428 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll - ok

14:11:39.0881 4428 [ DC70310B3D079D667B67F0C7067209F3 ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll

14:11:39.0881 4428 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll - ok

14:11:39.0896 4428 [ 10FB16B50AFFDA6D44588F3C445DC273 ] C:\Windows\SysWOW64\setupapi.dll

14:11:39.0896 4428 C:\Windows\SysWOW64\setupapi.dll - ok

14:11:39.0896 4428 [ 2EEFF4502F5E13B1BED4A04CCAD64C08 ] C:\Windows\SysWOW64\devobj.dll

14:11:39.0896 4428 C:\Windows\SysWOW64\devobj.dll - ok

14:11:39.0896 4428 [ 9184FA2B677CBF2F8E26098980E47304 ] C:\Program Files\Alwil Software\Avast5\defs\12123000\aswEngin.dll

14:11:39.0896 4428 C:\Program Files\Alwil Software\Avast5\defs\12123000\aswEngin.dll - ok

14:11:39.0912 4428 [ A94AF354E4EA9C835DCF3E60EC75911C ] C:\Program Files\Alwil Software\Avast5\defs\12123000\aswCmnOS.dll

14:11:39.0912 4428 C:\Program Files\Alwil Software\Avast5\defs\12123000\aswCmnOS.dll - ok

14:11:39.0912 4428 [ F8AC522C1DAEED05BDA7C0E4E394BCD7 ] C:\Program Files\Alwil Software\Avast5\defs\12123000\aswCmnIS.dll

14:11:39.0912 4428 C:\Program Files\Alwil Software\Avast5\defs\12123000\aswCmnIS.dll - ok

14:11:39.0912 4428 [ 1E7EAFF858538C516D7358C360605E3A ] C:\Program Files\Alwil Software\Avast5\defs\12123000\aswCmnBS.dll

14:11:39.0912 4428 C:\Program Files\Alwil Software\Avast5\defs\12123000\aswCmnBS.dll - ok

14:11:39.0927 4428 [ 2E929D6CF669AEF225552EEA9BE7E150 ] C:\Program Files\Alwil Software\Avast5\defs\12123000\aswScan.dll

14:11:39.0927 4428 C:\Program Files\Alwil Software\Avast5\defs\12123000\aswScan.dll - ok

14:11:39.0927 4428 [ 1752EE915B9003E1FD1FFB4DE63E538B ] C:\Program Files\Alwil Software\Avast5\defs\12123000\aswRep.dll

14:11:39.0927 4428 C:\Program Files\Alwil Software\Avast5\defs\12123000\aswRep.dll - ok

14:11:39.0927 4428 [ CE7828A0EA430338BBCFFC6914462BAA ] C:\Program Files\Alwil Software\Avast5\defs\12123000\aswFiDb.dll

14:11:39.0927 4428 C:\Program Files\Alwil Software\Avast5\defs\12123000\aswFiDb.dll - ok

14:11:39.0943 4428 [ B9EC9CC2D0013C2DF5E04791E7EDF85D ] C:\Program Files\Alwil Software\Avast5\defs\12123000\algo.dll

14:11:39.0943 4428 C:\Program Files\Alwil Software\Avast5\defs\12123000\algo.dll - ok

14:11:39.0943 4428 [ D025E95247353BA8ADB53CFF3A4E5BBB ] C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll

14:11:39.0943 4428 C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll - ok

14:11:39.0943 4428 [ 29E9794708DF51DB5DC89FB2E903A0F6 ] C:\Windows\SysWOW64\shell32.dll

14:11:39.0943 4428 C:\Windows\SysWOW64\shell32.dll - ok

14:11:39.0959 4428 [ F93674263F6B07C77956E966953242D9 ] C:\Windows\SysWOW64\secur32.dll

14:11:39.0959 4428 C:\Windows\SysWOW64\secur32.dll - ok

14:11:39.0959 4428 [ 749CF03BADC40453F61FD7025E2BA2F5 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll

14:11:39.0959 4428 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok

14:11:39.0959 4428 [ 418E881201583A3039D81F43E39E6C78 ] C:\Windows\SysWOW64\winsta.dll

14:11:39.0959 4428 C:\Windows\SysWOW64\winsta.dll - ok

14:11:39.0974 4428 [ 9C09AF87AC7351985AB5FFBA3FC52575 ] C:\Program Files\Alwil Software\Avast5\AhResBhv.dll

14:11:39.0974 4428 C:\Program Files\Alwil Software\Avast5\AhResBhv.dll - ok

14:11:39.0974 4428 [ 152F8772D5A5CD7883305C3B8D28470E ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll

14:11:39.0974 4428 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok

14:11:39.0974 4428 [ 65EA57712340C09B1B0C427B4848AE05 ] C:\Windows\System32\taskeng.exe

14:11:39.0974 4428 C:\Windows\System32\taskeng.exe - ok

14:11:39.0990 4428 [ 258D35F5F5F5F3F6045488ECDC14FAAB ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll

14:11:39.0990 4428 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll - ok

14:11:39.0990 4428 [ E844C96552989FA1ECA95778583A904C ] C:\Program Files\Alwil Software\Avast5\AhResJs.dll

14:11:39.0990 4428 C:\Program Files\Alwil Software\Avast5\AhResJs.dll - ok

14:11:39.0990 4428 [ 7EF0C8A9A1A57756F4868E3693173C08 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll

14:11:39.0990 4428 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll - ok

14:11:40.0005 4428 [ C7B2C357F485A3046DA50DA779068648 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icuin40.dll

14:11:40.0005 4428 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icuin40.dll - ok

14:11:40.0005 4428 [ D5AEFAD57C08349A4393D987DF7C715D ] C:\Windows\SysWOW64\winmm.dll

14:11:40.0005 4428 C:\Windows\SysWOW64\winmm.dll - ok

14:11:40.0005 4428 [ 805A52C5AE26C28E88FDD9BCCFE6F312 ] C:\Windows\System32\TSChannel.dll

14:11:40.0005 4428 C:\Windows\System32\TSChannel.dll - ok

14:11:40.0021 4428 [ 65CDD43CD0B4876D35C30CA9C7416C05 ] C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe

14:11:40.0021 4428 C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe - ok

14:11:40.0021 4428 [ EA10AD929B194D042090B16481E4D30B ] C:\Program Files (x86)\ASUS\AASP\1.00.97\AsLoader.exe

14:11:40.0021 4428 C:\Program Files (x86)\ASUS\AASP\1.00.97\AsLoader.exe - ok

14:11:40.0021 4428 [ 0EF9D6C6C04CAB0B87C57330910D20A6 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icuuc40.dll

14:11:40.0021 4428 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icuuc40.dll - ok

14:11:40.0037 4428 [ F02A533F517EB38333CB12A9E8963773 ] C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

14:11:40.0037 4428 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - ok

14:11:40.0037 4428 [ 90E11D62F692F5A0B7DFC548F776BAAF ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt40.dll

14:11:40.0037 4428 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt40.dll - ok

14:11:40.0037 4428 [ 17F5861A03516864A5F4CC04C7324278 ] C:\Program Files\Alwil Software\Avast5\AhResMai.dll

14:11:40.0037 4428 C:\Program Files\Alwil Software\Avast5\AhResMai.dll - ok

14:11:40.0037 4428 [ 8BEC10C53E927CD5E442FE332804F1AC ] C:\Program Files\Alwil Software\Avast5\AhResMes.dll

14:11:40.0037 4428 C:\Program Files\Alwil Software\Avast5\AhResMes.dll - ok

14:11:40.0052 4428 [ 9B2F20ECF609EDF54FEC43E792028261 ] C:\Program Files\Alwil Software\Avast5\AhResNS.dll

14:11:40.0052 4428 C:\Program Files\Alwil Software\Avast5\AhResNS.dll - ok

14:11:40.0052 4428 [ 857661F2E5A677CFB6D3B2CF6E428227 ] C:\Program Files\Alwil Software\Avast5\AhResP2P.dll

14:11:40.0052 4428 C:\Program Files\Alwil Software\Avast5\AhResP2P.dll - ok

14:11:40.0052 4428 [ 2466ED58B8EFB3320BCA73ACF8179D24 ] C:\Program Files\Alwil Software\Avast5\AhResStd.dll

14:11:40.0052 4428 C:\Program Files\Alwil Software\Avast5\AhResStd.dll - ok

14:11:40.0068 4428 [ 5D9550E02D981B92B133E5F8F7BDF8D2 ] C:\Program Files\Alwil Software\Avast5\AhResWS.dll

14:11:40.0068 4428 C:\Program Files\Alwil Software\Avast5\AhResWS.dll - ok

14:11:40.0068 4428 [ 72A7C1EC4D3BF38CB115395AD721AE3C ] C:\Program Files\Alwil Software\Avast5\defs\12123000\ArPot.dll

14:11:40.0068 4428 C:\Program Files\Alwil Software\Avast5\defs\12123000\ArPot.dll - ok

14:11:40.0068 4428 [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\SysWOW64\ntmarta.dll

14:11:40.0068 4428 C:\Windows\SysWOW64\ntmarta.dll - ok

14:11:40.0083 4428 [ A8BB45F9ECAD993461E0FEF8E2A99152 ] C:\Windows\SysWOW64\Wldap32.dll

14:11:40.0083 4428 C:\Windows\SysWOW64\Wldap32.dll - ok

14:11:40.0083 4428 [ 8999B8631C7FD9F7F9EC3CAFD953BA24 ] C:\Windows\SysWOW64\mswsock.dll

14:11:40.0083 4428 C:\Windows\SysWOW64\mswsock.dll - ok

14:11:40.0083 4428 [ F832F1505AD8B83474BD9A5B1B985E01 ] C:\Program Files (x86)\Bonjour\mDNSResponder.exe

14:11:40.0083 4428 C:\Program Files (x86)\Bonjour\mDNSResponder.exe - ok

14:11:40.0099 4428 [ 17448AF0BBA9E7AB5EC955AF93F271BD ] C:\Windows\SysWOW64\wintrust.dll

14:11:40.0099 4428 C:\Windows\SysWOW64\wintrust.dll - ok

14:11:40.0099 4428 [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\SysWOW64\WSHTCPIP.DLL

14:11:40.0099 4428 C:\Windows\SysWOW64\WSHTCPIP.DLL - ok

14:11:40.0099 4428 [ 1ABFFB6ABE8B70EDA4206F0F3D3D72F4 ] C:\Program Files\Alwil Software\Avast5\ashMaiSv.dll

14:11:40.0099 4428 C:\Program Files\Alwil Software\Avast5\ashMaiSv.dll - ok

14:11:40.0115 4428 [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\SysWOW64\cryptsp.dll

14:11:40.0115 4428 C:\Windows\SysWOW64\cryptsp.dll - ok

14:11:40.0115 4428 [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\SysWOW64\rsaenh.dll

14:11:40.0115 4428 C:\Windows\SysWOW64\rsaenh.dll - ok

14:11:40.0115 4428 [ 0BA65122FFA7E37564EE86422DBF7AE8 ] C:\Windows\SysWOW64\nlaapi.dll

14:11:40.0115 4428 C:\Windows\SysWOW64\nlaapi.dll - ok

14:11:40.0115 4428 [ 0B7E85364CB878E2AD531DB7B601A9E5 ] C:\Windows\SysWOW64\NapiNSP.dll

14:11:40.0115 4428 C:\Windows\SysWOW64\NapiNSP.dll - ok

14:11:40.0130 4428 [ 5CF640EDDB1E40A5AB1BB743BCDEC610 ] C:\Windows\SysWOW64\pnrpnsp.dll

14:11:40.0130 4428 C:\Windows\SysWOW64\pnrpnsp.dll - ok

14:11:40.0130 4428 [ CFB3EEDF620E7F32464A3091BA76D5E8 ] C:\Program Files\Alwil Software\Avast5\defs\12123000\exts.dll

14:11:40.0130 4428 C:\Program Files\Alwil Software\Avast5\defs\12123000\exts.dll - ok

14:11:40.0130 4428 [ 9D4A1690AF93F233E15380398BEC7431 ] C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL

14:11:40.0130 4428 C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL - ok

14:11:40.0146 4428 [ C69DBFA61FE3DEA653A9B83C3A2B052B ] C:\Program Files (x86)\Bonjour\mdnsNSP.dll

14:11:40.0146 4428 C:\Program Files (x86)\Bonjour\mdnsNSP.dll - ok

14:11:40.0146 4428 [ 39EADCAA61372C038BCFED96DF5323DA ] C:\Program Files\Alwil Software\Avast5\ashWebSv.dll

14:11:40.0146 4428 C:\Program Files\Alwil Software\Avast5\ashWebSv.dll - ok

14:11:40.0146 4428 [ B40420876B9288E0A1C8CCA8A84E5DC9 ] C:\Windows\SysWOW64\dnsapi.dll

14:11:40.0146 4428 C:\Windows\SysWOW64\dnsapi.dll - ok

14:11:40.0161 4428 [ A90DC9ABD65DB1A8902F361103029952 ] C:\Windows\SysWOW64\IPHLPAPI.DLL

14:11:40.0161 4428 C:\Windows\SysWOW64\IPHLPAPI.DLL - ok

14:11:40.0161 4428 [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\SysWOW64\winnsi.dll

14:11:40.0161 4428 C:\Windows\SysWOW64\winnsi.dll - ok

14:11:40.0161 4428 [ 03A03A453F1AAAE0C73AAAF895321C7A ] C:\Windows\SysWOW64\FWPUCLNT.DLL

14:11:40.0161 4428 C:\Windows\SysWOW64\FWPUCLNT.DLL - ok

14:11:40.0177 4428 [ 5DF5D8CFD9B9573FA3B2C89D9061A240 ] C:\Windows\SysWOW64\winrnr.dll

14:11:40.0177 4428 C:\Windows\SysWOW64\winrnr.dll - ok

14:11:40.0177 4428 [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\SysWOW64\rasadhlp.dll

14:11:40.0177 4428 C:\Windows\SysWOW64\rasadhlp.dll - ok

14:11:40.0177 4428 [ 96386E75BCFED6F339BE01359D6CBFAF ] C:\Program Files\Alwil Software\Avast5\ashWsFtr.dll

14:11:40.0177 4428 C:\Program Files\Alwil Software\Avast5\ashWsFtr.dll - ok

14:11:40.0193 4428 [ 4F6E72B34ED3DC53DCC5E8708E60B61F ] C:\Windows\SysWOW64\security.dll

14:11:40.0193 4428 C:\Windows\SysWOW64\security.dll - ok

14:11:40.0193 4428 [ 352B3DC62A0D259A82A052238425C872 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll

14:11:40.0193 4428 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll - ok

14:11:40.0193 4428 [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\SysWOW64\wship6.dll

14:11:40.0193 4428 C:\Windows\SysWOW64\wship6.dll - ok

14:11:40.0193 4428 [ D79D3EABD4730970770EFA530D094E0F ] C:\Program Files\Alwil Software\Avast5\snxhk.dll

14:11:40.0193 4428 C:\Program Files\Alwil Software\Avast5\snxhk.dll - ok

14:11:40.0208 4428 [ 08DFDBD2FD4EA951DC46B1C7661ED35A ] C:\Windows\SysWOW64\powrprof.dll

14:11:40.0208 4428 C:\Windows\SysWOW64\powrprof.dll - ok

14:11:40.0208 4428 [ 863F793D15B4026B1A5FDECA873D4D84 ] C:\Windows\SysWOW64\apphelp.dll

14:11:40.0208 4428 C:\Windows\SysWOW64\apphelp.dll - ok

14:11:40.0208 4428 [ 893F8E81D1117C48CB9D6E9E5F64BAB1 ] C:\Program Files\Alwil Software\Avast5\Setup\avast.setup

14:11:40.0208 4428 C:\Program Files\Alwil Software\Avast5\Setup\avast.setup - ok

14:11:40.0224 4428 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] C:\Windows\System32\dps.dll

14:11:40.0224 4428 C:\Windows\System32\dps.dll - ok

14:11:40.0224 4428 [ C4002B6B41975F057D98C439030CEA07 ] C:\Windows\ehome\ehrecvr.exe

14:11:40.0224 4428 C:\Windows\ehome\ehrecvr.exe - ok

14:11:40.0224 4428 [ 81F6C1AE23B1C493D9E996C3103915D7 ] C:\Windows\SysWOW64\dhcpcsvc6.dll

14:11:40.0224 4428 C:\Windows\SysWOW64\dhcpcsvc6.dll - ok

14:11:40.0239 4428 [ 9A85ABCE0FDD1AF8E79E731EB0B679F3 ] C:\Windows\SysWOW64\dhcpcsvc.dll

14:11:40.0239 4428 C:\Windows\SysWOW64\dhcpcsvc.dll - ok

14:11:40.0239 4428 [ 9FF47CD8A3787C8FD3CDFE40441C722E ] C:\Program Files (x86)\Google\Update\1.3.21.123\goopdate.dll

14:11:40.0239 4428 C:\Program Files (x86)\Google\Update\1.3.21.123\goopdate.dll - ok

14:11:40.0239 4428 [ B2DB6ABA2E292235749B80A9C3DFA867 ] C:\Windows\SysWOW64\imagehlp.dll

14:11:40.0239 4428 C:\Windows\SysWOW64\imagehlp.dll - ok

14:11:40.0255 4428 [ BDAC1AA64495D0F7E1FF810EBBF1F018 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll

14:11:40.0255 4428 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll - ok

14:11:40.0255 4428 [ A6C29DB53ECA94FA8591C5388D604B82 ] C:\Windows\SysWOW64\msi.dll

14:11:40.0255 4428 C:\Windows\SysWOW64\msi.dll - ok

14:11:40.0255 4428 [ D1DE1EAFDE97BE41CF6585027FF3E732 ] C:\Windows\SysWOW64\comdlg32.dll

14:11:40.0255 4428 C:\Windows\SysWOW64\comdlg32.dll - ok

14:11:40.0271 4428 [ 9E4B0E7472B4CEBA9E17F440B8CB0AB8 ] C:\Windows\SysWOW64\winspool.drv

14:11:40.0271 4428 C:\Windows\SysWOW64\winspool.drv - ok

14:11:40.0271 4428 [ 18AB2E5A40064ED5F7791AC5946A90F3 ] C:\Windows\SysWOW64\msimg32.dll

14:11:40.0271 4428 C:\Windows\SysWOW64\msimg32.dll - ok

14:11:40.0271 4428 [ 936F728E04ACCF3F38801CFFCF1E3F40 ] C:\Windows\SysWOW64\oledlg.dll

14:11:40.0271 4428 C:\Windows\SysWOW64\oledlg.dll - ok

14:11:40.0286 4428 [ CA9F7888B524D8100B977C81F44C3234 ] C:\Windows\SysWOW64\winhttp.dll

14:11:40.0286 4428 C:\Windows\SysWOW64\winhttp.dll - ok

14:11:40.0286 4428 [ FB19FC5951A88F3C523E35C2C98D23C0 ] C:\Windows\SysWOW64\webio.dll

14:11:40.0286 4428 C:\Windows\SysWOW64\webio.dll - ok

14:11:40.0286 4428 [ 9C17DCD6DDFEB1A012544FAF4F2789F6 ] C:\Windows\AppPatch\AcGenral.dll

14:11:40.0286 4428 C:\Windows\AppPatch\AcGenral.dll - ok

14:11:40.0286 4428 [ 26BA928D3FBA2A12589A8A9B1A47FB08 ] C:\Program Files\Alwil Software\Avast5\defs\12123000\aswAR.dll

14:11:40.0286 4428 C:\Program Files\Alwil Software\Avast5\defs\12123000\aswAR.dll - ok

14:11:40.0302 4428 [ 0D0FA4434A9434641AB0A6332AC5560A ] C:\Program Files\Alwil Software\Avast5\defs\12123000\aswRawFS.dll

14:11:40.0302 4428 C:\Program Files\Alwil Software\Avast5\defs\12123000\aswRawFS.dll - ok

14:11:40.0302 4428 [ 9392C25DEEDA9A79FDBF6559D47EAB1F ] C:\Program Files\Alwil Software\Avast5\snxhk64.dll

14:11:40.0302 4428 C:\Program Files\Alwil Software\Avast5\snxhk64.dll - ok

14:11:40.0302 4428 [ 4D842C5081F06E61BFF461CF87D13525 ] C:\Windows\ehome\ehtrace.dll

14:11:40.0302 4428 C:\Windows\ehome\ehtrace.dll - ok

14:11:40.0317 4428 [ C07D5582F2107ACAB4564E1DAE977C64 ] C:\Windows\ehome\ehprivjob.exe

14:11:40.0317 4428 C:\Windows\ehome\ehprivjob.exe - ok

14:11:40.0317 4428 [ 3326166011C9BC13D6A8EFD856E9921C ] C:\Windows\System32\conhost.exe

14:11:40.0317 4428 C:\Windows\System32\conhost.exe - ok

14:11:40.0317 4428 [ DB76DB15EFC6E4D1153A6C5BC895948D ] C:\Windows\System32\sppc.dll

14:11:40.0317 4428 C:\Windows\System32\sppc.dll - ok

14:11:40.0333 4428 [ 4705E8EF9934482C5BB488CE28AFC681 ] C:\Windows\ehome\ehsched.exe

14:11:40.0333 4428 C:\Windows\ehome\ehsched.exe - ok

14:11:40.0333 4428 [ 94B3C06DCF580695EBA5304F3C750256 ] C:\Program Files\Windows Home Server\esClient.exe

14:11:40.0333 4428 C:\Program Files\Windows Home Server\esClient.exe - ok

14:11:40.0333 4428 [ A5AE40808B72A25379A5499AD9977743 ] C:\Windows\System32\sbe.dll

14:11:40.0333 4428 C:\Windows\System32\sbe.dll - ok

14:11:40.0333 4428 [ 43964FA89CCF97BA6BE34D69455AC65F ] C:\Windows\SysWOW64\uxtheme.dll

14:11:40.0333 4428 C:\Windows\SysWOW64\uxtheme.dll - ok

14:11:40.0349 4428 [ 85683DF1F917E4D7F6BE1A04986BF1C8 ] C:\Windows\SysWOW64\msacm32.dll

14:11:40.0349 4428 C:\Windows\SysWOW64\msacm32.dll - ok

14:11:40.0349 4428 [ 68ECCA523ED760AAFC03C5D587569859 ] C:\Windows\SysWOW64\samcli.dll

14:11:40.0349 4428 C:\Windows\SysWOW64\samcli.dll - ok

14:11:40.0349 4428 [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9 ] C:\Windows\SysWOW64\sfc.dll

14:11:40.0349 4428 C:\Windows\SysWOW64\sfc.dll - ok

14:11:40.0364 4428 [ 84799328D87B3091A3BDD251E1AD31F9 ] C:\Windows\SysWOW64\sfc_os.dll

14:11:40.0364 4428 C:\Windows\SysWOW64\sfc_os.dll - ok

14:11:40.0364 4428 [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\SysWOW64\dwmapi.dll

14:11:40.0364 4428 C:\Windows\SysWOW64\dwmapi.dll - ok

14:11:40.0364 4428 [ B9A8CBCFCD3EC9D2EA4740AF347BF108 ] C:\Windows\SysWOW64\mpr.dll

14:11:40.0364 4428 C:\Windows\SysWOW64\mpr.dll - ok

14:11:40.0380 4428 [ 9BAC981F66940ACFF5469D15B769E056 ] C:\Windows\System32\logman.exe

14:11:40.0380 4428 C:\Windows\System32\logman.exe - ok

14:11:40.0380 4428 [ 802496CB59A30349F9A6DD22D6947644 ] C:\Windows\System32\FDResPub.dll

14:11:40.0380 4428 C:\Windows\System32\FDResPub.dll - ok

14:11:40.0380 4428 [ FCD84C381E0140AF901E58D48882D26B ] C:\Windows\System32\IKEEXT.DLL

14:11:40.0380 4428 C:\Windows\System32\IKEEXT.DLL - ok

14:11:40.0395 4428 [ 847D3AE376C0817161A14A82C8922A9E ] C:\Windows\System32\netman.dll

14:11:40.0395 4428 C:\Windows\System32\netman.dll - ok

14:11:40.0395 4428 [ C7CF6A6E137463219E1259E3F0F0DD6C ] C:\Windows\System32\pla.dll

14:11:40.0395 4428 C:\Windows\System32\pla.dll - ok

14:11:40.0395 4428 [ 8AD77806D336673F270DB31645267293 ] C:\Windows\System32\nlasvc.dll

14:11:40.0395 4428 C:\Windows\System32\nlasvc.dll - ok

14:11:40.0411 4428 [ 60C44E5B40F1845800494001464CD627 ] C:\Program Files (x86)\ASUS\EPU-4 Engine\AsAcpi.dll

14:11:40.0411 4428 C:\Program Files (x86)\ASUS\EPU-4 Engine\AsAcpi.dll - ok

14:11:40.0411 4428 [ 1727B2A2F379A32B864C096FA794AADC ] C:\Windows\System32\aepic.dll

14:11:40.0411 4428 C:\Windows\System32\aepic.dll - ok

14:11:40.0411 4428 [ C6DCD1D11ED6827F05C00773C3E7053C ] C:\Windows\System32\sfc.dll

14:11:40.0411 4428 C:\Windows\System32\sfc.dll - ok

14:11:40.0411 4428 [ 895C9AB0A855547445C4181195230757 ] C:\Windows\System32\sfc_os.dll

14:11:40.0411 4428 C:\Windows\System32\sfc_os.dll - ok

14:11:40.0427 4428 [ 539C49CEBB3C50957AC8A09D95ECD880 ] C:\Windows\SysWOW64\shfolder.dll

14:11:40.0427 4428 C:\Windows\SysWOW64\shfolder.dll - ok

14:11:40.0427 4428 [ 68769C3356B3BE5D1C732C97B9A80D6E ] C:\Windows\System32\drivers\PEAuth.sys

14:11:40.0427 4428 C:\Windows\System32\drivers\PEAuth.sys - ok

14:11:40.0427 4428 [ 3EA8A16169C26AFBEB544E0E48421186 ] C:\Windows\System32\drivers\secdrv.sys

14:11:40.0427 4428 C:\Windows\System32\drivers\secdrv.sys - ok

14:11:40.0442 4428 [ 0191E738BF521FE6EC567148E73C086B ] C:\Windows\System32\MSVidCtl.dll

14:11:40.0442 4428 C:\Windows\System32\MSVidCtl.dll - ok

14:11:40.0442 4428 [ AE5A69F44C1F97EDC83237FC0B29B6FB ] C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe

14:11:40.0442 4428 C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe - ok

14:11:40.0442 4428 [ 41938F2C1642459CBBA691B5DBD6395A ] C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe

14:11:40.0442 4428 C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe - ok

14:11:40.0458 4428 [ FF5688D309347F2720911D8796912834 ] C:\Windows\SysWOW64\clbcatq.dll

14:11:40.0458 4428 C:\Windows\SysWOW64\clbcatq.dll - ok

14:11:40.0458 4428 [ C5A99A4C0DC9F0F5A95BA0C83D30A549 ] C:\Windows\SysWOW64\mstask.dll

14:11:40.0458 4428 C:\Windows\SysWOW64\mstask.dll - ok

14:11:40.0458 4428 [ F1B205F932F62F94506A5F332C895DAF ] C:\Windows\System32\WSDApi.dll

14:11:40.0458 4428 C:\Windows\System32\WSDApi.dll - ok

14:11:40.0473 4428 [ 27E461F0BE5BFF5FC737328F749538C3 ] C:\Windows\System32\drivers\srvnet.sys

14:11:40.0473 4428 C:\Windows\System32\drivers\srvnet.sys - ok

14:11:40.0473 4428 [ 210FCACAF902B2CD47CF9FD17D846146 ] C:\Windows\System32\aeevts.dll

14:11:40.0473 4428 C:\Windows\System32\aeevts.dll - ok

14:11:40.0473 4428 [ BCEA9AB347E53BC03B2E36BE0B8BA0EF ] C:\Windows\System32\httpapi.dll

14:11:40.0473 4428 C:\Windows\System32\httpapi.dll - ok

14:11:40.0473 4428 [ BC617A4E1B4FA8DF523A061739A0BD87 ] C:\Windows\System32\seclogon.dll

14:11:40.0473 4428 C:\Windows\System32\seclogon.dll - ok

14:11:40.0489 4428 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] C:\Windows\System32\sysmain.dll

14:11:40.0489 4428 C:\Windows\System32\sysmain.dll - ok

14:11:40.0489 4428 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] C:\Windows\System32\wiaservc.dll

14:11:40.0489 4428 C:\Windows\System32\wiaservc.dll - ok

14:11:40.0489 4428 [ 77B5035BC6EDF4D1B6265391AECEE4C0 ] C:\Windows\System32\vpnikeapi.dll

14:11:40.0489 4428 C:\Windows\System32\vpnikeapi.dll - ok

14:11:40.0505 4428 [ 44A8B9185030EA57F7999383643ADFFB ] C:\Windows\System32\quartz.dll

14:11:40.0505 4428 C:\Windows\System32\quartz.dll - ok

14:11:40.0505 4428 [ 9E0FF5DDD8B908DA5611445C35D6CD24 ] C:\Windows\System32\slcext.dll

14:11:40.0505 4428 C:\Windows\System32\slcext.dll - ok

14:11:40.0505 4428 [ 6F5BE3F67D7F66FFA861ABBFC6A8C973 ] C:\Windows\System32\sppcext.dll

14:11:40.0505 4428 C:\Windows\System32\sppcext.dll - ok

14:11:40.0520 4428 [ D4FAC263861BAE06971C7F7D0A8EBF15 ] C:\Windows\System32\ncsi.dll

14:11:40.0520 4428 C:\Windows\System32\ncsi.dll - ok

14:11:40.0520 4428 [ 58F4493BF748A3A89689997B7BD00E95 ] C:\Windows\System32\winhttp.dll

14:11:40.0520 4428 C:\Windows\System32\winhttp.dll - ok

14:11:40.0520 4428 [ C55516D98DD5D8F0153C2A9B4227DA86 ] C:\Windows\System32\webservices.dll

14:11:40.0520 4428 C:\Windows\System32\webservices.dll - ok

14:11:40.0536 4428 [ B5055B51BAA0FD0A736A88653DA3C1C0 ] C:\Windows\System32\fundisc.dll

14:11:40.0536 4428 C:\Windows\System32\fundisc.dll - ok

14:11:40.0536 4428 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] C:\Windows\System32\tapisrv.dll

14:11:40.0536 4428 C:\Windows\System32\tapisrv.dll - ok

14:11:40.0536 4428 [ 603EBD34E216C5654A2D774EAC98D278 ] C:\Windows\System32\webio.dll

14:11:40.0536 4428 C:\Windows\System32\webio.dll - ok

14:11:40.0551 4428 [ CF6850A72BEB4845A3BFFB3F5E8014B2 ] C:\Windows\System32\pdh.dll

14:11:40.0551 4428 C:\Windows\System32\pdh.dll - ok

14:11:40.0551 4428 [ FBD879D17B26D49DD7A48FF58062FAE6 ] C:\Windows\System32\tdh.dll

14:11:40.0551 4428 C:\Windows\System32\tdh.dll - ok

14:11:40.0551 4428 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] C:\Windows\System32\drivers\tcpipreg.sys

14:11:40.0551 4428 C:\Windows\System32\drivers\tcpipreg.sys - ok

14:11:40.0567 4428 [ 3BDCBB29D727C49DC3E3256253467281 ] C:\Windows\System32\wmdrmsdk.dll

14:11:40.0567 4428 C:\Windows\System32\wmdrmsdk.dll - ok

14:11:40.0567 4428 [ 54B5DCD55B223BC5DF50B82E1E9E86B1 ] C:\Windows\System32\mfplat.dll

14:11:40.0567 4428 C:\Windows\System32\mfplat.dll - ok

14:11:40.0567 4428 [ 7E7AFD841694F6AC397E99D75CEAD49D ] C:\Windows\System32\trkwks.dll

14:11:40.0567 4428 C:\Windows\System32\trkwks.dll - ok

14:11:40.0567 4428 [ 0364256B4A2A93A8C8CDA6B3B5A0EFF5 ] C:\Windows\System32\wiatrace.dll

14:11:40.0567 4428 C:\Windows\System32\wiatrace.dll - ok

14:11:40.0583 4428 [ 19B07E7E8915D701225DA41CB3877306 ] C:\Windows\System32\wbem\WMIsvc.dll

14:11:40.0583 4428 C:\Windows\System32\wbem\WMIsvc.dll - ok

14:11:40.0583 4428 [ 0255C22D99602534F15CBB8D9B6F152F ] C:\Windows\System32\wbem\WinMgmtR.dll

14:11:40.0583 4428 C:\Windows\System32\wbem\WinMgmtR.dll - ok

14:11:40.0583 4428 [ 0C52762C606BCF6A377D5E4688191A6B ] C:\Windows\System32\wbem\WmiDcPrv.dll

14:11:40.0583 4428 C:\Windows\System32\wbem\WmiDcPrv.dll - ok

14:11:40.0598 4428 [ CF318F60A84F15AF352439465A8D05F4 ] C:\Program Files\Windows Defender\MpSvc.dll

14:11:40.0598 4428 C:\Program Files\Windows Defender\MpSvc.dll - ok

14:11:40.0598 4428 [ ADF3E771F429940E762AC097F5A54EAF ] C:\Program Files\Windows Defender\MpClient.dll

14:11:40.0598 4428 C:\Program Files\Windows Defender\MpClient.dll - ok

14:11:40.0598 4428 [ FA5CF5CC82D4E39103DEC713E3790FF9 ] C:\Program Files (x86)\ASUS\EPU-4 Engine\AiGear.dll

14:11:40.0598 4428 C:\Program Files (x86)\ASUS\EPU-4 Engine\AiGear.dll - ok

14:11:40.0614 4428 [ 5EB55F661DEBF156E126160BCD4D89F8 ] C:\Windows\System32\wbem\wbemcore.dll

14:11:40.0614 4428 C:\Windows\System32\wbem\wbemcore.dll - ok

14:11:40.0614 4428 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

14:11:40.0614 4428 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE - ok

14:11:40.0614 4428 [ 2BBF3FDB70B8965DFA0258CBAB41ECCE ] C:\Windows\System32\ssdpapi.dll

14:11:40.0614 4428 C:\Windows\System32\ssdpapi.dll - ok

14:11:40.0629 4428 [ 522B0466ED967A0762E9AF5B37D8F40A ] C:\Windows\System32\esent.dll

14:11:40.0629 4428 C:\Windows\System32\esent.dll - ok

14:11:40.0629 4428 [ 46767946E7B559D981C1DC04EC0AB36F ] C:\Windows\System32\devenum.dll

14:11:40.0629 4428 C:\Windows\System32\devenum.dll - ok

14:11:40.0629 4428 [ 5F639198C4137075DA50E61C23963C11 ] C:\Windows\System32\drprov.dll

14:11:40.0629 4428 C:\Windows\System32\drprov.dll - ok

14:11:40.0629 4428 [ 558C42D165DB5799B4072DC0A9C27C0B ] C:\Windows\System32\msdmo.dll

14:11:40.0629 4428 C:\Windows\System32\msdmo.dll - ok

14:11:40.0645 4428 [ D38535978F93F9FC9F28BE6093A87DBE ] C:\Windows\System32\msdri.dll

14:11:40.0645 4428 C:\Windows\System32\msdri.dll - ok

14:11:40.0645 4428 [ 96DB78C9C50CEED9DA5050EFFEE272A2 ] C:\Windows\System32\upnp.dll

14:11:40.0645 4428 C:\Windows\System32\upnp.dll - ok

14:11:40.0645 4428 [ B837D1528CE2E3CB79F09496BC08DDC6 ] C:\Windows\System32\SensApi.dll

14:11:40.0645 4428 C:\Windows\System32\SensApi.dll - ok

14:11:40.0661 4428 [ 93812FDC01AA864195816CD814445F95 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL

14:11:40.0661 4428 C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL - ok

14:11:40.0661 4428 [ 9689A9C7F7C2A1A423CDA2C3B43FFF65 ] C:\Windows\System32\wer.dll

14:11:40.0661 4428 C:\Windows\System32\wer.dll - ok

14:11:40.0661 4428 [ 9149EC69ACD3EFC97B01D5A1BAEB3B57 ] C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe

14:11:40.0661 4428 C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe - ok

14:11:40.0676 4428 [ A08C010D859F8EB42BDD7E1D55B8CA27 ] C:\Windows\System32\mscoree.dll

14:11:40.0676 4428 C:\Windows\System32\mscoree.dll - ok

14:11:40.0676 4428 [ 087D8668C71634A3A3761135ABF16EEE ] C:\Windows\System32\wbem\esscli.dll

14:11:40.0676 4428 C:\Windows\System32\wbem\esscli.dll - ok

14:11:40.0676 4428 [ 63DCDFFCBB7E41540F4D64CCED66536B ] C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

14:11:40.0676 4428 C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll - ok

14:11:40.0692 4428 [ AA794B099F776B37ACCDEAD00E0FBFC9 ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll

14:11:40.0692 4428 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll - ok

14:11:40.0692 4428 [ BC566D17914B07ABAAB3A5A385CC3300 ] C:\Windows\System32\ntlanman.dll

14:11:40.0692 4428 C:\Windows\System32\ntlanman.dll - ok

14:11:40.0692 4428 [ 0B2D65FDDE31069299AA6330F359FF9C ] C:\Windows\System32\msxml3.dll

14:11:40.0692 4428 C:\Windows\System32\msxml3.dll - ok

14:11:40.0707 4428 [ EE26D130808D16C0E417BBBED0451B34 ] C:\Windows\System32\ntdsapi.dll

14:11:40.0707 4428 C:\Windows\System32\ntdsapi.dll - ok

14:11:40.0707 4428 [ A3F5E8EC1316C3E2562B82694A251C9E ] C:\Windows\System32\wbem\fastprox.dll

14:11:40.0707 4428 C:\Windows\System32\wbem\fastprox.dll - ok

14:11:40.0707 4428 [ 718B6F51AB7F6FE2988A36868F9AD3AB ] C:\Windows\System32\wbem\wbemsvc.dll

14:11:40.0707 4428 C:\Windows\System32\wbem\wbemsvc.dll - ok

14:11:40.0707 4428 [ 0143DB80DACFB7C2B5B7009ED9063353 ] C:\Windows\System32\wbem\wmiutils.dll

14:11:40.0707 4428 C:\Windows\System32\wbem\wmiutils.dll - ok

14:11:40.0723 4428 [ B3A33600DCDFB84D7FBE09ADEB1C9B8A ] C:\Windows\System32\davclnt.dll

14:11:40.0723 4428 C:\Windows\System32\davclnt.dll - ok

14:11:40.0723 4428 [ 02CD5B2C3B017122CAC00BDB520CD7AC ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll

14:11:40.0723 4428 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll - ok

14:11:40.0723 4428 [ EC6BA7C92FA5B2AA4AFDF4DF22AEDAB7 ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcr80.dll

14:11:40.0723 4428 C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_88e41e092fab0294\msvcr80.dll - ok

14:11:40.0739 4428 [ 0AB34456654C283DAA13B8D2BA21439B ] C:\Windows\System32\wbem\repdrvfs.dll

14:11:40.0739 4428 C:\Windows\System32\wbem\repdrvfs.dll - ok

14:11:40.0739 4428 [ 01AEA2F16FE0C522DDFD7FAFFC959C6A ] C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\74a5f0c2bc0d0e6e3c4ec4886b9be891\mscorlib.ni.dll

14:11:40.0739 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\74a5f0c2bc0d0e6e3c4ec4886b9be891\mscorlib.ni.dll - ok

14:11:40.0739 4428 [ 0A94DE4AA9864D312E60D747FD249ABE ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsec.dll

14:11:40.0739 4428 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsec.dll - ok

14:11:40.0754 4428 [ 850BD2D2D9CB5894935C3B6333CAD6FD ] C:\Windows\System32\riched20.dll

14:11:40.0754 4428 C:\Windows\System32\riched20.dll - ok

14:11:40.0754 4428 [ 45B24A357C801CE62052FE0CDC8BD4D2 ] C:\Windows\System32\davhlpr.dll

14:11:40.0754 4428 C:\Windows\System32\davhlpr.dll - ok

14:11:40.0754 4428 [ 58A0CDABEA255616827B1C22C9994466 ] C:\Windows\System32\NapiNSP.dll

14:11:40.0754 4428 C:\Windows\System32\NapiNSP.dll - ok

14:11:40.0770 4428 [ 613C8CE10A5FDE582BA5FA64C4D56AAA ] C:\Windows\System32\pnrpnsp.dll

14:11:40.0770 4428 C:\Windows\System32\pnrpnsp.dll - ok

14:11:40.0770 4428 [ 28AD5E311996A34025CFB07E131058DD ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

14:11:40.0770 4428 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL - ok

14:11:40.0770 4428 [ 70A176BF2ED362862944C371838262F8 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

14:11:40.0770 4428 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE - ok

14:11:40.0785 4428 [ F11A57E91FDAECFB41A5CB21EB1EBC8E ] C:\Windows\System32\dssenh.dll

14:11:40.0785 4428 C:\Windows\System32\dssenh.dll - ok

14:11:40.0785 4428 [ 4FDFA3F219692D17011BF1B428857C1E ] C:\Program Files\Windows Defender\MpRTP.dll

14:11:40.0785 4428 C:\Program Files\Windows Defender\MpRTP.dll - ok

14:11:40.0785 4428 [ 3ABB7ADB9CCBCD24D6C55201A3842A94 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll

14:11:40.0785 4428 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll - ok

14:11:40.0801 4428 [ D527EF4364D2D00443470940B177EAD4 ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CBDA262E-5FCC-4B41-B1E7-7BEC5A2B2BA5}\mpengine.dll

14:11:40.0801 4428 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CBDA262E-5FCC-4B41-B1E7-7BEC5A2B2BA5}\mpengine.dll - ok

14:11:40.0801 4428 [ B144A2223EF11ED42310124A7839258E ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CBDA262E-5FCC-4B41-B1E7-7BEC5A2B2BA5}\mpasbase.vdm

14:11:40.0801 4428 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CBDA262E-5FCC-4B41-B1E7-7BEC5A2B2BA5}\mpasbase.vdm - ok

14:11:40.0801 4428 [ 9092F57AFC5328F9F98F0936CB4AD391 ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CBDA262E-5FCC-4B41-B1E7-7BEC5A2B2BA5}\mpasdlta.vdm

14:11:40.0801 4428 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CBDA262E-5FCC-4B41-B1E7-7BEC5A2B2BA5}\mpasdlta.vdm - ok

14:11:40.0817 4428 [ C8A2FA2EE9241B8D66F9D7DE9AE34AEE ] C:\Program Files\Bonjour\mdnsNSP.dll

14:11:40.0817 4428 C:\Program Files\Bonjour\mdnsNSP.dll - ok

14:11:40.0817 4428 [ 88351B29B622B30962D2FEB6CA8D860B ] C:\Windows\System32\rasadhlp.dll

14:11:40.0817 4428 C:\Windows\System32\rasadhlp.dll - ok

14:11:40.0817 4428 [ 93BB66044FA76734E882C6F3E8EE1900 ] C:\Program Files\Windows Defender\MsMpLics.dll

14:11:40.0817 4428 C:\Program Files\Windows Defender\MsMpLics.dll - ok

14:11:40.0832 4428 [ 218A400108F280428FA22282D3268BBC ] C:\Windows\System32\wscapi.dll

14:11:40.0832 4428 C:\Windows\System32\wscapi.dll - ok

14:11:40.0832 4428 [ B84E2D174DC84916A536572BB8F691A8 ] C:\Windows\System32\wscisvif.dll

14:11:40.0832 4428 C:\Windows\System32\wscisvif.dll - ok

14:11:40.0832 4428 [ 6C1E3C43B35268C17833244C8ED96430 ] C:\Windows\System32\wscproxystub.dll

14:11:40.0832 4428 C:\Windows\System32\wscproxystub.dll - ok

14:11:40.0832 4428 [ 8BE887F1743FBB39ED2C9CA2937742D6 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System\f3888a2c7b096d416ca0cfc5405219b4\System.ni.dll

14:11:40.0832 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\System\f3888a2c7b096d416ca0cfc5405219b4\System.ni.dll - ok

14:11:40.0848 4428 [ 020C2F610BE801B9B50AF1BFF4A5B24B ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\c9866f6c2cae33d2c38ab32da622a167\System.ServiceProcess.ni.dll

14:11:40.0848 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.ServiceProce#\c9866f6c2cae33d2c38ab32da622a167\System.ServiceProcess.ni.dll - ok

14:11:40.0848 4428 [ DDD0357A92FA843EFF8915ED17253D6C ] C:\Windows\System32\wbem\WmiPrvSD.dll

14:11:40.0848 4428 C:\Windows\System32\wbem\WmiPrvSD.dll - ok

14:11:40.0848 4428 [ D41FEBD098234F02485A4EA98D4730A4 ] C:\Windows\System32\ncobjapi.dll

14:11:40.0848 4428 C:\Windows\System32\ncobjapi.dll - ok

14:11:40.0863 4428 [ 6F40D6FB05E0C1E5402812B426971AF0 ] C:\Windows\System32\wbem\wbemess.dll

14:11:40.0863 4428 C:\Windows\System32\wbem\wbemess.dll - ok

14:11:40.0863 4428 [ 5BBC951150E738F108C6D3D325BD4029 ] C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll

14:11:40.0863 4428 C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll - ok

14:11:40.0863 4428 [ 839F96DBAAFD3353E0B248A5E0BD2A51 ] C:\Windows\SysWOW64\rasapi32.dll

14:11:40.0863 4428 C:\Windows\SysWOW64\rasapi32.dll - ok

14:11:40.0879 4428 [ FFA7172354B9256DBB2CDD75F16F33FE ] C:\Windows\SysWOW64\rasman.dll

14:11:40.0879 4428 C:\Windows\SysWOW64\rasman.dll - ok

14:11:40.0879 4428 [ 0915C4DB6DBC3BB9E11B7ECBBE4B7159 ] C:\Windows\SysWOW64\rtutils.dll

14:11:40.0879 4428 C:\Windows\SysWOW64\rtutils.dll - ok

14:11:40.0879 4428 [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\SysWOW64\SensApi.dll

14:11:40.0879 4428 C:\Windows\SysWOW64\SensApi.dll - ok

14:11:40.0895 4428 [ 8C338238C16777A802D6A9211EB2BA50 ] C:\Windows\SysWOW64\netprofm.dll

14:11:40.0895 4428 C:\Windows\SysWOW64\netprofm.dll - ok

14:11:40.0895 4428 [ 212F87EE837B4E35E43A93BBFC44E7A7 ] C:\Windows\SysWOW64\AsIO.dll

14:11:40.0895 4428 C:\Windows\SysWOW64\AsIO.dll - ok

14:11:40.0895 4428 [ DC6612A9EE015A36BA2A27BC9CC12537 ] C:\Windows\SysWOW64\mfc42.dll

14:11:40.0895 4428 C:\Windows\SysWOW64\mfc42.dll - ok

14:11:40.0910 4428 [ 7D34AF98A706230CC2DEDFE0CABF87AB ] C:\Windows\SysWOW64\odbc32.dll

14:11:40.0910 4428 C:\Windows\SysWOW64\odbc32.dll - ok

14:11:40.0910 4428 [ 619A67C9F617B7E69315BB28ECD5E1DF ] C:\Windows\System32\wbem\WmiPrvSE.exe

14:11:40.0910 4428 C:\Windows\System32\wbem\WmiPrvSE.exe - ok

14:11:40.0910 4428 [ 6607C2182C6A53ED983813AFE2F85768 ] C:\Windows\System32\wbem\cimwin32.dll

14:11:40.0910 4428 C:\Windows\System32\wbem\cimwin32.dll - ok

14:11:40.0926 4428 [ 1484B9EBF567346582DE571B0E164AE0 ] C:\Windows\System32\framedynos.dll

14:11:40.0926 4428 C:\Windows\System32\framedynos.dll - ok

14:11:40.0926 4428 [ ABA457BFC7EC0B5E130B2F1E0F549DFF ] C:\Windows\SysWOW64\odbcint.dll

14:11:40.0926 4428 C:\Windows\SysWOW64\odbcint.dll - ok

14:11:40.0926 4428 [ CDAD3376DFF3D9AC7FDCBE2B94B0D3C8 ] C:\Windows\System32\shfolder.dll

14:11:40.0926 4428 C:\Windows\System32\shfolder.dll - ok

14:11:40.0926 4428 [ 06EBB2B3F1588E6182C67F6D95F151EA ] C:\Program Files\COMODO\COMODO Internet Security\platform.dll

14:11:40.0926 4428 C:\Program Files\COMODO\COMODO Internet Security\platform.dll - ok

14:11:40.0941 4428 [ 6D8F59648536E150DC5543E439281AE3 ] C:\Program Files\COMODO\COMODO Internet Security\scanners\common.cav

14:11:40.0941 4428 C:\Program Files\COMODO\COMODO Internet Security\scanners\common.cav - ok

14:11:40.0941 4428 [ 73EC75C38053596DBE594D63E4CD3E79 ] C:\Program Files\COMODO\COMODO Internet Security\signmgr.dll

14:11:40.0941 4428 C:\Program Files\COMODO\COMODO Internet Security\signmgr.dll - ok

14:11:40.0941 4428 [ 77A0AC6A3031FEFCBE2B7A52F4E8C0D3 ] C:\Program Files\COMODO\COMODO Internet Security\scanners\fileid.cav

14:11:40.0941 4428 C:\Program Files\COMODO\COMODO Internet Security\scanners\fileid.cav - ok

14:11:40.0957 4428 [ B598F178B9454BA8700EC7FA16FD4284 ] C:\Program Files\COMODO\COMODO Internet Security\scanners\pkann.dll

14:11:40.0957 4428 C:\Program Files\COMODO\COMODO Internet Security\scanners\pkann.dll - ok

14:11:40.0957 4428 [ 6A9178ADC5A029992399B76AE5E5E96E ] C:\Program Files\COMODO\COMODO Internet Security\scanners\mach32.dll

14:11:40.0957 4428 C:\Program Files\COMODO\COMODO Internet Security\scanners\mach32.dll - ok

14:11:40.0957 4428 [ DDABE79024A488DBBB7DE369FA22A93D ] C:\Program Files\COMODO\COMODO Internet Security\scanners\white.cav

14:11:40.0957 4428 C:\Program Files\COMODO\COMODO Internet Security\scanners\white.cav - ok

14:11:40.0973 4428 [ 2E2072EB48238FCA8FBB7A9F5FABAC45 ] C:\Windows\System32\winrnr.dll

14:11:40.0973 4428 C:\Windows\System32\winrnr.dll - ok

14:11:40.0973 4428 [ A4B3A9FFA483F8CB36E56C19448DDE36 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\52e2da35b160dbd254683f72a0f1b937\System.Xml.ni.dll

14:11:40.0973 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\52e2da35b160dbd254683f72a0f1b937\System.Xml.ni.dll - ok

14:11:40.0973 4428 [ 0017163E0D5985168792BEE5CF70D5DF ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dll

14:11:40.0973 4428 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\diasymreader.dll - ok

14:11:40.0988 4428 [ 5DCD11D0B1CB71E2B035B30670365C35 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\6c3851b925e2a31ddefb3d36bb9163cb\System.Runtime.Remoting.ni.dll

14:11:40.0988 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Remo#\6c3851b925e2a31ddefb3d36bb9163cb\System.Runtime.Remoting.ni.dll - ok

14:11:40.0988 4428 [ 08C2957BB30058E663720C5606885653 ] C:\Windows\System32\iphlpsvc.dll

14:11:40.0988 4428 C:\Windows\System32\iphlpsvc.dll - ok

14:11:40.0988 4428 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] C:\Windows\System32\drivers\srv2.sys

14:11:40.0988 4428 C:\Windows\System32\drivers\srv2.sys - ok

14:11:41.0004 4428 [ 1EF54B3220EBF3794439EB072B350F3E ] C:\Program Files\Windows Home Server\WHSConnector.exe

14:11:41.0004 4428 C:\Program Files\Windows Home Server\WHSConnector.exe - ok

14:11:41.0004 4428 [ AB92BDA9FF444B39D22E94DC9D233CF4 ] C:\Program Files\Windows Home Server\PartnerManager.dll

14:11:41.0004 4428 C:\Program Files\Windows Home Server\PartnerManager.dll - ok

14:11:41.0004 4428 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] C:\Windows\System32\drivers\srv.sys

14:11:41.0004 4428 C:\Windows\System32\drivers\srv.sys - ok

14:11:41.0019 4428 [ 222D7D2B40F376038320668F7A909B36 ] C:\Program Files\Windows Home Server\WSCSource.dll

14:11:41.0019 4428 C:\Program Files\Windows Home Server\WSCSource.dll - ok

14:11:41.0019 4428 [ 27B9E163740A226B65E4B9E186117911 ] C:\Windows\System32\sqmapi.dll

14:11:41.0019 4428 C:\Windows\System32\sqmapi.dll - ok

14:11:41.0019 4428 [ 7B38D7916A7CD058C16A0A6CA5077901 ] C:\Windows\System32\wdscore.dll

14:11:41.0019 4428 C:\Windows\System32\wdscore.dll - ok

14:11:41.0035 4428 [ 814A7F6D222E65B065F139D891203656 ] C:\Program Files\Windows Home Server\WHSNotificationFactory.dll

14:11:41.0035 4428 C:\Program Files\Windows Home Server\WHSNotificationFactory.dll - ok

14:11:41.0035 4428 [ 1DB725C6D5B8EF722B0A4CD8A3B51F27 ] C:\Program Files\Windows Home Server\WHSNotificationSource.dll

14:11:41.0035 4428 C:\Program Files\Windows Home Server\WHSNotificationSource.dll - ok

14:11:41.0035 4428 [ 75131819FDCDA81739B1BE87DFD45F4A ] C:\Windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\c241cc03e9b5ac3666acb0e2ab47965b\ehRecObj.ni.dll

14:11:41.0035 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\ehRecObj\c241cc03e9b5ac3666acb0e2ab47965b\ehRecObj.ni.dll - ok

14:11:41.0051 4428 [ EE867A0870FC9E4972BA9EAAD35651E2 ] C:\Windows\System32\rasmans.dll

14:11:41.0051 4428 C:\Windows\System32\rasmans.dll - ok

14:11:41.0051 4428 [ D9F42719019740BAA6D1C6D536CBDAA6 ] C:\Windows\System32\srvsvc.dll

14:11:41.0051 4428 C:\Windows\System32\srvsvc.dll - ok

14:11:41.0051 4428 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] C:\Windows\System32\browser.dll

14:11:41.0051 4428 C:\Windows\System32\browser.dll - ok

14:11:41.0066 4428 [ CFEFA40DDE34659BE5211966EAD86437 ] C:\Windows\System32\netmsg.dll

14:11:41.0066 4428 C:\Windows\System32\netmsg.dll - ok

14:11:41.0066 4428 [ 44C96B48112EB24AE7764EBF1C527000 ] C:\Windows\System32\rastapi.dll

14:11:41.0066 4428 C:\Windows\System32\rastapi.dll - ok

14:11:41.0066 4428 [ FAFAE01E889DC9C05A6CA2138CFC220B ] C:\Windows\System32\tapi32.dll

14:11:41.0066 4428 C:\Windows\System32\tapi32.dll - ok

14:11:41.0082 4428 [ 03706015DB44368375AEBE6339490E66 ] C:\Windows\System32\netcfgx.dll

14:11:41.0082 4428 C:\Windows\System32\netcfgx.dll - ok

14:11:41.0082 4428 [ 60666289DB3D58D68DCC2C6A54703BC0 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\mcstore\9a109c70eea14b5006fbce07e1db37b5\mcstore.ni.dll

14:11:41.0082 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\mcstore\9a109c70eea14b5006fbce07e1db37b5\mcstore.ni.dll - ok

14:11:41.0082 4428 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] C:\Windows\System32\netprofm.dll

14:11:41.0082 4428 C:\Windows\System32\netprofm.dll - ok

14:11:41.0082 4428 [ 3B367397320C26DBA890B260F80D1B1B ] C:\Windows\System32\hnetcfg.dll

14:11:41.0082 4428 C:\Windows\System32\hnetcfg.dll - ok

14:11:41.0097 4428 [ D2A0FFA75AB181B19B5EB93BB29C7686 ] C:\Windows\System32\unimdm.tsp

14:11:41.0097 4428 C:\Windows\System32\unimdm.tsp - ok

14:11:41.0097 4428 [ 81749E073AC5857B044A686B406E5244 ] C:\Windows\System32\clusapi.dll

14:11:41.0097 4428 C:\Windows\System32\clusapi.dll - ok

14:11:41.0097 4428 [ FF80CAD87555E8E4D2CFD7B9058343F8 ] C:\Windows\System32\sscore.dll

14:11:41.0097 4428 C:\Windows\System32\sscore.dll - ok

14:11:41.0113 4428 [ 344FCC9850C3A8A3B4D3C65151AF8E4C ] C:\Windows\System32\resutils.dll

14:11:41.0113 4428 C:\Windows\System32\resutils.dll - ok

14:11:41.0113 4428 [ FEB91B4DA0D540865260A33838654FA3 ] C:\Windows\System32\nci.dll

14:11:41.0113 4428 C:\Windows\System32\nci.dll - ok

14:11:41.0113 4428 [ 94B7DF336815B47236724019FAB24B7C ] C:\Windows\System32\uniplat.dll

14:11:41.0113 4428 C:\Windows\System32\uniplat.dll - ok

14:11:41.0129 4428 [ 41326DD08ACC0CDC5F8177AF96C066E8 ] C:\Windows\System32\kmddsp.tsp

14:11:41.0129 4428 C:\Windows\System32\kmddsp.tsp - ok

14:11:41.0129 4428 [ 1D6BC2769DA66C1145F4DA5A65F52E61 ] C:\Windows\System32\ndptsp.tsp

14:11:41.0129 4428 C:\Windows\System32\ndptsp.tsp - ok

14:11:41.0129 4428 [ 7C1BAE7D23D4874FEE256A2B9C00E019 ] C:\Windows\System32\hidphone.tsp

14:11:41.0129 4428 C:\Windows\System32\hidphone.tsp - ok

14:11:41.0129 4428 [ A717A35120DBAB5AB707AB40662AF9DD ] C:\Windows\System32\rasppp.dll

14:11:41.0129 4428 C:\Windows\System32\rasppp.dll - ok

14:11:41.0144 4428 [ 0FE5CD5F9C9248F42D1EF56E495B182E ] C:\Windows\System32\vpnike.dll

14:11:41.0144 4428 C:\Windows\System32\vpnike.dll - ok

14:11:41.0144 4428 [ 6A84E68B538B8B04608BF2F0D426CE6F ] C:\Windows\System32\raschap.dll

14:11:41.0144 4428 C:\Windows\System32\raschap.dll - ok

14:11:41.0144 4428 [ A53B66A443C2B313B12A27A07133594D ] C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\99adaa00da8830c264898b126ad2af54\Microsoft.MediaCenter.UI.ni.dll

14:11:41.0144 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\99adaa00da8830c264898b126ad2af54\Microsoft.MediaCenter.UI.ni.dll - ok

14:11:41.0160 4428 [ DC3E0DFB43ED05FF8290B38E3F94C0DE ] C:\Windows\ehome\ehepgres.dll

14:11:41.0160 4428 C:\Windows\ehome\ehepgres.dll - ok

14:11:41.0160 4428 [ B95F6501A2F8B2E78C697FEC401970CE ] C:\Windows\System32\ipnathlp.dll

14:11:41.0160 4428 C:\Windows\System32\ipnathlp.dll - ok

14:11:41.0160 4428 [ 2DF29664ED261F0FC448E58F338F0671 ] C:\Windows\System32\mprapi.dll

14:11:41.0160 4428 C:\Windows\System32\mprapi.dll - ok

14:11:41.0175 4428 [ A42F2C1EB3B66C54FB3C7B79D30C1A6D ] C:\Windows\System32\netshell.dll

14:11:41.0175 4428 C:\Windows\System32\netshell.dll - ok

14:11:41.0175 4428 [ 2E648163254233755035B46DD7B89123 ] C:\Windows\System32\termsrv.dll

14:11:41.0175 4428 C:\Windows\System32\termsrv.dll - ok

14:11:41.0175 4428 [ BF1FC3F79B863C914687A737C2F3D681 ] C:\Windows\System32\wdi.dll

14:11:41.0175 4428 C:\Windows\System32\wdi.dll - ok

14:11:41.0191 4428 [ F7073C962C4FB7C415565DDE109DE49F ] C:\Windows\System32\npmproxy.dll

14:11:41.0191 4428 C:\Windows\System32\npmproxy.dll - ok

14:11:41.0191 4428 [ BD9EB3958F213F96B97B1D897DEE006D ] C:\Windows\System32\hidserv.dll

14:11:41.0191 4428 C:\Windows\System32\hidserv.dll - ok

14:11:41.0191 4428 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] C:\Windows\System32\ssdpsrv.dll

14:11:41.0191 4428 C:\Windows\System32\ssdpsrv.dll - ok

14:11:41.0191 4428 [ 93221146D4EBBF314C29B23CD6CC391D ] C:\Windows\System32\wpdbusenum.dll

14:11:41.0191 4428 C:\Windows\System32\wpdbusenum.dll - ok

14:11:41.0207 4428 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] C:\Windows\System32\appinfo.dll

14:11:41.0207 4428 C:\Windows\System32\appinfo.dll - ok

14:11:41.0207 4428 [ 15E298B5EC5B89C5994A59863969D9FF ] C:\Windows\SysWOW64\npmproxy.dll

14:11:41.0207 4428 C:\Windows\SysWOW64\npmproxy.dll - ok

14:11:41.0207 4428 [ BF4AC709BE5BF64F331F5D67773A0C82 ] C:\Windows\System32\perftrack.dll

14:11:41.0207 4428 C:\Windows\System32\perftrack.dll - ok

14:11:41.0222 4428 [ 4449D23E8F197862F1B16F1E6C89C36C ] C:\Windows\System32\diagperf.dll

14:11:41.0222 4428 C:\Windows\System32\diagperf.dll - ok

14:11:41.0222 4428 [ 7E236CC26FF0C2513819FA453E2C5371 ] C:\Windows\System32\icaapi.dll

14:11:41.0222 4428 C:\Windows\System32\icaapi.dll - ok

14:11:41.0222 4428 [ 988121D083B7AB61D4A7E244290BAAB0 ] C:\Windows\System32\lsmproxy.dll

14:11:41.0222 4428 C:\Windows\System32\lsmproxy.dll - ok

14:11:41.0238 4428 [ 9719E3D834F5C8C43F56A93DFA497023 ] C:\Windows\System32\pnpts.dll

14:11:41.0238 4428 C:\Windows\System32\pnpts.dll - ok

14:11:41.0238 4428 [ 46863C4CC5B68EB09EA2D5EEF0F1193A ] C:\Windows\System32\radardt.dll

14:11:41.0238 4428 C:\Windows\System32\radardt.dll - ok

14:11:41.0238 4428 [ E811F8510B133E70CF6E509FB809824F ] C:\Windows\System32\wdiasqmmodule.dll

14:11:41.0238 4428 C:\Windows\System32\wdiasqmmodule.dll - ok

14:11:41.0253 4428 [ E377BBA01F34E4183C32E5BBD688CE83 ] C:\Windows\System32\regapi.dll

14:11:41.0253 4428 C:\Windows\System32\regapi.dll - ok

14:11:41.0253 4428 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] C:\Windows\System32\IPSECSVC.DLL

14:11:41.0253 4428 C:\Windows\System32\IPSECSVC.DLL - ok

14:11:41.0253 4428 [ 92E0508D924512F63FFEEFE498CBD11F ] C:\Windows\System32\p2pcollab.dll

14:11:41.0253 4428 C:\Windows\System32\p2pcollab.dll - ok

14:11:41.0269 4428 [ 5B236296E233CAA6BF86BE0C6501A224 ] C:\Windows\System32\rdpcorekmts.dll

14:11:41.0269 4428 C:\Windows\System32\rdpcorekmts.dll - ok

14:11:41.0269 4428 [ 6D5DCC1579B3961D791ABDE286A1CB5E ] C:\Windows\System32\rdpwsx.dll

14:11:41.0269 4428 C:\Windows\System32\rdpwsx.dll - ok

14:11:41.0269 4428 [ 1B6163C503398B23FF8B939C67747683 ] C:\Windows\System32\drivers\rdpdr.sys

14:11:41.0269 4428 C:\Windows\System32\drivers\rdpdr.sys - ok

14:11:41.0269 4428 [ 582AC6D9873E31DFA28A4547270862DD ] C:\Windows\System32\QAGENTRT.DLL

14:11:41.0269 4428 C:\Windows\System32\QAGENTRT.DLL - ok

14:11:41.0285 4428 [ 1B4A711265FEA91259553D7B4E83394B ] C:\Windows\System32\tlscsp.dll

14:11:41.0285 4428 C:\Windows\System32\tlscsp.dll - ok

14:11:41.0285 4428 [ 506A83A3BEEE9FCA09F0170DE9FC7D1B ] C:\Windows\System32\fveui.dll

14:11:41.0285 4428 C:\Windows\System32\fveui.dll - ok

14:11:41.0285 4428 [ F17D1D393BBC69C5322FBFAFACA28C7F ] C:\Windows\System32\certprop.dll

14:11:41.0285 4428 C:\Windows\System32\certprop.dll - ok

14:11:41.0300 4428 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] C:\Windows\System32\drivers\tdtcp.sys

14:11:41.0300 4428 C:\Windows\System32\drivers\tdtcp.sys - ok

14:11:41.0300 4428 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] C:\Windows\System32\drivers\tssecsrv.sys

14:11:41.0300 4428 C:\Windows\System32\drivers\tssecsrv.sys - ok

14:11:41.0300 4428 [ 0B6231BF38174A1628C4AC812CC75804 ] C:\Windows\System32\SessEnv.dll

14:11:41.0300 4428 C:\Windows\System32\SessEnv.dll - ok

14:11:41.0316 4428 [ E61608AA35E98999AF9AAEEEA6114B0A ] C:\Windows\System32\drivers\rdpwd.sys

14:11:41.0316 4428 C:\Windows\System32\drivers\rdpwd.sys - ok

14:11:41.0316 4428 [ 025E7DBDB98866ED3CB2D4DDA70B364D ] C:\Windows\System32\runonce.exe

14:11:41.0316 4428 C:\Windows\System32\runonce.exe - ok

14:11:41.0316 4428 [ D44741F65A1D71F65814A12CF6E2400A ] C:\Windows\SysWOW64\runonce.exe

14:11:41.0316 4428 C:\Windows\SysWOW64\runonce.exe - ok

14:11:41.0331 4428 [ 12C45E3CB6D65F73209549E2D02ECA7A ] C:\Windows\SysWOW64\propsys.dll

14:11:41.0331 4428 C:\Windows\SysWOW64\propsys.dll - ok

14:11:41.0331 4428 [ AD7B9C14083B52BC532FBA5948342B98 ] C:\Windows\SysWOW64\cmd.exe

14:11:41.0331 4428 C:\Windows\SysWOW64\cmd.exe - ok

14:11:41.0331 4428 [ 326C7F76A29897A892AA7726E91C1C67 ] C:\Windows\SysWOW64\winbrand.dll

14:11:41.0331 4428 C:\Windows\SysWOW64\winbrand.dll - ok

14:11:41.0347 4428 [ 4B78B431F225FD8624C5655CB1DE7B61 ] C:\Windows\System32\aelupsvc.dll

14:11:41.0347 4428 C:\Windows\System32\aelupsvc.dll - ok

14:11:41.0347 4428 [ 37F358CBD2A1D82C56A542325DA6D368 ] C:\Windows\SysWOW64\ieframe.dll

14:11:41.0347 4428 C:\Windows\SysWOW64\ieframe.dll - ok

14:11:41.0347 4428 [ E64D9EC8018C55873B40FDEE9DBEF5B3 ] C:\Windows\System32\PortableDeviceApi.dll

14:11:41.0347 4428 C:\Windows\System32\PortableDeviceApi.dll - ok

14:11:41.0363 4428 [ 9BC93C9ACFA34DB5A41B89357B31E4ED ] C:\Windows\System32\FwRemoteSvr.dll

14:11:41.0363 4428 C:\Windows\System32\FwRemoteSvr.dll - ok

14:11:41.0363 4428 [ 8E01332CC4B68BC6B5B7EFFE374442AA ] C:\Windows\SysWOW64\oleacc.dll

14:11:41.0363 4428 C:\Windows\SysWOW64\oleacc.dll - ok

14:11:41.0363 4428 [ BE247AE996A9FDE007A27B51413A6C79 ] C:\Windows\SysWOW64\shdocvw.dll

14:11:41.0363 4428 C:\Windows\SysWOW64\shdocvw.dll - ok

14:11:41.0363 4428 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\Users\Webb\AppData\Local\Temp\D7571601-6271-4813-84C6-6B3CD7101659.exe

14:11:41.0363 4428 C:\Users\Webb\AppData\Local\Temp\D7571601-6271-4813-84C6-6B3CD7101659.exe - ok

14:11:41.0378 4428 [ 10F815BE90A66AAFC6C713D1BD626064 ] C:\Windows\System32\pnidui.dll

14:11:41.0378 4428 C:\Windows\System32\pnidui.dll - ok

14:11:41.0378 4428 [ 591FE0A6CEB19BF886CEB1331F591940 ] C:\Windows\SysWOW64\ncrypt.dll

14:11:41.0378 4428 C:\Windows\SysWOW64\ncrypt.dll - ok

14:11:41.0378 4428 [ CE71B9119A258EDD0A05B37D7B0F92E3 ] C:\Windows\SysWOW64\bcrypt.dll

14:11:41.0378 4428 C:\Windows\SysWOW64\bcrypt.dll - ok

14:11:41.0394 4428 [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\SysWOW64\bcryptprimitives.dll

14:11:41.0394 4428 C:\Windows\SysWOW64\bcryptprimitives.dll - ok

14:11:41.0394 4428 [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\SysWOW64\gpapi.dll

14:11:41.0394 4428 C:\Windows\SysWOW64\gpapi.dll - ok

14:11:41.0394 4428 [ CA79539D3D4C0BA66F0F051A5EE5E923 ] C:\Windows\SysWOW64\cryptnet.dll

14:11:41.0394 4428 C:\Windows\SysWOW64\cryptnet.dll - ok

14:11:41.0409 4428 [ 1DB71A41DAEE6B3F8CD0DDA8209FA2D5 ] C:\Windows\SysWOW64\WindowsCodecs.dll

14:11:41.0409 4428 C:\Windows\SysWOW64\WindowsCodecs.dll - ok

14:11:41.0409 4428 [ 846D0E4DB261CFAF363902E41498E961 ] C:\Windows\SysWOW64\EhStorShell.dll

14:11:41.0409 4428 C:\Windows\SysWOW64\EhStorShell.dll - ok

14:11:41.0409 4428 [ 03F3B770DFBED6131653CEDA8CA780F0 ] C:\Windows\SysWOW64\ntshrui.dll

14:11:41.0409 4428 C:\Windows\SysWOW64\ntshrui.dll - ok

14:11:41.0425 4428 [ 827CB0D6C3F8057EA037FF271F8E9795 ] C:\Windows\SysWOW64\imageres.dll

14:11:41.0425 4428 C:\Windows\SysWOW64\imageres.dll - ok

14:11:41.0425 4428 [ 8B74CEC6980D4816B0037AE9A27E538F ] C:\Windows\SysWOW64\slc.dll

14:11:41.0425 4428 C:\Windows\SysWOW64\slc.dll - ok

14:11:41.0425 4428 [ 1EB82516F21F27EED1833B4F9FD9614E ] C:\Windows\System32\wmp.dll

14:11:41.0425 4428 C:\Windows\System32\wmp.dll - ok

14:11:41.0425 4428 [ A293DCD756D04D8492A750D03B9A297C ] C:\Windows\System32\umrdp.dll

14:11:41.0425 4428 C:\Windows\System32\umrdp.dll - ok

14:11:41.0441 4428 [ E1B22739C933BE33F53DB58C5393ADD3 ] C:\Windows\System32\Apphlpdm.dll

14:11:41.0441 4428 C:\Windows\System32\Apphlpdm.dll - ok

14:11:41.0441 4428 [ AFA79C343F9D1555F7E5D5FA70BB2A14 ] C:\Windows\System32\PortableDeviceConnectApi.dll

14:11:41.0441 4428 C:\Windows\System32\PortableDeviceConnectApi.dll - ok

14:11:41.0441 4428 [ 45CFBFA8EDC3DF4E2B7FB0D0260FE051 ] C:\Windows\System32\localspl.dll

14:11:41.0441 4428 C:\Windows\System32\localspl.dll - ok

14:11:41.0456 4428 [ C5AC93CF3BA30D367FB49148A2B673B9 ] C:\Windows\System32\PrintIsolationProxy.dll

14:11:41.0456 4428 C:\Windows\System32\PrintIsolationProxy.dll - ok

14:11:41.0456 4428 [ 3285481F5C12305CA104A6C493CA5A0B ] C:\Windows\System32\spoolss.dll

14:11:41.0456 4428 C:\Windows\System32\spoolss.dll - ok

14:11:41.0456 4428 [ EC98366AD462383659681BDFFD384CED ] C:\Windows\System32\CNBLM4.DLL

14:11:41.0456 4428 C:\Windows\System32\CNBLM4.DLL - ok

14:11:41.0472 4428 [ 19E41CCCEE697CC9465396B370929792 ] C:\Windows\System32\FXSMON.dll

14:11:41.0472 4428 C:\Windows\System32\FXSMON.dll - ok

14:11:41.0472 4428 [ 32A3C8600AF124CBAAD845F13CFAE3CB ] C:\Windows\System32\tcpmon.dll

14:11:41.0472 4428 C:\Windows\System32\tcpmon.dll - ok

14:11:41.0472 4428 [ 93518C6EDE0B61BCBD02BDB02BD05FEE ] C:\Windows\System32\snmpapi.dll

14:11:41.0472 4428 C:\Windows\System32\snmpapi.dll - ok

14:11:41.0487 4428 [ FFF9D00CF16397C64317F213484F94BD ] C:\Windows\System32\wsnmp32.dll

14:11:41.0487 4428 C:\Windows\System32\wsnmp32.dll - ok

14:11:41.0487 4428 [ DF72A9936D0C3F517083119648814B09 ] C:\Windows\System32\usbmon.dll

14:11:41.0487 4428 C:\Windows\System32\usbmon.dll - ok

14:11:41.0487 4428 [ A1D7E3ADCDB07DDB6F423862DCB1A52B ] C:\Windows\System32\WSDMon.dll

14:11:41.0487 4428 C:\Windows\System32\WSDMon.dll - ok

14:11:41.0487 4428 [ 4581716B4BF76ACFD8E167EB0B26D82A ] C:\Windows\System32\fdPnp.dll

14:11:41.0487 4428 C:\Windows\System32\fdPnp.dll - ok

14:11:41.0503 4428 [ 1D626FE2E13C1CE49CA0136CFF214E93 ] C:\Windows\System32\spool\prtprocs\x64\winprint.dll

14:11:41.0503 4428 C:\Windows\System32\spool\prtprocs\x64\winprint.dll - ok

14:11:41.0503 4428 [ 389B0EEE1FFB490D76A556F04C0B268E ] C:\Windows\System32\spool\prtprocs\x64\CNBPP4.DLL

14:11:41.0503 4428 C:\Windows\System32\spool\prtprocs\x64\CNBPP4.DLL - ok

14:11:41.0503 4428 [ 507D5567A0A4EE86C4B0CE2CE1777025 ] C:\Windows\System32\inetpp.dll

14:11:41.0503 4428 C:\Windows\System32\inetpp.dll - ok

14:11:41.0519 4428 [ 548CB980D7876E207CC9F8B60C1587A3 ] C:\Windows\System32\win32spl.dll

14:11:41.0519 4428 C:\Windows\System32\win32spl.dll - ok

14:11:41.0519 4428 [ E629F1A051C82795DDFFD3E8D4855811 ] C:\Windows\System32\dimsjob.dll

14:11:41.0519 4428 C:\Windows\System32\dimsjob.dll - ok

14:11:41.0519 4428 [ 35CB97CBC3EDC463418ED4997AAB29B6 ] C:\Windows\System32\pautoenr.dll

14:11:41.0519 4428 C:\Windows\System32\pautoenr.dll - ok

14:11:41.0534 4428 [ 94DFBB481BF51158B216E23C5C1C9D6E ] C:\Windows\System32\certcli.dll

14:11:41.0534 4428 C:\Windows\System32\certcli.dll - ok

14:11:41.0534 4428 [ 263B26106606A010CF877472B535E4BB ] C:\Windows\System32\CertEnroll.dll

14:11:41.0534 4428 C:\Windows\System32\CertEnroll.dll - ok

14:11:41.0534 4428 [ 162D247E995EAEBF3EF4289069E1111C ] C:\Windows\SysWOW64\devrtl.dll

14:11:41.0534 4428 C:\Windows\SysWOW64\devrtl.dll - ok

14:11:41.0550 4428 [ D56C13F26ADCB3BC0455DB42883F6E7D ] C:\Windows\System32\iedkcs32.dll

14:11:41.0550 4428 C:\Windows\System32\iedkcs32.dll - ok

14:11:41.0550 4428 [ 6D220604AA4240303DD8DEAEAB428377 ] C:\Windows\System32\ie4uinit.exe

14:11:41.0550 4428 C:\Windows\System32\ie4uinit.exe - ok

14:11:41.0550 4428 [ 2C647ABE9A424E55B5F3DAE4629B4277 ] C:\Windows\System32\themeui.dll

14:11:41.0550 4428 C:\Windows\System32\themeui.dll - ok

14:11:41.0565 4428 [ FB10715E4099AF9FA389C71873245226 ] C:\Windows\System32\timedate.cpl

14:11:41.0565 4428 C:\Windows\System32\timedate.cpl - ok

14:11:41.0565 4428 [ E6F0F82788E8BD0F7A616350EFA0761C ] C:\Windows\System32\actxprxy.dll

14:11:41.0565 4428 C:\Windows\System32\actxprxy.dll - ok

14:11:41.0565 4428 [ C4F40F6CACD796A8E16671D0E9A2F319 ] C:\Windows\System32\shdocvw.dll

14:11:41.0565 4428 C:\Windows\System32\shdocvw.dll - ok

14:11:41.0581 4428 [ A0A65D306A5490D2EB8E7DE66898ECFD ] C:\Windows\System32\linkinfo.dll

14:11:41.0581 4428 C:\Windows\System32\linkinfo.dll - ok

14:11:41.0581 4428 [ 3504B34CD2DE00BA3CC1A195F1B739BD ] C:\Windows\System32\gameux.dll

14:11:41.0581 4428 C:\Windows\System32\gameux.dll - ok

14:11:41.0581 4428 [ 1EAC1A8CA6874BF5B15E2EFB9A9A7B86 ] C:\Windows\System32\msftedit.dll

14:11:41.0581 4428 C:\Windows\System32\msftedit.dll - ok

14:11:41.0581 4428 [ 7CB3ACB163DE051169095DC6507B8977 ] C:\Windows\System32\msls31.dll

14:11:41.0581 4428 C:\Windows\System32\msls31.dll - ok

14:11:41.0597 4428 [ 7DBA84667DC18877AEF693E3543DFAD7 ] C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll

14:11:41.0597 4428 C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll - ok

14:11:41.0597 4428 [ 69754747274B76E7FAF287239333D7E6 ] C:\Windows\System32\msiltcfg.dll

14:11:41.0597 4428 C:\Windows\System32\msiltcfg.dll - ok

14:11:41.0597 4428 [ 4C2C4640BF23AAFCF90519E0F34436CE ] C:\Windows\System32\DeviceCenter.dll

14:11:41.0597 4428 C:\Windows\System32\DeviceCenter.dll - ok

14:11:41.0612 4428 [ 405F4D32D2185F1F1BD753D8EEAFFB3A ] C:\Windows\System32\networkexplorer.dll

14:11:41.0612 4428 C:\Windows\System32\networkexplorer.dll - ok

14:11:41.0612 4428 [ 4F7A4BC2C730D881C48D22A6E7EF547C ] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

14:11:41.0612 4428 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe - ok

14:11:41.0612 4428 [ 24F4B480F335A6C724AF352253C5D98B ] C:\Windows\System32\thumbcache.dll

14:11:41.0612 4428 C:\Windows\System32\thumbcache.dll - ok

14:11:41.0628 4428 [ 263E9A047D17CD50BAA9D3C02910D18D ] C:\Windows\System32\oledlg.dll

14:11:41.0628 4428 C:\Windows\System32\oledlg.dll - ok

14:11:41.0628 4428 [ 4B4F81C294B9A07479F4F4F8FF20E58C ] C:\Program Files (x86)\Garmin\gStart.exe

14:11:41.0628 4428 C:\Program Files (x86)\Garmin\gStart.exe - ok

14:11:41.0628 4428 [ 32DA0F05975B3426C0AD76296ABF3073 ] C:\Program Files (x86)\Garmin\gStart_Lang.dll

14:11:41.0628 4428 C:\Program Files (x86)\Garmin\gStart_Lang.dll - ok

14:11:41.0643 4428 [ 17482ECBD12AF528EA626CFA87361BB0 ] C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe

14:11:41.0643 4428 C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe - ok

14:11:41.0643 4428 [ E999032BA2304BFAA471AE444AE86C49 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

14:11:41.0643 4428 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe - ok

14:11:41.0643 4428 [ 0AEE5668EB59912F32FF245BFA72465F ] C:\Program Files (x86)\QuickTime\QTTask.exe

14:11:41.0643 4428 C:\Program Files (x86)\QuickTime\QTTask.exe - ok

14:11:41.0659 4428 [ 0B5511674394666E9D221F8681B2C2E6 ] C:\Windows\System32\consent.exe

14:11:41.0659 4428 C:\Windows\System32\consent.exe - ok

14:11:41.0659 4428 [ EAAD988F5D1C6904DF8D59382D326371 ] C:\Windows\SysWOW64\atiadlxy.dll

14:11:41.0659 4428 C:\Windows\SysWOW64\atiadlxy.dll - ok

14:11:41.0659 4428 [ 0CFBE2D135A73CA98381FC8CC8BC5A03 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe

14:11:41.0659 4428 C:\Program Files (x86)\iTunes\iTunesHelper.exe - ok

14:11:41.0659 4428 [ 18673B7DDECFB675A989EB2B7C51A7F1 ] C:\Program Files\COMODO\COMODO Internet Security\cmdhtml.dll

14:11:41.0659 4428 C:\Program Files\COMODO\COMODO Internet Security\cmdhtml.dll - ok

14:11:41.0675 4428 [ 55520AF0F65D5BD7A337DCEDDE886125 ] C:\Program Files (x86)\iTunes\iTunesHelper.dll

14:11:41.0675 4428 C:\Program Files (x86)\iTunes\iTunesHelper.dll - ok

14:11:41.0675 4428 [ 848BC9A0BB2361E549FD4C22D7548FB8 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\AppleVersions.dll

14:11:41.0675 4428 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\AppleVersions.dll - ok

14:11:41.0675 4428 [ 795AEA2511A1C5082FA690D6BD8D202E ] C:\Program Files (x86)\iTunes\iTunesHelper.Resources\iTunesHelper.dll

14:11:41.0675 4428 C:\Program Files (x86)\iTunes\iTunesHelper.Resources\iTunesHelper.dll - ok

14:11:41.0690 4428 [ E7704CBF568815C1CAA6E513387BD3F2 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

14:11:41.0690 4428 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe - ok

14:11:41.0690 4428 [ 4F99047D255B77FDA6E51EA97721E3D8 ] C:\Program Files (x86)\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll

14:11:41.0690 4428 C:\Program Files (x86)\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll - ok

14:11:41.0690 4428 [ 1EAE09FD191DA65EFF54AF9A2E899711 ] C:\Program Files (x86)\Sierra Wireless Inc\Watcher\WaHelper.exe

14:11:41.0690 4428 C:\Program Files (x86)\Sierra Wireless Inc\Watcher\WaHelper.exe - ok

14:11:41.0706 4428 [ 505F022493D471025ADD399A4162208B ] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

14:11:41.0706 4428 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe - ok

14:11:41.0706 4428 [ B8E421C0890356CD4A793D8A346D9096 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

14:11:41.0706 4428 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok

14:11:41.0706 4428 [ B77081F8221968C7DAB794B0BA55C43E ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

14:11:41.0706 4428 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe - ok

14:11:41.0721 4428 [ 083649EF692A066880C9326020915AFE ] C:\Program Files\Alwil Software\Avast5\AvastUI.exe

14:11:41.0721 4428 C:\Program Files\Alwil Software\Avast5\AvastUI.exe - ok

14:11:41.0721 4428 [ 179EED57FED3C7422A559633641032BA ] C:\Program Files\Alwil Software\Avast5\aswUtil.dll

14:11:41.0721 4428 C:\Program Files\Alwil Software\Avast5\aswUtil.dll - ok

14:11:41.0721 4428 [ 50925A12AD9A8F45609E914D9F941E68 ] C:\Program Files\COMODO\COMODO Internet Security\themes\black.theme

14:11:41.0721 4428 C:\Program Files\COMODO\COMODO Internet Security\themes\black.theme - ok

14:11:41.0737 4428 [ CA6ADE4F7761BB15B3325356DC3B82BB ] C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll

14:11:41.0737 4428 C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll - ok

14:11:41.0737 4428 [ E2C48CD0132D4D1DC7D0DF9A6BEF686A ] C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80u.dll

14:11:41.0737 4428 C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80u.dll - ok

14:11:41.0737 4428 [ 1473768973453DE50DC738C2955FC4DD ] C:\Windows\System32\wdmaud.drv

14:11:41.0737 4428 C:\Windows\System32\wdmaud.drv - ok

14:11:41.0753 4428 [ 8560FFFC8EB3A806DCD4F82252CFC8C6 ] C:\Windows\System32\ksuser.dll

14:11:41.0753 4428 C:\Windows\System32\ksuser.dll - ok

14:11:41.0753 4428 [ 25BEF4C3E9417AE09B017CCFB66B4383 ] C:\Program Files\COMODO\COMODO Internet Security\themes\blue.theme

14:11:41.0753 4428 C:\Program Files\COMODO\COMODO Internet Security\themes\blue.theme - ok

14:11:41.0753 4428 [ DC220AE6F64819099F7EBD6F137E32E7 ] C:\Windows\System32\AudioSes.dll

14:11:41.0753 4428 C:\Windows\System32\AudioSes.dll - ok

14:11:41.0768 4428 [ D79D19EC66106119DCD45D042C6B5170 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\88f8a6436dc95497fce0dae347646e53\System.Drawing.ni.dll

14:11:41.0768 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\88f8a6436dc95497fce0dae347646e53\System.Drawing.ni.dll - ok

14:11:41.0768 4428 [ C7EDDAC1E795976CDF62D785836FE38D ] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe

14:11:41.0768 4428 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe - ok

14:11:41.0768 4428 [ 28A09777D2D952122567A8A82F1A2C7B ] C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll

14:11:41.0768 4428 C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll - ok

14:11:41.0784 4428 [ 1B7C3A37362C7B2890168C5FC61C8D9B ] C:\Windows\System32\msacm32.drv

14:11:41.0784 4428 C:\Windows\System32\msacm32.drv - ok

14:11:41.0784 4428 [ CC30AA4EF49CA0B3B1C1CBCE325C36AD ] C:\Program Files\COMODO\COMODO Internet Security\themes\default.theme

14:11:41.0784 4428 C:\Program Files\COMODO\COMODO Internet Security\themes\default.theme - ok

14:11:41.0784 4428 [ CA2A0750ED830678997695FF61B04C30 ] C:\Windows\System32\midimap.dll

14:11:41.0784 4428 C:\Windows\System32\midimap.dll - ok

14:11:41.0799 4428 [ 10AC5CE9F78DC281A1BBD9B8CC587B8A ] C:\Windows\System32\msacm32.dll

14:11:41.0799 4428 C:\Windows\System32\msacm32.dll - ok

14:11:41.0799 4428 [ 5EDBB34736DD7AC1A73CF8792A835E10 ] C:\Windows\System32\AudioEng.dll

14:11:41.0799 4428 C:\Windows\System32\AudioEng.dll - ok

14:11:41.0799 4428 [ 5E04C53224E7D946F35DC1208835FD95 ] C:\Program Files\COMODO\COMODO Internet Security\themes\metal.theme

14:11:41.0799 4428 C:\Program Files\COMODO\COMODO Internet Security\themes\metal.theme - ok

14:11:41.0815 4428 [ C1395286B822E306B4FE1568A8A77813 ] C:\Windows\System32\AUDIOKSE.dll

14:11:41.0815 4428 C:\Windows\System32\AUDIOKSE.dll - ok

14:11:41.0815 4428 [ 1EA7969E3271CBC59E1730697DC74682 ] C:\Windows\System32\qmgr.dll

14:11:41.0815 4428 C:\Windows\System32\qmgr.dll - ok

14:11:41.0815 4428 [ D9431DCF90B0253773F51FDEFE7FD42F ] C:\Windows\System32\bitsigd.dll

14:11:41.0815 4428 C:\Windows\System32\bitsigd.dll - ok

14:11:41.0831 4428 [ 29409ED7400CA5BCCC30C0EE5147A60D ] C:\Windows\System32\bitsperf.dll

14:11:41.0831 4428 C:\Windows\System32\bitsperf.dll - ok

14:11:41.0831 4428 [ AC5DF873913B00E554D8F553459BC431 ] C:\Windows\System32\qmgrprxy.dll

14:11:41.0831 4428 C:\Windows\System32\qmgrprxy.dll - ok

14:11:41.0831 4428 [ 85B45B4B285B159ACDB355FC8C1E8925 ] C:\Windows\SysWOW64\qmgrprxy.dll

14:11:41.0831 4428 C:\Windows\SysWOW64\qmgrprxy.dll - ok

14:11:41.0846 4428 [ 1D856E6E7490447FCFAA46E09A2BF9C9 ] C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.qts

14:11:41.0846 4428 C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.qts - ok

14:11:41.0846 4428 [ E424B3EF666B184CEE0B6871AAA8C9F6 ] C:\Windows\System32\msimg32.dll

14:11:41.0846 4428 C:\Windows\System32\msimg32.dll - ok

14:11:41.0846 4428 [ 6F3C559B82F2912354BE5B098744CC8C ] C:\Windows\System32\WMALFXGFXDSP.dll

14:11:41.0846 4428 C:\Windows\System32\WMALFXGFXDSP.dll - ok

14:11:41.0846 4428 [ C3761661C17C2248A9379A8FB89E3DE1 ] C:\Windows\System32\stobject.dll

14:11:41.0846 4428 C:\Windows\System32\stobject.dll - ok

14:11:41.0862 4428 [ F832EEEA97CDDA1AF577E721F652A0D1 ] C:\Windows\System32\batmeter.dll

14:11:41.0862 4428 C:\Windows\System32\batmeter.dll - ok

14:11:41.0862 4428 [ FBFCA1A574D47EE575448B719CBBF2E4 ] C:\Windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ENU.DLL

14:11:41.0862 4428 C:\Windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ENU.DLL - ok

14:11:41.0862 4428 [ 13790C4FB6311ECE6D6763A7EC2313FB ] C:\Program Files\Alwil Software\Avast5\aswAra.dll

14:11:41.0862 4428 C:\Program Files\Alwil Software\Avast5\aswAra.dll - ok

14:11:41.0877 4428 [ F0E7DEC6F7A3610949BDED0CA8CCB3EA ] C:\Program Files\Alwil Software\Avast5\aswData.dll

14:11:41.0877 4428 C:\Program Files\Alwil Software\Avast5\aswData.dll - ok

14:11:41.0877 4428 [ AB6E3DF509C6BD59062F685A40395C23 ] C:\Program Files\Alwil Software\Avast5\1033\uiLangRes.dll

14:11:41.0877 4428 C:\Program Files\Alwil Software\Avast5\1033\uiLangRes.dll - ok

14:11:41.0877 4428 [ 2D2A6EC8EAD30EC3ACE2FD6FB1B3E122 ] C:\Windows\System32\prnfldr.dll

14:11:41.0877 4428 C:\Windows\System32\prnfldr.dll - ok

14:11:41.0893 4428 [ AB04C6CE5DF23819B914F822E9AA0EDF ] C:\Program Files\Alwil Software\Avast5\CommonRes.dll

14:11:41.0893 4428 C:\Program Files\Alwil Software\Avast5\CommonRes.dll - ok

14:11:41.0893 4428 [ 2A436796758BF2555A26C770FE8A6FEE ] C:\Windows\System32\fdProxy.dll

14:11:41.0893 4428 C:\Windows\System32\fdProxy.dll - ok

14:11:41.0893 4428 [ 42A9CB6906D9A8BEDC83B57163E62924 ] C:\Windows\System32\DXP.dll

14:11:41.0893 4428 C:\Windows\System32\DXP.dll - ok

14:11:41.0893 4428 [ 2BC7C9FD0A9F2C9AFC373F3AD1EE3891 ] C:\Windows\System32\Syncreg.dll

14:11:41.0893 4428 C:\Windows\System32\Syncreg.dll - ok

14:11:41.0909 4428 [ EADFC95980BC24DF3C7EE5B2CD38F043 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\d6af7216038720b1adeca71e81c14bd6\System.Windows.Forms.ni.dll

14:11:41.0909 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\d6af7216038720b1adeca71e81c14bd6\System.Windows.Forms.ni.dll - ok

14:11:41.0909 4428 [ C836175870E00ACC546066632E15BD10 ] C:\Windows\ehome\ehSSO.dll

14:11:41.0909 4428 C:\Windows\ehome\ehSSO.dll - ok

14:11:41.0909 4428 [ 10035E4C014522FE740172FF0B4FF43E ] C:\Windows\ehome\ehtray.exe

14:11:41.0909 4428 C:\Windows\ehome\ehtray.exe - ok

14:11:41.0924 4428 [ E7368F0A8D19445EAF5C5D0DBB8B8DAB ] C:\Windows\System32\AltTab.dll

14:11:41.0924 4428 C:\Windows\System32\AltTab.dll - ok

14:11:41.0924 4428 [ C8FDF0FA9E97E2FAAF3F814716AAA881 ] C:\Windows\System32\WPDShServiceObj.dll

14:11:41.0924 4428 C:\Windows\System32\WPDShServiceObj.dll - ok

14:11:41.0924 4428 [ AFDAE59FE562A7CDB44F9D4ABEDAC316 ] C:\Program Files (x86)\QuickTime\QTSystem\QTCF.dll

14:11:41.0924 4428 C:\Program Files (x86)\QuickTime\QTSystem\QTCF.dll - ok

14:11:41.0940 4428 [ 4F3CD1C59EA71401E155C432BCECE180 ] C:\Windows\System32\PortableDeviceTypes.dll

14:11:41.0940 4428 C:\Windows\System32\PortableDeviceTypes.dll - ok

14:11:41.0940 4428 [ B9F0A4020AA98B7A20287BF7FE99A1FD ] C:\Windows\System32\QUTIL.DLL

14:11:41.0940 4428 C:\Windows\System32\QUTIL.DLL - ok

14:11:41.0940 4428 [ 234AFA322624B3203A2E720F08292B03 ] C:\Windows\System32\cscobj.dll

14:11:41.0940 4428 C:\Windows\System32\cscobj.dll - ok

14:11:41.0955 4428 [ E0B340996A41C9A75DFA3B99BBA9C500 ] C:\Windows\System32\SearchIndexer.exe

14:11:41.0955 4428 C:\Windows\System32\SearchIndexer.exe - ok

14:11:41.0955 4428 [ 5CC7AF82752165A2A966BF557E2C7EB5 ] C:\Windows\ehome\ehProxy.dll

14:11:41.0955 4428 C:\Windows\ehome\ehProxy.dll - ok

14:11:41.0955 4428 [ 4E5FE39C1076D115EC8BFCFE14D75B80 ] C:\Windows\SysWOW64\credssp.dll

14:11:41.0955 4428 C:\Windows\SysWOW64\credssp.dll - ok

14:11:41.0971 4428 [ 7717F84F483002815490033BF069DABD ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll

14:11:41.0971 4428 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll - ok

14:11:41.0971 4428 [ DFFAE10E3A1B0C664B9383B7C1809B0A ] C:\Windows\ehome\ehrec.exe

14:11:41.0971 4428 C:\Windows\ehome\ehrec.exe - ok

14:11:41.0971 4428 [ 8569E35D00F45972E506502EEE622BA4 ] C:\Windows\System32\srchadmin.dll

14:11:41.0971 4428 C:\Windows\System32\srchadmin.dll - ok

14:11:41.0987 4428 [ 0E85C11F8850D524B02181C6E02BA9AE ] C:\Windows\SysWOW64\dsound.dll

14:11:41.0987 4428 C:\Windows\SysWOW64\dsound.dll - ok

14:11:41.0987 4428 [ 92DBF0A4C9239169010FC6E07859C82E ] C:\Windows\System32\ActionCenter.dll

14:11:41.0987 4428 C:\Windows\System32\ActionCenter.dll - ok

14:11:41.0987 4428 [ 357BE883C5236BFC7341CB9E82308908 ] C:\Windows\System32\wlanapi.dll

14:11:41.0987 4428 C:\Windows\System32\wlanapi.dll - ok

14:11:41.0987 4428 [ 589DF683A6C81424A6CECE52ABF98A50 ] C:\Windows\System32\tquery.dll

14:11:41.0987 4428 C:\Windows\System32\tquery.dll - ok

14:11:42.0002 4428 [ D855B0E63ECAFE9EBD086AF6691E0016 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll

14:11:42.0002 4428 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll - ok

14:11:42.0002 4428 [ D2155709E336C3BC15729EB87FEC6064 ] C:\Windows\System32\rasdlg.dll

14:11:42.0002 4428 C:\Windows\System32\rasdlg.dll - ok

14:11:42.0002 4428 [ 7FDE85776B7A59B5F426262A7719B8C6 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\ehCIR\0b01f92505de7e89aeb9a71160c3b4a9\ehCIR.ni.dll

14:11:42.0002 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\ehCIR\0b01f92505de7e89aeb9a71160c3b4a9\ehCIR.ni.dll - ok

14:11:42.0018 4428 [ C746F3BF98E92FB137B5BD2B8B5925BD ] C:\Windows\System32\FXSST.dll

14:11:42.0018 4428 C:\Windows\System32\FXSST.dll - ok

14:11:42.0018 4428 [ DB661831A20B7B58995C352F33593F8E ] C:\Windows\assembly\NativeImages_v2.0.50727_64\ehiProxy\b3d4face190a4aaff574574d4d8f6f6b\ehiProxy.ni.dll

14:11:42.0018 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\ehiProxy\b3d4face190a4aaff574574d4d8f6f6b\ehiProxy.ni.dll - ok

14:11:42.0018 4428 [ 650CAEA856943E29F25A25D31E004B18 ] C:\Windows\System32\FXSAPI.dll

14:11:42.0018 4428 C:\Windows\System32\FXSAPI.dll - ok

14:11:42.0033 4428 [ DF3BF36F93945062B85B02EA408E716F ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll

14:11:42.0033 4428 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll - ok

14:11:42.0033 4428 [ C8E8B8239FCF17BEA10E751BE5854631 ] C:\Windows\System32\FXSRESM.dll

14:11:42.0033 4428 C:\Windows\System32\FXSRESM.dll - ok

14:11:42.0033 4428 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] C:\Windows\System32\FXSSVC.exe

14:11:42.0033 4428 C:\Windows\System32\FXSSVC.exe - ok

14:11:42.0049 4428 [ 90044039365B06CECDD8E347AC08BBAE ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

14:11:42.0049 4428 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll - ok

14:11:42.0049 4428 [ 18901D2086FBA7D1847CEA87A64EE0D3 ] C:\Program Files (x86)\MediaBrowser\MediaBrowser\MediaBrowserService.exe

14:11:42.0049 4428 C:\Program Files (x86)\MediaBrowser\MediaBrowser\MediaBrowserService.exe - ok

14:11:42.0049 4428 [ 415565755E342CF2BEFE89B778F6EDFA ] C:\Windows\assembly\NativeImages_v2.0.50727_64\mcepg\7c3c9c6ffadcac54f468f7db41ece8b8\mcepg.ni.dll

14:11:42.0049 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\mcepg\7c3c9c6ffadcac54f468f7db41ece8b8\mcepg.ni.dll - ok

14:11:42.0065 4428 [ F9AFD12BB4B1CFA5FCC0A5B37C604FD2 ] C:\Windows\System32\dot3api.dll

14:11:42.0065 4428 C:\Windows\System32\dot3api.dll - ok

14:11:42.0065 4428 [ 0DA37FC5BFEB4827104B0920A352A9AB ] C:\Program Files\Windows Home Server\WHSTrayApp.exe

14:11:42.0065 4428 C:\Program Files\Windows Home Server\WHSTrayApp.exe - ok

14:11:42.0065 4428 [ 25280FDB1E2F008577B1D66A99973C4E ] C:\Windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\72b219b4add947fa64428f282995e6bb\mcstoredb.ni.dll

14:11:42.0065 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\mcstoredb\72b219b4add947fa64428f282995e6bb\mcstoredb.ni.dll - ok

14:11:42.0080 4428 [ E4FCA0F99A41E460C84016DEFD31E6EF ] C:\Windows\System32\wlanhlp.dll

14:11:42.0080 4428 C:\Windows\System32\wlanhlp.dll - ok

14:11:42.0080 4428 [ 198552AEFECA69D646867EC8D792DE95 ] C:\Windows\SysWOW64\ddraw.dll

14:11:42.0080 4428 C:\Windows\SysWOW64\ddraw.dll - ok

14:11:42.0080 4428 [ D32088C67317F5B64C13352E6EB5FFB1 ] C:\Windows\assembly\GAC_64\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll

14:11:42.0080 4428 C:\Windows\assembly\GAC_64\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll - ok

14:11:42.0080 4428 [ AA61A7047E854A9E914FDD17C2F35675 ] C:\Windows\System32\sqlceoledb30.dll

14:11:42.0080 4428 C:\Windows\System32\sqlceoledb30.dll - ok

14:11:42.0096 4428 [ 9C75CB8B98610F0CD85D99BB5876308B ] C:\Windows\System32\sqlcese30.dll

14:11:42.0096 4428 C:\Windows\System32\sqlcese30.dll - ok

14:11:42.0096 4428 [ 7568CC720ACE4D03B84AF97817E745EF ] C:\Windows\System32\mssrch.dll

14:11:42.0096 4428 C:\Windows\System32\mssrch.dll - ok

14:11:42.0096 4428 [ 3121A79D13A61562BE9CC902CD46B542 ] C:\Windows\System32\msidle.dll

14:11:42.0096 4428 C:\Windows\System32\msidle.dll - ok

14:11:42.0111 4428 [ ACE1BB07E0377E37A2C514CD2EC119B1 ] C:\Windows\System32\mssprxy.dll

14:11:42.0111 4428 C:\Windows\System32\mssprxy.dll - ok

14:11:42.0111 4428 [ 76F39902E25F43FE9450AD3D6A14D0D8 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\60ab562d9fe10d1782ed705ef2beb95a\WindowsBase.ni.dll

14:11:42.0111 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\60ab562d9fe10d1782ed705ef2beb95a\WindowsBase.ni.dll - ok

14:11:42.0111 4428 [ E5744D18C88737C6356D0A8D6D49D512 ] C:\Windows\System32\sqlceqp30.dll

14:11:42.0111 4428 C:\Windows\System32\sqlceqp30.dll - ok

14:11:42.0127 4428 [ 6699A112A3BDC9B52338512894EBA9D6 ] C:\Program Files\Windows Media Player\wmpnscfg.exe

14:11:42.0127 4428 C:\Program Files\Windows Media Player\wmpnscfg.exe - ok

14:11:42.0127 4428 [ FB355B817AE641BBAE08607E58CB5CE2 ] C:\Windows\System32\hhctrl.ocx

14:11:42.0127 4428 C:\Windows\System32\hhctrl.ocx - ok

14:11:42.0127 4428 [ 5DA219F57A9076FB6FBD3C9C3713A672 ] C:\Windows\System32\WWanAPI.dll

14:11:42.0127 4428 C:\Windows\System32\WWanAPI.dll - ok

14:11:42.0143 4428 [ C7494C67A6BF6FE914808E42F8265FEF ] C:\Program Files\Windows Media Player\wmpnssci.dll

14:11:42.0143 4428 C:\Program Files\Windows Media Player\wmpnssci.dll - ok

14:11:42.0143 4428 [ 55E5B32AE8D1F51A63C82919656FD275 ] C:\Windows\SysWOW64\dciman32.dll

14:11:42.0143 4428 C:\Windows\SysWOW64\dciman32.dll - ok

14:11:42.0143 4428 [ E6748A0ADC22F0595E31448CAC746D3F ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll

14:11:42.0143 4428 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll - ok

14:11:42.0158 4428 [ 62C7AACC746C9723468A8F2169ED3E85 ] C:\Windows\System32\wwapi.dll

14:11:42.0158 4428 C:\Windows\System32\wwapi.dll - ok

14:11:42.0158 4428 [ 094497FEA17EFF31DDA242C67C0E474A ] C:\Program Files (x86)\ZeeVee\ZvRemote\ZvRemote.exe

14:11:42.0158 4428 C:\Program Files (x86)\ZeeVee\ZvRemote\ZvRemote.exe - ok

14:11:42.0158 4428 [ E985F13877D4AC8BE9921543FB24663D ] C:\Program Files\Windows Home Server\WHSNotificationSink.dll

14:11:42.0158 4428 C:\Program Files\Windows Home Server\WHSNotificationSink.dll - ok

14:11:42.0158 4428 [ 6B851E682A36453E1B1EE297FFB6E2AB ] C:\Windows\System32\QAGENT.DLL

14:11:42.0158 4428 C:\Windows\System32\QAGENT.DLL - ok

14:11:42.0174 4428 [ 14318553F4D761CFA76389EA4480442A ] C:\Program Files\Windows Home Server\TransportServiceProxy.dll

14:11:42.0174 4428 C:\Program Files\Windows Home Server\TransportServiceProxy.dll - ok

14:11:42.0174 4428 [ 0AA46EC73FAA75DDDB96BA0901088817 ] C:\Program Files\Windows Home Server\BackupApi.dll

14:11:42.0174 4428 C:\Program Files\Windows Home Server\BackupApi.dll - ok

14:11:42.0174 4428 [ CCE5D71F19AB70D969F9819B5C88438D ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

14:11:42.0174 4428 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe - ok

14:11:42.0189 4428 [ C9FB9038B15036CA28CF0B4BE2BED9BD ] C:\Windows\System32\en-US\tquery.dll.mui

14:11:42.0189 4428 C:\Windows\System32\en-US\tquery.dll.mui - ok

14:11:42.0189 4428 [ F7A256EC899C72B4ECDD2C02CB592EFD ] C:\Windows\System32\bthprops.cpl

14:11:42.0189 4428 C:\Windows\System32\bthprops.cpl - ok

14:11:42.0189 4428 [ A9F3BFC9345F49614D5859EC95B9E994 ] C:\Program Files\Windows Media Player\wmpnetwk.exe

14:11:42.0189 4428 C:\Program Files\Windows Media Player\wmpnetwk.exe - ok

14:11:42.0205 4428 [ E36112A8A6C7F840169A7E92C12F4203 ] C:\Windows\System32\wsock32.dll

14:11:42.0205 4428 C:\Windows\System32\wsock32.dll - ok

14:11:42.0205 4428 [ 423982DD851406A52B6399DDB196C606 ] C:\Windows\System32\wmdrmdev.dll

14:11:42.0205 4428 C:\Windows\System32\wmdrmdev.dll - ok

14:11:42.0205 4428 [ F8E8676D1B6B2CC12DF9AA6B1A43D929 ] C:\Program Files\iPod\bin\iPodService.exe

14:11:42.0205 4428 C:\Program Files\iPod\bin\iPodService.exe - ok

14:11:42.0221 4428 [ 55E3C4F4D953D8518EBDC5EA9AD786CE ] C:\Windows\System32\ieframe.dll

14:11:42.0221 4428 C:\Windows\System32\ieframe.dll - ok

14:11:42.0221 4428 [ 2C1055E2C6D42753241FB2A129136994 ] C:\Windows\System32\drmv2clt.dll

14:11:42.0221 4428 C:\Windows\System32\drmv2clt.dll - ok

14:11:42.0221 4428 [ 25DEF2EF843275862FFBF55487CEFDDD ] C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_5_502_135.ocx

14:11:42.0221 4428 C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_5_502_135.ocx - ok

14:11:42.0236 4428 [ E19AD0D49BFF5938B3E374873AC174DE ] C:\Windows\System32\wmploc.DLL

14:11:42.0236 4428 C:\Windows\System32\wmploc.DLL - ok

14:11:42.0236 4428 [ 7F17EBCE1B017CDDD3B359137380DD7A ] C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll

14:11:42.0236 4428 C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll - ok

14:11:42.0236 4428 [ 9349D633F833994F040C47F4820433EC ] C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll

14:11:42.0236 4428 C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll - ok

14:11:42.0252 4428 [ 919001D2BB17DF06CA3F8AC16AD039F6 ] C:\Windows\SysWOW64\sxs.dll

14:11:42.0252 4428 C:\Windows\SysWOW64\sxs.dll - ok

14:11:42.0252 4428 [ 72AB8C3F8AB7B550A896357C9E0896DA ] C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\2abfa3ca7ad3cc6f199158e6663f3006\PresentationCore.ni.dll

14:11:42.0252 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\2abfa3ca7ad3cc6f199158e6663f3006\PresentationCore.ni.dll - ok

14:11:42.0252 4428 [ 252B8748C25F5A5E5B8892F4257A10B3 ] C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-20\Indiv01_64.key

14:11:42.0252 4428 C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-20\Indiv01_64.key - ok

14:11:42.0267 4428 [ E63EAF09FC29954D7F8EAB2DEF495062 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web\193e9d54d5a1785730cc76195c3ed9c6\System.Web.ni.dll

14:11:42.0267 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web\193e9d54d5a1785730cc76195c3ed9c6\System.Web.ni.dll - ok

14:11:42.0267 4428 [ C733EBBDD79892B96C9980EBDC0CA704 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\c217382951ed46e82a9a3e27bd6379e7\PresentationFramework.ni.dll

14:11:42.0267 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\c217382951ed46e82a9a3e27bd6379e7\PresentationFramework.ni.dll - ok

14:11:42.0267 4428 [ C264145F107437CBD3B30303733AEE4F ] C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll

14:11:42.0267 4428 C:\Windows\assembly\GAC_64\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll - ok

14:11:42.0283 4428 [ 5D0E28A22860E487148B2820309C0063 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\ac14913a11af4bfae0b8eb913a46a161\System.Configuration.ni.dll

14:11:42.0283 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\ac14913a11af4bfae0b8eb913a46a161\System.Configuration.ni.dll - ok

14:11:42.0283 4428 [ C1D9E25FC988516DF703D6E12ACA915F ] C:\Program Files\Internet Explorer\ieproxy.dll

14:11:42.0283 4428 C:\Program Files\Internet Explorer\ieproxy.dll - ok

14:11:42.0283 4428 [ 64DEC20C088832E46DEF5B5A5B28E028 ] C:\Windows\System32\atipdl64.dll

14:11:42.0283 4428 C:\Windows\System32\atipdl64.dll - ok

14:11:42.0299 4428 [ 7F8678C59F188528D60104E697C2361E ] C:\Windows\SysWOW64\mscms.dll

14:11:42.0299 4428 C:\Windows\SysWOW64\mscms.dll - ok

14:11:42.0299 4428 [ 355A138ABDFD43FBABCAE3A1B06AB93D ] C:\Windows\System32\wmpps.dll

14:11:42.0299 4428 C:\Windows\System32\wmpps.dll - ok

14:11:42.0299 4428 [ F149E8CAE538DBF7059B00326673F602 ] C:\Windows\System32\wmpmde.dll

14:11:42.0299 4428 C:\Windows\System32\wmpmde.dll - ok

14:11:42.0299 4428 [ 47B8DEBEC68FACCD026F99CAE8698C93 ] C:\Windows\System32\webcheck.dll

14:11:42.0299 4428 C:\Windows\System32\webcheck.dll - ok

14:11:42.0314 4428 [ D9E21CBF9E6A87847AFFD39EA3FA28EE ] C:\Windows\System32\SearchProtocolHost.exe

14:11:42.0314 4428 C:\Windows\System32\SearchProtocolHost.exe - ok

14:11:42.0314 4428 [ D2A5B2B09F2AF5ED13BF494508B09788 ] C:\Windows\System32\msshooks.dll

14:11:42.0314 4428 C:\Windows\System32\msshooks.dll - ok

14:11:42.0314 4428 [ 220159496484D34009DE71CA1A68E0D4 ] C:\Windows\System32\wbem\NCProv.dll

14:11:42.0314 4428 C:\Windows\System32\wbem\NCProv.dll - ok

14:11:42.0330 4428 [ 8494E126F0B10180F3293AF861CE1F7A ] C:\Windows\System32\mlang.dll

14:11:42.0330 4428 C:\Windows\System32\mlang.dll - ok

14:11:42.0330 4428 [ 83D0C449C534CC014799BEC0A060726C ] C:\Program Files\Alwil Software\Avast5\defs\12123000\uiext.dll

14:11:42.0330 4428 C:\Program Files\Alwil Software\Avast5\defs\12123000\uiext.dll - ok

14:11:42.0330 4428 [ 49A3AD5CE578CD77F445F3D244AEAB2D ] C:\Windows\System32\SearchFilterHost.exe

Link to post
Share on other sites

more TDSKiller

14:11:42.0330 4428 C:\Windows\System32\SearchFilterHost.exe - ok

14:11:42.0345 4428 [ 101797BA603D227946B4B5109867EB19 ] C:\Windows\System32\SyncCenter.dll

14:11:42.0345 4428 C:\Windows\System32\SyncCenter.dll - ok

14:11:42.0345 4428 [ 48041BAEB60CE5F34F13CC2A1361E49C ] C:\Windows\System32\mssph.dll

14:11:42.0345 4428 C:\Windows\System32\mssph.dll - ok

14:11:42.0345 4428 [ 021287C2050FD5DB4A8B084E2C38139C ] C:\Windows\System32\WinSATAPI.dll

14:11:42.0345 4428 C:\Windows\System32\WinSATAPI.dll - ok

14:11:42.0361 4428 [ C8541AECCCA9260DE93C85F214110FA8 ] C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\wpfgfx_v0300.dll

14:11:42.0361 4428 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\wpfgfx_v0300.dll - ok

14:11:42.0361 4428 [ 8F4BB0CFECED925D440ABC2481278360 ] C:\Windows\System32\mapi32.dll

14:11:42.0361 4428 C:\Windows\System32\mapi32.dll - ok

14:11:42.0361 4428 [ 28A7D7C7E2FDD1D55F12F750CD6331EC ] C:\Windows\System32\MSMPEG2ENC.DLL

14:11:42.0361 4428 C:\Windows\System32\MSMPEG2ENC.DLL - ok

14:11:42.0377 4428 [ D47EC6A8E81633DD18D2436B19BAF6DE ] C:\Windows\System32\upnphost.dll

14:11:42.0377 4428 C:\Windows\System32\upnphost.dll - ok

14:11:42.0377 4428 [ 8130391F82D52D36C0441F714136957F ] C:\Windows\System32\imapi2.dll

14:11:42.0377 4428 C:\Windows\System32\imapi2.dll - ok

14:11:42.0377 4428 [ 2730BC63D4896F7976D9D31BC9786EBA ] C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll

14:11:42.0377 4428 C:\Program Files (x86)\ASUS\EPU-4 Engine\AsSpindownTimeout.dll - ok

14:11:42.0392 4428 [ 6A5C1A8AC0B572679361026D0E900420 ] C:\Windows\System32\hgcpl.dll

14:11:42.0392 4428 C:\Windows\System32\hgcpl.dll - ok

14:11:42.0392 4428 [ D64D99EC088B54FFE8EE67A480386C20 ] C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll

14:11:42.0392 4428 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Culture.dll - ok

14:11:42.0392 4428 [ 07AD88DF9EF73215458867EFC1BFFE9E ] C:\Windows\System32\wbem\wmiprov.dll

14:11:42.0392 4428 C:\Windows\System32\wbem\wmiprov.dll - ok

14:11:42.0392 4428 [ 4C3DAEE652B005B483F16B8E9131C99D ] C:\Windows\System32\d3d9.dll

14:11:42.0392 4428 C:\Windows\System32\d3d9.dll - ok

14:11:42.0408 4428 [ 0438CAB2E03F4FB61455A7956026FE86 ] C:\Windows\System32\fdPHost.dll

14:11:42.0408 4428 C:\Windows\System32\fdPHost.dll - ok

14:11:42.0408 4428 [ 171D7DB433314A868507C4326E8209DC ] C:\Windows\System32\fdWSD.dll

14:11:42.0408 4428 C:\Windows\System32\fdWSD.dll - ok

14:11:42.0408 4428 [ A2E5B2D20954210DCE1A75A1FC8CC36D ] C:\Windows\System32\fdSSDP.dll

14:11:42.0408 4428 C:\Windows\System32\fdSSDP.dll - ok

14:11:42.0423 4428 [ EFDFB3DD38A4376F93E7985173813ABD ] C:\Windows\System32\ListSvc.dll

14:11:42.0423 4428 C:\Windows\System32\ListSvc.dll - ok

14:11:42.0423 4428 [ B6411CED931AFD059E48C52DBFBA95B4 ] C:\Windows\System32\P2P.dll

14:11:42.0423 4428 C:\Windows\System32\P2P.dll - ok

14:11:42.0423 4428 [ 3EAC4455472CC2C97107B5291E0DCAFE ] C:\Windows\System32\pnrpsvc.dll

14:11:42.0423 4428 C:\Windows\System32\pnrpsvc.dll - ok

14:11:42.0439 4428 [ 4A82EA2807B16FF577AEAF8ADB8779FF ] C:\Windows\System32\IdListen.dll

14:11:42.0439 4428 C:\Windows\System32\IdListen.dll - ok

14:11:42.0439 4428 [ A0524499F4C63CADA7E1529FC77F5DC1 ] C:\Windows\System32\hgprint.dll

14:11:42.0439 4428 C:\Windows\System32\hgprint.dll - ok

14:11:42.0439 4428 [ 3044D07ABDF4BBEA27E2EE7B1E0C0C65 ] C:\Windows\System32\d3d8thk.dll

14:11:42.0439 4428 C:\Windows\System32\d3d8thk.dll - ok

14:11:42.0439 4428 [ 927463ECB02179F88E4B9A17568C63C3 ] C:\Windows\System32\p2psvc.dll

14:11:42.0439 4428 C:\Windows\System32\p2psvc.dll - ok

14:11:42.0455 4428 [ C16628F1DFA5495A22E1DA05A852722C ] C:\Windows\System32\atiu9p64.dll

14:11:42.0455 4428 C:\Windows\System32\atiu9p64.dll - ok

14:11:42.0455 4428 [ 3AEE02CEDAA3ACD14F9D7E038E44D6D1 ] C:\Windows\System32\P2PGraph.dll

14:11:42.0455 4428 C:\Windows\System32\P2PGraph.dll - ok

14:11:42.0455 4428 [ 71E68F2443A80BD4DA89181889C457EA ] C:\Windows\System32\udhisapi.dll

14:11:42.0455 4428 C:\Windows\System32\udhisapi.dll - ok

14:11:42.0470 4428 [ 21E0179A49F1E1B50520C1D528D8F7B7 ] C:\Windows\System32\atiumd64.dll

14:11:42.0470 4428 C:\Windows\System32\atiumd64.dll - ok

14:11:42.0470 4428 [ 63C9BE8CD9815CB6BD2C2221A0034BE0 ] C:\Windows\System32\atiumd6a.dll

14:11:42.0470 4428 C:\Windows\System32\atiumd6a.dll - ok

14:11:42.0486 4428 [ 70C8F2121EA29625A4913336AF781725 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\adcf9e45725f341acbd5d3fcd0a54572\PresentationFramework.Aero.ni.dll

14:11:42.0486 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\adcf9e45725f341acbd5d3fcd0a54572\PresentationFramework.Aero.ni.dll - ok

14:11:42.0486 4428 [ B439EFB7F218ED0849B4CC2D4A7FE1D3 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\63ba654893f4fc924ff75cf785744150\System.Core.ni.dll

14:11:42.0486 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\63ba654893f4fc924ff75cf785744150\System.Core.ni.dll - ok

14:11:42.0486 4428 [ 0BF4362E18DFC52382F418278DCC52C4 ] C:\Windows\System32\rdpdd.dll

14:11:42.0486 4428 C:\Windows\System32\rdpdd.dll - ok

14:11:42.0501 4428 [ FF6148B1C150DA05D35C68D143AD6DEA ] C:\Windows\System32\RDPENCDD.dll

14:11:42.0501 4428 C:\Windows\System32\RDPENCDD.dll - ok

14:11:42.0501 4428 [ A23A9301EE7152FB6776052E52BDE9D9 ] C:\Windows\System32\RDPREFDD.dll

14:11:42.0501 4428 C:\Windows\System32\RDPREFDD.dll - ok

14:11:42.0501 4428 [ F718374D57E7469C8A633B168D1EBF54 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\226e588583e180296094202f09fc5ddd\Microsoft.MediaCenter.ni.dll

14:11:42.0501 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.MediaCent#\226e588583e180296094202f09fc5ddd\Microsoft.MediaCenter.ni.dll - ok

14:11:42.0517 4428 [ BB34C799E8ADB9B3253A375F65D9C2C1 ] C:\ProgramData\MediaBrowser\System.Data.SQLite.dll

14:11:42.0517 4428 C:\ProgramData\MediaBrowser\System.Data.SQLite.dll - ok

14:11:42.0517 4428 [ D233C7FEAE3FAA25F93A9E6B46815ADC ] C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcr90.dll

14:11:42.0517 4428 C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcr90.dll - ok

14:11:42.0517 4428 [ A4D07BCCCDF8211D4027E37A43E20163 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\ee5c9facac5c7dbf9c4b1e160f76daae\System.Data.ni.dll

14:11:42.0517 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data\ee5c9facac5c7dbf9c4b1e160f76daae\System.Data.ni.dll - ok

14:11:42.0517 4428 [ 98D53BB2DB8E11762D30C3CF41FA140B ] C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

14:11:42.0517 4428 C:\Windows\assembly\GAC_64\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll - ok

14:11:42.0533 4428 [ E4806AC8BE2D890193252D4BEE7EA95C ] C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

14:11:42.0533 4428 C:\Windows\assembly\GAC_64\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll - ok

14:11:42.0533 4428 [ F0A079CB4F819DD2AB94B06B3C17BF4C ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\2110a213770c5bf08d61fb266706eb6d\System.Transactions.ni.dll

14:11:42.0533 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Transactions\2110a213770c5bf08d61fb266706eb6d\System.Transactions.ni.dll - ok

14:11:42.0533 4428 [ E4FD4F6D50FB4D4CD66F1611664F7276 ] C:\Windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\7b5db8785f8af88c502b492d8f83a90e\System.EnterpriseServices.ni.dll

14:11:42.0533 4428 C:\Windows\assembly\NativeImages_v2.0.50727_64\System.EnterpriseSe#\7b5db8785f8af88c502b492d8f83a90e\System.EnterpriseServices.ni.dll - ok

14:11:42.0548 4428 [ 2E7ADF9B0389CD94605717784D7E416A ] C:\Windows\System32\drttransport.dll

14:11:42.0548 4428 C:\Windows\System32\drttransport.dll - ok

14:11:42.0548 4428 [ C57BC99A4467B3E8F1CC2184A3F46729 ] C:\Windows\System32\drt.dll

14:11:42.0548 4428 C:\Windows\System32\drt.dll - ok

14:11:42.0548 4428 [ C5413BC4F10CEB4C3070BBF04D324117 ] C:\Windows\SysWOW64\msisip.dll

14:11:42.0548 4428 C:\Windows\SysWOW64\msisip.dll - ok

14:11:42.0564 4428 [ E8F6851E4600CD3674422487EE240941 ] C:\Windows\SysWOW64\wshext.dll

14:11:42.0564 4428 C:\Windows\SysWOW64\wshext.dll - ok

14:11:42.0564 4428 [ 2875B386B45B8A77E2343C5E129AE50C ] C:\Windows\SysWOW64\WindowsPowerShell\v1.0\pwrshsip.dll

14:11:42.0564 4428 C:\Windows\SysWOW64\WindowsPowerShell\v1.0\pwrshsip.dll - ok

14:11:42.0564 4428 [ 559D9CBFC29DEE2773B28D38851683BA ] C:\Program Files (x86)\Microsoft Silverlight\xapauthenticodesip.dll

14:11:42.0564 4428 C:\Program Files (x86)\Microsoft Silverlight\xapauthenticodesip.dll - ok

14:11:42.0579 4428 [ 3D3CBD1847F980FB03343A63671E7886 ] C:\Windows\SysWOW64\schannel.dll

14:11:42.0579 4428 C:\Windows\SysWOW64\schannel.dll - ok

14:11:42.0579 4428 [ 7F19838AC317C34FCED020BE529AF71E ] C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe

14:11:42.0579 4428 C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe - ok

14:11:42.0579 4428 [ 3206A288014B1207F4E86336385CB41D ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDPROV.DLL

14:11:42.0579 4428 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDPROV.DLL - ok

14:11:42.0595 4428 [ 81953836F678A7353A797E3F7DE69B55 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\wlidcli.dll

14:11:42.0595 4428 C:\Program Files\Common Files\Microsoft Shared\Windows Live\wlidcli.dll - ok

14:11:42.0595 4428 [ F2C7BB8ACC97F92E987A2D4087D021B1 ] C:\Windows\System32\notepad.exe

14:11:42.0595 4428 C:\Windows\System32\notepad.exe - ok

14:11:42.0595 4428 [ F146E2BA475893DD77B2370DC1211FC6 ] C:\Windows\System32\drivers\55281566.sys

14:11:42.0595 4428 C:\Windows\System32\drivers\55281566.sys - ok

14:11:42.0611 4428 [ 3819AD4329303EAC88480CA16A650735 ] C:\Windows\System32\UIAnimation.dll

14:11:42.0611 4428 C:\Windows\System32\UIAnimation.dll - ok

14:11:42.0611 4428 [ 102CF6879887BBE846A00C459E6D4ABC ] C:\Windows\SysWOW64\riched20.dll

14:11:42.0611 4428 C:\Windows\SysWOW64\riched20.dll - ok

14:11:42.0611 4428 [ E2A17BCC08D92F42E08AF6BA2F93ABA7 ] C:\Windows\SysWOW64\ExplorerFrame.dll

14:11:42.0611 4428 C:\Windows\SysWOW64\ExplorerFrame.dll - ok

14:11:42.0626 4428 [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\SysWOW64\duser.dll

14:11:42.0626 4428 C:\Windows\SysWOW64\duser.dll - ok

14:11:42.0626 4428 [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\SysWOW64\dui70.dll

14:11:42.0626 4428 C:\Windows\SysWOW64\dui70.dll - ok

14:11:42.0626 4428 [ 2898035F522BA2989BBA8B9CFB020FD2 ] C:\Program Files\Alwil Software\Avast5\defs\12123000\aspColl.dll

14:11:42.0626 4428 C:\Program Files\Alwil Software\Avast5\defs\12123000\aspColl.dll - ok

14:11:42.0642 4428 [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

14:11:42.0642 4428 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok

14:11:42.0642 4428 [ E5F7C30EDF0892667933BE879F067D67 ] C:\Windows\SysWOW64\msvcr100_clr0400.dll

14:11:42.0642 4428 C:\Windows\SysWOW64\msvcr100_clr0400.dll - ok

14:11:42.0642 4428 [ D83947A58613E9091B4C9CC0F1546A8D ] C:\Windows\SysWOW64\mscoree.dll

14:11:42.0642 4428 C:\Windows\SysWOW64\mscoree.dll - ok

14:11:42.0657 4428 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

14:11:42.0657 4428 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe - ok

14:11:42.0657 4428 [ CB21CD39637AC13F3455454B2F648257 ] C:\Windows\System32\msvcr100_clr0400.dll

14:11:42.0657 4428 C:\Windows\System32\msvcr100_clr0400.dll - ok

14:11:42.0657 4428 [ 5C4CB4086FB83115B153E47ADD961A0C ] C:\Windows\System32\FntCache.dll

14:11:42.0657 4428 C:\Windows\System32\FntCache.dll - ok

14:11:42.0673 4428 [ E4024CCF225A936207294DE50925D4F6 ] C:\Program Files (x86)\Google\Update\1.3.21.123\goopdateres_en.dll

14:11:42.0673 4428 C:\Program Files (x86)\Google\Update\1.3.21.123\goopdateres_en.dll - ok

14:11:42.0673 4428 [ E17E0188BB90FAE42D83E98707EFA59C ] C:\Windows\System32\sppsvc.exe

14:11:42.0673 4428 C:\Windows\System32\sppsvc.exe - ok

14:11:42.0673 4428 [ FFF95479C7AB1550F0750A5D01744211 ] C:\Windows\System32\drivers\spsys.sys

14:11:42.0673 4428 C:\Windows\System32\drivers\spsys.sys - ok

14:11:42.0689 4428 [ E8B1FE6669397D1772D8196DF0E57A9E ] C:\Windows\System32\wscsvc.dll

14:11:42.0689 4428 C:\Windows\System32\wscsvc.dll - ok

14:11:42.0689 4428 [ C47F35CC6FA4F1BDBEF8F87AC1A46537 ] C:\Windows\System32\wuapi.dll

14:11:42.0689 4428 C:\Windows\System32\wuapi.dll - ok

14:11:42.0689 4428 [ FA43D418BC945D27D0625B697B8442B5 ] C:\Windows\System32\cabinet.dll

14:11:42.0689 4428 C:\Windows\System32\cabinet.dll - ok

14:11:42.0689 4428 [ E746ED90132C6B6313CE9179F56BD31D ] C:\Windows\System32\wups.dll

14:11:42.0689 4428 C:\Windows\System32\wups.dll - ok

14:11:42.0704 4428 [ 7DF186D86CF8C571A12AAB788C777F84 ] C:\Windows\SysWOW64\wscproxystub.dll

14:11:42.0704 4428 C:\Windows\SysWOW64\wscproxystub.dll - ok

14:11:42.0704 4428 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] C:\Windows\System32\wuaueng.dll

14:11:42.0704 4428 C:\Windows\System32\wuaueng.dll - ok

14:11:42.0704 4428 [ 617F6EC0AC677C685479C1D0D1E76C6F ] C:\Windows\System32\mspatcha.dll

14:11:42.0704 4428 C:\Windows\System32\mspatcha.dll - ok

14:11:42.0720 4428 [ F6F22291024906E43D135A4B1705FEAC ] C:\Windows\System32\sppwinob.dll

14:11:42.0720 4428 C:\Windows\System32\sppwinob.dll - ok

14:11:42.0720 4428 [ 7FE0D0C8F53735EA17C9AE93EFE7AD5A ] C:\Windows\System32\wups2.dll

14:11:42.0720 4428 C:\Windows\System32\wups2.dll - ok

14:11:42.0720 4428 [ 2B373B5F7E36B5ED5DA176D4400EF091 ] C:\Windows\System32\sppobjs.dll

14:11:42.0720 4428 C:\Windows\System32\sppobjs.dll - ok

14:11:42.0735 4428 [ 769765CE2CC62867468CEA93969B2242 ] C:\Windows\System32\drivers\asyncmac.sys

14:11:42.0735 4428 C:\Windows\System32\drivers\asyncmac.sys - ok

14:11:42.0735 4428 [ 81252AA3B13743020BCF2089A5A0D911 ] C:\Windows\System32\wscinterop.dll

14:11:42.0735 4428 C:\Windows\System32\wscinterop.dll - ok

14:11:42.0735 4428 [ DF50DAE4C547285E4997A0C61063B632 ] C:\Windows\System32\wscui.cpl

14:11:42.0735 4428 C:\Windows\System32\wscui.cpl - ok

14:11:42.0735 4428 [ F9959237F106F2B2609E61A290C0652E ] C:\Windows\System32\werconcpl.dll

14:11:42.0735 4428 C:\Windows\System32\werconcpl.dll - ok

14:11:42.0751 4428 [ 7E591867422DC788B9E5BD337A669A08 ] C:\Windows\System32\wercplsupport.dll

14:11:42.0751 4428 C:\Windows\System32\wercplsupport.dll - ok

14:11:42.0751 4428 [ 809AE7D4ACE06BBCF621E5C504BF6FC8 ] C:\Windows\System32\hcproviders.dll

14:11:42.0751 4428 C:\Windows\System32\hcproviders.dll - ok

14:11:42.0751 4428 [ 0D893F8D145D3B125B0226727C243A69 ] C:\Windows\System32\security.dll

14:11:42.0751 4428 C:\Windows\System32\security.dll - ok

14:11:42.0767 4428 [ 012787CEB35505EB78DF82E0A0072888 ] C:\Windows\System32\browcli.dll

14:11:42.0767 4428 C:\Windows\System32\browcli.dll - ok

14:11:42.0767 4428 [ C4BFE4B61086416B0529212F92BCE081 ] C:\Windows\System32\schedcli.dll

14:11:42.0767 4428 C:\Windows\System32\schedcli.dll - ok

14:11:42.0767 4428 [ 5EA9A0950F322BFA382AF277801C0307 ] C:\Windows\System32\wbem\wmipcima.dll

14:11:42.0767 4428 C:\Windows\System32\wbem\wmipcima.dll - ok

14:11:42.0782 4428 [ C00DB14550E4BD49737F311C644E45FF ] C:\Windows\System32\wmi.dll

14:11:42.0782 4428 C:\Windows\System32\wmi.dll - ok

14:11:42.0782 4428 [ B6D6886149573278CBA6ABD44C4317F5 ] C:\Windows\System32\slwga.dll

14:11:42.0782 4428 C:\Windows\System32\slwga.dll - ok

14:11:42.0782 4428 ============================================================

14:11:42.0782 4428 Scan finished

14:11:42.0782 4428 ============================================================

14:11:42.0798 2956 Detected object count: 1

14:11:42.0798 2956 Actual detected object count: 1

14:12:22.0071 2956 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - skipped by user

14:12:22.0071 2956 SandraAgentSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip

14:12:28.0202 3828 Deinitialize success

Link to post
Share on other sites

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2012-12-30 14:14:03

-----------------------------

14:14:03.509 OS Version: Windows x64 6.1.7601 Service Pack 1

14:14:03.509 Number of processors: 2 586 0x4303

14:14:03.509 ComputerName: HTPC UserName: Webb

14:14:04.273 Initialize success

14:14:07.736 AVAST engine defs: 12123000

14:14:16.831 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

14:14:16.831 Disk 0 Vendor: WDC_WD2500YD-01NVB1 10.02E01 Size: 239372MB BusType: 3

14:14:16.847 Disk 0 MBR read successfully

14:14:16.847 Disk 0 MBR scan

14:14:16.847 Disk 0 Windows 7 default MBR code

14:14:16.862 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 188252 MB offset 2048

14:14:16.862 Disk 0 Partition - 00 05 Extended 51113 MB offset 385543935

14:14:16.894 Disk 0 Partition 2 00 82 Linux swap 2133 MB offset 485853858

14:14:16.956 Disk 0 scanning C:\Windows\system32\drivers

14:14:29.982 Service scanning

14:14:46.331 Modules scanning

14:14:46.331 Disk 0 trace - called modules:

14:14:46.347 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys

14:14:46.861 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004893220]

14:14:46.861 3 CLASSPNP.SYS[fffff88001b9243f] -> nt!IofCallDriver -> [0xfffffa800489d9b0]

14:14:46.861 5 ACPI.sys[fffff88000f6d7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004885680]

14:14:47.298 AVAST engine scan C:\Windows

14:14:50.637 AVAST engine scan C:\Windows\system32

14:18:03.484 AVAST engine scan C:\Windows\system32\drivers

14:18:15.871 AVAST engine scan C:\Users\Webb

14:20:04.135 AVAST engine scan C:\ProgramData

14:23:36.936 Scan finished successfully

14:24:06.233 Disk 0 MBR has been saved successfully to "C:\Users\Webb\Desktop\MBR.dat"

14:24:06.233 The log file has been saved successfully to "C:\Users\Webb\Desktop\aswMBR.txt"

Link to post
Share on other sites

  • Staff

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit

2.Unzip the contents to a folder in a convenient location.

3.Open the folder where the contents were unzipped and run mbar.exe

4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.

6.Wait while the system shuts down and the cleanup process is performed.

7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

  • •Internet access
    •Windows Update
    •Windows Firewall

9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.

10.Verify that your system is now functioning normally.

Link to post
Share on other sites

  • Staff

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

 ClearJavaCache:: 

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  1. report from Combofix
  2. let me know of any problems you may have had
  3. How is the computer doing now after running the script?

Gringo

Link to post
Share on other sites

Grigo,

I created the scrip and ran it with Comcofix. I ahve attached the log. My computer is running great. Again though the lsass.exe process is no longer running.

ComboFix 12-12-31.01 - Webb 12/31/2012 8:24.2.2 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.3094 [GMT -6:00]

Running from: c:\users\Webb\Desktop\ComboFix.exe

Command switches used :: c:\users\Webb\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-31 )))))))))))))))))))))))))))))))

.

.

2012-12-31 14:30 . 2012-12-31 14:30 -------- d-----w- c:\users\test\AppData\Local\temp

2012-12-31 14:30 . 2012-12-31 14:30 -------- d-----w- c:\users\test.HTPC\AppData\Local\temp

2012-12-31 14:30 . 2012-12-31 14:30 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-31 01:53 . 2012-12-31 01:53 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-12-31 01:53 . 2012-12-31 01:52 95184 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-12-31 01:49 . 2012-12-31 01:49 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CBDA262E-5FCC-4B41-B1E7-7BEC5A2B2BA5}\offreg.dll

2012-12-29 03:03 . 2012-12-29 03:03 -------- d-----w- c:\users\Webb\AppData\Roaming\Malwarebytes

2012-12-29 03:03 . 2012-12-29 03:03 -------- d-----w- c:\programdata\Malwarebytes

2012-12-29 03:03 . 2012-12-29 03:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-12-29 03:03 . 2012-12-14 22:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-29 03:02 . 2012-12-29 03:02 -------- d-----w- c:\users\Webb\AppData\Local\Programs

2012-12-28 18:41 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CBDA262E-5FCC-4B41-B1E7-7BEC5A2B2BA5}\mpengine.dll

2012-12-21 13:54 . 2012-12-21 13:56 -------- d-----w- c:\program files (x86)\Google

2012-12-21 09:00 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-21 09:00 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-21 09:00 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-21 09:00 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-11 19:07 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-11 19:07 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-12-11 19:05 . 2012-10-04 16:47 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-31 01:52 . 2012-10-19 11:18 859072 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-12-31 01:52 . 2010-04-25 02:57 779704 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-12-12 11:13 . 2012-04-07 13:19 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-12 11:13 . 2011-05-21 19:42 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-12 09:01 . 2010-04-23 02:37 67413224 ----a-w- c:\windows\system32\MRT.exe

2012-11-07 23:38 . 2010-04-09 06:25 94288 ----a-w- c:\windows\system32\drivers\inspect.sys

2012-11-07 23:38 . 2010-04-09 06:25 38144 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2012-11-07 23:37 . 2010-04-09 06:25 584056 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2012-11-07 23:37 . 2010-04-09 06:25 22736 ----a-w- c:\windows\system32\drivers\cmderd.sys

2012-11-07 23:37 . 2012-01-18 13:15 41240 ----a-w- c:\windows\system32\cmdcsr.dll

2012-11-07 23:37 . 2010-04-09 06:26 301264 ----a-w- c:\windows\SysWow64\guard32.dll

2012-11-07 23:37 . 2010-04-09 06:26 390392 ----a-w- c:\windows\system32\guard64.dll

2012-10-30 23:51 . 2010-04-23 02:32 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-10-30 23:51 . 2011-03-09 01:52 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-10-30 23:51 . 2010-04-23 02:32 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-10-30 23:51 . 2010-04-23 02:32 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-10-30 23:51 . 2010-04-23 02:32 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-10-30 23:51 . 2010-07-24 02:43 41224 ----a-w- c:\windows\avastSS.scr

2012-10-30 23:50 . 2010-04-23 02:31 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-10-30 23:50 . 2011-02-13 22:36 285328 ----a-w- c:\windows\system32\aswBoot.exe

2012-10-19 15:29 . 2012-10-19 15:29 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin

2012-10-16 08:38 . 2012-11-27 18:55 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-11-27 18:55 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-11-27 18:55 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-15 16:59 . 2012-04-07 13:20 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-10-09 18:17 . 2012-11-14 10:50 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-10-09 18:17 . 2012-11-14 10:50 226816 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-10-09 17:40 . 2012-11-14 10:50 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40 . 2012-11-14 10:50 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll

2012-10-04 20:29 . 2012-03-15 06:40 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2012-10-04 20:28 . 2012-02-19 21:32 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2012-10-04 20:28 . 2012-02-19 21:32 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2012-10-04 20:28 . 2012-02-19 21:32 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-10-04 16:40 . 2012-12-11 19:05 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-10-03 17:56 . 2012-11-14 10:49 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-10-03 17:44 . 2012-11-14 10:49 70656 ----a-w- c:\windows\system32\nlaapi.dll

2012-10-03 17:44 . 2012-11-14 10:49 303104 ----a-w- c:\windows\system32\nlasvc.dll

2012-10-03 17:44 . 2012-11-14 10:49 246272 ----a-w- c:\windows\system32\netcorehc.dll

2012-10-03 17:44 . 2012-11-14 10:49 18944 ----a-w- c:\windows\system32\netevent.dll

2012-10-03 17:44 . 2012-11-14 10:49 216576 ----a-w- c:\windows\system32\ncsi.dll

2012-10-03 17:42 . 2012-11-14 10:49 569344 ----a-w- c:\windows\system32\iphlpsvc.dll

2012-10-03 16:42 . 2012-11-14 10:49 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll

2012-10-03 16:42 . 2012-11-14 10:49 18944 ----a-w- c:\windows\SysWow64\netevent.dll

2012-10-03 16:42 . 2012-11-14 10:49 156672 ----a-w- c:\windows\SysWow64\ncsi.dll

2012-10-03 16:07 . 2012-11-14 10:49 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2010-12-07 22:27 . 2010-11-21 17:11 331249 ----a-w- c:\program files (x86)\Clown_BD_v0.79.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-27 98304]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"WatcherHelper"="c:\program files (x86)\Sierra Wireless Inc\Watcher\WaHelper.exe" [2009-06-12 53248]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]

"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"osk.exe"="osk.exe" [2009-07-14 646144]

"Application Restart 0"="c:\windows\System32\osk.exe" [2009-07-14 646144]

.

c:\users\Webb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

ZvRemote.lnk - c:\program files (x86)\ZeeVee\ZvRemote\ZvRemote.exe [2010-2-10 1565944]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Air Mouse.lnk - c:\program files (x86)\Air Mouse\Air Mouse\Air Mouse.exe [2010-6-27 1018856]

Media Browser Service.lnk - c:\program files (x86)\MediaBrowser\MediaBrowser\MediaBrowserService.exe [2012-1-14 135168]

Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2012-1-2 666992]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]

R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe [2009-08-24 93336]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-02-18 51712]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-23 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-11-07 584056]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-11-07 38144]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-27 203776]

S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2011-01-10 231280]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]

S2 CLPSLS;COMODO livePCsupport Service;c:\program files (x86)\COMODO\COMODO livePCsupport\CLPSLS.exe [2010-02-19 148744]

S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [2011-01-10 109936]

S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2011-01-10 489840]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-31 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 11:13]

.

2012-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-21 13:54]

.

2012-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-21 13:54]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 23:50 133400 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 9577680]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Webb\AppData\Roaming\Mozilla\Firefox\Profiles\ek5gyir8.default\

FF - prefs.js: browser.startup.homepage - www.google.com

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-gStart - c:\program files (x86)\Garmin\gStart.exe

SafeBoot-06223878.sys

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-12-31 08:32:27

ComboFix-quarantined-files.txt 2012-12-31 14:32

ComboFix2.txt 2012-12-30 14:11

.

Pre-Run: 97,690,898,432 bytes free

Post-Run: 97,392,054,272 bytes free

.

- - End Of File - - B20D5A267C7EC9E84E2D218E7E8DBAF8

Link to post
Share on other sites

  • Staff

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur

Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld

These logs are looking allot better. But we still have some work to do.

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

  • Programs to remove

    • µTorrent
      Adobe Reader 9.5.0
      Java™ 6 Update 23 (64-bit)
      Java™ 6 Update 37

  • Please download and install
Revo Uninstaller FreeDouble click Revo Uninstaller to run it.
From the list of programs double click on The Program to remove
When prompted if you want to uninstall click Yes.
Be sure the Moderate option is selected then click Next.
The program will run, If prompted again click Yes
when the built-in uninstaller is finished click on Next.
Once the program has searched for leftovers click Next.
Check/tick the bolded items only on the list then click Delete
when prompted click on Yes and then on next.
put a check on any folders that are found and select delete
when prompted select yes then on next
Once done click Finish.

.

Update Adobe reader

  • Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.
    You can download it from
http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.
  • If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from
here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, be careful not to install anything to do with AskBar.

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.
    Download CCleaner from here http://www.ccleaner.com/
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.

: Malwarebytes' Anti-Malware :

I see you have MBAM installed - I think this is a great program and would like you to run a quick scan at this time

  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic

"information and logs"

  • In your next post I need the following
  1. Log From MBAM
  2. report from Hijackthis
  3. let me know of any problems you may have had
  4. How is the computer doing now?

Gringo

Link to post
Share on other sites

Gringo,

I performed the steps you asked. Computer is running fine.

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2012.12.31.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Webb :: HTPC [administrator]

12/31/2012 9:24:09 AM

mbam-log-2012-12-31 (09-24-09).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 234327

Time elapsed: 2 minute(s), 9 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 9:32:20 AM, on 12/31/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Garmin\gStart.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files (x86)\ZeeVee\ZvRemote\ZvRemote.exe

C:\Windows\SysWOW64\ctfmon.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe

C:\Users\Webb\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [WatcherHelper] "C:\Program Files (x86)\Sierra Wireless Inc\Watcher\WaHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKUS\S-1-5-18\..\RunOnce: [osk.exe] osk.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [Application Restart #0] C:\Windows\System32\osk.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [osk.exe] osk.exe (User 'Default user')

O4 - Startup: ZvRemote.lnk = C:\Program Files (x86)\ZeeVee\ZvRemote\ZvRemote.exe

O4 - Global Startup: Air Mouse.lnk = C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe

O4 - Global Startup: Media Browser Service.lnk = C:\Program Files (x86)\MediaBrowser\MediaBrowser\MediaBrowserService.exe

O4 - Global Startup: Windows Home Server.lnk = ?

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files (x86)\COMODO\COMODO livePCsupport\CLPSLS.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 8033 bytes

Link to post
Share on other sites

  • Staff

Hello

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional

These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - Startup: ZvRemote.lnk = C:\Program Files (x86)\ZeeVee\ZvRemote\ZvRemote.exe
      O4 - Global Startup: Media Browser Service.lnk = C:\Program Files (x86)\MediaBrowser\MediaBrowser\MediaBrowserService.exe

[*] Close all open windows and browsers/email, etc...

[*] Click on the "Fix Checked" button

[*] When completed, close the application.

  • NOTE**You can research each of those lines
>here< and see if you want to keep them or not
just copy the name between the brackets and paste into the search space
O4 - HKLM\..\Run: [IntelliPoint]

NOTE**

sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe

(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit

(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit

and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start

    [*]When asked, allow the add/on to be installed

    • Click Start

    [*]Make sure that the option Remove found threats is unticked

    [*]Click on Advanced Settings, ensure the options

    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

    [*]Click Scan

    [*]wait for the virus definitions to be downloaded

    [*]Wait for the scan to finish

When the scan is complete

  • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found

  • If threats were found
    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    • close program
    • copy and paste the report here

Gringo

Link to post
Share on other sites

  • Staff

Hello

There are some minor things in your online scan that should be removed.

 

delete files

  • Copy all text in the quote box (below)...to Notepad.
    @echo off
    del /f /s /q "C:\Users\Webb\Downloads\MediaInfo_GUI_0.7.31_Windows_x64.exe"
    del /f /s /q "C:\Users\Webb\Downloads\MediaInfo_GUI_0.7.36_Windows_i386.exe"
    del %0
  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: batfileicon.gif<--XPvista_bat_icon.png<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.

 

The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.

 

 

 

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.

 

:Why we need to remove some of our tools:

  • Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
    They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.
    The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
    • The application window will appear
    • Click the Re-enable button to re-enable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK.

Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • CF-Uninstall.png

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.

  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls
CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner
Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)
     
    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety
Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Gringo

Link to post
Share on other sites