Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help me, wallpaper because i lost my pictures


  • This topic is locked This topic is locked
19 replies to this topic

#1 FlyerX

FlyerX

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 23 April 2012 - 02:29 PM

Hi guys!

i beg for help to solve this problem.

i have had an evil past days all full of computer problems since ISP technician that erase 200 tabs in mozilla with sensitive info to data loss due unintentional power off and unsaved notepads.

that by the way trying to avoid again or to reduce the loss for the next time i was installing a screen capture program (a soft tat take a screen-shots in time intervals so i could at least remember what i had open, but when trying some software's i decide to uninstall the av because it was giving me problems i uninstall it and then it ask me for restart i choose not now, i left the computer for a while and when i came back i found it OFF (i imagine the restart message of the antivirus had a countdown otherwise what else could have turned of the computer), and it was not a power interruption, and when i start it again i found a black wallpaper and i decide to go to my picture to select the wallpaper again i found that my picures has vanished.

thes days have been problem by problems everywhere, could you please guys help me,

i am using linux now i want to leave the windows partition alone to see what can i do to get the pictures back, i was looking for a data recovery software like "getdataback" but it doesn't exist for linux, please help!

Edited by hamluis, 23 April 2012 - 03:53 PM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:39 AM

Posted 23 April 2012 - 02:36 PM

Hello,

And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can. If you have performed any of the scans below post the logs for those scans, and then perform the ones you have not done.

Please download and run Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Malwarebytes Anti-Malware

NOTEMalwarebytes is now offering a free trial of their program, if you want to accept it you will need to enter some billing information, so that at the end of the trial you would be charged the cost of the product. Please decline this offer, if you are unable to provide billing information. If you want to try it out, then provide the billing information.

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


SUPERAntiSpyware:

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are unchecked (leave all others checked):
    • Ignore files larger then 4mb
    • Ignore non-executable files

    Now Perform the scan with SUPERAntiSpyware as follows:
    • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes" and reboot normally.
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.[list]
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

SAS Portable
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now GMER

GMER does not work in 64bit Mode!!!!!!

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.


All scans above should be performed in regular boot mode, and if that is not possible then I will post instructions in a follow up reply on how to get into Safe Mode to perform the scans. Also all scans should be COMPLETE and not quick unless specifically instructed to do so.

#3 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:39 AM

Posted 23 April 2012 - 02:49 PM

On a side note, your data may not have disappeared, but an infection that you could have gotten has hidden the data.

#4 FlyerX

FlyerX
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 23 April 2012 - 03:27 PM

well, an infection could be the reason but if an infection hidden my data, even for linux will the data be hidden?

#5 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:39 AM

Posted 23 April 2012 - 03:53 PM

It is quite possible.

#6 FlyerX

FlyerX
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 23 April 2012 - 05:23 PM

well, i'll star doing what you says in the first post i am desperate to get it, this hit me hard.

#7 FlyerX

FlyerX
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 23 April 2012 - 05:25 PM

Results of screen317's Security Check version 0.99.32
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Avira Free Antivirus
COMODO Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 23
Java version out of date!
Adobe Flash Player 10.1.102.64 Flash Player out of Date!
Mozilla Firefox (3.6.16) Firefox out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
``````````End of Log````````````

#8 FlyerX

FlyerX
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 23 April 2012 - 06:55 PM

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.23.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
krpm :: XUSER-PC [administrator]

4/23/2012 6:34:22 PM
mbam-log-2012-04-23 (18-34-22).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 368895
Time elapsed: 1 hour(s), 12 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\$Recycle.Bin\S-1-5-21-3188878607-3264248191-2653177-1000\$R1TWQZ0.1\Movie Maker\WMM2EXT.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-3188878607-3264248191-2653177-1000\$R1TWQZ0.1\Movie Maker\WMM2FILT.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.

(end)

Edited by FlyerX, 23 April 2012 - 08:30 PM.


#9 FlyerX

FlyerX
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 23 April 2012 - 08:34 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/23/2012 at 09:18 PM

Application Version : 5.0.1146

Core Rules Database Version : 8500
Trace Rules Database Version: 6312

Scan type : Complete Scan
Total Scan Time : 01:04:25

Operating System Information
Windows 7 Professional 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 495
Memory threats detected : 0
Registry items scanned : 37044
Registry threats detected : 0
File items scanned : 43633
File threats detected : 32

Adware.Tracking Cookie
C:\Users\xuser\AppData\Roaming\Microsoft\Windows\Cookies\XUSER@doubleclick[2].txt [ /doubleclick ]
C:\USERS\XUSER\AppData\Roaming\Microsoft\Windows\Cookies\Low\MQCYJJO0.txt [ Cookie:XUSER@adultfriendfinder.com/ ]
C:\USERS\XUSER\AppData\Roaming\Microsoft\Windows\Cookies\Low\3EFB87IL.txt [ Cookie:XUSER@kontera.com/ ]
C:\USERS\XUSER\AppData\Roaming\Microsoft\Windows\Cookies\Low\N8NHPOZV.txt [ Cookie:XUSER@trafficjunky.xtube.com/ ]
C:\USERS\XUSER\AppData\Roaming\Microsoft\Windows\Cookies\Low\JRUUXT2Q.txt [ Cookie:XUSER@at.atwola.com/ ]
C:\USERS\XUSER\AppData\Roaming\Microsoft\Windows\Cookies\Low\H0PKIEZ7.txt [ Cookie:XUSER@banners.xxxchickmatch.com/ ]
C:\USERS\XUSER\AppData\Roaming\Microsoft\Windows\Cookies\Low\JYNXS8MR.txt [ Cookie:XUSER@xiti.com/ ]
C:\USERS\XUSER\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZV5PZ5NN.txt [ Cookie:XUSER@smartadserver.com/ ]
C:\USERS\XUSER\AppData\Roaming\Microsoft\Windows\Cookies\Low\R5KZTAE8.txt [ Cookie:XUSER@www2.smartadserver.com/ ]
C:\USERS\XUSER\AppData\Roaming\Microsoft\Windows\Cookies\Low\WCQGJJTD.txt [ Cookie:XUSER@legolas-media.com/ ]
C:\USERS\XUSER\AppData\Roaming\Microsoft\Windows\Cookies\Low\K1J3APNP.txt [ Cookie:XUSER@doubleclick.net/ ]
C:\USERS\XUSER\AppData\Roaming\Microsoft\Windows\Cookies\Low\EIYQMZH5.txt [ Cookie:XUSER@geobanner.sexfinder.com/ ]
cdn.insights.gravity.com [ C:\USERS\XUSER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XFZJHF36 ]
content.video.imedia.ro [ C:\USERS\XUSER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XFZJHF36 ]
countdownpage.createyourcountdown.com [ C:\USERS\XUSER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XFZJHF36 ]
ds.serving-sys.com [ C:\USERS\XUSER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XFZJHF36 ]
ia.media-imdb.com [ C:\USERS\XUSER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XFZJHF36 ]
media.heavy.com [ C:\USERS\XUSER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XFZJHF36 ]
media1.break.com [ C:\USERS\XUSER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XFZJHF36 ]
msnbcmedia.msn.com [ C:\USERS\XUSER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XFZJHF36 ]
s0.2mdn.net [ C:\USERS\XUSER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XFZJHF36 ]
secure-us.imrworldwide.com [ C:\USERS\XUSER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XFZJHF36 ]
sexier.com [ C:\USERS\XUSER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XFZJHF36 ]
sftrack.searchforce.net [ C:\USERS\XUSER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XFZJHF36 ]
static.discoverymedia.com [ C:\USERS\XUSER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XFZJHF36 ]
vhss-d.oddcast.com [ C:\USERS\XUSER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XFZJHF36 ]
vidii.hardsextube.com [ C:\USERS\XUSER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XFZJHF36 ]
www.99counters.com [ C:\USERS\XUSER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XFZJHF36 ]
www.pornhub.com [ C:\USERS\XUSER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XFZJHF36 ]
www.chick-and-tits.com [ C:\USERS\XUSER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XFZJHF36 ]
www.testtrack.tv [ C:\USERS\XUSER\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XFZJHF36 ]
C:\USERS\XUSER\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\XUSER@CONTENT.YIELDMANAGER[2].TXT [ /CONTENT.YIELDMANAGER ]

#10 FlyerX

FlyerX
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 23 April 2012 - 09:19 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-23 22:13:36
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 FUJITSU_MHW2080BH_PL rev.891F
Running: gmer.exe; Driver: C:\Users\xuser\AppData\Local\Temp\pgldqpoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x8E6B6F26]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x8E6B7112]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x8E6B6286]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x8E6B6B8C]
SSDT 94168DCE ZwCreateSection
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x8E6B7C8A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0x8E6B5C72]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x8E6B7340]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0x8E6B76BC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x8E6B654E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x8E6B6D68]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x8E6B67E8]
SSDT 94168DD8 ZwRequestWaitReplyPort
SSDT 94168DD3 ZwSetContextThread
SSDT 94168DDD ZwSetSecurityObject
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x8E6B79A8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x8E6B64B8]
SSDT 94168DE2 ZwSystemDebugControl
SSDT 94168D6F ZwTerminateProcess
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x8E6B5E76]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13C1 8367B3D9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 836B4D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 836BBDCC 4 Bytes [26, 6F, 6B, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 836BBDF4 4 Bytes [12, 71, 6B, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 836BBE88 4 Bytes [86, 62, 6B, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11AF 836BBEA4 4 Bytes [8C, 6B, 6B, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 836BBEEC 4 Bytes [CE, 8D, 16, 94] {INTO ; LEA EDX, [ESI]; XCHG ESP, EAX}
.text ...
.text kernel32.dll!CreateProcessW 7701204D 5 Bytes [E9, DE, 2E, 01, 99] {JMP 0xffffffff99012ee3}
.text kernel32.dll!CreateProcessA 77012082 5 Bytes [E9, 39, 3A, 01, 99] {JMP 0xffffffff99013a3e}
.text kernel32.dll!CreateProcessAsUserW 770459AF 5 Bytes [E9, AC, E0, FD, 98] {JMP 0xffffffff98fde0b1}
.text gdi32.dll!DeleteDC 77356EAA 5 Bytes [E9, 11, 1D, CD, 98] {JMP 0xffffffff98cd1d16}
.text gdi32.dll!GetPixel 7735C3D5 5 Bytes [E9, B6, C5, CC, 98] {JMP 0xffffffff98ccc5bb}
.text gdi32.dll!CreateDCA 7735CCA9 5 Bytes [E9, 12, D0, CC, 98] {JMP 0xffffffff98ccd017}
.text gdi32.dll!CreateDCW 7735CF79 5 Bytes [E9, 42, CC, CC, 98] {JMP 0xffffffff98cccc47}
.text advapi32.dll!CreateProcessAsUserA 769B2538 5 Bytes [E9, 53, 1E, 67, 99] {JMP 0xffffffff99671e58}

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\csrss.exe[408] ntdll.dll!NtAlpcSendWaitReceivePort 77255418 5 Bytes JMP 753F1BA0 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\csrss.exe[408] ntdll.dll!NtReplyWaitReceivePort 77256418 5 Bytes JMP 753F1450 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\csrss.exe[408] ntdll.dll!NtReplyWaitReceivePortEx 77256428 5 Bytes JMP 753F17F0 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\csrss.exe[468] ntdll.dll!NtAlpcSendWaitReceivePort 77255418 5 Bytes JMP 753F1BA0 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\csrss.exe[468] ntdll.dll!NtReplyWaitReceivePort 77256418 5 Bytes JMP 753F1450 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\csrss.exe[468] ntdll.dll!NtReplyWaitReceivePortEx 77256428 5 Bytes JMP 753F17F0 C:\Windows\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] ntdll.dll!NtAlpcSendWaitReceivePort 77255418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] ntdll.dll!NtClose 772554C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] ntdll.dll!LdrUnloadDll 7726C86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] kernel32.dll!CreateProcessW 7701204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] kernel32.dll!CreateProcessA 77012082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] kernel32.dll!CreateProcessAsUserW 770459AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] USER32.dll!RegisterRawInputDevices 76D85B52 5 Bytes JMP 10018E60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] USER32.dll!SystemParametersInfoA 76D880E0 7 Bytes JMP 1001C5F0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] USER32.dll!SetParent 76D88314 5 Bytes JMP 100188E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] USER32.dll!EnableWindow 76D88D02 5 Bytes JMP 10017E00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] USER32.dll!MoveWindow 76D88D29 5 Bytes JMP 10018B80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] USER32.dll!GetAsyncKeyState 76D8A256 5 Bytes JMP 10019080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] USER32.dll!RegisterHotKey 76D8AA19 5 Bytes JMP 100180A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] USER32.dll!PostThreadMessageA 76D8AD09 5 Bytes JMP 1001B8E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] USER32.dll!SendMessageA 76D8AD60 5 Bytes JMP 1001B3A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] USER32.dll!PostMessageA 76D8B446 5 Bytes JMP 1001BE20 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] USER32.dll!SendNotifyMessageW 76D8C88A 5 Bytes JMP 1001A0C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] USER32.dll!SystemParametersInfoW 76D8E09A 7 Bytes JMP 1001C3D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] USER32.dll!SetWindowsHookExW 76D8E30C 1 Byte [E9]
.text C:\Windows\system32\wininit.exe[480] USER32.dll!SetWindowsHookExW 76D8E30C 5 Bytes JMP 1001C810 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] USER32.dll!SendMessageTimeoutW 76D8E459 5 Bytes JMP 1001AB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] USER32.dll!PostThreadMessageW 76D8EEFC 5 Bytes JMP 1001B640 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] USER32.dll!SetWinEventHook 76D924DC 5 Bytes JMP 1001C0C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] USER32.dll!GetKeyState 76D92B4D 5 Bytes JMP 10019330 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] USER32.dll!SendMessageCallbackW 76D92F7B 5 Bytes JMP 1001A600 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] USER32.dll!PostMessageW 76D9447B 5 Bytes JMP 1001BB80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] USER32.dll!SendMessageW 76D95539 5 Bytes JMP 1001B100 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] USER32.dll!GetClipboardData 76DA2BA7 5 Bytes JMP 100182D0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] USER32.dll!SendNotifyMessageA 76DA493C 5 Bytes JMP 1001A360 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] USER32.dll!mouse_event 76DA6209 5 Bytes JMP 10029670 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] USER32.dll!SetClipboardViewer 76DA6FF6 5 Bytes JMP 100186E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] USER32.dll!SendDlgItemMessageW 76DA70D8 5 Bytes JMP 10019B60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] USER32.dll!SendDlgItemMessageA 76DA7241 5 Bytes JMP 10019E10 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] USER32.dll!GetKeyboardState 76DB6946 5 Bytes JMP 100195E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] USER32.dll!BlockInput 76DB6A99 5 Bytes JMP 100184E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] USER32.dll!SetWindowsHookExA 76DB6D0C 5 Bytes JMP 1001CA80 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] USER32.dll!SendMessageTimeoutA 76DB6DA9 5 Bytes JMP 1001AE40 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] USER32.dll!SendInput 76DB7019 5 Bytes JMP 10019890 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] USER32.dll!ExitWindowsEx 76DD06C7 5 Bytes JMP 10017BF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] USER32.dll!keybd_event 76DDEC3B 5 Bytes JMP 10029880 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] USER32.dll!SendMessageCallbackA 76DE3E8B 5 Bytes JMP 1001A8C0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] GDI32.dll!DeleteDC 77356EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] GDI32.dll!BitBlt 773572C0 5 Bytes JMP 100293E0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] GDI32.dll!GetPixel 7735C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] GDI32.dll!MaskBlt 7735C7AD 5 Bytes JMP 10029130 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] GDI32.dll!CreateDCA 7735CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] GDI32.dll!CreateDCW 7735CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] GDI32.dll!StretchBlt 7735F467 5 Bytes JMP 10028C00 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] GDI32.dll!PlgBlt 77370F73 5 Bytes JMP 10028EA0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wininit.exe[480] ADVAPI32.dll!CreateProcessAsUserA 769B2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[576] services.exe 00411608 4 Bytes [80, E1, 01, 10]
.text C:\Windows\system32\services.exe[576] services.exe 00411618 4 Bytes [60, DC, 01, 10]
.text C:\Windows\system32\services.exe[576] services.exe 00411638 4 Bytes [A0, E4, 01, 10]
.text C:\Windows\system32\services.exe[576] services.exe 00411648 4 Bytes [E0, DE, 01, 10] {LOOPNZ 0xffffffffffffffe0; ADD [EAX], EDX}
.text C:\Windows\system32\services.exe[576] ntdll.dll!NtAlpcSendWaitReceivePort 77255418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[576] ntdll.dll!NtClose 772554C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[576] ntdll.dll!LdrUnloadDll 7726C86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[576] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[576] kernel32.dll!CreateProcessW 7701204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[576] kernel32.dll!CreateProcessA 77012082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[576] kernel32.dll!CreateProcessAsUserW 770459AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[576] RPCRT4.dll!RpcServerRegisterIfEx 768E09BC 5 Bytes JMP 1001F060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[576] GDI32.dll!DeleteDC 77356EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[576] GDI32.dll!GetPixel 7735C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[576] GDI32.dll!CreateDCA 7735CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[576] GDI32.dll!CreateDCW 7735CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\services.exe[576] ADVAPI32.dll!CreateProcessAsUserA 769B2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[584] ntdll.dll!NtAlpcSendWaitReceivePort 77255418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[584] ntdll.dll!NtClose 772554C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[584] ntdll.dll!LdrUnloadDll 7726C86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[584] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[584] kernel32.dll!CreateProcessW 7701204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[584] kernel32.dll!CreateProcessA 77012082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[584] kernel32.dll!CreateProcessAsUserW 770459AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[584] GDI32.dll!DeleteDC 77356EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[584] GDI32.dll!GetPixel 7735C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[584] GDI32.dll!CreateDCA 7735CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[584] GDI32.dll!CreateDCW 7735CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsass.exe[584] ADVAPI32.dll!CreateProcessAsUserA 769B2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[592] ntdll.dll!NtAlpcSendWaitReceivePort 77255418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[592] ntdll.dll!NtClose 772554C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[592] ntdll.dll!LdrUnloadDll 7726C86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[592] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[592] kernel32.dll!CreateProcessW 7701204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[592] kernel32.dll!CreateProcessA 77012082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[592] kernel32.dll!CreateProcessAsUserW 770459AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[592] GDI32.dll!DeleteDC 77356EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[592] GDI32.dll!GetPixel 7735C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[592] GDI32.dll!CreateDCA 7735CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[592] GDI32.dll!CreateDCW 7735CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\lsm.exe[592] ADVAPI32.dll!CreateProcessAsUserA 769B2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[696] ntdll.dll!NtAlpcSendWaitReceivePort 77255418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[696] ntdll.dll!NtClose 772554C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[696] ntdll.dll!LdrUnloadDll 7726C86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[696] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[696] kernel32.dll!CreateProcessW 7701204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[696] kernel32.dll!CreateProcessA 77012082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[696] kernel32.dll!CreateProcessAsUserW 770459AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[696] RPCRT4.dll!RpcServerRegisterIfEx 768E09BC 5 Bytes JMP 1001F060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[696] GDI32.dll!DeleteDC 77356EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[696] GDI32.dll!GetPixel 7735C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[696] GDI32.dll!CreateDCA 7735CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[696] GDI32.dll!CreateDCW 7735CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[696] ADVAPI32.dll!CreateProcessAsUserA 769B2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[788] ntdll.dll!NtAlpcSendWaitReceivePort 77255418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[788] ntdll.dll!NtClose 772554C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[788] ntdll.dll!LdrUnloadDll 7726C86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[788] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!CreateProcessW 7701204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!CreateProcessA 77012082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[788] kernel32.dll!CreateProcessAsUserW 770459AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[788] RPCRT4.dll!RpcServerRegisterIfEx 768E09BC 5 Bytes JMP 1001F060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[788] GDI32.dll!DeleteDC 77356EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[788] GDI32.dll!GetPixel 7735C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[788] GDI32.dll!CreateDCA 7735CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[788] GDI32.dll!CreateDCW 7735CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[788] ADVAPI32.dll!CreateProcessAsUserA 769B2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[788] rpcss.dll!CoGetComCatalog 749235EC 8 Bytes JMP ED501001
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[880] ntdll.dll!NtAllocateVirtualMemory 772552D8 5 Bytes JMP 00533F00 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[880] ntdll.dll!NtCreateFile 772555C8 5 Bytes JMP 0054D9A0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[944] ntdll.dll!NtAlpcSendWaitReceivePort 77255418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[944] ntdll.dll!NtClose 772554C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[944] ntdll.dll!LdrUnloadDll 7726C86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[944] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!CreateProcessW 7701204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!CreateProcessA 77012082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[944] kernel32.dll!CreateProcessAsUserW 770459AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[944] GDI32.dll!DeleteDC 77356EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[944] GDI32.dll!GetPixel 7735C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[944] GDI32.dll!CreateDCA 7735CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[944] GDI32.dll!CreateDCW 7735CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[944] ADVAPI32.dll!CreateProcessAsUserA 769B2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[984] ntdll.dll!NtAlpcSendWaitReceivePort 77255418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[984] ntdll.dll!NtClose 772554C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[984] ntdll.dll!LdrUnloadDll 7726C86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[984] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[984] kernel32.dll!CreateProcessW 7701204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[984] kernel32.dll!CreateProcessA 77012082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[984] kernel32.dll!CreateProcessAsUserW 770459AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[984] GDI32.dll!DeleteDC 77356EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[984] GDI32.dll!GetPixel 7735C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[984] GDI32.dll!CreateDCA 7735CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[984] GDI32.dll!CreateDCW 7735CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[984] ADVAPI32.dll!CreateProcessAsUserA 769B2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1020] ntdll.dll!NtAlpcSendWaitReceivePort 77255418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1020] ntdll.dll!NtClose 772554C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1020] ntdll.dll!LdrUnloadDll 7726C86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1020] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1020] kernel32.dll!CreateProcessW 7701204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1020] kernel32.dll!CreateProcessA 77012082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1020] kernel32.dll!CreateProcessAsUserW 770459AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1020] GDI32.dll!DeleteDC 77356EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1020] GDI32.dll!GetPixel 7735C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1020] GDI32.dll!CreateDCA 7735CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1020] GDI32.dll!CreateDCW 7735CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\svchost.exe[1020] ADVAPI32.dll!CreateProcessAsUserA 769B2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1040] ntdll.dll!NtAlpcSendWaitReceivePort 77255418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1040] ntdll.dll!NtClose 772554C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1040] ntdll.dll!LdrUnloadDll 7726C86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1040] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!CreateProcessW 7701204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!CreateProcessA 77012082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1040] kernel32.dll!CreateProcessAsUserW 770459AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1040] GDI32.dll!DeleteDC 77356EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1040] GDI32.dll!GetPixel 7735C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1040] GDI32.dll!CreateDCA 7735CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1040] GDI32.dll!CreateDCW 7735CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1040] ADVAPI32.dll!CreateProcessAsUserA 769B2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] ntdll.dll!NtAlpcSendWaitReceivePort 77255418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] ntdll.dll!NtClose 772554C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] ntdll.dll!LdrUnloadDll 7726C86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateProcessW 7701204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateProcessA 77012082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] kernel32.dll!CreateProcessAsUserW 770459AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] RPCRT4.dll!RpcServerRegisterIfEx 768E09BC 5 Bytes JMP 1001F060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] GDI32.dll!DeleteDC 77356EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] GDI32.dll!GetPixel 7735C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] GDI32.dll!CreateDCA 7735CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] GDI32.dll!CreateDCW 7735CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1044] ADVAPI32.dll!CreateProcessAsUserA 769B2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1204] ntdll.dll!NtAlpcSendWaitReceivePort 77255418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1204] ntdll.dll!NtClose 772554C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1204] ntdll.dll!LdrUnloadDll 7726C86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1204] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1204] kernel32.dll!CreateProcessW 7701204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1204] kernel32.dll!CreateProcessA 77012082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1204] kernel32.dll!CreateProcessAsUserW 770459AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1204] GDI32.dll!DeleteDC 77356EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1204] GDI32.dll!GetPixel 7735C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1204] GDI32.dll!CreateDCA 7735CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1204] GDI32.dll!CreateDCW 7735CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1204] ADVAPI32.dll!CreateProcessAsUserA 769B2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Hpservice.exe[1256] ntdll.dll!NtAlpcSendWaitReceivePort 77255418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Hpservice.exe[1256] ntdll.dll!NtClose 772554C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Hpservice.exe[1256] ntdll.dll!LdrUnloadDll 7726C86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Hpservice.exe[1256] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Hpservice.exe[1256] kernel32.dll!CreateProcessW 7701204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Hpservice.exe[1256] kernel32.dll!CreateProcessA 77012082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Hpservice.exe[1256] kernel32.dll!CreateProcessAsUserW 770459AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Hpservice.exe[1256] ADVAPI32.dll!CreateProcessAsUserA 769B2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Hpservice.exe[1256] GDI32.dll!DeleteDC 77356EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Hpservice.exe[1256] GDI32.dll!GetPixel 7735C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Hpservice.exe[1256] GDI32.dll!CreateDCA 7735CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\Hpservice.exe[1256] GDI32.dll!CreateDCW 7735CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1556] ntdll.dll!NtAlpcSendWaitReceivePort 77255418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1556] ntdll.dll!NtClose 772554C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1556] ntdll.dll!LdrUnloadDll 7726C86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1556] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1556] kernel32.dll!CreateProcessW 7701204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1556] kernel32.dll!CreateProcessA 77012082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1556] kernel32.dll!CreateProcessAsUserW 770459AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1556] GDI32.dll!DeleteDC 77356EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1556] GDI32.dll!GetPixel 7735C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1556] GDI32.dll!CreateDCA 7735CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1556] GDI32.dll!CreateDCW 7735CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\System32\spoolsv.exe[1556] ADVAPI32.dll!CreateProcessAsUserA 769B2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1600] ntdll.dll!NtAlpcSendWaitReceivePort 77255418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1600] ntdll.dll!NtClose 772554C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1600] ntdll.dll!LdrUnloadDll 7726C86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1600] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1600] kernel32.dll!CreateProcessW 7701204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1600] kernel32.dll!CreateProcessA 77012082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1600] kernel32.dll!CreateProcessAsUserW 770459AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1600] RPCRT4.dll!RpcServerRegisterIfEx 768E09BC 5 Bytes JMP 1001F060 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1600] GDI32.dll!DeleteDC 77356EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1600] GDI32.dll!GetPixel 7735C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1600] GDI32.dll!CreateDCA 7735CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1600] GDI32.dll!CreateDCW 7735CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1600] ADVAPI32.dll!CreateProcessAsUserA 769B2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1660] ntdll.dll!NtAlpcSendWaitReceivePort 77255418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1660] ntdll.dll!NtClose 772554C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1660] ntdll.dll!LdrUnloadDll 7726C86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1660] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1660] kernel32.dll!CreateProcessW 7701204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1660] kernel32.dll!CreateProcessA 77012082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1660] kernel32.dll!CreateProcessAsUserW 770459AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1660] GDI32.dll!DeleteDC 77356EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1660] GDI32.dll!GetPixel 7735C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1660] GDI32.dll!CreateDCA 7735CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1660] GDI32.dll!CreateDCW 7735CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1660] ADVAPI32.dll!CreateProcessAsUserA 769B2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1692] ntdll.dll!NtAlpcSendWaitReceivePort 77255418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1692] ntdll.dll!NtClose 772554C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1692] ntdll.dll!LdrUnloadDll 7726C86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1692] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!CreateProcessW 7701204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!CreateProcessA 77012082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1692] kernel32.dll!CreateProcessAsUserW 770459AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1692] GDI32.dll!DeleteDC 77356EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1692] GDI32.dll!GetPixel 7735C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1692] GDI32.dll!CreateDCA 7735CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1692] GDI32.dll!CreateDCW 7735CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1692] ADVAPI32.dll!CreateProcessAsUserA 769B2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1720] ntdll.dll!NtAlpcSendWaitReceivePort 77255418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1720] ntdll.dll!NtClose 772554C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1720] ntdll.dll!LdrUnloadDll 7726C86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1720] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1720] kernel32.dll!CreateProcessW 7701204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1720] kernel32.dll!CreateProcessA 77012082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1720] kernel32.dll!CreateProcessAsUserW 770459AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1720] ADVAPI32.dll!CreateProcessAsUserA 769B2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1720] GDI32.dll!DeleteDC 77356EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1720] GDI32.dll!GetPixel 7735C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1720] GDI32.dll!CreateDCA 7735CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1720] GDI32.dll!CreateDCW 7735CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1828] ntdll.dll!NtAlpcSendWaitReceivePort 77255418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1828] ntdll.dll!NtClose 772554C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1828] ntdll.dll!LdrUnloadDll 7726C86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1828] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1828] kernel32.dll!CreateProcessW 7701204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1828] kernel32.dll!CreateProcessA 77012082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1828] kernel32.dll!CreateProcessAsUserW 770459AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1828] GDI32.dll!DeleteDC 77356EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1828] GDI32.dll!GetPixel 7735C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1828] GDI32.dll!CreateDCA 7735CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1828] GDI32.dll!CreateDCW 7735CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[1828] ADVAPI32.dll!CreateProcessAsUserA 769B2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[2244] ntdll.dll!NtAlpcSendWaitReceivePort 77255418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[2244] ntdll.dll!NtClose 772554C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[2244] ntdll.dll!LdrUnloadDll 7726C86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[2244] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[2244] kernel32.dll!CreateProcessW 7701204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[2244] kernel32.dll!CreateProcessA 77012082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[2244] kernel32.dll!CreateProcessAsUserW 770459AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[2244] GDI32.dll!DeleteDC 77356EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[2244] GDI32.dll!GetPixel 7735C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[2244] GDI32.dll!CreateDCA 7735CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[2244] GDI32.dll!CreateDCW 7735CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\taskhost.exe[2244] ADVAPI32.dll!CreateProcessAsUserA 769B2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2252] ntdll.dll!NtAlpcSendWaitReceivePort 77255418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2252] ntdll.dll!NtClose 772554C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2252] ntdll.dll!LdrUnloadDll 7726C86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2252] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2252] kernel32.dll!CreateProcessW 7701204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2252] kernel32.dll!CreateProcessA 77012082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2252] kernel32.dll!CreateProcessAsUserW 770459AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2252] ADVAPI32.dll!CreateProcessAsUserA 769B2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2252] GDI32.dll!DeleteDC 77356EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2252] GDI32.dll!GetPixel 7735C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2252] GDI32.dll!CreateDCA 7735CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\Explorer.EXE[2252] GDI32.dll!CreateDCW 7735CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] ntdll.dll!NtAllocateVirtualMemory 772552D8 5 Bytes JMP 0077FC60 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2464] ntdll.dll!NtAlpcSendWaitReceivePort 77255418 5 Bytes JMP 0129B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2464] ntdll.dll!NtClose 772554C8 5 Bytes JMP 0128D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2464] ntdll.dll!LdrUnloadDll 7726C86E 7 Bytes JMP 0128D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2464] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 01297DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2464] kernel32.dll!CreateProcessW 7701204D 5 Bytes JMP 01294F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2464] kernel32.dll!CreateProcessA 77012082 5 Bytes JMP 01295AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2464] kernel32.dll!CreateProcessAsUserW 770459AF 5 Bytes JMP 01293A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2464] GDI32.dll!DeleteDC 77356EAA 5 Bytes JMP 01298BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2464] GDI32.dll!GetPixel 7735C3D5 5 Bytes JMP 01298990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2464] GDI32.dll!CreateDCA 7735CCA9 5 Bytes JMP 01299CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2464] GDI32.dll!CreateDCW 7735CF79 5 Bytes JMP 01299BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2464] ADVAPI32.dll!CreateProcessAsUserA 769B2538 5 Bytes JMP 01294390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2476] ntdll.dll!NtAlpcSendWaitReceivePort 77255418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2476] ntdll.dll!NtClose 772554C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2476] ntdll.dll!LdrUnloadDll 7726C86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2476] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2476] kernel32.dll!CreateProcessW 7701204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2476] kernel32.dll!CreateProcessA 77012082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2476] kernel32.dll!CreateProcessAsUserW 770459AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2476] GDI32.dll!DeleteDC 77356EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2476] GDI32.dll!GetPixel 7735C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2476] GDI32.dll!CreateDCA 7735CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2476] GDI32.dll!CreateDCW 7735CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe[2476] ADVAPI32.dll!CreateProcessAsUserA 769B2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe[2492] ntdll.dll!NtAlpcSendWaitReceivePort 77255418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe[2492] ntdll.dll!NtClose 772554C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe[2492] ntdll.dll!LdrUnloadDll 7726C86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe[2492] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe[2492] kernel32.dll!CreateProcessW 7701204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe[2492] kernel32.dll!CreateProcessA 77012082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe[2492] kernel32.dll!CreateProcessAsUserW 770459AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe[2492] ADVAPI32.dll!CreateProcessAsUserA 769B2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe[2492] GDI32.dll!DeleteDC 77356EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe[2492] GDI32.dll!GetPixel 7735C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe[2492] GDI32.dll!CreateDCA 7735CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe[2492] GDI32.dll!CreateDCW 7735CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[2572] ntdll.dll!NtAlpcSendWaitReceivePort 77255418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[2572] ntdll.dll!NtClose 772554C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[2572] ntdll.dll!LdrUnloadDll 7726C86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[2572] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[2572] kernel32.dll!CreateProcessW 7701204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[2572] kernel32.dll!CreateProcessA 77012082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[2572] kernel32.dll!CreateProcessAsUserW 770459AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[2572] GDI32.dll!DeleteDC 77356EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[2572] GDI32.dll!GetPixel 7735C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[2572] GDI32.dll!CreateDCA 7735CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[2572] GDI32.dll!CreateDCW 7735CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe[2572] ADVAPI32.dll!CreateProcessAsUserA 769B2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2696] ntdll.dll!NtAlpcSendWaitReceivePort 77255418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2696] ntdll.dll!NtClose 772554C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2696] ntdll.dll!LdrUnloadDll 7726C86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2696] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2696] kernel32.dll!CreateProcessW 7701204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2696] kernel32.dll!CreateProcessA 77012082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2696] kernel32.dll!CreateProcessAsUserW 770459AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2696] ADVAPI32.dll!CreateProcessAsUserA 769B2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2696] GDI32.dll!DeleteDC 77356EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2696] GDI32.dll!GetPixel 7735C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2696] GDI32.dll!CreateDCA 7735CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\SearchIndexer.exe[2696] GDI32.dll!CreateDCW 7735CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2768] ntdll.dll!NtAlpcSendWaitReceivePort 77255418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2768] ntdll.dll!NtClose 772554C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2768] ntdll.dll!LdrUnloadDll 7726C86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2768] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2768] kernel32.dll!CreateProcessW 7701204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2768] kernel32.dll!CreateProcessA 77012082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2768] kernel32.dll!CreateProcessAsUserW 770459AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2768] GDI32.dll!DeleteDC 77356EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2768] GDI32.dll!GetPixel 7735C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2768] GDI32.dll!CreateDCA 7735CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2768] GDI32.dll!CreateDCW 7735CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[2768] ADVAPI32.dll!CreateProcessAsUserA 769B2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2816] ntdll.dll!NtAlpcSendWaitReceivePort 77255418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2816] ntdll.dll!NtClose 772554C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2816] ntdll.dll!LdrUnloadDll 7726C86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2816] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2816] kernel32.dll!CreateProcessW 7701204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2816] kernel32.dll!CreateProcessA 77012082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2816] kernel32.dll!CreateProcessAsUserW 770459AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2816] ADVAPI32.dll!CreateProcessAsUserA 769B2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2816] GDI32.dll!DeleteDC 77356EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2816] GDI32.dll!GetPixel 7735C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2816] GDI32.dll!CreateDCA 7735CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\wbem\wmiprvse.exe[2816] GDI32.dll!CreateDCW 7735CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3048] ntdll.dll!NtAlpcSendWaitReceivePort 77255418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3048] ntdll.dll!NtClose 772554C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3048] ntdll.dll!LdrUnloadDll 7726C86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3048] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3048] kernel32.dll!CreateProcessW 7701204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3048] kernel32.dll!CreateProcessA 77012082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3048] kernel32.dll!CreateProcessAsUserW 770459AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3048] ADVAPI32.dll!CreateProcessAsUserA 769B2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3048] GDI32.dll!DeleteDC 77356EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3048] GDI32.dll!GetPixel 7735C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3048] GDI32.dll!CreateDCA 7735CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3048] GDI32.dll!CreateDCW 7735CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\xuser\Desktop\gmer\gmer.exe[3496] ntdll.dll!NtAlpcSendWaitReceivePort 77255418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\xuser\Desktop\gmer\gmer.exe[3496] ntdll.dll!NtClose 772554C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\xuser\Desktop\gmer\gmer.exe[3496] ntdll.dll!LdrUnloadDll 7726C86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\xuser\Desktop\gmer\gmer.exe[3496] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\xuser\Desktop\gmer\gmer.exe[3496] kernel32.dll!CreateProcessW 7701204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\xuser\Desktop\gmer\gmer.exe[3496] kernel32.dll!CreateProcessA 77012082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\xuser\Desktop\gmer\gmer.exe[3496] kernel32.dll!CreateProcessAsUserW 770459AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\xuser\Desktop\gmer\gmer.exe[3496] GDI32.dll!DeleteDC 77356EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\xuser\Desktop\gmer\gmer.exe[3496] GDI32.dll!GetPixel 7735C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\xuser\Desktop\gmer\gmer.exe[3496] GDI32.dll!CreateDCA 7735CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\xuser\Desktop\gmer\gmer.exe[3496] GDI32.dll!CreateDCW 7735CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Users\xuser\Desktop\gmer\gmer.exe[3496] ADVAPI32.dll!CreateProcessAsUserA 769B2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3628] ntdll.dll!NtAlpcSendWaitReceivePort 77255418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3628] ntdll.dll!NtClose 772554C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3628] ntdll.dll!LdrUnloadDll 7726C86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3628] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3628] kernel32.dll!CreateProcessW 7701204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3628] kernel32.dll!CreateProcessA 77012082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3628] kernel32.dll!CreateProcessAsUserW 770459AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3628] GDI32.dll!DeleteDC 77356EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3628] GDI32.dll!GetPixel 7735C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3628] GDI32.dll!CreateDCA 7735CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3628] GDI32.dll!CreateDCW 7735CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\svchost.exe[3628] ADVAPI32.dll!CreateProcessAsUserA 769B2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[3932] ntdll.dll!NtAlpcSendWaitReceivePort 77255418 5 Bytes JMP 1002B520 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[3932] ntdll.dll!NtClose 772554C8 5 Bytes JMP 1001D080 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[3932] ntdll.dll!LdrUnloadDll 7726C86E 7 Bytes JMP 1001D1A0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[3932] ntdll.dll!LdrLoadDll 7727223E 5 Bytes JMP 10027DF0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[3932] kernel32.dll!CreateProcessW 7701204D 5 Bytes JMP 10024F30 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[3932] kernel32.dll!CreateProcessA 77012082 5 Bytes JMP 10025AC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[3932] kernel32.dll!CreateProcessAsUserW 770459AF 5 Bytes JMP 10023A60 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[3932] GDI32.dll!DeleteDC 77356EAA 5 Bytes JMP 10028BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[3932] GDI32.dll!GetPixel 7735C3D5 5 Bytes JMP 10028990 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[3932] GDI32.dll!CreateDCA 7735CCA9 5 Bytes JMP 10029CC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[3932] GDI32.dll!CreateDCW 7735CF79 5 Bytes JMP 10029BC0 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Windows\system32\AUDIODG.EXE[3932] ADVAPI32.dll!CreateProcessAsUserA 769B2538 5 Bytes JMP 10024390 C:\Windows\system32\guard32.dll (COMODO Internet Security/COMODO)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2252] @ C:\Windows\Explorer.EXE [KERNEL32.dll!GetProcAddress] [7527FFF6] C:\Windows\system32\apphelp.dll (Biblioteca de compatibilidad de aplicaciones cliente/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2252] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73BC2437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2252] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73BA5600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2252] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73BA56BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2252] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73BC24B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2252] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73BB8514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2252] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73BB4CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2252] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73BB506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2252] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73BB5144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2252] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73BB6671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2252] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73BB826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2252] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73BB87BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2252] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73BB901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2252] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73BBE1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2252] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73BB4BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2252] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7527FFF6] C:\Windows\system32\apphelp.dll (Biblioteca de compatibilidad de aplicaciones cliente/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2252] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7527FFF6] C:\Windows\system32\apphelp.dll (Biblioteca de compatibilidad de aplicaciones cliente/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2252] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7527FFF6] C:\Windows\system32\apphelp.dll (Biblioteca de compatibilidad de aplicaciones cliente/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2252] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7527FFF6] C:\Windows\system32\apphelp.dll (Biblioteca de compatibilidad de aplicaciones cliente/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2252] @ C:\Windows\system32\ole32.dll [msvcrt.dll!free] [72D211EB] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2252] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [7527FFF6] C:\Windows\system32\apphelp.dll (Biblioteca de compatibilidad de aplicaciones cliente/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2252] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [7527FFF6] C:\Windows\system32\apphelp.dll (Biblioteca de compatibilidad de aplicaciones cliente/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2252] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [7527FFF6] C:\Windows\system32\apphelp.dll (Biblioteca de compatibilidad de aplicaciones cliente/Microsoft Corporation)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [0065E480] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0065DB60] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] [0065E580] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [0065E440] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [0065E500] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [0065E610] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [0065E4C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!DeleteObject] [0065D2C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!RegisterClassA] [0065DBF0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!RegisterClassW] [0065DCB0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [0065D260] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [0065D750] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [0065D6C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSystemMetrics] [0065DD70] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [0065D310] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DrawFrameControl] [0065E240] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DrawEdge] [0065E1F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetScrollInfo] [0065D510] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\SHELL32.dll [USER32.dll!SystemParametersInfoW] [0065DEF0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\SHELL32.dll [USER32.dll!AdjustWindowRectEx] [0065E030] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\SHELL32.dll [USER32.dll!SetScrollInfo] [0065D400] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\SHELL32.dll [USER32.dll!CallWindowProcW] [0065D580] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\SHELL32.dll [USER32.dll!SetScrollPos] [0065D370] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [0065D260] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\SHELL32.dll [USER32.dll!RegisterClassW] [0065DCB0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [0065E170] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [0065D750] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSystemMetrics] [0065DD70] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!DeleteObject] [0065D2C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [0065E440] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [0065E480] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0065E500] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [0065E610] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [0065E440] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [0065E480] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] [0065E4C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\ole32.dll [GDI32.dll!DeleteObject] [0065D2C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\ole32.dll [USER32.dll!CallWindowProcW] [0065D580] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\ole32.dll [USER32.dll!GetSysColor] [0065D260] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\ole32.dll [USER32.dll!GetSystemMetrics] [0065DD70] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\ole32.dll [USER32.dll!SystemParametersInfoW] [0065DEF0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\ole32.dll [USER32.dll!RegisterClassW] [0065DCB0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\ole32.dll [USER32.dll!DefWindowProcW] [0065D750] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [0065E480] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [0065E440] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [0065E500] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [0065E4C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0065E440] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2452] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [0065E610] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

Device \Driver\ACPI_HAL \Device\00000062 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\001a6bb3ade7 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\001a6bb3ade7@001cd4600929 0xFE 0xD6 0xFA 0x45 ...
Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\001a6bb3ade7@0070e0aa98e2 0xD7 0x88 0x86 0x07 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6bb3ade7
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6bb3ade7@0010603046be 0x72 0xB6 0xB0 0x2F ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6bb3ade7@0070e0aa98e2 0x7A 0x4B 0xF7 0xC3 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6bb3ade7@6f4e71916612 0x5E 0x91 0x09 0x59 ...
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\001a6bb3ade7 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\001a6bb3ade7@0010603046be 0x72 0xB6 0xB0 0x2F ...
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\001a6bb3ade7@0070e0aa98e2 0x7A 0x4B 0xF7 0xC3 ...
Reg HKLM\SYSTEM\ControlSet003\services\BTHPORT\Parameters\Keys\001a6bb3ade7@6f4e71916612 0x5E 0x91 0x09 0x59 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0xAA 0x52 0xC6 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- EOF - GMER 1.0.15 ----

That's all

#11 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:39 AM

Posted 24 April 2012 - 07:12 AM

Lets download and run TDSS Killer. If it prompts you to fix anything, then PLEASE DO NOT FIX ANYTHING just post the log it produces.

#12 FlyerX

FlyerX
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 24 April 2012 - 10:06 AM

OMG

i have discovered that almost all my pictures have disappeared, that's the part i fear the most relating to data loss, the fact that i don't know what else is missing.

i dont know how many times will I have to go through this ii am really considering quit using computer (in today's world ha!) this data loss is so disastrous for me and the recent update is 3 months old.


i just want to thank you in advance cryptodan.

#13 FlyerX

FlyerX
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 24 April 2012 - 10:31 AM

11:20:44.0054 1020 TDSS rootkit removing tool 2.7.32.0 Apr 23 2012 19:12:34
11:20:44.0101 1020 ============================================================
11:20:44.0101 1020 Current date / time: 2012/04/24 11:20:44.0101
11:20:44.0101 1020 SystemInfo:
11:20:44.0101 1020
11:20:44.0101 1020 OS Version: 6.1.7601 ServicePack: 1.0
11:20:44.0101 1020 Product type: Workstation
11:20:44.0101 1020 ComputerName: xuser-PC
11:20:44.0101 1020 UserName: xuser
11:20:44.0101 1020 Windows directory: C:\Windows
11:20:44.0101 1020 System windows directory: C:\Windows
11:20:44.0101 1020 Processor architecture: Intel x86
11:20:44.0101 1020 Number of processors: 2
11:20:44.0101 1020 Page size: 0x1000
11:20:44.0101 1020 Boot type: Safe boot
11:20:44.0101 1020 ============================================================
11:20:45.0505 1020 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2861, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
11:20:45.0505 1020 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:20:45.0521 1020 Drive \Device\Harddisk2\DR2 - Size: 0xF3C0000 (0.24 Gb), SectorSize: 0x200, Cylinders: 0x1F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:20:45.0521 1020 ============================================================
11:20:45.0521 1020 \Device\Harddisk0\DR0:
11:20:45.0521 1020 MBR partitions:
11:20:45.0521 1020 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:20:45.0521 1020 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x7DC9000
11:20:45.0521 1020 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x7DFB800, BlocksNum 0xB26800
11:20:45.0583 1020 \Device\Harddisk1\DR1:
11:20:45.0583 1020 MBR partitions:
11:20:45.0583 1020 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1C3599D5
11:20:45.0583 1020 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x1C359A14, BlocksNum 0xE6AB6D
11:20:45.0583 1020 \Device\Harddisk2\DR2:
11:20:45.0583 1020 MBR partitions:
11:20:45.0583 1020 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x6, StartLBA 0x37, BlocksNum 0x79DC9
11:20:45.0583 1020 ============================================================
11:20:45.0646 1020 C: <-> \Device\Harddisk0\DR0\Partition1
11:20:45.0770 1020 D: <-> \Device\Harddisk0\DR0\Partition2
11:20:45.0802 1020 H: <-> \Device\Harddisk1\DR1\Partition0
11:20:45.0864 1020 K: <-> \Device\Harddisk1\DR1\Partition1
11:20:45.0864 1020 ============================================================
11:20:45.0864 1020 Initialize success
11:20:45.0864 1020 ============================================================
11:21:13.0710 1400 ============================================================
11:21:13.0710 1400 Scan started
11:21:13.0710 1400 Mode: Manual;
11:21:13.0710 1400 ============================================================
11:21:14.0287 1400 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
11:21:14.0287 1400 !SASCORE - ok
11:21:14.0459 1400 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
11:21:14.0459 1400 1394ohci - ok
11:21:14.0521 1400 Accelerometer (cc1f1d3d70dc13c2c281488d347d4415) C:\Windows\system32\DRIVERS\Accelerometer.sys
11:21:14.0521 1400 Accelerometer - ok
11:21:14.0615 1400 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
11:21:14.0615 1400 ACPI - ok
11:21:14.0646 1400 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
11:21:14.0662 1400 AcpiPmi - ok
11:21:14.0755 1400 ADIHdAudAddService (fb9ece3f7b8a03e474e611031ad4cd23) C:\Windows\system32\drivers\ADIHdAud.sys
11:21:14.0755 1400 ADIHdAudAddService - ok
11:21:14.0818 1400 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
11:21:14.0849 1400 adp94xx - ok
11:21:14.0880 1400 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
11:21:14.0896 1400 adpahci - ok
11:21:14.0927 1400 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
11:21:14.0927 1400 adpu320 - ok
11:21:14.0974 1400 AEADIFilters (12d23758621b00b8d3134095ec3325fd) C:\Windows\system32\AEADISRV.EXE
11:21:14.0974 1400 AEADIFilters - ok
11:21:15.0005 1400 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
11:21:15.0005 1400 AeLookupSvc - ok
11:21:15.0083 1400 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
11:21:15.0098 1400 AFD - ok
11:21:15.0223 1400 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
11:21:15.0270 1400 AgereSoftModem - ok
11:21:15.0301 1400 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
11:21:15.0301 1400 agp440 - ok
11:21:15.0332 1400 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
11:21:15.0332 1400 aic78xx - ok
11:21:15.0364 1400 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
11:21:15.0364 1400 ALG - ok
11:21:15.0379 1400 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
11:21:15.0395 1400 aliide - ok
11:21:15.0410 1400 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
11:21:15.0410 1400 amdagp - ok
11:21:15.0426 1400 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
11:21:15.0426 1400 amdide - ok
11:21:15.0457 1400 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
11:21:15.0473 1400 AmdK8 - ok
11:21:15.0488 1400 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
11:21:15.0488 1400 AmdPPM - ok
11:21:15.0504 1400 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
11:21:15.0520 1400 amdsata - ok
11:21:15.0535 1400 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
11:21:15.0535 1400 amdsbs - ok
11:21:15.0566 1400 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
11:21:15.0566 1400 amdxata - ok
11:21:15.0738 1400 AntiVirSchedulerService (72709089a54bdc1c5b16bc4a4b926567) C:\Program Files\Avira\AntiVir Desktop\sched.exe
11:21:15.0738 1400 AntiVirSchedulerService - ok
11:21:15.0816 1400 AntiVirService (42f88bfbb76f7a63e381829479b18518) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
11:21:15.0816 1400 AntiVirService - ok
11:21:15.0847 1400 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
11:21:15.0863 1400 AppID - ok
11:21:15.0894 1400 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
11:21:15.0894 1400 AppIDSvc - ok
11:21:15.0910 1400 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
11:21:15.0925 1400 Appinfo - ok
11:21:16.0019 1400 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:21:16.0019 1400 Apple Mobile Device - ok
11:21:16.0050 1400 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
11:21:16.0050 1400 AppMgmt - ok
11:21:16.0112 1400 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
11:21:16.0112 1400 arc - ok
11:21:16.0128 1400 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
11:21:16.0128 1400 arcsas - ok
11:21:16.0190 1400 ArgusMonitor (e021766f2de7f7c1c37f4eb6ca0d6134) C:\Windows\system32\drivers\ArgusMonitor.sys
11:21:16.0190 1400 ArgusMonitor - ok
11:21:16.0222 1400 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
11:21:16.0222 1400 AsyncMac - ok
11:21:16.0237 1400 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
11:21:16.0237 1400 atapi - ok
11:21:16.0331 1400 ATSwpWDF (befe54e9bc648a3c79c917a63b6ee7da) C:\Windows\system32\Drivers\ATSwpWDF.sys
11:21:16.0362 1400 ATSwpWDF - ok
11:21:16.0424 1400 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
11:21:16.0456 1400 AudioEndpointBuilder - ok
11:21:16.0456 1400 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
11:21:16.0471 1400 Audiosrv - ok
11:21:16.0534 1400 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
11:21:16.0534 1400 avgntflt - ok
11:21:16.0549 1400 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
11:21:16.0565 1400 avipbb - ok
11:21:16.0627 1400 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
11:21:16.0627 1400 avkmgr - ok
11:21:16.0658 1400 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
11:21:16.0658 1400 AxInstSV - ok
11:21:16.0721 1400 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
11:21:16.0752 1400 b06bdrv - ok
11:21:16.0830 1400 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
11:21:16.0846 1400 b57nd60x - ok
11:21:16.0877 1400 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
11:21:16.0877 1400 BDESVC - ok
11:21:16.0924 1400 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
11:21:16.0924 1400 Beep - ok
11:21:16.0986 1400 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
11:21:17.0002 1400 BFE - ok
11:21:17.0095 1400 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
11:21:17.0126 1400 BITS - ok
11:21:17.0204 1400 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
11:21:17.0204 1400 blbdrive - ok
11:21:17.0329 1400 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
11:21:17.0345 1400 Bonjour Service - ok
11:21:17.0423 1400 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
11:21:17.0438 1400 bowser - ok
11:21:17.0454 1400 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:21:17.0454 1400 BrFiltLo - ok
11:21:17.0485 1400 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:21:17.0485 1400 BrFiltUp - ok
11:21:17.0532 1400 Bridge (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
11:21:17.0548 1400 Bridge - ok
11:21:17.0579 1400 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
11:21:17.0579 1400 BridgeMP - ok
11:21:17.0610 1400 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
11:21:17.0626 1400 Browser - ok
11:21:17.0672 1400 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
11:21:17.0672 1400 Brserid - ok
11:21:17.0688 1400 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
11:21:17.0688 1400 BrSerWdm - ok
11:21:17.0719 1400 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:21:17.0719 1400 BrUsbMdm - ok
11:21:17.0735 1400 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
11:21:17.0735 1400 BrUsbSer - ok
11:21:17.0797 1400 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
11:21:17.0797 1400 BthEnum - ok
11:21:17.0875 1400 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
11:21:17.0875 1400 BTHMODEM - ok
11:21:17.0938 1400 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
11:21:17.0938 1400 BthPan - ok
11:21:17.0984 1400 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
11:21:18.0000 1400 BTHPORT - ok
11:21:18.0047 1400 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
11:21:18.0047 1400 bthserv - ok
11:21:18.0078 1400 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
11:21:18.0078 1400 BTHUSB - ok
11:21:18.0140 1400 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
11:21:18.0140 1400 cdfs - ok
11:21:18.0218 1400 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
11:21:18.0218 1400 cdrom - ok
11:21:18.0250 1400 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
11:21:18.0250 1400 CertPropSvc - ok
11:21:18.0265 1400 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
11:21:18.0281 1400 circlass - ok
11:21:18.0343 1400 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
11:21:18.0343 1400 CLFS - ok
11:21:18.0421 1400 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:21:18.0437 1400 clr_optimization_v2.0.50727_32 - ok
11:21:18.0499 1400 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:21:18.0515 1400 clr_optimization_v4.0.30319_32 - ok
11:21:18.0577 1400 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
11:21:18.0577 1400 CmBatt - ok
11:21:18.0811 1400 cmdAgent (907324001ae25ac5959c91eaa34cabae) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
11:21:18.0874 1400 cmdAgent - ok
11:21:19.0030 1400 cmdGuard (ed042da80d9d6a087e83df395ceefd65) C:\Windows\system32\DRIVERS\cmdguard.sys
11:21:19.0061 1400 cmdGuard - ok
11:21:19.0076 1400 cmdHlp (ed6b6a222cb9adf6751e02ad478a89fb) C:\Windows\system32\DRIVERS\cmdhlp.sys
11:21:19.0076 1400 cmdHlp - ok
11:21:19.0123 1400 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
11:21:19.0123 1400 cmdide - ok
11:21:19.0201 1400 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
11:21:19.0201 1400 CNG - ok
11:21:19.0357 1400 Com4QLBEx (c7a0e61d5714ac20de52d4f66ec773b8) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
11:21:19.0357 1400 Com4QLBEx - ok
11:21:19.0420 1400 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
11:21:19.0420 1400 Compbatt - ok
11:21:19.0451 1400 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
11:21:19.0451 1400 CompositeBus - ok
11:21:19.0466 1400 COMSysApp - ok
11:21:19.0498 1400 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
11:21:19.0498 1400 crcdisk - ok
11:21:19.0544 1400 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
11:21:19.0544 1400 CryptSvc - ok
11:21:19.0638 1400 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
11:21:19.0669 1400 CSC - ok
11:21:19.0716 1400 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
11:21:19.0732 1400 CscService - ok
11:21:19.0778 1400 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
11:21:19.0810 1400 DcomLaunch - ok
11:21:19.0856 1400 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
11:21:19.0856 1400 defragsvc - ok
11:21:19.0981 1400 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
11:21:19.0981 1400 DfsC - ok
11:21:20.0044 1400 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
11:21:20.0044 1400 Dhcp - ok
11:21:20.0106 1400 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
11:21:20.0106 1400 discache - ok
11:21:20.0184 1400 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
11:21:20.0184 1400 Disk - ok
11:21:20.0215 1400 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
11:21:20.0215 1400 Dnscache - ok
11:21:20.0262 1400 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
11:21:20.0262 1400 dot3svc - ok
11:21:20.0309 1400 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
11:21:20.0324 1400 DPS - ok
11:21:20.0558 1400 DragonUpdater (0036e686ca66bd1b005776ac8064640b) C:\Program Files\Comodo\Dragon\dragon_updater.exe
11:21:20.0558 1400 DragonUpdater - ok
11:21:20.0590 1400 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
11:21:20.0590 1400 drmkaud - ok
11:21:20.0668 1400 dtsoftbus01 (687af6bb383885ff6a64071b189a7f3e) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
11:21:20.0668 1400 dtsoftbus01 - ok
11:21:20.0777 1400 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
11:21:20.0792 1400 DXGKrnl - ok
11:21:20.0839 1400 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
11:21:20.0839 1400 EapHost - ok
11:21:21.0058 1400 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
11:21:21.0151 1400 ebdrv - ok
11:21:21.0260 1400 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
11:21:21.0260 1400 EFS - ok
11:21:21.0354 1400 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
11:21:21.0370 1400 ehRecvr - ok
11:21:21.0401 1400 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
11:21:21.0401 1400 ehSched - ok
11:21:21.0479 1400 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
11:21:21.0510 1400 elxstor - ok
11:21:21.0541 1400 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
11:21:21.0541 1400 ErrDev - ok
11:21:21.0635 1400 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
11:21:21.0650 1400 EventSystem - ok
11:21:21.0775 1400 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
11:21:21.0775 1400 exfat - ok
11:21:21.0806 1400 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
11:21:21.0806 1400 fastfat - ok
11:21:21.0900 1400 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
11:21:21.0916 1400 Fax - ok
11:21:21.0947 1400 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
11:21:21.0947 1400 fdc - ok
11:21:21.0978 1400 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
11:21:21.0978 1400 fdPHost - ok
11:21:21.0994 1400 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
11:21:21.0994 1400 FDResPub - ok
11:21:22.0056 1400 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
11:21:22.0056 1400 FileInfo - ok
11:21:22.0072 1400 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
11:21:22.0072 1400 Filetrace - ok
11:21:22.0087 1400 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
11:21:22.0087 1400 flpydisk - ok
11:21:22.0134 1400 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
11:21:22.0134 1400 FltMgr - ok
11:21:22.0243 1400 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
11:21:22.0274 1400 FontCache - ok
11:21:22.0352 1400 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:21:22.0352 1400 FontCache3.0.0.0 - ok
11:21:22.0384 1400 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
11:21:22.0384 1400 FsDepends - ok
11:21:22.0415 1400 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
11:21:22.0415 1400 Fs_Rec - ok
11:21:22.0477 1400 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
11:21:22.0493 1400 fvevol - ok
11:21:22.0508 1400 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:21:22.0508 1400 gagp30kx - ok
11:21:22.0571 1400 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:21:22.0571 1400 GEARAspiWDM - ok
11:21:22.0649 1400 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
11:21:22.0664 1400 gpsvc - ok
11:21:22.0742 1400 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
11:21:22.0774 1400 hamachi - ok
11:21:22.0945 1400 Hamachi2Svc (d1c12332326d7f4ab5cb57c660feed0b) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
11:21:22.0992 1400 Hamachi2Svc - ok
11:21:23.0148 1400 HBtnKey (c172f0d0329e46513b09e1fc60a27b9d) C:\Windows\system32\DRIVERS\cpqbttn.sys
11:21:23.0148 1400 HBtnKey - ok
11:21:23.0164 1400 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
11:21:23.0164 1400 hcw85cir - ok
11:21:23.0288 1400 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
11:21:23.0304 1400 HdAudAddService - ok
11:21:23.0335 1400 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
11:21:23.0351 1400 HDAudBus - ok
11:21:23.0366 1400 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
11:21:23.0366 1400 HidBatt - ok
11:21:23.0398 1400 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
11:21:23.0398 1400 HidBth - ok
11:21:23.0429 1400 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
11:21:23.0429 1400 HidIr - ok
11:21:23.0476 1400 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
11:21:23.0476 1400 hidserv - ok
11:21:23.0522 1400 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
11:21:23.0522 1400 HidUsb - ok
11:21:23.0569 1400 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
11:21:23.0585 1400 hkmsvc - ok
11:21:23.0600 1400 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
11:21:23.0616 1400 HomeGroupListener - ok
11:21:23.0647 1400 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
11:21:23.0663 1400 HomeGroupProvider - ok
11:21:23.0710 1400 hpdskflt (4ef10b866c62abbeaf7511cdd05a19be) C:\Windows\system32\DRIVERS\hpdskflt.sys
11:21:23.0710 1400 hpdskflt - ok
11:21:23.0788 1400 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
11:21:23.0788 1400 HpqKbFiltr - ok
11:21:23.0897 1400 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
11:21:23.0897 1400 hpqwmiex - ok
11:21:23.0944 1400 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
11:21:23.0944 1400 HpSAMD - ok
11:21:24.0006 1400 hpsrv (c0beb56ed79b59b7b33d0aa6c38a0ba6) C:\Windows\system32\Hpservice.exe
11:21:24.0006 1400 hpsrv - ok
11:21:24.0271 1400 hshld (575546ee9a39dd5cb3b4e34a146a8a3e) C:\Program Files\Hotspot Shield\bin\openvpnas.exe
11:21:24.0271 1400 hshld - ok
11:21:24.0318 1400 HssDrv (4f28652ec514fa1ba473bc1a695a5c98) C:\Windows\system32\DRIVERS\HssDrv.sys
11:21:24.0318 1400 HssDrv - ok
11:21:24.0458 1400 HssSrv (2cfea9c337b699aca38487e8a7438f35) C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
11:21:24.0458 1400 HssSrv - ok
11:21:24.0536 1400 HssTrayService (4efb7fc2a11db10ab6205206d60c432b) C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
11:21:24.0536 1400 HssTrayService - ok
11:21:24.0568 1400 HssWd - ok
11:21:24.0630 1400 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
11:21:24.0646 1400 HTTP - ok
11:21:24.0708 1400 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
11:21:24.0708 1400 hwpolicy - ok
11:21:24.0755 1400 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
11:21:24.0755 1400 i8042prt - ok
11:21:24.0848 1400 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
11:21:24.0864 1400 iaStorV - ok
11:21:24.0958 1400 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
11:21:24.0958 1400 IDriverT - ok
11:21:25.0114 1400 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:21:25.0145 1400 idsvc - ok
11:21:25.0550 1400 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
11:21:25.0691 1400 igfx - ok
11:21:25.0800 1400 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
11:21:25.0800 1400 iirsp - ok
11:21:25.0878 1400 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
11:21:25.0894 1400 IKEEXT - ok
11:21:25.0987 1400 inspect (2ee3db2c1760171c6f72f2f1792a47b5) C:\Windows\system32\DRIVERS\inspect.sys
11:21:25.0987 1400 inspect - ok
11:21:26.0018 1400 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
11:21:26.0018 1400 intelide - ok
11:21:26.0034 1400 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
11:21:26.0034 1400 intelppm - ok
11:21:26.0081 1400 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
11:21:26.0081 1400 IPBusEnum - ok
11:21:26.0112 1400 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:21:26.0112 1400 IpFilterDriver - ok
11:21:26.0206 1400 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
11:21:26.0221 1400 iphlpsvc - ok
11:21:26.0252 1400 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
11:21:26.0252 1400 IPMIDRV - ok
11:21:26.0315 1400 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
11:21:26.0315 1400 IPNAT - ok
11:21:26.0455 1400 iPod Service (0ca8c2e721617aa2f923a8151c96fb33) C:\Program Files\iPod\bin\iPodService.exe
11:21:26.0486 1400 iPod Service - ok
11:21:26.0564 1400 irda (9f7e491fb0ba0f9e370163834fc1fe31) C:\Windows\system32\DRIVERS\irda.sys
11:21:26.0580 1400 irda - ok
11:21:26.0596 1400 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
11:21:26.0596 1400 IRENUM - ok
11:21:26.0627 1400 Irmon (4220d2f03d5c4226d0a1aa4b84025e45) C:\Windows\System32\irmon.dll
11:21:26.0627 1400 Irmon - ok
11:21:26.0674 1400 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
11:21:26.0674 1400 isapnp - ok
11:21:26.0720 1400 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
11:21:26.0720 1400 iScsiPrt - ok
11:21:26.0736 1400 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
11:21:26.0736 1400 kbdclass - ok
11:21:26.0783 1400 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
11:21:26.0783 1400 kbdhid - ok
11:21:26.0814 1400 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:21:26.0814 1400 KeyIso - ok
11:21:26.0830 1400 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
11:21:26.0845 1400 KSecDD - ok
11:21:26.0861 1400 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
11:21:26.0861 1400 KSecPkg - ok
11:21:26.0923 1400 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
11:21:26.0923 1400 KtmRm - ok
11:21:27.0001 1400 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
11:21:27.0001 1400 LanmanServer - ok
11:21:27.0032 1400 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
11:21:27.0032 1400 LanmanWorkstation - ok
11:21:27.0110 1400 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
11:21:27.0110 1400 lltdio - ok
11:21:27.0157 1400 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
11:21:27.0157 1400 lltdsvc - ok
11:21:27.0173 1400 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
11:21:27.0173 1400 lmhosts - ok
11:21:27.0204 1400 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:21:27.0204 1400 LSI_FC - ok
11:21:27.0235 1400 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:21:27.0235 1400 LSI_SAS - ok
11:21:27.0266 1400 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:21:27.0266 1400 LSI_SAS2 - ok
11:21:27.0298 1400 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:21:27.0298 1400 LSI_SCSI - ok
11:21:27.0313 1400 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
11:21:27.0313 1400 luafv - ok
11:21:27.0376 1400 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
11:21:27.0376 1400 Mcx2Svc - ok
11:21:27.0516 1400 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
11:21:27.0516 1400 MDM - ok
11:21:27.0547 1400 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
11:21:27.0547 1400 megasas - ok
11:21:27.0578 1400 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
11:21:27.0578 1400 MegaSR - ok
11:21:27.0610 1400 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
11:21:27.0610 1400 MMCSS - ok
11:21:27.0641 1400 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
11:21:27.0641 1400 Modem - ok
11:21:27.0656 1400 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
11:21:27.0656 1400 monitor - ok
11:21:27.0688 1400 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
11:21:27.0688 1400 mouclass - ok
11:21:27.0719 1400 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
11:21:27.0719 1400 mouhid - ok
11:21:27.0750 1400 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
11:21:27.0750 1400 mountmgr - ok
11:21:27.0781 1400 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
11:21:27.0781 1400 mpio - ok
11:21:27.0812 1400 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
11:21:27.0812 1400 mpsdrv - ok
11:21:27.0890 1400 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
11:21:27.0922 1400 MpsSvc - ok
11:21:27.0953 1400 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
11:21:27.0968 1400 MRxDAV - ok
11:21:28.0015 1400 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:21:28.0015 1400 mrxsmb - ok
11:21:28.0062 1400 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:21:28.0062 1400 mrxsmb10 - ok
11:21:28.0078 1400 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:21:28.0093 1400 mrxsmb20 - ok
11:21:28.0124 1400 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
11:21:28.0124 1400 msahci - ok
11:21:28.0171 1400 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
11:21:28.0171 1400 msdsm - ok
11:21:28.0218 1400 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
11:21:28.0218 1400 MSDTC - ok
11:21:28.0280 1400 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
11:21:28.0280 1400 Msfs - ok
11:21:28.0296 1400 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
11:21:28.0296 1400 mshidkmdf - ok
11:21:28.0312 1400 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
11:21:28.0312 1400 msisadrv - ok
11:21:28.0358 1400 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
11:21:28.0358 1400 MSiSCSI - ok
11:21:28.0374 1400 msiserver - ok
11:21:28.0405 1400 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
11:21:28.0405 1400 MSKSSRV - ok
11:21:28.0421 1400 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
11:21:28.0421 1400 MSPCLOCK - ok
11:21:28.0468 1400 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
11:21:28.0468 1400 MSPQM - ok
11:21:28.0499 1400 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
11:21:28.0499 1400 MsRPC - ok
11:21:28.0546 1400 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
11:21:28.0546 1400 mssmbios - ok
11:21:28.0561 1400 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
11:21:28.0577 1400 MSTEE - ok
11:21:28.0592 1400 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
11:21:28.0592 1400 MTConfig - ok
11:21:28.0639 1400 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
11:21:28.0639 1400 Mup - ok
11:21:28.0686 1400 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
11:21:28.0686 1400 napagent - ok
11:21:28.0733 1400 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
11:21:28.0733 1400 NativeWifiP - ok
11:21:28.0951 1400 NBService (6d8fcdd5bb3b676ef58fa234073492c6) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
11:21:28.0982 1400 NBService - ok
11:21:29.0060 1400 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
11:21:29.0092 1400 NDIS - ok
11:21:29.0123 1400 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
11:21:29.0138 1400 NdisCap - ok
11:21:29.0154 1400 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
11:21:29.0154 1400 NdisTapi - ok
11:21:29.0216 1400 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
11:21:29.0216 1400 Ndisuio - ok
11:21:29.0263 1400 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
11:21:29.0263 1400 NdisWan - ok
11:21:29.0310 1400 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
11:21:29.0310 1400 NDProxy - ok
11:21:29.0326 1400 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
11:21:29.0326 1400 NetBIOS - ok
11:21:29.0372 1400 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
11:21:29.0372 1400 NetBT - ok
11:21:29.0404 1400 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:21:29.0404 1400 Netlogon - ok
11:21:29.0466 1400 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
11:21:29.0466 1400 Netman - ok
11:21:29.0513 1400 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
11:21:29.0528 1400 netprofm - ok
11:21:29.0606 1400 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:21:29.0606 1400 NetTcpPortSharing - ok
11:21:29.0887 1400 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
11:21:30.0012 1400 netw5v32 - ok
11:21:30.0137 1400 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
11:21:30.0137 1400 nfrd960 - ok
11:21:30.0184 1400 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
11:21:30.0184 1400 NlaSvc - ok
11:21:30.0340 1400 NMIndexingService (e32686b4e27d11f83e3f2844e104c66c) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
11:21:30.0355 1400 NMIndexingService - ok
11:21:30.0418 1400 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
11:21:30.0418 1400 Npfs - ok
11:21:30.0449 1400 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
11:21:30.0464 1400 nsi - ok
11:21:30.0527 1400 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
11:21:30.0527 1400 nsiproxy - ok
11:21:30.0620 1400 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
11:21:30.0667 1400 Ntfs - ok
11:21:30.0683 1400 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
11:21:30.0683 1400 Null - ok
11:21:30.0745 1400 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
11:21:30.0745 1400 nvraid - ok
11:21:30.0776 1400 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
11:21:30.0776 1400 nvstor - ok
11:21:30.0823 1400 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
11:21:30.0823 1400 nv_agp - ok
11:21:30.0854 1400 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
11:21:30.0854 1400 ohci1394 - ok
11:21:30.0948 1400 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:21:30.0964 1400 ose - ok
11:21:31.0010 1400 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
11:21:31.0010 1400 p2pimsvc - ok
11:21:31.0057 1400 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
11:21:31.0073 1400 p2psvc - ok
11:21:31.0151 1400 PalmUSBD (dc450992eba6f914080c1f7fbeeed72c) C:\Windows\system32\drivers\PalmUSBD.sys
11:21:31.0151 1400 PalmUSBD - ok
11:21:31.0198 1400 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
11:21:31.0198 1400 Parport - ok
11:21:31.0229 1400 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
11:21:31.0229 1400 partmgr - ok
11:21:31.0276 1400 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
11:21:31.0291 1400 Parvdm - ok
11:21:31.0307 1400 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
11:21:31.0322 1400 PcaSvc - ok
11:21:31.0354 1400 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
11:21:31.0354 1400 pci - ok
11:21:31.0385 1400 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
11:21:31.0385 1400 pciide - ok
11:21:31.0400 1400 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
11:21:31.0416 1400 pcmcia - ok
11:21:31.0494 1400 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
11:21:31.0494 1400 pcouffin - ok
11:21:31.0525 1400 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
11:21:31.0541 1400 pcw - ok
11:21:31.0603 1400 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
11:21:31.0634 1400 PEAUTH - ok
11:21:31.0712 1400 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
11:21:31.0759 1400 PeerDistSvc - ok
11:21:31.0884 1400 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
11:21:31.0931 1400 pla - ok
11:21:32.0056 1400 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
11:21:32.0071 1400 PlugPlay - ok
11:21:32.0102 1400 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
11:21:32.0118 1400 PNRPAutoReg - ok
11:21:32.0149 1400 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
11:21:32.0149 1400 PNRPsvc - ok
11:21:32.0196 1400 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
11:21:32.0227 1400 PolicyAgent - ok
11:21:32.0274 1400 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
11:21:32.0274 1400 Power - ok
11:21:32.0321 1400 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
11:21:32.0321 1400 PptpMiniport - ok
11:21:32.0336 1400 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
11:21:32.0336 1400 Processor - ok
11:21:32.0383 1400 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
11:21:32.0383 1400 ProfSvc - ok
11:21:32.0414 1400 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:21:32.0414 1400 ProtectedStorage - ok
11:21:32.0492 1400 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
11:21:32.0492 1400 Psched - ok
11:21:32.0602 1400 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
11:21:32.0664 1400 ql2300 - ok
11:21:32.0758 1400 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
11:21:32.0758 1400 ql40xx - ok
11:21:32.0820 1400 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
11:21:32.0820 1400 QWAVE - ok
11:21:32.0851 1400 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
11:21:32.0851 1400 QWAVEdrv - ok
11:21:32.0882 1400 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
11:21:32.0882 1400 RasAcd - ok
11:21:32.0929 1400 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:21:32.0929 1400 RasAgileVpn - ok
11:21:32.0992 1400 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
11:21:32.0992 1400 RasAuto - ok
11:21:33.0023 1400 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:21:33.0023 1400 Rasl2tp - ok
11:21:33.0070 1400 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
11:21:33.0070 1400 RasMan - ok
11:21:33.0101 1400 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
11:21:33.0101 1400 RasPppoe - ok
11:21:33.0132 1400 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
11:21:33.0132 1400 RasSstp - ok
11:21:33.0194 1400 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
11:21:33.0210 1400 rdbss - ok
11:21:33.0226 1400 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
11:21:33.0226 1400 rdpbus - ok
11:21:33.0257 1400 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:21:33.0257 1400 RDPCDD - ok
11:21:33.0288 1400 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
11:21:33.0288 1400 RDPDR - ok
11:21:33.0304 1400 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
11:21:33.0304 1400 RDPENCDD - ok
11:21:33.0335 1400 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
11:21:33.0335 1400 RDPREFMP - ok
11:21:33.0428 1400 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
11:21:33.0428 1400 RDPWD - ok
11:21:33.0475 1400 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
11:21:33.0475 1400 rdyboost - ok
11:21:33.0522 1400 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
11:21:33.0522 1400 RemoteAccess - ok
11:21:33.0569 1400 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
11:21:33.0584 1400 RemoteRegistry - ok
11:21:33.0647 1400 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
11:21:33.0662 1400 RFCOMM - ok
11:21:33.0678 1400 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
11:21:33.0694 1400 RpcEptMapper - ok
11:21:33.0709 1400 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
11:21:33.0709 1400 RpcLocator - ok
11:21:33.0772 1400 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
11:21:33.0772 1400 RpcSs - ok
11:21:33.0803 1400 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
11:21:33.0803 1400 rspndr - ok
11:21:33.0834 1400 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
11:21:33.0834 1400 s3cap - ok
11:21:33.0881 1400 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:21:33.0881 1400 SamSs - ok
11:21:33.0959 1400 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
11:21:33.0959 1400 SASDIFSV - ok
11:21:33.0990 1400 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
11:21:33.0990 1400 SASKUTIL - ok
11:21:34.0021 1400 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
11:21:34.0021 1400 sbp2port - ok
11:21:34.0068 1400 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
11:21:34.0068 1400 SCardSvr - ok
11:21:34.0146 1400 ScFBPNT (6b77fdbadc3d4c1ddd2884e1f7557b12) C:\Windows\system32\drivers\ScFBPNT.SYS
11:21:34.0146 1400 ScFBPNT - ok
11:21:34.0193 1400 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
11:21:34.0193 1400 scfilter - ok
11:21:34.0286 1400 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
11:21:34.0333 1400 Schedule - ok
11:21:34.0396 1400 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
11:21:34.0396 1400 SCPolicySvc - ok
11:21:34.0427 1400 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
11:21:34.0442 1400 SDRSVC - ok
11:21:34.0505 1400 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:21:34.0505 1400 secdrv - ok
11:21:34.0552 1400 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
11:21:34.0552 1400 seclogon - ok
11:21:34.0567 1400 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
11:21:34.0583 1400 SENS - ok
11:21:34.0630 1400 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
11:21:34.0645 1400 SensrSvc - ok
11:21:34.0661 1400 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
11:21:34.0676 1400 Serenum - ok
11:21:34.0692 1400 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
11:21:34.0692 1400 Serial - ok
11:21:34.0739 1400 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
11:21:34.0739 1400 sermouse - ok
11:21:34.0786 1400 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
11:21:34.0801 1400 SessionEnv - ok
11:21:34.0832 1400 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
11:21:34.0832 1400 sffdisk - ok
11:21:34.0864 1400 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
11:21:34.0864 1400 sffp_mmc - ok
11:21:34.0879 1400 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
11:21:34.0879 1400 sffp_sd - ok
11:21:34.0910 1400 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
11:21:34.0926 1400 sfloppy - ok
11:21:34.0988 1400 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
11:21:35.0004 1400 SharedAccess - ok
11:21:35.0098 1400 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
11:21:35.0098 1400 ShellHWDetection - ok
11:21:35.0129 1400 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
11:21:35.0129 1400 sisagp - ok
11:21:35.0144 1400 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:21:35.0160 1400 SiSRaid2 - ok
11:21:35.0207 1400 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
11:21:35.0207 1400 SiSRaid4 - ok
11:21:35.0222 1400 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
11:21:35.0238 1400 Smb - ok
11:21:35.0254 1400 SMSCIRDA (d1bf7148144ad1851893e84363f78130) C:\Windows\system32\DRIVERS\SMSCirda.sys
11:21:35.0254 1400 SMSCIRDA - ok
11:21:35.0300 1400 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
11:21:35.0300 1400 SNMPTRAP - ok
11:21:35.0332 1400 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
11:21:35.0332 1400 spldr - ok
11:21:35.0378 1400 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
11:21:35.0394 1400 Spooler - ok
11:21:35.0612 1400 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
11:21:35.0768 1400 sppsvc - ok
11:21:35.0893 1400 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
11:21:35.0893 1400 sppuinotify - ok
11:21:35.0956 1400 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
11:21:35.0971 1400 srv - ok
11:21:36.0002 1400 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
11:21:36.0018 1400 srv2 - ok
11:21:36.0034 1400 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
11:21:36.0049 1400 srvnet - ok
11:21:36.0127 1400 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
11:21:36.0127 1400 SSDPSRV - ok
11:21:36.0158 1400 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
11:21:36.0158 1400 ssmdrv - ok
11:21:36.0174 1400 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
11:21:36.0190 1400 SstpSvc - ok
11:21:36.0205 1400 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
11:21:36.0205 1400 stexstor - ok
11:21:36.0268 1400 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
11:21:36.0283 1400 StiSvc - ok
11:21:36.0314 1400 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
11:21:36.0314 1400 storflt - ok
11:21:36.0377 1400 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
11:21:36.0392 1400 StorSvc - ok
11:21:36.0424 1400 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
11:21:36.0424 1400 storvsc - ok
11:21:36.0455 1400 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
11:21:36.0455 1400 swenum - ok
11:21:36.0502 1400 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
11:21:36.0517 1400 swprv - ok
11:21:36.0658 1400 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
11:21:36.0689 1400 SysMain - ok
11:21:36.0736 1400 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
11:21:36.0767 1400 TabletInputService - ok
11:21:36.0860 1400 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
11:21:36.0860 1400 taphss - ok
11:21:36.0907 1400 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
11:21:36.0923 1400 TapiSrv - ok
11:21:36.0954 1400 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
11:21:36.0954 1400 TBS - ok
11:21:37.0063 1400 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
11:21:37.0110 1400 Tcpip - ok
11:21:37.0126 1400 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
11:21:37.0141 1400 TCPIP6 - ok
11:21:37.0204 1400 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
11:21:37.0204 1400 tcpipreg - ok
11:21:37.0250 1400 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
11:21:37.0250 1400 TDPIPE - ok
11:21:37.0282 1400 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
11:21:37.0282 1400 TDTCP - ok
11:21:37.0328 1400 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
11:21:37.0328 1400 tdx - ok
11:21:37.0360 1400 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
11:21:37.0360 1400 TermDD - ok
11:21:37.0438 1400 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
11:21:37.0453 1400 TermService - ok
11:21:37.0484 1400 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
11:21:37.0500 1400 Themes - ok
11:21:37.0531 1400 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
11:21:37.0531 1400 THREADORDER - ok
11:21:37.0562 1400 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
11:21:37.0562 1400 TPM - ok
11:21:37.0625 1400 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
11:21:37.0625 1400 TrkWks - ok
11:21:37.0703 1400 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
11:21:37.0718 1400 TrustedInstaller - ok
11:21:37.0734 1400 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:21:37.0734 1400 tssecsrv - ok
11:21:37.0812 1400 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
11:21:37.0812 1400 TsUsbFlt - ok
11:21:37.0874 1400 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
11:21:37.0874 1400 tunnel - ok
11:21:37.0921 1400 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
11:21:37.0921 1400 uagp35 - ok
11:21:37.0968 1400 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
11:21:37.0968 1400 udfs - ok
11:21:37.0999 1400 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
11:21:38.0015 1400 UI0Detect - ok
11:21:38.0046 1400 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
11:21:38.0062 1400 uliagpkx - ok
11:21:38.0108 1400 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
11:21:38.0108 1400 umbus - ok
11:21:38.0124 1400 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
11:21:38.0124 1400 UmPass - ok
11:21:38.0218 1400 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
11:21:38.0218 1400 UmRdpService - ok
11:21:38.0249 1400 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
11:21:38.0264 1400 upnphost - ok
11:21:38.0296 1400 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\drivers\usbccgp.sys
11:21:38.0296 1400 usbccgp - ok
11:21:38.0327 1400 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
11:21:38.0342 1400 usbcir - ok
11:21:38.0389 1400 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
11:21:38.0389 1400 usbehci - ok
11:21:38.0436 1400 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
11:21:38.0436 1400 usbhub - ok
11:21:38.0483 1400 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
11:21:38.0483 1400 usbohci - ok
11:21:38.0561 1400 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
11:21:38.0561 1400 usbprint - ok
11:21:38.0576 1400 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:21:38.0576 1400 USBSTOR - ok
11:21:38.0608 1400 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
11:21:38.0608 1400 usbuhci - ok
11:21:38.0623 1400 USB_RNDIS (b71da871254d96d0349639d03e4c1cc1) C:\Windows\system32\DRIVERS\usb8023.sys
11:21:38.0623 1400 USB_RNDIS - ok
11:21:38.0810 1400 usnjsvc (14d664b34ad1897f9c99f37886daea61) C:\Program Files\Windows Live\Messenger\usnsvc.exe
11:21:38.0810 1400 usnjsvc - ok
11:21:38.0842 1400 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
11:21:38.0842 1400 UxSms - ok
11:21:38.0873 1400 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:21:38.0873 1400 VaultSvc - ok
11:21:38.0935 1400 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
11:21:38.0935 1400 vdrvroot - ok
11:21:38.0998 1400 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
11:21:39.0013 1400 vds - ok
11:21:39.0029 1400 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
11:21:39.0029 1400 vga - ok
11:21:39.0060 1400 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
11:21:39.0060 1400 VgaSave - ok
11:21:39.0107 1400 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
11:21:39.0107 1400 vhdmp - ok
11:21:39.0138 1400 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
11:21:39.0138 1400 viaagp - ok
11:21:39.0169 1400 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
11:21:39.0169 1400 ViaC7 - ok
11:21:39.0200 1400 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
11:21:39.0200 1400 viaide - ok
11:21:39.0247 1400 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
11:21:39.0247 1400 vmbus - ok
11:21:39.0263 1400 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
11:21:39.0263 1400 VMBusHID - ok
11:21:39.0278 1400 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
11:21:39.0294 1400 volmgr - ok
11:21:39.0356 1400 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
11:21:39.0372 1400 volmgrx - ok
11:21:39.0388 1400 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
11:21:39.0403 1400 volsnap - ok
11:21:39.0434 1400 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
11:21:39.0434 1400 vsmraid - ok
11:21:39.0512 1400 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
11:21:39.0559 1400 VSS - ok
11:21:39.0575 1400 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
11:21:39.0575 1400 vwifibus - ok
11:21:39.0622 1400 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
11:21:39.0637 1400 W32Time - ok
11:21:39.0668 1400 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
11:21:39.0668 1400 WacomPen - ok
11:21:39.0700 1400 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
11:21:39.0700 1400 WANARP - ok
11:21:39.0700 1400 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
11:21:39.0700 1400 Wanarpv6 - ok
11:21:39.0793 1400 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
11:21:39.0840 1400 wbengine - ok
11:21:39.0918 1400 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
11:21:39.0918 1400 WbioSrvc - ok
11:21:39.0965 1400 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
11:21:39.0965 1400 wcncsvc - ok
11:21:39.0996 1400 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
11:21:40.0012 1400 WcsPlugInService - ok
11:21:40.0090 1400 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
11:21:40.0090 1400 Wd - ok
11:21:40.0136 1400 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
11:21:40.0168 1400 Wdf01000 - ok
11:21:40.0199 1400 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
11:21:40.0199 1400 WdiServiceHost - ok
11:21:40.0214 1400 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
11:21:40.0214 1400 WdiSystemHost - ok
11:21:40.0261 1400 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
11:21:40.0261 1400 WebClient - ok
11:21:40.0308 1400 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
11:21:40.0308 1400 Wecsvc - ok
11:21:40.0339 1400 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
11:21:40.0339 1400 wercplsupport - ok
11:21:40.0355 1400 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
11:21:40.0355 1400 WerSvc - ok
11:21:40.0417 1400 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
11:21:40.0417 1400 WfpLwf - ok
11:21:40.0448 1400 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
11:21:40.0448 1400 WIMMount - ok
11:21:40.0542 1400 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
11:21:40.0573 1400 WinDefend - ok
11:21:40.0573 1400 WinHttpAutoProxySvc - ok
11:21:40.0667 1400 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
11:21:40.0682 1400 Winmgmt - ok
11:21:40.0776 1400 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
11:21:40.0823 1400 WinRM - ok
11:21:40.0932 1400 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
11:21:40.0932 1400 WinUsb - ok
11:21:41.0026 1400 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
11:21:41.0057 1400 Wlansvc - ok
11:21:41.0228 1400 WLSetupSvc (f7753932bc154cb1eb76f3cd1db693fb) C:\Program Files\Windows Live\installer\WLSetupSvc.exe
11:21:41.0228 1400 WLSetupSvc - ok
11:21:41.0291 1400 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
11:21:41.0291 1400 WmiAcpi - ok
11:21:41.0416 1400 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
11:21:41.0416 1400 wmiApSrv - ok
11:21:41.0556 1400 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
11:21:41.0603 1400 WMPNetworkSvc - ok
11:21:41.0634 1400 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
11:21:41.0634 1400 WPCSvc - ok
11:21:41.0681 1400 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
11:21:41.0681 1400 WPDBusEnum - ok
11:21:41.0743 1400 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
11:21:41.0743 1400 ws2ifsl - ok
11:21:41.0774 1400 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
11:21:41.0774 1400 wscsvc - ok
11:21:41.0790 1400 WSearch - ok
11:21:41.0930 1400 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
11:21:41.0993 1400 wuauserv - ok
11:21:42.0133 1400 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
11:21:42.0133 1400 WudfPf - ok
11:21:42.0211 1400 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:21:42.0211 1400 WUDFRd - ok
11:21:42.0258 1400 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
11:21:42.0258 1400 wudfsvc - ok
11:21:42.0305 1400 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
11:21:42.0320 1400 WwanSvc - ok
11:21:42.0398 1400 MBR (0x1B8) (9b4a5e102a9a4593e7df62a936f27e48) \Device\Harddisk0\DR0
11:21:42.0430 1400 \Device\Harddisk0\DR0 - ok
11:21:42.0430 1400 MBR (0x1B8) (531fc014d164cd37522434edd791ec31) \Device\Harddisk1\DR1
11:21:42.0679 1400 \Device\Harddisk1\DR1 - ok
11:21:42.0695 1400 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk2\DR2
11:21:46.0049 1400 \Device\Harddisk2\DR2 - ok
11:21:46.0080 1400 Boot (0x1200) (205ea78dc4865836769dda7b01f0238e) \Device\Harddisk0\DR0\Partition0
11:21:46.0080 1400 \Device\Harddisk0\DR0\Partition0 - ok
11:21:46.0096 1400 Boot (0x1200) (5c2a2527faf2defc123e95334900b657) \Device\Harddisk0\DR0\Partition1
11:21:46.0096 1400 \Device\Harddisk0\DR0\Partition1 - ok
11:21:46.0142 1400 Boot (0x1200) (cf381bf4f749ad7412afee7167d15136) \Device\Harddisk0\DR0\Partition2
11:21:46.0142 1400 \Device\Harddisk0\DR0\Partition2 - ok
11:21:46.0158 1400 Boot (0x1200) (f812c72394a820a0c88e5babf71e1600) \Device\Harddisk1\DR1\Partition0
11:21:46.0158 1400 \Device\Harddisk1\DR1\Partition0 - ok
11:21:46.0158 1400 Boot (0x1200) (31ecfbe7154cad274a0803b9bb8c6655) \Device\Harddisk1\DR1\Partition1
11:21:46.0158 1400 \Device\Harddisk1\DR1\Partition1 - ok
11:21:46.0174 1400 Boot (0x1200) (b32ad619e749a83c591604b43c1a2b72) \Device\Harddisk2\DR2\Partition0
11:21:46.0174 1400 \Device\Harddisk2\DR2\Partition0 - ok
11:21:46.0174 1400 ============================================================
11:21:46.0174 1400 Scan finished
11:21:46.0174 1400 ============================================================
11:21:46.0189 2044 Detected object count: 0
11:21:46.0189 2044 Actual detected object count: 0
11:23:38.0229 1648 ============================================================
11:23:38.0229 1648 Scan started
11:23:38.0229 1648 Mode: Manual; SigCheck; TDLFS;
11:23:38.0229 1648 ============================================================
11:23:38.0587 1648 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
11:23:38.0759 1648 !SASCORE - ok
11:23:38.0837 1648 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
11:23:38.0946 1648 1394ohci - ok
11:23:39.0009 1648 Accelerometer (cc1f1d3d70dc13c2c281488d347d4415) C:\Windows\system32\DRIVERS\Accelerometer.sys
11:23:39.0040 1648 Accelerometer - ok
11:23:39.0055 1648 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
11:23:39.0071 1648 ACPI - ok
11:23:39.0087 1648 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
11:23:39.0196 1648 AcpiPmi - ok
11:23:39.0258 1648 ADIHdAudAddService (fb9ece3f7b8a03e474e611031ad4cd23) C:\Windows\system32\drivers\ADIHdAud.sys
11:23:39.0321 1648 ADIHdAudAddService - ok
11:23:39.0383 1648 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
11:23:39.0399 1648 adp94xx - ok
11:23:39.0430 1648 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
11:23:39.0445 1648 adpahci - ok
11:23:39.0477 1648 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
11:23:39.0477 1648 adpu320 - ok
11:23:39.0508 1648 AEADIFilters (12d23758621b00b8d3134095ec3325fd) C:\Windows\system32\AEADISRV.EXE
11:23:39.0586 1648 AEADIFilters - ok
11:23:39.0633 1648 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
11:23:39.0695 1648 AeLookupSvc - ok
11:23:39.0742 1648 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
11:23:39.0804 1648 AFD - ok
11:23:39.0898 1648 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
11:23:39.0976 1648 AgereSoftModem - ok
11:23:40.0023 1648 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
11:23:40.0038 1648 agp440 - ok
11:23:40.0069 1648 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
11:23:40.0085 1648 aic78xx - ok
11:23:40.0116 1648 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
11:23:40.0179 1648 ALG - ok
11:23:40.0210 1648 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
11:23:40.0225 1648 aliide - ok
11:23:40.0257 1648 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
11:23:40.0272 1648 amdagp - ok
11:23:40.0303 1648 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
11:23:40.0303 1648 amdide - ok
11:23:40.0335 1648 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
11:23:40.0381 1648 AmdK8 - ok
11:23:40.0428 1648 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
11:23:40.0475 1648 AmdPPM - ok
11:23:40.0506 1648 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
11:23:40.0522 1648 amdsata - ok
11:23:40.0569 1648 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
11:23:40.0584 1648 amdsbs - ok
11:23:40.0600 1648 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
11:23:40.0615 1648 amdxata - ok
11:23:40.0756 1648 AntiVirSchedulerService (72709089a54bdc1c5b16bc4a4b926567) C:\Program Files\Avira\AntiVir Desktop\sched.exe
11:23:40.0787 1648 AntiVirSchedulerService - ok
11:23:40.0818 1648 AntiVirService (42f88bfbb76f7a63e381829479b18518) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
11:23:40.0834 1648 AntiVirService - ok
11:23:40.0881 1648 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
11:23:41.0052 1648 AppID - ok
11:23:41.0083 1648 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
11:23:41.0130 1648 AppIDSvc - ok
11:23:41.0193 1648 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
11:23:41.0239 1648 Appinfo - ok
11:23:41.0317 1648 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:23:41.0333 1648 Apple Mobile Device - ok
11:23:41.0364 1648 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
11:23:41.0411 1648 AppMgmt - ok
11:23:41.0442 1648 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
11:23:41.0458 1648 arc - ok
11:23:41.0473 1648 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
11:23:41.0489 1648 arcsas - ok
11:23:41.0536 1648 ArgusMonitor (e021766f2de7f7c1c37f4eb6ca0d6134) C:\Windows\system32\drivers\ArgusMonitor.sys
11:23:41.0692 1648 ArgusMonitor - ok
11:23:41.0723 1648 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
11:23:41.0879 1648 AsyncMac - ok
11:23:41.0895 1648 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
11:23:41.0910 1648 atapi - ok
11:23:41.0973 1648 ATSwpWDF (befe54e9bc648a3c79c917a63b6ee7da) C:\Windows\system32\Drivers\ATSwpWDF.sys
11:23:41.0988 1648 ATSwpWDF - ok
11:23:42.0051 1648 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
11:23:42.0113 1648 AudioEndpointBuilder - ok
11:23:42.0113 1648 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
11:23:42.0144 1648 Audiosrv - ok
11:23:42.0191 1648 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
11:23:42.0207 1648 avgntflt - ok
11:23:42.0238 1648 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
11:23:42.0253 1648 avipbb - ok
11:23:42.0269 1648 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
11:23:42.0285 1648 avkmgr - ok
11:23:42.0331 1648 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
11:23:42.0409 1648 AxInstSV - ok
11:23:42.0472 1648 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
11:23:42.0534 1648 b06bdrv - ok
11:23:42.0565 1648 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
11:23:42.0597 1648 b57nd60x - ok
11:23:42.0643 1648 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
11:23:42.0706 1648 BDESVC - ok
11:23:42.0721 1648 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
11:23:42.0768 1648 Beep - ok
11:23:42.0831 1648 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
11:23:42.0877 1648 BFE - ok
11:23:42.0955 1648 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
11:23:43.0002 1648 BITS - ok
11:23:43.0049 1648 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
11:23:43.0080 1648 blbdrive - ok
11:23:43.0189 1648 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
11:23:43.0189 1648 Bonjour Service - ok
11:23:43.0236 1648 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
11:23:43.0283 1648 bowser - ok
11:23:43.0330 1648 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:23:43.0392 1648 BrFiltLo - ok
11:23:43.0423 1648 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:23:43.0470 1648 BrFiltUp - ok
11:23:43.0486 1648 Bridge (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
11:23:43.0533 1648 Bridge - ok
11:23:43.0533 1648 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
11:23:43.0564 1648 BridgeMP - ok
11:23:43.0595 1648 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
11:23:43.0642 1648 Browser - ok
11:23:43.0704 1648 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
11:23:43.0735 1648 Brserid - ok
11:23:43.0767 1648 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
11:23:43.0798 1648 BrSerWdm - ok
11:23:43.0829 1648 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:23:43.0860 1648 BrUsbMdm - ok
11:23:43.0891 1648 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
11:23:43.0923 1648 BrUsbSer - ok
11:23:43.0954 1648 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
11:23:44.0001 1648 BthEnum - ok
11:23:44.0032 1648 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
11:23:44.0063 1648 BTHMODEM - ok
11:23:44.0110 1648 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
11:23:44.0141 1648 BthPan - ok
11:23:44.0188 1648 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
11:23:44.0219 1648 BTHPORT - ok
11:23:44.0250 1648 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
11:23:44.0297 1648 bthserv - ok
11:23:44.0313 1648 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
11:23:44.0359 1648 BTHUSB - ok
11:23:44.0391 1648 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
11:23:44.0453 1648 cdfs - ok
11:23:44.0500 1648 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
11:23:44.0531 1648 cdrom - ok
11:23:44.0562 1648 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
11:23:44.0640 1648 CertPropSvc - ok
11:23:44.0656 1648 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
11:23:44.0703 1648 circlass - ok
11:23:44.0749 1648 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
11:23:44.0765 1648 CLFS - ok
11:23:44.0859 1648 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:23:44.0859 1648 clr_optimization_v2.0.50727_32 - ok
11:23:44.0937 1648 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:23:44.0937 1648 clr_optimization_v4.0.30319_32 - ok
11:23:44.0968 1648 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
11:23:44.0983 1648 CmBatt - ok
11:23:45.0202 1648 cmdAgent (907324001ae25ac5959c91eaa34cabae) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
11:23:45.0264 1648 cmdAgent - ok
11:23:45.0405 1648 cmdGuard (ed042da80d9d6a087e83df395ceefd65) C:\Windows\system32\DRIVERS\cmdguard.sys
11:23:45.0420 1648 cmdGuard - ok
11:23:45.0451 1648 cmdHlp (ed6b6a222cb9adf6751e02ad478a89fb) C:\Windows\system32\DRIVERS\cmdhlp.sys
11:23:45.0467 1648 cmdHlp - ok
11:23:45.0498 1648 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
11:23:45.0498 1648 cmdide - ok
11:23:45.0561 1648 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
11:23:45.0592 1648 CNG - ok
11:23:45.0717 1648 Com4QLBEx (c7a0e61d5714ac20de52d4f66ec773b8) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
11:23:45.0717 1648 Com4QLBEx - ok
11:23:45.0763 1648 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
11:23:45.0779 1648 Compbatt - ok
11:23:45.0810 1648 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
11:23:45.0841 1648 CompositeBus - ok
11:23:45.0841 1648 COMSysApp - ok
11:23:45.0873 1648 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
11:23:45.0888 1648 crcdisk - ok
11:23:45.0919 1648 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
11:23:45.0982 1648 CryptSvc - ok
11:23:46.0029 1648 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
11:23:46.0060 1648 CSC - ok
11:23:46.0107 1648 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
11:23:46.0122 1648 CscService - ok
11:23:46.0169 1648 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
11:23:46.0216 1648 DcomLaunch - ok
11:23:46.0278 1648 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
11:23:46.0325 1648 defragsvc - ok
11:23:46.0403 1648 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
11:23:46.0465 1648 DfsC - ok
11:23:46.0512 1648 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
11:23:46.0575 1648 Dhcp - ok
11:23:46.0606 1648 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
11:23:46.0653 1648 discache - ok
11:23:46.0684 1648 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
11:23:46.0684 1648 Disk - ok
11:23:46.0731 1648 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
11:23:46.0793 1648 Dnscache - ok
11:23:46.0824 1648 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
11:23:46.0871 1648 dot3svc - ok
11:23:46.0933 1648 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
11:23:46.0996 1648 DPS - ok
11:23:47.0167 1648 DragonUpdater (0036e686ca66bd1b005776ac8064640b) C:\Program Files\Comodo\Dragon\dragon_updater.exe
11:23:47.0183 1648 DragonUpdater - ok
11:23:47.0230 1648 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
11:23:47.0261 1648 drmkaud - ok
11:23:47.0308 1648 dtsoftbus01 (687af6bb383885ff6a64071b189a7f3e) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
11:23:47.0323 1648 dtsoftbus01 - ok
11:23:47.0651 1648 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
11:23:47.0682 1648 DXGKrnl - ok
11:23:47.0713 1648 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
11:23:47.0776 1648 EapHost - ok
11:23:47.0994 1648 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
11:23:48.0057 1648 ebdrv - ok
11:23:48.0166 1648 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
11:23:48.0213 1648 EFS - ok
11:23:48.0306 1648 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
11:23:48.0369 1648 ehRecvr - ok
11:23:48.0415 1648 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
11:23:48.0447 1648 ehSched - ok
11:23:48.0540 1648 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
11:23:48.0556 1648 elxstor - ok
11:23:48.0603 1648 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
11:23:48.0634 1648 ErrDev - ok
11:23:48.0696 1648 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
11:23:48.0743 1648 EventSystem - ok
11:23:48.0774 1648 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
11:23:48.0805 1648 exfat - ok
11:23:48.0837 1648 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
11:23:48.0883 1648 fastfat - ok
11:23:48.0946 1648 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
11:23:48.0993 1648 Fax - ok
11:23:49.0039 1648 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
11:23:49.0055 1648 fdc - ok
11:23:49.0055 1648 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
11:23:49.0117 1648 fdPHost - ok
11:23:49.0149 1648 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
11:23:49.0195 1648 FDResPub - ok
11:23:49.0211 1648 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
11:23:49.0227 1648 FileInfo - ok
11:23:49.0242 1648 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
11:23:49.0305 1648 Filetrace - ok
11:23:49.0320 1648 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
11:23:49.0367 1648 flpydisk - ok
11:23:49.0414 1648 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
11:23:49.0414 1648 FltMgr - ok
11:23:49.0523 1648 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
11:23:49.0585 1648 FontCache - ok
11:23:49.0663 1648 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:23:49.0679 1648 FontCache3.0.0.0 - ok
11:23:49.0726 1648 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
11:23:49.0726 1648 FsDepends - ok
11:23:49.0741 1648 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
11:23:49.0757 1648 Fs_Rec - ok
11:23:49.0804 1648 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
11:23:49.0819 1648 fvevol - ok
11:23:49.0835 1648 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:23:49.0851 1648 gagp30kx - ok
11:23:49.0882 1648 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:23:49.0882 1648 GEARAspiWDM - ok
11:23:49.0944 1648 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
11:23:50.0007 1648 gpsvc - ok
11:23:50.0038 1648 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
11:23:50.0053 1648 hamachi - ok
11:23:50.0194 1648 Hamachi2Svc (d1c12332326d7f4ab5cb57c660feed0b) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
11:23:50.0225 1648 Hamachi2Svc - ok
11:23:50.0350 1648 HBtnKey (c172f0d0329e46513b09e1fc60a27b9d) C:\Windows\system32\DRIVERS\cpqbttn.sys
11:23:50.0365 1648 HBtnKey - ok
11:23:50.0381 1648 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
11:23:50.0443 1648 hcw85cir - ok
11:23:50.0521 1648 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
11:23:50.0553 1648 HdAudAddService - ok
11:23:50.0584 1648 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
11:23:50.0631 1648 HDAudBus - ok
11:23:50.0662 1648 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
11:23:50.0693 1648 HidBatt - ok
11:23:50.0709 1648 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
11:23:50.0740 1648 HidBth - ok
11:23:50.0755 1648 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
11:23:50.0787 1648 HidIr - ok
11:23:50.0849 1648 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
11:23:50.0880 1648 hidserv - ok
11:23:50.0911 1648 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
11:23:50.0958 1648 HidUsb - ok
11:23:51.0005 1648 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
11:23:51.0052 1648 hkmsvc - ok
11:23:51.0099 1648 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
11:23:51.0130 1648 HomeGroupListener - ok
11:23:51.0177 1648 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
11:23:51.0223 1648 HomeGroupProvider - ok
11:23:51.0255 1648 hpdskflt (4ef10b866c62abbeaf7511cdd05a19be) C:\Windows\system32\DRIVERS\hpdskflt.sys
11:23:51.0270 1648 hpdskflt - ok
11:23:51.0301 1648 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
11:23:51.0348 1648 HpqKbFiltr - ok
11:23:51.0426 1648 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
11:23:51.0442 1648 hpqwmiex - ok
11:23:51.0504 1648 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
11:23:51.0504 1648 HpSAMD - ok
11:23:51.0535 1648 hpsrv (c0beb56ed79b59b7b33d0aa6c38a0ba6) C:\Windows\system32\Hpservice.exe
11:23:51.0535 1648 hpsrv - ok
11:23:51.0754 1648 hshld (575546ee9a39dd5cb3b4e34a146a8a3e) C:\Program Files\Hotspot Shield\bin\openvpnas.exe
11:23:51.0769 1648 hshld - ok
11:23:51.0801 1648 HssDrv (4f28652ec514fa1ba473bc1a695a5c98) C:\Windows\system32\DRIVERS\HssDrv.sys
11:23:51.0816 1648 HssDrv - ok
11:23:51.0894 1648 HssSrv (2cfea9c337b699aca38487e8a7438f35) C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
11:23:51.0910 1648 HssSrv - ok
11:23:51.0957 1648 HssTrayService (4efb7fc2a11db10ab6205206d60c432b) C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
11:23:51.0957 1648 HssTrayService - ok
11:23:51.0972 1648 HssWd - ok
11:23:52.0066 1648 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
11:23:52.0097 1648 HTTP - ok
11:23:52.0128 1648 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
11:23:52.0144 1648 hwpolicy - ok
11:23:52.0175 1648 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
11:23:52.0222 1648 i8042prt - ok
11:23:52.0269 1648 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
11:23:52.0284 1648 iaStorV - ok
11:23:52.0347 1648 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
11:23:52.0362 1648 IDriverT ( UnsignedFile.Multi.Generic ) - warning
11:23:52.0362 1648 IDriverT - detected UnsignedFile.Multi.Generic (1)
11:23:52.0503 1648 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:23:52.0518 1648 idsvc - ok
11:23:52.0877 1648 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
11:23:52.0986 1648 igfx - ok
11:23:53.0080 1648 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
11:23:53.0095 1648 iirsp - ok
11:23:53.0158 1648 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
11:23:53.0205 1648 IKEEXT - ok
11:23:53.0267 1648 inspect (2ee3db2c1760171c6f72f2f1792a47b5) C:\Windows\system32\DRIVERS\inspect.sys
11:23:53.0267 1648 inspect - ok
11:23:53.0314 1648 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
11:23:53.0329 1648 intelide - ok
11:23:53.0345 1648 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
11:23:53.0376 1648 intelppm - ok
11:23:53.0407 1648 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
11:23:53.0470 1648 IPBusEnum - ok
11:23:53.0501 1648 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:23:53.0532 1648 IpFilterDriver - ok
11:23:53.0579 1648 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
11:23:53.0641 1648 iphlpsvc - ok
11:23:53.0688 1648 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
11:23:53.0719 1648 IPMIDRV - ok
11:23:53.0782 1648 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
11:23:53.0829 1648 IPNAT - ok
11:23:53.0938 1648 iPod Service (0ca8c2e721617aa2f923a8151c96fb33) C:\Program Files\iPod\bin\iPodService.exe
11:23:53.0969 1648 iPod Service - ok
11:23:53.0985 1648 irda (9f7e491fb0ba0f9e370163834fc1fe31) C:\Windows\system32\DRIVERS\irda.sys
11:23:54.0063 1648 irda - ok
11:23:54.0078 1648 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
11:23:54.0109 1648 IRENUM - ok
11:23:54.0156 1648 Irmon (4220d2f03d5c4226d0a1aa4b84025e45) C:\Windows\System32\irmon.dll
11:23:54.0172 1648 Irmon - ok
11:23:54.0203 1648 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
11:23:54.0219 1648 isapnp - ok
11:23:54.0265 1648 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
11:23:54.0281 1648 iScsiPrt - ok
11:23:54.0312 1648 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
11:23:54.0328 1648 kbdclass - ok
11:23:54.0343 1648 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
11:23:54.0375 1648 kbdhid - ok
11:23:54.0484 1648 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:23:54.0499 1648 KeyIso - ok
11:23:54.0531 1648 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
11:23:54.0546 1648 KSecDD - ok
11:23:54.0562 1648 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
11:23:54.0577 1648 KSecPkg - ok
11:23:54.0624 1648 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
11:23:54.0687 1648 KtmRm - ok
11:23:54.0733 1648 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
11:23:54.0780 1648 LanmanServer - ok
11:23:54.0827 1648 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
11:23:54.0874 1648 LanmanWorkstation - ok
11:23:54.0905 1648 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
11:23:54.0936 1648 lltdio - ok
11:23:54.0967 1648 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
11:23:55.0014 1648 lltdsvc - ok
11:23:55.0045 1648 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
11:23:55.0139 1648 lmhosts - ok
11:23:55.0186 1648 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:23:55.0201 1648 LSI_FC - ok
11:23:55.0217 1648 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:23:55.0233 1648 LSI_SAS - ok
11:23:55.0248 1648 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:23:55.0264 1648 LSI_SAS2 - ok
11:23:55.0295 1648 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:23:55.0311 1648 LSI_SCSI - ok
11:23:55.0326 1648 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
11:23:55.0357 1648 luafv - ok
11:23:55.0389 1648 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
11:23:55.0404 1648 Mcx2Svc - ok
11:23:55.0529 1648 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
11:23:55.0529 1648 MDM - ok
11:23:55.0576 1648 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
11:23:55.0576 1648 megasas - ok
11:23:55.0607 1648 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
11:23:55.0623 1648 MegaSR - ok
11:23:55.0654 1648 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
11:23:55.0701 1648 MMCSS - ok
11:23:55.0732 1648 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
11:23:55.0779 1648 Modem - ok
11:23:55.0794 1648 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
11:23:55.0841 1648 monitor - ok
11:23:55.0872 1648 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
11:23:55.0888 1648 mouclass - ok
11:23:55.0919 1648 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
11:23:55.0981 1648 mouhid - ok
11:23:56.0013 1648 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
11:23:56.0028 1648 mountmgr - ok
11:23:56.0091 1648 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
11:23:56.0091 1648 mpio - ok
11:23:56.0122 1648 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
11:23:56.0200 1648 mpsdrv - ok
11:23:56.0278 1648 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
11:23:56.0309 1648 MpsSvc - ok
11:23:56.0356 1648 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
11:23:56.0387 1648 MRxDAV - ok
11:23:56.0434 1648 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:23:56.0496 1648 mrxsmb - ok
11:23:56.0543 1648 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:23:56.0559 1648 mrxsmb10 - ok
11:23:56.0574 1648 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:23:56.0605 1648 mrxsmb20 - ok
11:23:56.0652 1648 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
11:23:56.0652 1648 msahci - ok
11:23:56.0699 1648 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
11:23:56.0715 1648 msdsm - ok
11:23:56.0761 1648 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
11:23:56.0793 1648 MSDTC - ok
11:23:56.0839 1648 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
11:23:56.0886 1648 Msfs - ok
11:23:56.0917 1648 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
11:23:56.0933 1648 mshidkmdf - ok
11:23:56.0949 1648 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
11:23:56.0964 1648 msisadrv - ok
11:23:57.0011 1648 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
11:23:57.0042 1648 MSiSCSI - ok
11:23:57.0058 1648 msiserver - ok
11:23:57.0073 1648 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
11:23:57.0120 1648 MSKSSRV - ok
11:23:57.0136 1648 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
11:23:57.0183 1648 MSPCLOCK - ok
11:23:57.0198 1648 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
11:23:57.0261 1648 MSPQM - ok
11:23:57.0292 1648 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
11:23:57.0307 1648 MsRPC - ok
11:23:57.0354 1648 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
11:23:57.0370 1648 mssmbios - ok
11:23:57.0417 1648 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
11:23:57.0432 1648 MSTEE - ok
11:23:57.0448 1648 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
11:23:57.0479 1648 MTConfig - ok
11:23:57.0495 1648 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
11:23:57.0510 1648 Mup - ok
11:23:57.0573 1648 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
11:23:57.0604 1648 napagent - ok
11:23:57.0635 1648 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
11:23:57.0666 1648 NativeWifiP - ok
11:23:57.0838 1648 NBService (6d8fcdd5bb3b676ef58fa234073492c6) C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
11:23:57.0853 1648 NBService - ok
11:23:57.0916 1648 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
11:23:57.0947 1648 NDIS - ok
11:23:57.0978 1648 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
11:23:58.0025 1648 NdisCap - ok
11:23:58.0056 1648 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
11:23:58.0103 1648 NdisTapi - ok
11:23:58.0150 1648 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
11:23:58.0197 1648 Ndisuio - ok
11:23:58.0228 1648 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
11:23:58.0259 1648 NdisWan - ok
11:23:58.0290 1648 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
11:23:58.0337 1648 NDProxy - ok
11:23:58.0368 1648 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
11:23:58.0399 1648 NetBIOS - ok
11:23:58.0446 1648 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
11:23:58.0493 1648 NetBT - ok
11:23:58.0524 1648 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:23:58.0540 1648 Netlogon - ok
11:23:58.0587 1648 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
11:23:58.0618 1648 Netman - ok
11:23:58.0665 1648 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
11:23:58.0696 1648 netprofm - ok
11:23:58.0774 1648 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:23:58.0789 1648 NetTcpPortSharing - ok
11:23:59.0039 1648 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
11:23:59.0148 1648 netw5v32 - ok
11:23:59.0273 1648 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
11:23:59.0289 1648 nfrd960 - ok
11:23:59.0320 1648 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
11:23:59.0367 1648 NlaSvc - ok
11:23:59.0491 1648 NMIndexingService (e32686b4e27d11f83e3f2844e104c66c) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
11:23:59.0491 1648 NMIndexingService - ok
11:23:59.0523 1648 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
11:23:59.0569 1648 Npfs - ok
11:23:59.0616 1648 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
11:23:59.0663 1648 nsi - ok
11:23:59.0710 1648 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
11:23:59.0757 1648 nsiproxy - ok
11:23:59.0866 1648 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
11:23:59.0897 1648 Ntfs - ok
11:23:59.0913 1648 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
11:23:59.0959 1648 Null - ok
11:24:00.0022 1648 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
11:24:00.0037 1648 nvraid - ok
11:24:00.0053 1648 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
11:24:00.0069 1648 nvstor - ok
11:24:00.0100 1648 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
11:24:00.0115 1648 nv_agp - ok
11:24:00.0147 1648 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
11:24:00.0147 1648 ohci1394 - ok
11:24:00.0225 1648 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:24:00.0225 1648 ose - ok
11:24:00.0271 1648 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
11:24:00.0334 1648 p2pimsvc - ok
11:24:00.0396 1648 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
11:24:00.0412 1648 p2psvc - ok
11:24:00.0443 1648 PalmUSBD (dc450992eba6f914080c1f7fbeeed72c) C:\Windows\system32\drivers\PalmUSBD.sys
11:24:00.0490 1648 PalmUSBD - ok
11:24:00.0521 1648 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
11:24:00.0537 1648 Parport - ok
11:24:00.0583 1648 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
11:24:00.0583 1648 partmgr - ok
11:24:00.0615 1648 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
11:24:00.0615 1648 Parvdm - ok
11:24:00.0646 1648 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
11:24:00.0661 1648 PcaSvc - ok
11:24:00.0708 1648 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
11:24:00.0724 1648 pci - ok
11:24:00.0739 1648 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
11:24:00.0739 1648 pciide - ok
11:24:00.0817 1648 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
11:24:00.0833 1648 pcmcia - ok
11:24:00.0864 1648 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
11:24:00.0895 1648 pcouffin - ok
11:24:00.0911 1648 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
11:24:00.0927 1648 pcw - ok
11:24:00.0989 1648 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
11:24:01.0036 1648 PEAUTH - ok
11:24:01.0192 1648 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
11:24:01.0239 1648 PeerDistSvc - ok
11:24:01.0363 1648 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
11:24:01.0410 1648 pla - ok
11:24:01.0535 1648 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
11:24:01.0597 1648 PlugPlay - ok
11:24:01.0644 1648 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
11:24:01.0675 1648 PNRPAutoReg - ok
11:24:01.0738 1648 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
11:24:01.0753 1648 PNRPsvc - ok
11:24:01.0800 1648 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
11:24:01.0847 1648 PolicyAgent - ok
11:24:01.0894 1648 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
11:24:01.0925 1648 Power - ok
11:24:01.0987 1648 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
11:24:02.0019 1648 PptpMiniport - ok
11:24:02.0050 1648 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
11:24:02.0097 1648 Processor - ok
11:24:02.0128 1648 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
11:24:02.0159 1648 ProfSvc - ok
11:24:02.0190 1648 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:24:02.0206 1648 ProtectedStorage - ok
11:24:02.0237 1648 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
11:24:02.0284 1648 Psched - ok
11:24:02.0393 1648 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
11:24:02.0424 1648 ql2300 - ok
11:24:02.0565 1648 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
11:24:02.0580 1648 ql40xx - ok
11:24:02.0611 1648 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
11:24:02.0658 1648 QWAVE - ok
11:24:02.0689 1648 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
11:24:02.0705 1648 QWAVEdrv - ok
11:24:02.0721 1648 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
11:24:02.0783 1648 RasAcd - ok
11:24:02.0830 1648 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:24:02.0877 1648 RasAgileVpn - ok
11:24:02.0908 1648 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
11:24:02.0939 1648 RasAuto - ok
11:24:02.0955 1648 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:24:02.0986 1648 Rasl2tp - ok
11:24:03.0033 1648 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
11:24:03.0095 1648 RasMan - ok
11:24:03.0142 1648 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
11:24:03.0173 1648 RasPppoe - ok
11:24:03.0189 1648 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
11:24:03.0235 1648 RasSstp - ok
11:24:03.0282 1648 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
11:24:03.0329 1648 rdbss - ok
11:24:03.0360 1648 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
11:24:03.0391 1648 rdpbus - ok
11:24:03.0454 1648 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:24:03.0485 1648 RDPCDD - ok
11:24:03.0516 1648 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
11:24:03.0563 1648 RDPDR - ok
11:24:03.0579 1648 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
11:24:03.0625 1648 RDPENCDD - ok
11:24:03.0657 1648 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
11:24:03.0703 1648 RDPREFMP - ok
11:24:03.0750 1648 RDPWD (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
11:24:03.0797 1648 RDPWD - ok
11:24:03.0844 1648 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
11:24:03.0859 1648 rdyboost - ok
11:24:03.0891 1648 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
11:24:03.0937 1648 RemoteAccess - ok
11:24:03.0984 1648 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
11:24:04.0015 1648 RemoteRegistry - ok
11:24:04.0047 1648 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
11:24:04.0093 1648 RFCOMM - ok
11:24:04.0125 1648 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
11:24:04.0171 1648 RpcEptMapper - ok
11:24:04.0187 1648 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
11:24:04.0218 1648 RpcLocator - ok
11:24:04.0281 1648 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
11:24:04.0327 1648 RpcSs - ok
11:24:04.0359 1648 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
11:24:04.0405 1648 rspndr - ok
11:24:04.0452 1648 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
11:24:04.0483 1648 s3cap - ok
11:24:04.0515 1648 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:24:04.0530 1648 SamSs - ok
11:24:04.0593 1648 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
11:24:04.0608 1648 SASDIFSV - ok
11:24:04.0639 1648 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
11:24:04.0655 1648 SASKUTIL - ok
11:24:04.0671 1648 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
11:24:04.0686 1648 sbp2port - ok
11:24:04.0733 1648 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
11:24:04.0780 1648 SCardSvr - ok
11:24:04.0842 1648 ScFBPNT (6b77fdbadc3d4c1ddd2884e1f7557b12) C:\Windows\system32\drivers\ScFBPNT.SYS
11:24:04.0873 1648 ScFBPNT ( UnsignedFile.Multi.Generic ) - warning
11:24:04.0873 1648 ScFBPNT - detected UnsignedFile.Multi.Generic (1)
11:24:04.0920 1648 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
11:24:04.0983 1648 scfilter - ok
11:24:05.0061 1648 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
11:24:05.0107 1648 Schedule - ok
11:24:05.0154 1648 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
11:24:05.0185 1648 SCPolicySvc - ok
11:24:05.0217 1648 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
11:24:05.0263 1648 SDRSVC - ok
11:24:05.0310 1648 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:24:05.0357 1648 secdrv - ok
11:24:05.0404 1648 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
11:24:05.0451 1648 seclogon - ok
11:24:05.0482 1648 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
11:24:05.0529 1648 SENS - ok
11:24:05.0560 1648 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
11:24:05.0591 1648 SensrSvc - ok
11:24:05.0607 1648 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
11:24:05.0638 1648 Serenum - ok
11:24:05.0669 1648 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
11:24:05.0716 1648 Serial - ok
11:24:05.0763 1648 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
11:24:05.0794 1648 sermouse - ok
11:24:05.0841 1648 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
11:24:05.0903 1648 SessionEnv - ok
11:24:05.0934 1648 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
11:24:06.0012 1648 sffdisk - ok
11:24:06.0043 1648 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
11:24:06.0059 1648 sffp_mmc - ok
11:24:06.0090 1648 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
11:24:06.0106 1648 sffp_sd - ok
11:24:06.0137 1648 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
11:24:06.0137 1648 sfloppy - ok
11:24:06.0184 1648 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
11:24:06.0231 1648 SharedAccess - ok
11:24:06.0277 1648 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
11:24:06.0309 1648 ShellHWDetection - ok
11:24:06.0340 1648 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
11:24:06.0355 1648 sisagp - ok
11:24:06.0371 1648 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:24:06.0387 1648 SiSRaid2 - ok
11:24:06.0418 1648 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
11:24:06.0433 1648 SiSRaid4 - ok
11:24:06.0480 1648 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
11:24:06.0511 1648 Smb - ok
11:24:06.0543 1648 SMSCIRDA (d1bf7148144ad1851893e84363f78130) C:\Windows\system32\DRIVERS\SMSCirda.sys
11:24:06.0589 1648 SMSCIRDA - ok
11:24:06.0636 1648 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
11:24:06.0652 1648 SNMPTRAP - ok
11:24:06.0683 1648 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
11:24:06.0699 1648 spldr - ok
11:24:06.0745 1648 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
11:24:06.0792 1648 Spooler - ok
11:24:07.0057 1648 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
11:24:07.0120 1648 sppsvc - ok
11:24:07.0229 1648 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
11:24:07.0291 1648 sppuinotify - ok
11:24:07.0354 1648 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
11:24:07.0385 1648 srv - ok
11:24:07.0416 1648 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
11:24:07.0432 1648 srv2 - ok
11:24:07.0463 1648 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
11:24:07.0479 1648 srvnet - ok
11:24:07.0510 1648 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
11:24:07.0541 1648 SSDPSRV - ok
11:24:07.0572 1648 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
11:24:07.0572 1648 ssmdrv - ok
11:24:07.0603 1648 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
11:24:07.0666 1648 SstpSvc - ok
11:24:07.0713 1648 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
11:24:07.0713 1648 stexstor - ok
11:24:07.0775 1648 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
11:24:07.0822 1648 StiSvc - ok
11:24:07.0869 1648 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
11:24:07.0869 1648 storflt - ok
11:24:07.0915 1648 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
11:24:07.0931 1648 StorSvc - ok
11:24:07.0962 1648 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
11:24:07.0962 1648 storvsc - ok
11:24:07.0993 1648 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
11:24:07.0993 1648 swenum - ok
11:24:08.0040 1648 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
11:24:08.0087 1648 swprv - ok
11:24:08.0196 1648 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
11:24:08.0227 1648 SysMain - ok
11:24:08.0259 1648 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
11:24:08.0290 1648 TabletInputService - ok
11:24:08.0383 1648 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
11:24:08.0399 1648 taphss - ok
11:24:08.0446 1648 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
11:24:08.0493 1648 TapiSrv - ok
11:24:08.0539 1648 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
11:24:08.0602 1648 TBS - ok
11:24:08.0711 1648 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
11:24:08.0742 1648 Tcpip - ok
11:24:08.0758 1648 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
11:24:08.0805 1648 TCPIP6 - ok
11:24:08.0851 1648 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
11:24:08.0898 1648 tcpipreg - ok
11:24:08.0945 1648 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
11:24:08.0976 1648 TDPIPE - ok
11:24:09.0007 1648 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
11:24:09.0039 1648 TDTCP - ok
11:24:09.0085 1648 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
11:24:09.0132 1648 tdx - ok
11:24:09.0163 1648 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
11:24:09.0179 1648 TermDD - ok
11:24:09.0241 1648 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
11:24:09.0304 1648 TermService - ok
11:24:09.0335 1648 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
11:24:09.0351 1648 Themes - ok
11:24:09.0413 1648 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
11:24:09.0444 1648 THREADORDER - ok
11:24:09.0475 1648 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
11:24:09.0507 1648 TPM - ok
11:24:09.0538 1648 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
11:24:09.0585 1648 TrkWks - ok
11:24:09.0647 1648 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
11:24:09.0709 1648 TrustedInstaller - ok
11:24:09.0741 1648 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:24:09.0756 1648 tssecsrv - ok
11:24:09.0787 1648 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
11:24:09.0834 1648 TsUsbFlt - ok
11:24:09.0881 1648 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
11:24:09.0912 1648 tunnel - ok
11:24:09.0959 1648 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
11:24:09.0959 1648 uagp35 - ok
11:24:10.0006 1648 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
11:24:10.0053 1648 udfs - ok
11:24:10.0099 1648 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
11:24:10.0131 1648 UI0Detect - ok
11:24:10.0162 1648 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
11:24:10.0177 1648 uliagpkx - ok
11:24:10.0209 1648 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
11:24:10.0255 1648 umbus - ok
11:24:10.0287 1648 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
11:24:10.0302 1648 UmPass - ok
11:24:10.0333 1648 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
11:24:10.0365 1648 UmRdpService - ok
11:24:10.0396 1648 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
11:24:10.0458 1648 upnphost - ok
11:24:10.0489 1648 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\drivers\usbccgp.sys
11:24:10.0536 1648 usbccgp - ok
11:24:10.0567 1648 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
11:24:10.0599 1648 usbcir - ok
11:24:10.0630 1648 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
11:24:10.0645 1648 usbehci - ok
11:24:10.0677 1648 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
11:24:10.0692 1648 usbhub - ok
11:24:10.0723 1648 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
11:24:10.0755 1648 usbohci - ok
11:24:10.0786 1648 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
11:24:10.0833 1648 usbprint - ok
11:24:10.0864 1648 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:24:10.0911 1648 USBSTOR - ok
11:24:10.0957 1648 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
11:24:10.0973 1648 usbuhci - ok
11:24:10.0989 1648 USB_RNDIS (b71da871254d96d0349639d03e4c1cc1) C:\Windows\system32\DRIVERS\usb8023.sys
11:24:11.0035 1648 USB_RNDIS - ok
11:24:11.0176 1648 usnjsvc (14d664b34ad1897f9c99f37886daea61) C:\Program Files\Windows Live\Messenger\usnsvc.exe
11:24:11.0176 1648 usnjsvc - ok
11:24:11.0207 1648 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
11:24:11.0254 1648 UxSms - ok
11:24:11.0301 1648 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:24:11.0316 1648 VaultSvc - ok
11:24:11.0347 1648 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
11:24:11.0347 1648 vdrvroot - ok
11:24:11.0410 1648 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
11:24:11.0472 1648 vds - ok
11:24:11.0503 1648 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
11:24:11.0535 1648 vga - ok
11:24:11.0566 1648 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
11:24:11.0581 1648 VgaSave - ok
11:24:11.0628 1648 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
11:24:11.0644 1648 vhdmp - ok
11:24:11.0659 1648 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
11:24:11.0675 1648 viaagp - ok
11:24:11.0691 1648 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
11:24:11.0706 1648 ViaC7 - ok
11:24:11.0737 1648 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
11:24:11.0753 1648 viaide - ok
11:24:11.0784 1648 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
11:24:11.0784 1648 vmbus - ok
11:24:11.0831 1648 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
11:24:11.0862 1648 VMBusHID - ok
11:24:11.0893 1648 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
11:24:11.0893 1648 volmgr - ok
11:24:11.0940 1648 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
11:24:11.0956 1648 volmgrx - ok
11:24:11.0971 1648 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
11:24:11.0987 1648 volsnap - ok
11:24:12.0018 1648 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
11:24:12.0034 1648 vsmraid - ok
11:24:12.0112 1648 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
11:24:12.0159 1648 VSS - ok
11:24:12.0174 1648 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
11:24:12.0205 1648 vwifibus - ok
11:24:12.0268 1648 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
11:24:12.0315 1648 W32Time - ok
11:24:12.0361 1648 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
11:24:12.0393 1648 WacomPen - ok
11:24:12.0455 1648 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
11:24:12.0486 1648 WANARP - ok
11:24:12.0486 1648 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
11:24:12.0517 1648 Wanarpv6 - ok
11:24:12.0627 1648 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
11:24:12.0658 1648 wbengine - ok
11:24:12.0689 1648 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
11:24:12.0736 1648 WbioSrvc - ok
11:24:12.0783 1648 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
11:24:12.0829 1648 wcncsvc - ok
11:24:12.0845 1648 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
11:24:12.0907 1648 WcsPlugInService - ok
11:24:12.0954 1648 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
11:24:12.0970 1648 Wd - ok
11:24:13.0017 1648 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
11:24:13.0032 1648 Wdf01000 - ok
11:24:13.0063 1648 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
11:24:13.0141 1648 WdiServiceHost - ok
11:24:13.0141 1648 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
11:24:13.0173 1648 WdiSystemHost - ok
11:24:13.0204 1648 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
11:24:13.0219 1648 WebClient - ok
11:24:13.0266 1648 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
11:24:13.0297 1648 Wecsvc - ok
11:24:13.0313 1648 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
11:24:13.0344 1648 wercplsupport - ok
11:24:13.0360 1648 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
11:24:13.0407 1648 WerSvc - ok
11:24:13.0453 1648 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
11:24:13.0485 1648 WfpLwf - ok
11:24:13.0500 1648 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
11:24:13.0516 1648 WIMMount - ok
11:24:13.0625 1648 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
11:24:13.0656 1648 WinDefend - ok
11:24:13.0656 1648 WinHttpAutoProxySvc - ok
11:24:13.0734 1648 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
11:24:13.0750 1648 Winmgmt - ok
11:24:13.0859 1648 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
11:24:13.0890 1648 WinRM - ok
11:24:13.0968 1648 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
11:24:13.0999 1648 WinUsb - ok
11:24:14.0062 1648 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
11:24:14.0093 1648 Wlansvc - ok
11:24:14.0202 1648 WLSetupSvc (f7753932bc154cb1eb76f3cd1db693fb) C:\Program Files\Windows Live\installer\WLSetupSvc.exe
11:24:14.0218 1648 WLSetupSvc - ok
11:24:14.0249 1648 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
11:24:14.0280 1648 WmiAcpi - ok
11:24:14.0358 1648 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
11:24:14.0374 1648 wmiApSrv - ok
11:24:14.0514 1648 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
11:24:14.0577 1648 WMPNetworkSvc - ok
11:24:14.0608 1648 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
11:24:14.0639 1648 WPCSvc - ok
11:24:14.0670 1648 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
11:24:14.0733 1648 WPDBusEnum - ok
11:24:14.0795 1648 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
11:24:14.0842 1648 ws2ifsl - ok
11:24:14.0873 1648 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
11:24:14.0889 1648 wscsvc - ok
11:24:14.0904 1648 WSearch - ok
11:24:15.0060 1648 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
11:24:15.0123 1648 wuauserv - ok
11:24:15.0216 1648 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
11:24:15.0248 1648 WudfPf - ok
11:24:15.0263 1648 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:24:15.0326 1648 WUDFRd - ok
11:24:15.0357 1648 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
11:24:15.0388 1648 wudfsvc - ok
11:24:15.0419 1648 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
11:24:15.0466 1648 WwanSvc - ok
11:24:15.0497 1648 MBR (0x1B8) (9b4a5e102a9a4593e7df62a936f27e48) \Device\Harddisk0\DR0
11:24:15.0560 1648 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
11:24:15.0560 1648 \Device\Harddisk0\DR0 - detected TDSS File System (1)
11:24:15.0560 1648 MBR (0x1B8) (531fc014d164cd37522434edd791ec31) \Device\Harddisk1\DR1
11:24:15.0872 1648 \Device\Harddisk1\DR1 - ok
11:24:15.0887 1648 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk2\DR2
11:24:19.0475 1648 \Device\Harddisk2\DR2 - ok
11:24:19.0506 1648 Boot (0x1200) (205ea78dc4865836769dda7b01f0238e) \Device\Harddisk0\DR0\Partition0
11:24:19.0506 1648 \Device\Harddisk0\DR0\Partition0 - ok
11:24:19.0522 1648 Boot (0x1200) (5c2a2527faf2defc123e95334900b657) \Device\Harddisk0\DR0\Partition1
11:24:19.0522 1648 \Device\Harddisk0\DR0\Partition1 - ok
11:24:19.0553 1648 Boot (0x1200) (cf381bf4f749ad7412afee7167d15136) \Device\Harddisk0\DR0\Partition2
11:24:19.0569 1648 \Device\Harddisk0\DR0\Partition2 - ok
11:24:19.0569 1648 Boot (0x1200) (f812c72394a820a0c88e5babf71e1600) \Device\Harddisk1\DR1\Partition0
11:24:19.0569 1648 \Device\Harddisk1\DR1\Partition0 - ok
11:24:19.0569 1648 Boot (0x1200) (31ecfbe7154cad274a0803b9bb8c6655) \Device\Harddisk1\DR1\Partition1
11:24:19.0584 1648 \Device\Harddisk1\DR1\Partition1 - ok
11:24:19.0584 1648 Boot (0x1200) (b32ad619e749a83c591604b43c1a2b72) \Device\Harddisk2\DR2\Partition0
11:24:19.0584 1648 \Device\Harddisk2\DR2\Partition0 - ok
11:24:19.0584 1648 ============================================================
11:24:19.0584 1648 Scan finished
11:24:19.0584 1648 ============================================================
11:24:19.0600 1520 Detected object count: 3
11:24:19.0600 1520 Actual detected object count: 3
11:25:23.0420 1520 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
11:25:23.0420 1520 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:25:23.0420 1520 ScFBPNT ( UnsignedFile.Multi.Generic ) - skipped by user
11:25:23.0420 1520 ScFBPNT ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:25:23.0435 1520 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
11:25:23.0435 1520 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Edited by FlyerX, 24 April 2012 - 10:35 AM.


#14 FlyerX

FlyerX
  • Topic Starter

  • Members
  • 134 posts
  • OFFLINE
  •  
  • Local time:12:39 AM

Posted 24 April 2012 - 10:35 AM

i run TDSS Killer and found nothing, then i run it again but with the parameters changed (additional options; verify file digital signature and detect TDLFS file systems enabled)

and found three objects

#15 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:39 AM

Posted 24 April 2012 - 11:18 AM

Please follow the instructions in ==>Malware Removal and Log Section Preparation Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.

Most importantly please be patient till you get a reply to your topic. If you receive a reply from the HelpBot, then please follow the instructions outlined in the helpbot's post.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users