Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Very Bad evasive Trojan Infection


  • Please log in to reply
36 replies to this topic

#1 Slayer90

Slayer90

  • Members
  • 216 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 05 June 2013 - 07:57 PM

For half a months computer been having problems but not all the time. They are random times when My computer slows down accessibly. Opening files on my desktop slows down and some case or doesn't open. Many exe files doesn't execute and get stuck in loading time. When using the internet either firefox or windows internet explorer, it tends to get stuck on loading time. This has been occurring for three weeks, I had reinstall my computer clean the previous one. However it seems windows carried a windows old of my desktop and everything. I only delete after I discover it a day later. The trojan mnight been moved. I tried scanning with the latest updated Malwarebytes, Eset, SuperAntispyware, Avast!, ADWcleaner, Kaspersky, TDSSkiller, Lab all separately,They all found nothing. Last month I was here in another board and did combofix and it found nothing either. There are times my entire computer get stuck in loading time and I have to restart. Last Night I tried updated malwarebytes but it gets stuck in loading time when it is updating. Also downloading any files whether is small tends to be slow and many times it gets stuck. There are some moments when my computers functions just fine. I'm using windows 7 and I'm using cable so I am connect the computer all the time. Is there anyway to fix this without having to reinstall windows becuase it will just be a non ending vicious circle?

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16576  BrowserJavaVersion: 10.21.2
Run by Alfred at 17:49:22 on 2013-06-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2935.2146 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\Alfred\AppData\Roaming\BitTorrent\BitTorrent.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\WmiPrvSE.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [BitTorrent] "c:\users\alfred\appdata\roaming\bittorrent\BitTorrent.exe"  /MINIMIZED
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE -startup
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{3E06D39C-22A2-47C8-8B09-3047A290ADEE} : DHCPNameServer = 192.168.0.1
SSODL: WebCheck - <orphaned>
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\alfred\appdata\roaming\mozilla\firefox\profiles\kmo4j686.default\
FF - prefs.js: browser.startup.homepage -  hxxp://www.google.ca/
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-05-21 22:32; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2012-12-28 70824]
R0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2012-12-28 34984]
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-5-21 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-5-21 174664]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-5-21 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-5-21 368944]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-12-6 163328]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-5-21 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-5-21 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-5-21 46808]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-6-4 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-6-4 701512]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2011-12-23 90736]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-6-4 22856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-3-6 14848]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-3-6 49664]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-3-6 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-3-5 1343400]
.
=============== Created Last 30 ================
.
2013-06-06 00:14:36    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-06-05 05:26:19    7016152    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{1828b086-d7bc-40d9-bc97-a4e99ac6ba19}\mpengine.dll
2013-06-05 05:15:59    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-05-24 15:34:28    --------    d-----w-    c:\programdata\Kaspersky Lab
2013-05-23 23:49:00    32768    ----a-w-    c:\windows\system32\drivers\sp_rsdrv2.sys
2013-05-22 22:42:12    262552    ----a-w-    c:\program files\mozilla firefox\browser\components\browsercomps.dll
2013-05-22 22:42:00    96664    ----a-w-    c:\program files\mozilla firefox\webapprt-stub.exe
2013-05-22 22:42:00    272280    ----a-w-    c:\program files\mozilla firefox\updater.exe
2013-05-22 22:42:00    19449240    ----a-w-    c:\program files\mozilla firefox\xul.dll
2013-05-22 22:42:00    19352    ----a-w-    c:\program files\mozilla firefox\xpcom.dll
2013-05-22 22:42:00    170232    ----a-w-    c:\program files\mozilla firefox\webapp-uninstaller.exe
2013-05-22 18:07:35    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-05-22 05:50:58    --------    d-----w-    c:\program files\psx emulation cheater
2013-05-22 05:32:46    61680    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2013-05-22 05:32:45    765736    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-05-22 05:32:44    49376    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2013-05-22 05:32:44    174664    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2013-05-22 05:32:42    66336    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2013-05-22 05:32:14    41664    ----a-w-    c:\windows\avastSS.scr
2013-05-22 04:55:40    --------    d-----w-    c:\windows\system32\catroot2
2013-05-18 02:23:21    --------    d-----w-    c:\program files\Tweaking.com
2013-05-18 00:50:33    --------    d-----w-    c:\users\alfred\appdata\local\temp
2013-05-17 20:48:56    --------    d-----w-    c:\windows\ERUNT
2013-05-17 20:48:48    --------    d-----w-    C:\JRT
2013-05-17 15:56:30    --------    d-----w-    C:\FRST
2013-05-16 01:55:02    2706432    ----a-w-    c:\windows\system32\mshtml.tlb
2013-05-16 01:55:01    217600    ----a-w-    c:\program files\internet explorer\sqmapi.dll
2013-05-16 01:55:00    2877440    ----a-w-    c:\windows\system32\jscript9.dll
2013-05-15 23:55:50    2347520    ----a-w-    c:\windows\system32\win32k.sys
2013-05-15 23:55:49    728424    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 23:55:49    218984    ----a-w-    c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 23:55:41    47104    ----a-w-    c:\windows\system32\appinfo.dll
2013-05-15 23:55:41    1796096    ----a-w-    c:\windows\system32\authui.dll
2013-05-15 23:55:41    101720    ----a-w-    c:\windows\system32\consent.exe
2013-05-08 00:08:44    --------    d-----w-    c:\users\alfred\appdata\roaming\SUPERAntiSpyware.com
.
==================== Find3M  ====================
.
2013-05-22 18:07:23    866720    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-05-22 18:07:23    788896    ----a-w-    c:\windows\system32\deployJava1.dll
2013-05-14 18:10:16    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-14 18:10:16    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-05-02 09:06:08    238872    ------w-    c:\windows\system32\MpSigStub.exe
2013-04-12 13:45:29    1211752    ----a-w-    c:\windows\system32\drivers\ntfs.sys
2013-04-05 05:28:24    1767424    ----a-w-    c:\windows\system32\wininet.dll
2013-04-05 05:26:21    61440    ----a-w-    c:\windows\system32\iesetup.dll
2013-04-05 05:26:21    109056    ----a-w-    c:\windows\system32\iesysprep.dll
2013-04-05 03:38:25    71680    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2013-03-19 05:04:13    3968856    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04:10    3913560    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48:45    38912    ----a-w-    c:\windows\system32\csrsrv.dll
2013-03-19 02:49:16    69632    ----a-w-    c:\windows\system32\smss.exe
.
============= FINISH: 17:50:00.27 ===============
 

 



BC AdBot (Login to Remove)

 


#2 Slayer90

Slayer90
  • Topic Starter

  • Members
  • 216 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 05 June 2013 - 08:02 PM

Sorry for posting Attach log but when I tired to attach the file it said the file is too large and it won't let me.

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/5/2013 8:36:53 PM
System Uptime: 6/5/2013 5:31:06 PM (0 hours ago)
.
Motherboard: PEGATRON CORPORATION |  | 2AD1
Processor: AMD E-450 APU with Radeon™ HD Graphics | CPU 1 | 1650/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 203 GiB total, 100.633 GiB free.
E: is CDROM (UDF)
F: is Removable
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP167: 5/22/2013 2:35:10 PM - Before uninstalling Google Chrome
RP169: 5/22/2013 2:36:30 PM - Before uninstalling SUPERAntiSpyware
RP170: 5/24/2013 1:17:33 PM - ComboFix created restore point
RP171: 5/26/2013 1:32:32 PM - ComboFix created restore point
RP172: 5/28/2013 2:19:47 PM - ComboFix created restore point
RP173: 5/31/2013 9:22:25 PM - ComboFix created restore point
RP174: 6/3/2013 9:56:02 AM - ComboFix created restore point
RP175: 6/4/2013 8:53:36 PM - Restore Operation
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 Plugin
Adobe Photoshop CS5.1
avast! Free Antivirus
BitTorrent
GPGNet
IsoBuster 2.8.5
Java 7 Update 21
Java Auto Updater
Java SE Development Kit 7 Update 21
Lernout & Hauspie TruVoice American English TTS Engine
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Mouse and Keyboard Center
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
PDF Settings CS5
PowerISO
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Speakonia
Supreme Commander
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VLC media player 2.0.6
WinRAR 4.11 (32-bit)
Your Uninstaller! 2010
.
==== End Of File ===========================
 



#3 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:10:58 PM

Posted 10 June 2013 - 03:54 AM

Hello and welcome to BleepingComputer. I am The Dark Knight and will be assisting you. Please ask questions if anything is unclear. :welcome:

 

Is there anyway to fix this without having to reinstall windows becuase it will just be a non ending vicious circle?

Hopefully. :)

 

Please read all these directions before proceeding.

When you have the .ISO file downloaded, you need to create a bootable disk or flash drive with it, using a clean PC to do that.  The .ISO file is a disk image. It should NOT be burned as a regular file. You need a program like  ImgBurn that can burn an .ISO image.  I think a CD is best as there is no way anything can write on it after it is made, but the USB may be more convenient and easier.

Be sure to read these:
Download Kaspersky Rescue Disk 10
How to record Kaspersky Rescue Disk 10 to an USB device and boot my computer from it?
How to record Kaspersky Rescue Disk 10 to a CD/DVD and boot my computer from the disk?


  • Please go to a clean computer
  • Download the .iso image file.
  • Create a CD (or flash drive if you prefer).
  • On the infected computer: put the disk in the drive and reboot.


Follow the directions here, but you will find some differences.  

Familiarise yourself with How to create a report file in Kaspersky Rescue Disk 10?

Then, please print the following directions:

Boot from Kaspersky Rescue Disk 10:
Restart your computer and put the disk in the drive while booting.
Press any key. A loading wizard will start (you will see the menu to select the required language). If you do not press any key in 10 seconds, the computer boots from hard drive automatically.
Select the required interface language using the arrow-keys on your keyboard.
Press the Enter key on the keyboard.
In the start up wizard window that opens, select the Kaspersky Rescue Disk. Graphic Mode
Click Enter.
Click 'A' to accept the agreement.
Select operating system from dropdown menu (select Windows whatever).
Select Objects to scan: check Disk boot sectors, Hidden startup objects, C:
Click My Update Center and update.
Back to other tab and click Start Object Scan.
When scan has completed save a report:
On the upper part of the Kaspersky Rescue Disk window, click on the Report link.
On the bottom right hand corner of the Protection status - Kaspersky Rescue Disk window, click on the Detailed Report button.
On the upper right hand corner of the Detailed report window, click on the Save button.
After clicking Detailed Report and 'SAVE', a browse window opens.
Double-click on the \
Click 'disks'.
All your drives will be shown and you can easily double-click C and save the report to C:\KasperskyRescueDisk10.txt.
Click on the Save button.
The report has been saved to the file.

Remove the disk from the drive (or disconnect USB) and reboot normally.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#4 Slayer90

Slayer90
  • Topic Starter

  • Members
  • 216 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 10 June 2013 - 02:20 PM

I finish the scan save the report but for some reason the scan report doesn't appear. Since I rebooted my computer and exit Kaspersky Rescue Disk 10.


Edited by Slayer90, 10 June 2013 - 02:21 PM.


#5 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:10:58 PM

Posted 10 June 2013 - 04:39 PM

Hello Slayer90,

 

Do you recall if it actually deleted anything?


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#6 Slayer90

Slayer90
  • Topic Starter

  • Members
  • 216 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 10 June 2013 - 05:26 PM

NO. It said it didn't detect any malware. However I though my computer was clean today.  Just a few minutes ago My computer started have abnormal activities again. I Main uses fox as my browser. Today I made no new installation or anything I get a error message saying internet explorer fails to start even though I never even click on it. Also my computer froze for a few seconds and every icon on my desktop briefly disappeared and my computer restarts itself. Can explain what going on? I know have a have a bad trojan infection but I think I have a rootkit or bootkit infection as well. Wha ever this is it is undetectable.


Edited by Slayer90, 10 June 2013 - 05:26 PM.


#7 Slayer90

Slayer90
  • Topic Starter

  • Members
  • 216 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 11 June 2013 - 12:11 PM

It seems my email got keystroke. I was still able to still access it buy my own email sends spams with random links in them. My computer's symptoms has gotten worse and its more frequent.


Edited by Slayer90, 11 June 2013 - 12:13 PM.


#8 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:10:58 PM

Posted 11 June 2013 - 04:38 PM

Good morning Slayer90. :)

 

Can explain what going on? I know have a have a bad trojan infection but I think I have a rootkit or bootkit infection as well. Wha ever this is it is undetectable.

It sounds like you may have a rootkit. If you would like to reformat please let me know. Otherwise please follow the below instructions.

 

Please download Malwarebytes Anti-Rootkit here.

  • Unzip the contents to a folder on the Desktop.
  • Open the folder where the contents were unzipped and run mbar.exe ( right-click and select Run as administrator for Vista and Windows 7).
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Please post the two logs produced.


Please note: This tool is still in BETA mode, so please ensure you have backed up any important files.

 

=====

 

Also, please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").


>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.
  • Click Change parameters.
  • Make sure you check the box Loaded modules.
  • A window will popup and say Reboot is required. Please click Reboot now.
  • Then click Change parameters again. Check the box Detect TDLFS file system.
  • Click on the Start Scan button.
     
  • If an infected file is detected, the default action will be Cure.  Instead, choose SKIP, then click on Continue. tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue. tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button.
  • Once the tool has finished, please click Report. Please copy and paste the contents of that log in your reply.
    Note: A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt).

 

=====

 

In your reply please post the 3 logs from MBAR and TDSSKiller.
 


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#9 Slayer90

Slayer90
  • Topic Starter

  • Members
  • 216 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 11 June 2013 - 05:06 PM

14:59:21.0682 3428 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:59:22.0400 3428 ============================================================
14:59:22.0400 3428 Current date / time: 2013/06/11 14:59:22.0400
14:59:22.0400 3428 SystemInfo:
14:59:22.0400 3428
14:59:22.0400 3428 OS Version: 6.1.7601 ServicePack: 1.0
14:59:22.0400 3428 Product type: Workstation
14:59:22.0400 3428 ComputerName: ALFRED-PC
14:59:22.0400 3428 UserName: Alfred
14:59:22.0400 3428 Windows directory: C:\Windows
14:59:22.0400 3428 System windows directory: C:\Windows
14:59:22.0400 3428 Processor architecture: Intel x86
14:59:22.0400 3428 Number of processors: 2
14:59:22.0400 3428 Page size: 0x1000
14:59:22.0400 3428 Boot type: Normal boot
14:59:22.0400 3428 ============================================================
14:59:24.0147 3428 BG loaded
14:59:24.0852 3428 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:59:24.0884 3428 ============================================================
14:59:24.0884 3428 \Device\Harddisk0\DR0:
14:59:24.0955 3428 MBR partitions:
14:59:24.0955 3428 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:59:24.0955 3428 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x196FB000
14:59:24.0955 3428 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x6, StartLBA 0x1972D800, BlocksNum 0x3A97800
14:59:24.0955 3428 ============================================================
14:59:25.0084 3428 C: <-> \Device\Harddisk0\DR0\Partition2
14:59:25.0118 3428 ============================================================
14:59:25.0121 3428 Initialize success
14:59:25.0121 3428 ============================================================
14:59:50.0513 3432 ============================================================
14:59:50.0513 3432 Scan started
14:59:50.0513 3432 Mode: Manual; TDLFS;
14:59:50.0513 3432 ============================================================
14:59:51.0823 3432 ================ Scan system memory ========================
14:59:51.0823 3432 System memory - ok
14:59:51.0823 3432 ================ Scan services =============================
14:59:52.0026 3432 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:59:52.0041 3432 1394ohci - ok
14:59:52.0057 3432 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:59:52.0073 3432 ACPI - ok
14:59:52.0104 3432 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:59:52.0104 3432 AcpiPmi - ok
14:59:52.0166 3432 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:59:52.0182 3432 AdobeFlashPlayerUpdateSvc - ok
14:59:52.0229 3432 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
14:59:52.0244 3432 adp94xx - ok
14:59:52.0260 3432 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
14:59:52.0275 3432 adpahci - ok
14:59:52.0291 3432 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
14:59:52.0307 3432 adpu320 - ok
14:59:52.0338 3432 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:59:52.0353 3432 AeLookupSvc - ok
14:59:52.0385 3432 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
14:59:52.0400 3432 AFD - ok
14:59:52.0416 3432 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
14:59:52.0431 3432 agp440 - ok
14:59:52.0478 3432 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
14:59:52.0478 3432 aic78xx - ok
14:59:52.0525 3432 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
14:59:52.0525 3432 ALG - ok
14:59:52.0556 3432 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
14:59:52.0572 3432 aliide - ok
14:59:52.0634 3432 [ EC98CA8298F67926FA50876348534B1D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
14:59:52.0634 3432 AMD External Events Utility - ok
14:59:52.0650 3432 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
14:59:52.0650 3432 amdagp - ok
14:59:52.0681 3432 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
14:59:52.0681 3432 amdide - ok
14:59:52.0697 3432 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
14:59:52.0712 3432 AmdK8 - ok
14:59:52.0946 3432 [ 65B44179CF184B08E86097BFFBF03F24 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
14:59:53.0024 3432 amdkmdag - ok
14:59:53.0055 3432 [ 5E1C65524FF1713711CE27879D813384 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
14:59:53.0071 3432 amdkmdap - ok
14:59:53.0102 3432 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:59:53.0102 3432 AmdPPM - ok
14:59:53.0133 3432 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:59:53.0133 3432 amdsata - ok
14:59:53.0165 3432 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
14:59:53.0180 3432 amdsbs - ok
14:59:53.0196 3432 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:59:53.0196 3432 amdxata - ok
14:59:53.0243 3432 [ E328ACA20B07A303A89B4C4AAA64DC0F ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
14:59:53.0243 3432 amd_sata - ok
14:59:53.0258 3432 [ BFB13A59152AE41F4A6CC864AB23D8D8 ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
14:59:53.0258 3432 amd_xata - ok
14:59:53.0289 3432 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
14:59:53.0305 3432 AppID - ok
14:59:53.0336 3432 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:59:53.0336 3432 AppIDSvc - ok
14:59:53.0367 3432 [ EACFDF31921F51C097629F1F3C9129B4 ] Appinfo C:\Windows\System32\appinfo.dll
14:59:53.0367 3432 Appinfo - ok
14:59:53.0414 3432 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
14:59:53.0430 3432 arc - ok
14:59:53.0445 3432 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
14:59:53.0445 3432 arcsas - ok
14:59:53.0492 3432 [ 4AF5F360BA1E8794D32B366E45A64A0A ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
14:59:53.0492 3432 aswFsBlk - ok
14:59:53.0555 3432 [ 1F7094D4268D46F718C51286DC189791 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
14:59:53.0555 3432 aswMonFlt - ok
14:59:53.0586 3432 [ FFE9A993B3EC2908FECB1DF2C39148BB ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
14:59:53.0586 3432 aswRdr - ok
14:59:53.0617 3432 [ B680134BA1813B78B47FDD1DFF223CA5 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
14:59:53.0633 3432 aswRvrt - ok
14:59:53.0679 3432 [ 6CAB0A5991C5C0FC63F5E66593E71D7E ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
14:59:53.0679 3432 aswSnx - ok
14:59:53.0711 3432 [ 99102F60F344BEBAF4F6114514FD28D3 ] aswSP C:\Windows\system32\drivers\aswSP.sys
14:59:53.0711 3432 aswSP - ok
14:59:53.0742 3432 [ 1F71F170D90E42EFDE9633D81D5E12DC ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
14:59:53.0742 3432 aswTdi - ok
14:59:53.0789 3432 [ 16B8E3CD50A460EC32CA680C8210A0A9 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
14:59:53.0804 3432 aswVmm - ok
14:59:53.0835 3432 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:59:53.0835 3432 AsyncMac - ok
14:59:53.0867 3432 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
14:59:53.0867 3432 atapi - ok
14:59:53.0929 3432 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:59:53.0929 3432 AudioEndpointBuilder - ok
14:59:53.0960 3432 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
14:59:53.0960 3432 Audiosrv - ok
14:59:54.0054 3432 [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
14:59:54.0054 3432 avast! Antivirus - ok
14:59:54.0101 3432 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:59:54.0101 3432 AxInstSV - ok
14:59:54.0132 3432 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
14:59:54.0163 3432 b06bdrv - ok
14:59:54.0194 3432 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
14:59:54.0210 3432 b57nd60x - ok
14:59:54.0241 3432 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
14:59:54.0241 3432 BDESVC - ok
14:59:54.0272 3432 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
14:59:54.0272 3432 Beep - ok
14:59:54.0319 3432 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
14:59:54.0335 3432 BFE - ok
14:59:54.0366 3432 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
14:59:54.0381 3432 BITS - ok
14:59:54.0413 3432 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:59:54.0413 3432 blbdrive - ok
14:59:54.0444 3432 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:59:54.0444 3432 bowser - ok
14:59:54.0459 3432 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
14:59:54.0459 3432 BrFiltLo - ok
14:59:54.0491 3432 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
14:59:54.0491 3432 BrFiltUp - ok
14:59:54.0537 3432 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
14:59:54.0537 3432 BridgeMP - ok
14:59:54.0584 3432 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
14:59:54.0584 3432 Browser - ok
14:59:54.0615 3432 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:59:54.0615 3432 Brserid - ok
14:59:54.0647 3432 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:59:54.0647 3432 BrSerWdm - ok
14:59:54.0678 3432 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:59:54.0678 3432 BrUsbMdm - ok
14:59:54.0693 3432 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:59:54.0709 3432 BrUsbSer - ok
14:59:54.0725 3432 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
14:59:54.0725 3432 BTHMODEM - ok
14:59:54.0787 3432 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
14:59:54.0787 3432 bthserv - ok
14:59:54.0881 3432 catchme - ok
14:59:54.0912 3432 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:59:54.0927 3432 cdfs - ok
14:59:54.0990 3432 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:59:54.0990 3432 cdrom - ok
14:59:55.0021 3432 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
14:59:55.0021 3432 CertPropSvc - ok
14:59:55.0052 3432 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys
14:59:55.0068 3432 circlass - ok
14:59:55.0083 3432 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
14:59:55.0099 3432 CLFS - ok
14:59:55.0161 3432 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:59:55.0161 3432 clr_optimization_v2.0.50727_32 - ok
14:59:55.0224 3432 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:59:55.0239 3432 clr_optimization_v4.0.30319_32 - ok
14:59:55.0286 3432 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
14:59:55.0286 3432 CmBatt - ok
14:59:55.0302 3432 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:59:55.0302 3432 cmdide - ok
14:59:55.0333 3432 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
14:59:55.0349 3432 CNG - ok
14:59:55.0364 3432 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys
14:59:55.0380 3432 Compbatt - ok
14:59:55.0411 3432 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
14:59:55.0411 3432 CompositeBus - ok
14:59:55.0427 3432 COMSysApp - ok
14:59:55.0458 3432 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
14:59:55.0458 3432 crcdisk - ok
14:59:55.0505 3432 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:59:55.0505 3432 CryptSvc - ok
14:59:55.0551 3432 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
14:59:55.0551 3432 DcomLaunch - ok
14:59:55.0583 3432 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
14:59:55.0598 3432 defragsvc - ok
14:59:55.0629 3432 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:59:55.0629 3432 DfsC - ok
14:59:55.0676 3432 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
14:59:55.0676 3432 Dhcp - ok
14:59:55.0692 3432 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
14:59:55.0707 3432 discache - ok
14:59:55.0739 3432 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
14:59:55.0754 3432 Disk - ok
14:59:55.0785 3432 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:59:55.0801 3432 Dnscache - ok
14:59:55.0817 3432 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
14:59:55.0832 3432 dot3svc - ok
14:59:55.0863 3432 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
14:59:55.0863 3432 DPS - ok
14:59:55.0895 3432 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:59:55.0895 3432 drmkaud - ok
14:59:55.0941 3432 [ 16498EBC04AE9DD07049A8884B205C05 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:59:55.0957 3432 DXGKrnl - ok
14:59:55.0973 3432 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
14:59:55.0988 3432 EapHost - ok
14:59:56.0113 3432 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
14:59:56.0207 3432 ebdrv - ok
14:59:56.0238 3432 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
14:59:56.0238 3432 EFS - ok
14:59:56.0300 3432 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:59:56.0300 3432 ehRecvr - ok
14:59:56.0316 3432 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
14:59:56.0316 3432 ehSched - ok
14:59:56.0363 3432 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
14:59:56.0378 3432 elxstor - ok
14:59:56.0394 3432 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:59:56.0394 3432 ErrDev - ok
14:59:56.0441 3432 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
14:59:56.0456 3432 EventSystem - ok
14:59:56.0472 3432 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
14:59:56.0487 3432 exfat - ok
14:59:56.0503 3432 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:59:56.0519 3432 fastfat - ok
14:59:56.0550 3432 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
14:59:56.0565 3432 Fax - ok
14:59:56.0597 3432 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys
14:59:56.0597 3432 fdc - ok
14:59:56.0628 3432 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
14:59:56.0628 3432 fdPHost - ok
14:59:56.0643 3432 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
14:59:56.0643 3432 FDResPub - ok
14:59:56.0659 3432 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:59:56.0675 3432 FileInfo - ok
14:59:56.0690 3432 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:59:56.0690 3432 Filetrace - ok
14:59:56.0721 3432 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
14:59:56.0721 3432 flpydisk - ok
14:59:56.0753 3432 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:59:56.0753 3432 FltMgr - ok
14:59:56.0799 3432 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
14:59:56.0815 3432 FontCache - ok
14:59:56.0877 3432 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:59:56.0877 3432 FontCache3.0.0.0 - ok
14:59:56.0909 3432 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:59:56.0909 3432 FsDepends - ok
14:59:56.0940 3432 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:59:56.0940 3432 Fs_Rec - ok
14:59:56.0971 3432 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:59:56.0971 3432 fvevol - ok
14:59:57.0018 3432 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
14:59:57.0018 3432 gagp30kx - ok
14:59:57.0065 3432 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
14:59:57.0080 3432 gpsvc - ok
14:59:57.0111 3432 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:59:57.0111 3432 hcw85cir - ok
14:59:57.0143 3432 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
14:59:57.0158 3432 HdAudAddService - ok
14:59:57.0174 3432 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
14:59:57.0174 3432 HDAudBus - ok
14:59:57.0221 3432 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
14:59:57.0221 3432 HidBatt - ok
14:59:57.0236 3432 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
14:59:57.0236 3432 HidBth - ok
14:59:57.0267 3432 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys
14:59:57.0267 3432 HidIr - ok
14:59:57.0299 3432 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
14:59:57.0299 3432 hidserv - ok
14:59:57.0330 3432 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:59:57.0330 3432 HidUsb - ok
14:59:57.0361 3432 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:59:57.0361 3432 hkmsvc - ok
14:59:57.0392 3432 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:59:57.0408 3432 HomeGroupListener - ok
14:59:57.0439 3432 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:59:57.0455 3432 HomeGroupProvider - ok
14:59:57.0486 3432 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:59:57.0501 3432 HpSAMD - ok
14:59:57.0579 3432 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:59:57.0579 3432 HTTP - ok
14:59:57.0611 3432 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:59:57.0611 3432 hwpolicy - ok
14:59:57.0657 3432 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
14:59:57.0657 3432 i8042prt - ok
14:59:57.0689 3432 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:59:57.0704 3432 iaStorV - ok
14:59:57.0751 3432 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:59:57.0782 3432 idsvc - ok
14:59:57.0813 3432 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
14:59:57.0813 3432 iirsp - ok
14:59:57.0860 3432 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
14:59:57.0876 3432 IKEEXT - ok
14:59:58.0032 3432 [ 0FD8A26BB84F61F9301B2D7B91151818 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
14:59:58.0063 3432 IntcAzAudAddService - ok
14:59:58.0079 3432 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
14:59:58.0079 3432 intelide - ok
14:59:58.0125 3432 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\drivers\intelppm.sys
14:59:58.0125 3432 intelppm - ok
14:59:58.0157 3432 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:59:58.0157 3432 IPBusEnum - ok
14:59:58.0188 3432 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:59:58.0188 3432 IpFilterDriver - ok
14:59:58.0219 3432 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:59:58.0235 3432 iphlpsvc - ok
14:59:58.0266 3432 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:59:58.0266 3432 IPMIDRV - ok
14:59:58.0281 3432 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:59:58.0297 3432 IPNAT - ok
14:59:58.0328 3432 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:59:58.0328 3432 IRENUM - ok
14:59:58.0344 3432 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:59:58.0344 3432 isapnp - ok
14:59:58.0359 3432 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:59:58.0375 3432 iScsiPrt - ok
14:59:58.0406 3432 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
14:59:58.0406 3432 kbdclass - ok
14:59:58.0437 3432 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
14:59:58.0437 3432 kbdhid - ok
14:59:58.0453 3432 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
14:59:58.0453 3432 KeyIso - ok
14:59:58.0484 3432 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:59:58.0500 3432 KSecDD - ok
14:59:58.0515 3432 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:59:58.0515 3432 KSecPkg - ok
14:59:58.0562 3432 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
14:59:58.0562 3432 KtmRm - ok
14:59:58.0609 3432 [ B15A671443B98FC8A7BB0E8A78C3F65E ] L1C C:\Windows\system32\DRIVERS\L1C62x86.sys
14:59:58.0609 3432 L1C - ok
14:59:58.0640 3432 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
14:59:58.0656 3432 LanmanServer - ok
14:59:58.0687 3432 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:59:58.0687 3432 LanmanWorkstation - ok
14:59:58.0734 3432 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:59:58.0734 3432 lltdio - ok
14:59:58.0765 3432 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:59:58.0781 3432 lltdsvc - ok
14:59:58.0796 3432 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
14:59:58.0812 3432 lmhosts - ok
14:59:58.0843 3432 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
14:59:58.0859 3432 LSI_FC - ok
14:59:58.0890 3432 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
14:59:58.0890 3432 LSI_SAS - ok
14:59:58.0921 3432 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
14:59:58.0921 3432 LSI_SAS2 - ok
14:59:58.0937 3432 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
14:59:58.0952 3432 LSI_SCSI - ok
14:59:58.0968 3432 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
14:59:58.0968 3432 luafv - ok
14:59:59.0030 3432 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
14:59:59.0030 3432 MBAMProtector - ok
14:59:59.0108 3432 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:59:59.0108 3432 MBAMScheduler - ok
14:59:59.0155 3432 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
14:59:59.0155 3432 MBAMService - ok
14:59:59.0186 3432 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:59:59.0202 3432 Mcx2Svc - ok
14:59:59.0233 3432 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
14:59:59.0233 3432 megasas - ok
14:59:59.0264 3432 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
14:59:59.0280 3432 MegaSR - ok
14:59:59.0295 3432 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
14:59:59.0311 3432 MMCSS - ok
14:59:59.0342 3432 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
14:59:59.0358 3432 Modem - ok
14:59:59.0389 3432 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:59:59.0389 3432 monitor - ok
14:59:59.0420 3432 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
14:59:59.0436 3432 mouclass - ok
14:59:59.0451 3432 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:59:59.0451 3432 mouhid - ok
14:59:59.0483 3432 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:59:59.0483 3432 mountmgr - ok
14:59:59.0514 3432 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:59:59.0529 3432 MozillaMaintenance - ok
14:59:59.0545 3432 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
14:59:59.0545 3432 mpio - ok
14:59:59.0561 3432 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:59:59.0561 3432 mpsdrv - ok
14:59:59.0623 3432 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:59:59.0623 3432 MpsSvc - ok
14:59:59.0654 3432 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:59:59.0654 3432 MRxDAV - ok
14:59:59.0685 3432 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:59:59.0685 3432 mrxsmb - ok
14:59:59.0701 3432 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:59:59.0717 3432 mrxsmb10 - ok
14:59:59.0732 3432 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:59:59.0732 3432 mrxsmb20 - ok
14:59:59.0763 3432 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
14:59:59.0763 3432 msahci - ok
14:59:59.0795 3432 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:59:59.0810 3432 msdsm - ok
14:59:59.0841 3432 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
14:59:59.0857 3432 MSDTC - ok
14:59:59.0888 3432 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:59:59.0888 3432 Msfs - ok
14:59:59.0919 3432 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:59:59.0919 3432 mshidkmdf - ok
14:59:59.0935 3432 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:59:59.0951 3432 msisadrv - ok
14:59:59.0982 3432 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:59:59.0982 3432 MSiSCSI - ok
14:59:59.0997 3432 msiserver - ok
15:00:00.0029 3432 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:00:00.0029 3432 MSKSSRV - ok
15:00:00.0075 3432 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:00:00.0075 3432 MSPCLOCK - ok
15:00:00.0091 3432 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:00:00.0107 3432 MSPQM - ok
15:00:00.0122 3432 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:00:00.0122 3432 MsRPC - ok
15:00:00.0169 3432 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:00:00.0169 3432 mssmbios - ok
15:00:00.0185 3432 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:00:00.0200 3432 MSTEE - ok
15:00:00.0200 3432 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
15:00:00.0216 3432 MTConfig - ok
15:00:00.0231 3432 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
15:00:00.0231 3432 Mup - ok
15:00:00.0263 3432 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
15:00:00.0294 3432 napagent - ok
15:00:00.0341 3432 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:00:00.0341 3432 NativeWifiP - ok
15:00:00.0387 3432 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:00:00.0419 3432 NDIS - ok
15:00:00.0434 3432 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:00:00.0434 3432 NdisCap - ok
15:00:00.0465 3432 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:00:00.0465 3432 NdisTapi - ok
15:00:00.0481 3432 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:00:00.0481 3432 Ndisuio - ok
15:00:00.0512 3432 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:00:00.0512 3432 NdisWan - ok
15:00:00.0528 3432 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:00:00.0528 3432 NDProxy - ok
15:00:00.0543 3432 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:00:00.0559 3432 NetBIOS - ok
15:00:00.0575 3432 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:00:00.0575 3432 NetBT - ok
15:00:00.0590 3432 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
15:00:00.0590 3432 Netlogon - ok
15:00:00.0637 3432 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
15:00:00.0653 3432 Netman - ok
15:00:00.0668 3432 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
15:00:00.0668 3432 netprofm - ok
15:00:00.0699 3432 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:00:00.0715 3432 NetTcpPortSharing - ok
15:00:00.0746 3432 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
15:00:00.0746 3432 nfrd960 - ok
15:00:00.0777 3432 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
15:00:00.0793 3432 NlaSvc - ok
15:00:00.0824 3432 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:00:00.0824 3432 Npfs - ok
15:00:00.0855 3432 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
15:00:00.0855 3432 nsi - ok
15:00:00.0871 3432 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:00:00.0871 3432 nsiproxy - ok
15:00:00.0949 3432 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:00:00.0996 3432 Ntfs - ok
15:00:01.0027 3432 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
15:00:01.0027 3432 Null - ok
15:00:01.0074 3432 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:00:01.0074 3432 nvraid - ok
15:00:01.0089 3432 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:00:01.0105 3432 nvstor - ok
15:00:01.0121 3432 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:00:01.0136 3432 nv_agp - ok
15:00:01.0167 3432 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:00:01.0167 3432 ohci1394 - ok
15:00:01.0199 3432 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:00:01.0214 3432 p2pimsvc - ok
15:00:01.0245 3432 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
15:00:01.0261 3432 p2psvc - ok
15:00:01.0292 3432 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys
15:00:01.0292 3432 Parport - ok
15:00:01.0323 3432 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:00:01.0323 3432 partmgr - ok
15:00:01.0339 3432 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys
15:00:01.0339 3432 Parvdm - ok
15:00:01.0370 3432 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:00:01.0370 3432 PcaSvc - ok
15:00:01.0401 3432 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
15:00:01.0401 3432 pci - ok
15:00:01.0417 3432 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
15:00:01.0433 3432 pciide - ok
15:00:01.0464 3432 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
15:00:01.0464 3432 pcmcia - ok
15:00:01.0479 3432 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
15:00:01.0479 3432 pcw - ok
15:00:01.0526 3432 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:00:01.0542 3432 PEAUTH - ok
15:00:01.0620 3432 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
15:00:01.0682 3432 pla - ok
15:00:01.0713 3432 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:00:01.0729 3432 PlugPlay - ok
15:00:01.0760 3432 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:00:01.0760 3432 PNRPAutoReg - ok
15:00:01.0791 3432 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:00:01.0807 3432 PNRPsvc - ok
15:00:01.0838 3432 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:00:01.0854 3432 PolicyAgent - ok
15:00:01.0885 3432 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
15:00:01.0901 3432 Power - ok
15:00:01.0932 3432 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:00:01.0932 3432 PptpMiniport - ok
15:00:01.0963 3432 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
15:00:01.0979 3432 Processor - ok
15:00:02.0010 3432 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
15:00:02.0010 3432 ProfSvc - ok
15:00:02.0025 3432 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:00:02.0041 3432 ProtectedStorage - ok
15:00:02.0072 3432 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:00:02.0072 3432 Psched - ok
15:00:02.0166 3432 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
15:00:02.0213 3432 ql2300 - ok
15:00:02.0228 3432 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
15:00:02.0244 3432 ql40xx - ok
15:00:02.0275 3432 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
15:00:02.0291 3432 QWAVE - ok
15:00:02.0306 3432 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:00:02.0306 3432 QWAVEdrv - ok
15:00:02.0322 3432 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:00:02.0322 3432 RasAcd - ok
15:00:02.0369 3432 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:00:02.0369 3432 RasAgileVpn - ok
15:00:02.0384 3432 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
15:00:02.0400 3432 RasAuto - ok
15:00:02.0431 3432 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:00:02.0431 3432 Rasl2tp - ok
15:00:02.0462 3432 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
15:00:02.0478 3432 RasMan - ok
15:00:02.0493 3432 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:00:02.0509 3432 RasPppoe - ok
15:00:02.0525 3432 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:00:02.0525 3432 RasSstp - ok
15:00:02.0556 3432 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:00:02.0556 3432 rdbss - ok
15:00:02.0587 3432 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
15:00:02.0587 3432 rdpbus - ok
15:00:02.0618 3432 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:00:02.0618 3432 RDPCDD - ok
15:00:02.0649 3432 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:00:02.0649 3432 RDPENCDD - ok
15:00:02.0665 3432 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:00:02.0665 3432 RDPREFMP - ok
15:00:02.0696 3432 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:00:02.0712 3432 RdpVideoMiniport - ok
15:00:02.0727 3432 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:00:02.0743 3432 RDPWD - ok
15:00:02.0774 3432 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:00:02.0790 3432 rdyboost - ok
15:00:02.0805 3432 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
15:00:02.0805 3432 RemoteAccess - ok
15:00:02.0852 3432 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:00:02.0868 3432 RemoteRegistry - ok
15:00:02.0899 3432 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:00:02.0915 3432 RpcEptMapper - ok
15:00:02.0946 3432 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
15:00:02.0961 3432 RpcLocator - ok
15:00:03.0008 3432 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\System32\rpcss.dll
15:00:03.0008 3432 RpcSs - ok
15:00:03.0055 3432 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:00:03.0055 3432 rspndr - ok
15:00:03.0086 3432 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
15:00:03.0086 3432 SamSs - ok
15:00:03.0149 3432 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:00:03.0149 3432 sbp2port - ok
15:00:03.0180 3432 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:00:03.0211 3432 SCardSvr - ok
15:00:03.0258 3432 [ 52402149E66200C2C2BDA115BCA757D6 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
15:00:03.0258 3432 SCDEmu - ok
15:00:03.0305 3432 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:00:03.0305 3432 scfilter - ok
15:00:03.0351 3432 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
15:00:03.0367 3432 Schedule - ok
15:00:03.0398 3432 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:00:03.0398 3432 SCPolicySvc - ok
15:00:03.0429 3432 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:00:03.0445 3432 SDRSVC - ok
15:00:03.0492 3432 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:00:03.0492 3432 secdrv - ok
15:00:03.0507 3432 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
15:00:03.0523 3432 seclogon - ok
15:00:03.0539 3432 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
15:00:03.0539 3432 SENS - ok
15:00:03.0570 3432 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:00:03.0585 3432 SensrSvc - ok
15:00:03.0601 3432 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\drivers\serenum.sys
15:00:03.0617 3432 Serenum - ok
15:00:03.0663 3432 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\drivers\serial.sys
15:00:03.0663 3432 Serial - ok
15:00:03.0710 3432 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
15:00:03.0710 3432 sermouse - ok
15:00:03.0757 3432 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
15:00:03.0757 3432 SessionEnv - ok
15:00:03.0788 3432 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:00:03.0788 3432 sffdisk - ok
15:00:03.0819 3432 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:00:03.0819 3432 sffp_mmc - ok
15:00:03.0835 3432 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:00:03.0835 3432 sffp_sd - ok
15:00:03.0851 3432 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
15:00:03.0851 3432 sfloppy - ok
15:00:03.0882 3432 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:00:03.0897 3432 SharedAccess - ok
15:00:03.0929 3432 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:00:03.0944 3432 ShellHWDetection - ok
15:00:03.0960 3432 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
15:00:03.0960 3432 sisagp - ok
15:00:03.0991 3432 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
15:00:03.0991 3432 SiSRaid2 - ok
15:00:04.0007 3432 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
15:00:04.0022 3432 SiSRaid4 - ok
15:00:04.0053 3432 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:00:04.0053 3432 Smb - ok
15:00:04.0100 3432 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:00:04.0100 3432 SNMPTRAP - ok
15:00:04.0131 3432 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
15:00:04.0131 3432 spldr - ok
15:00:04.0178 3432 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
15:00:04.0178 3432 Spooler - ok
15:00:04.0287 3432 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
15:00:04.0334 3432 sppsvc - ok
15:00:04.0365 3432 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:00:04.0381 3432 sppuinotify - ok
15:00:04.0412 3432 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
15:00:04.0412 3432 srv - ok
15:00:04.0443 3432 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:00:04.0443 3432 srv2 - ok
15:00:04.0459 3432 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:00:04.0459 3432 srvnet - ok
15:00:04.0506 3432 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:00:04.0506 3432 SSDPSRV - ok
15:00:04.0537 3432 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:00:04.0537 3432 SstpSvc - ok
15:00:04.0584 3432 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
15:00:04.0584 3432 stexstor - ok
15:00:04.0615 3432 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
15:00:04.0631 3432 StiSvc - ok
15:00:04.0662 3432 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:00:04.0662 3432 swenum - ok
15:00:04.0771 3432 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:00:04.0771 3432 SwitchBoard - ok
15:00:04.0818 3432 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
15:00:04.0849 3432 swprv - ok
15:00:04.0896 3432 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
15:00:04.0911 3432 SysMain - ok
15:00:04.0927 3432 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:00:04.0958 3432 TabletInputService - ok
15:00:04.0974 3432 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
15:00:05.0005 3432 TapiSrv - ok
15:00:05.0021 3432 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
15:00:05.0036 3432 TBS - ok
15:00:05.0099 3432 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:00:05.0130 3432 Tcpip - ok
15:00:05.0208 3432 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:00:05.0223 3432 TCPIP6 - ok
15:00:05.0239 3432 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:00:05.0239 3432 tcpipreg - ok
15:00:05.0286 3432 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:00:05.0301 3432 TDPIPE - ok
15:00:05.0317 3432 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:00:05.0317 3432 TDTCP - ok
15:00:05.0333 3432 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:00:05.0333 3432 tdx - ok
15:00:05.0379 3432 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:00:05.0379 3432 TermDD - ok
15:00:05.0411 3432 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
15:00:05.0442 3432 TermService - ok
15:00:05.0457 3432 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
15:00:05.0473 3432 Themes - ok
15:00:05.0504 3432 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
15:00:05.0504 3432 THREADORDER - ok
15:00:05.0535 3432 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
15:00:05.0551 3432 TrkWks - ok
15:00:05.0598 3432 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:00:05.0598 3432 TrustedInstaller - ok
15:00:05.0629 3432 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:00:05.0629 3432 tssecsrv - ok
15:00:05.0660 3432 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:00:05.0660 3432 TsUsbFlt - ok
15:00:05.0691 3432 [ 57C527AF84748B5C2F5178C499C0B81F ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
15:00:05.0691 3432 TsUsbGD - ok
15:00:05.0723 3432 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:00:05.0738 3432 tunnel - ok
15:00:05.0769 3432 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
15:00:05.0769 3432 uagp35 - ok
15:00:05.0801 3432 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:00:05.0801 3432 udfs - ok
15:00:05.0832 3432 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:00:05.0847 3432 UI0Detect - ok
15:00:05.0863 3432 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:00:05.0879 3432 uliagpkx - ok
15:00:05.0894 3432 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:00:05.0910 3432 umbus - ok
15:00:05.0925 3432 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
15:00:05.0941 3432 UmPass - ok
15:00:05.0972 3432 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
15:00:05.0988 3432 upnphost - ok
15:00:06.0019 3432 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:00:06.0019 3432 usbccgp - ok
15:00:06.0035 3432 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:00:06.0050 3432 usbcir - ok
15:00:06.0081 3432 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:00:06.0081 3432 usbehci - ok
15:00:06.0128 3432 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:00:06.0128 3432 usbhub - ok
15:00:06.0159 3432 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
15:00:06.0175 3432 usbohci - ok
15:00:06.0206 3432 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:00:06.0206 3432 usbprint - ok
15:00:06.0237 3432 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:00:06.0237 3432 usbscan - ok
15:00:06.0253 3432 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
15:00:06.0253 3432 USBSTOR - ok
15:00:06.0284 3432 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:00:06.0284 3432 usbuhci - ok
15:00:06.0331 3432 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
15:00:06.0331 3432 UxSms - ok
15:00:06.0347 3432 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
15:00:06.0362 3432 VaultSvc - ok
15:00:06.0393 3432 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:00:06.0393 3432 vdrvroot - ok
15:00:06.0440 3432 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
15:00:06.0456 3432 vds - ok
15:00:06.0471 3432 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:00:06.0471 3432 vga - ok
15:00:06.0518 3432 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
15:00:06.0518 3432 VgaSave - ok
15:00:06.0534 3432 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:00:06.0534 3432 vhdmp - ok
15:00:06.0565 3432 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
15:00:06.0565 3432 viaagp - ok
15:00:06.0596 3432 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
15:00:06.0596 3432 ViaC7 - ok
15:00:06.0627 3432 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
15:00:06.0627 3432 viaide - ok
15:00:06.0643 3432 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:00:06.0643 3432 volmgr - ok
15:00:06.0674 3432 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:00:06.0690 3432 volmgrx - ok
15:00:06.0705 3432 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:00:06.0721 3432 volsnap - ok
15:00:06.0752 3432 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
15:00:06.0752 3432 vsmraid - ok
15:00:06.0815 3432 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
15:00:06.0846 3432 VSS - ok
15:00:06.0893 3432 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
15:00:06.0893 3432 vwifibus - ok
15:00:06.0924 3432 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
15:00:06.0939 3432 W32Time - ok
15:00:06.0971 3432 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
15:00:06.0986 3432 WacomPen - ok
15:00:07.0017 3432 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:00:07.0017 3432 WANARP - ok
15:00:07.0033 3432 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:00:07.0033 3432 Wanarpv6 - ok
15:00:07.0111 3432 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
15:00:07.0158 3432 WatAdminSvc - ok
15:00:07.0236 3432 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
15:00:07.0298 3432 wbengine - ok
15:00:07.0314 3432 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:00:07.0345 3432 WbioSrvc - ok
15:00:07.0361 3432 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:00:07.0407 3432 wcncsvc - ok
15:00:07.0423 3432 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:00:07.0454 3432 WcsPlugInService - ok
15:00:07.0485 3432 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
15:00:07.0485 3432 Wd - ok
15:00:07.0517 3432 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:00:07.0532 3432 Wdf01000 - ok
15:00:07.0563 3432 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:00:07.0579 3432 WdiServiceHost - ok
15:00:07.0595 3432 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:00:07.0610 3432 WdiSystemHost - ok
15:00:07.0626 3432 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
15:00:07.0641 3432 WebClient - ok
15:00:07.0673 3432 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:00:07.0673 3432 Wecsvc - ok
15:00:07.0704 3432 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:00:07.0719 3432 wercplsupport - ok
15:00:07.0751 3432 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
15:00:07.0766 3432 WerSvc - ok
15:00:07.0797 3432 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:00:07.0797 3432 WfpLwf - ok
15:00:07.0813 3432 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:00:07.0829 3432 WIMMount - ok
15:00:07.0875 3432 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
15:00:07.0891 3432 WinDefend - ok
15:00:07.0907 3432 WinHttpAutoProxySvc - ok
15:00:07.0969 3432 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:00:08.0000 3432 Winmgmt - ok
15:00:08.0078 3432 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
15:00:08.0125 3432 WinRM - ok
15:00:08.0187 3432 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
15:00:08.0219 3432 Wlansvc - ok
15:00:08.0234 3432 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:00:08.0234 3432 WmiAcpi - ok
15:00:08.0281 3432 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:00:08.0281 3432 wmiApSrv - ok
15:00:08.0375 3432 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
15:00:08.0375 3432 WMPNetworkSvc - ok
15:00:08.0421 3432 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:00:08.0421 3432 WPCSvc - ok
15:00:08.0453 3432 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:00:08.0453 3432 WPDBusEnum - ok
15:00:08.0468 3432 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:00:08.0468 3432 ws2ifsl - ok
15:00:08.0499 3432 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
15:00:08.0515 3432 wscsvc - ok
15:00:08.0531 3432 WSearch - ok
15:00:08.0609 3432 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
15:00:08.0671 3432 wuauserv - ok
15:00:08.0687 3432 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:00:08.0687 3432 WudfPf - ok
15:00:08.0718 3432 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:00:08.0718 3432 WUDFRd - ok
15:00:08.0749 3432 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:00:08.0765 3432 wudfsvc - ok
15:00:08.0780 3432 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
15:00:08.0811 3432 WwanSvc - ok
15:00:08.0827 3432 ================ Scan global ===============================
15:00:08.0858 3432 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
15:00:08.0889 3432 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
15:00:08.0921 3432 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
15:00:08.0952 3432 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
15:00:08.0999 3432 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
15:00:08.0999 3432 [Global] - ok
15:00:08.0999 3432 ================ Scan MBR ==================================
15:00:09.0014 3432 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:00:10.0184 3432 \Device\Harddisk0\DR0 - ok
15:00:10.0184 3432 ================ Scan VBR ==================================
15:00:10.0231 3432 [ 7B92A41882C2A93F927A4203C166D5B9 ] \Device\Harddisk0\DR0\Partition1
15:00:10.0247 3432 \Device\Harddisk0\DR0\Partition1 - ok
15:00:10.0278 3432 [ 1E1C534372ADACB1496E66D49E1124F7 ] \Device\Harddisk0\DR0\Partition2
15:00:10.0293 3432 \Device\Harddisk0\DR0\Partition2 - ok
15:00:10.0325 3432 [ A6314D0ABBFF2081F2E3BB372115E8D4 ] \Device\Harddisk0\DR0\Partition3
15:00:10.0356 3432 \Device\Harddisk0\DR0\Partition3 - ok
15:00:10.0356 3432 ================ Scan active images ========================
15:00:10.0356 3432 [ B7EFEF22FF426EC4158A177CB3B558D3 ] C:\Windows\System32\drivers\crashdmp.sys
15:00:10.0356 3432 C:\Windows\System32\drivers\crashdmp.sys - ok
15:00:10.0371 3432 [ E328ACA20B07A303A89B4C4AAA64DC0F ] C:\Windows\System32\drivers\amd_sata.sys
15:00:10.0371 3432 C:\Windows\System32\drivers\amd_sata.sys - ok
15:00:10.0387 3432 [ D0F0D7A97C90FE72A79732812E65F822 ] C:\Windows\System32\drivers\Diskdump.sys
15:00:10.0387 3432 C:\Windows\System32\drivers\Diskdump.sys - ok
15:00:10.0403 3432 [ 62A63EF2F3053B461CB327E4D69AAA74 ] C:\Windows\System32\drivers\dumpfve.sys
15:00:10.0403 3432 C:\Windows\System32\drivers\dumpfve.sys - ok
15:00:10.0418 3432 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] C:\Windows\System32\drivers\cdrom.sys
15:00:10.0418 3432 C:\Windows\System32\drivers\cdrom.sys - ok
15:00:10.0434 3432 [ 6CAB0A5991C5C0FC63F5E66593E71D7E ] C:\Windows\System32\drivers\aswSnx.sys
15:00:10.0434 3432 C:\Windows\System32\drivers\aswSnx.sys - ok
15:00:10.0449 3432 [ 505506526A9D467307B3C393DEDAF858 ] C:\Windows\System32\drivers\beep.sys
15:00:10.0449 3432 C:\Windows\System32\drivers\beep.sys - ok
15:00:10.0465 3432 [ F9756A98D69098DCA8945D62858A812C ] C:\Windows\System32\drivers\null.sys
15:00:10.0465 3432 C:\Windows\System32\drivers\null.sys - ok
15:00:10.0465 3432 [ 8E38096AD5C8570A6F1570A61E251561 ] C:\Windows\System32\drivers\vga.sys
15:00:10.0465 3432 C:\Windows\System32\drivers\vga.sys - ok
15:00:10.0481 3432 [ 15C126D1B55814B9E5CAB10A9C1F4C67 ] C:\Windows\System32\drivers\videoprt.sys
15:00:10.0481 3432 C:\Windows\System32\drivers\videoprt.sys - ok
15:00:10.0481 3432 [ CB45A417C8EF7BA6BAC67EDCDDED8700 ] C:\Windows\System32\drivers\watchdog.sys
15:00:10.0496 3432 C:\Windows\System32\drivers\watchdog.sys - ok
15:00:10.0496 3432 [ 23DAE03F29D253AE74C44F99E515F9A1 ] C:\Windows\System32\drivers\RDPCDD.sys
15:00:10.0496 3432 C:\Windows\System32\drivers\RDPCDD.sys - ok
15:00:10.0512 3432 [ 5A53CA1598DD4156D44196D200C94B8A ] C:\Windows\System32\drivers\RDPENCDD.sys
15:00:10.0512 3432 C:\Windows\System32\drivers\RDPENCDD.sys - ok
15:00:10.0527 3432 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] C:\Windows\System32\drivers\msfs.sys
15:00:10.0527 3432 C:\Windows\System32\drivers\msfs.sys - ok
15:00:10.0543 3432 [ 1DB262A9F8C087E8153D89BEF3D2235F ] C:\Windows\System32\drivers\npfs.sys
15:00:10.0543 3432 C:\Windows\System32\drivers\npfs.sys - ok
15:00:10.0543 3432 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] C:\Windows\System32\drivers\RDPREFMP.sys
15:00:10.0543 3432 C:\Windows\System32\drivers\RDPREFMP.sys - ok
15:00:10.0559 3432 [ 2F885864D5BC8A16C86BEE595969A48A ] C:\Windows\System32\drivers\tdi.sys
15:00:10.0559 3432 C:\Windows\System32\drivers\tdi.sys - ok
15:00:10.0574 3432 [ B459575348C20E8121D6039DA063C704 ] C:\Windows\System32\drivers\tdx.sys
15:00:10.0574 3432 C:\Windows\System32\drivers\tdx.sys - ok
15:00:10.0574 3432 [ 1F71F170D90E42EFDE9633D81D5E12DC ] C:\Windows\System32\drivers\aswTdi.sys
15:00:10.0574 3432 C:\Windows\System32\drivers\aswTdi.sys - ok
15:00:10.0590 3432 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] C:\Windows\System32\drivers\afd.sys
15:00:10.0590 3432 C:\Windows\System32\drivers\afd.sys - ok
15:00:10.0605 3432 [ FFE9A993B3EC2908FECB1DF2C39148BB ] C:\Windows\System32\drivers\aswRdr2.sys
15:00:10.0605 3432 C:\Windows\System32\drivers\aswRdr2.sys - ok
15:00:10.0605 3432 [ 280122DDCF04B378EDD1AD54D71C1E54 ] C:\Windows\System32\drivers\netbt.sys
15:00:10.0605 3432 C:\Windows\System32\drivers\netbt.sys - ok
15:00:10.0621 3432 [ 6DB3276587B853BF886B69528FDB048C ] C:\Windows\System32\drivers\ws2ifsl.sys
15:00:10.0621 3432 C:\Windows\System32\drivers\ws2ifsl.sys - ok
15:00:10.0637 3432 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] C:\Windows\System32\drivers\netbios.sys
15:00:10.0637 3432 C:\Windows\System32\drivers\netbios.sys - ok
15:00:10.0652 3432 [ 6270CCAE2A86DE6D146529FE55B3246A ] C:\Windows\System32\drivers\pacer.sys
15:00:10.0652 3432 C:\Windows\System32\drivers\pacer.sys - ok
15:00:10.0652 3432 [ 8B9A943F3B53861F2BFAF6C186168F79 ] C:\Windows\System32\drivers\wfplwf.sys
15:00:10.0652 3432 C:\Windows\System32\drivers\wfplwf.sys - ok
15:00:10.0668 3432 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] C:\Windows\System32\drivers\wanarp.sys
15:00:10.0668 3432 C:\Windows\System32\drivers\wanarp.sys - ok
15:00:10.0668 3432 [ 52402149E66200C2C2BDA115BCA757D6 ] C:\Windows\System32\drivers\scdemu.sys
15:00:10.0668 3432 C:\Windows\System32\drivers\scdemu.sys - ok
15:00:10.0683 3432 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] C:\Windows\System32\drivers\termdd.sys
15:00:10.0683 3432 C:\Windows\System32\drivers\termdd.sys - ok
15:00:10.0699 3432 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] C:\Windows\System32\drivers\nsiproxy.sys
15:00:10.0699 3432 C:\Windows\System32\drivers\nsiproxy.sys - ok
15:00:10.0715 3432 [ D528BC58A489409BA40334EBF96A311B ] C:\Windows\System32\drivers\rdbss.sys
15:00:10.0715 3432 C:\Windows\System32\drivers\rdbss.sys - ok
15:00:10.0715 3432 [ 1A050B0274BFB3890703D490F330C0DA ] C:\Windows\System32\drivers\discache.sys
15:00:10.0715 3432 C:\Windows\System32\drivers\discache.sys - ok
15:00:10.0730 3432 [ FC6B9FF600CC585EA38B12589BD4E246 ] C:\Windows\System32\drivers\mssmbios.sys
15:00:10.0730 3432 C:\Windows\System32\drivers\mssmbios.sys - ok
15:00:10.0746 3432 [ 2287078ED48FCFC477B05B20CF38F36F ] C:\Windows\System32\drivers\blbdrive.sys
15:00:10.0746 3432 C:\Windows\System32\drivers\blbdrive.sys - ok
15:00:10.0746 3432 [ F024449C97EC1E464AAFFDA18593DB88 ] C:\Windows\System32\drivers\dfsc.sys
15:00:10.0746 3432 C:\Windows\System32\drivers\dfsc.sys - ok
15:00:10.0761 3432 [ 99102F60F344BEBAF4F6114514FD28D3 ] C:\Windows\System32\drivers\aswSP.sys
15:00:10.0761 3432 C:\Windows\System32\drivers\aswSP.sys - ok
15:00:10.0777 3432 [ B2FA25D9B17A68BB93D58B0556E8C90D ] C:\Windows\System32\drivers\tunnel.sys
15:00:10.0777 3432 C:\Windows\System32\drivers\tunnel.sys - ok
15:00:10.0793 3432 [ C30A91ADE8C9CB91E4281EC83C4500C6 ] C:\Windows\System32\ntdll.dll
15:00:10.0793 3432 C:\Windows\System32\ntdll.dll - ok
15:00:10.0808 3432 [ DE91DCC7BC55E940979097E98F743205 ] C:\Windows\System32\smss.exe
15:00:10.0808 3432 C:\Windows\System32\smss.exe - ok
15:00:10.0808 3432 [ 5E1C65524FF1713711CE27879D813384 ] C:\Windows\System32\drivers\atikmpag.sys
15:00:10.0808 3432 C:\Windows\System32\drivers\atikmpag.sys - ok
15:00:10.0824 3432 [ F88A52EB62019D6A62FDD9E08034DBD8 ] C:\Windows\System32\autochk.exe
15:00:10.0824 3432 C:\Windows\System32\autochk.exe - ok
15:00:10.0824 3432 [ 65B44179CF184B08E86097BFFBF03F24 ] C:\Windows\System32\drivers\atikmdag.sys
15:00:10.0824 3432 C:\Windows\System32\drivers\atikmdag.sys - ok
15:00:10.0839 3432 [ 16498EBC04AE9DD07049A8884B205C05 ] C:\Windows\System32\drivers\dxgkrnl.sys
15:00:10.0839 3432 C:\Windows\System32\drivers\dxgkrnl.sys - ok
15:00:10.0855 3432 [ E405328A0E38BF823E2361C413283F6D ] C:\Windows\System32\drivers\dxgmms1.sys
15:00:10.0855 3432 C:\Windows\System32\drivers\dxgmms1.sys - ok
15:00:10.0871 3432 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] C:\Windows\System32\drivers\usbohci.sys
15:00:10.0871 3432 C:\Windows\System32\drivers\usbohci.sys - ok
15:00:10.0871 3432 [ 3AA940AA9AC3055FE32FF2D3D20CCD28 ] C:\Windows\System32\drivers\usbport.sys
15:00:10.0871 3432 C:\Windows\System32\drivers\usbport.sys - ok
15:00:10.0886 3432 [ 9036377B8A6C15DC2EEC53E489D159B5 ] C:\Windows\System32\drivers\hdaudbus.sys
15:00:10.0886 3432 C:\Windows\System32\drivers\hdaudbus.sys - ok
15:00:10.0902 3432 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] C:\Windows\System32\drivers\usbehci.sys
15:00:10.0902 3432 C:\Windows\System32\drivers\usbehci.sys - ok
15:00:10.0902 3432 [ B15A671443B98FC8A7BB0E8A78C3F65E ] C:\Windows\System32\drivers\L1C62x86.sys
15:00:10.0902 3432 C:\Windows\System32\drivers\L1C62x86.sys - ok
15:00:10.0917 3432 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] C:\Windows\System32\drivers\amdppm.sys
15:00:10.0917 3432 C:\Windows\System32\drivers\amdppm.sys - ok
15:00:10.0933 3432 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] C:\Windows\System32\drivers\CompositeBus.sys
15:00:10.0933 3432 C:\Windows\System32\drivers\CompositeBus.sys - ok
15:00:10.0933 3432 [ 57EC4AEF73660166074D8F7F31C0D4FD ] C:\Windows\System32\drivers\agilevpn.sys
15:00:10.0933 3432 C:\Windows\System32\drivers\agilevpn.sys - ok
15:00:10.0949 3432 [ D9F91EAFEC2815365CBE6D167E4E332A ] C:\Windows\System32\drivers\rasl2tp.sys
15:00:10.0949 3432 C:\Windows\System32\drivers\rasl2tp.sys - ok
15:00:10.0964 3432 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] C:\Windows\System32\drivers\ndistapi.sys
15:00:10.0964 3432 C:\Windows\System32\drivers\ndistapi.sys - ok
15:00:10.0980 3432 [ 38FBE267E7E6983311179230FACB1017 ] C:\Windows\System32\drivers\ndiswan.sys
15:00:10.0980 3432 C:\Windows\System32\drivers\ndiswan.sys - ok
15:00:10.0980 3432 [ 0FE8B15916307A6AC12BFB6A63E45507 ] C:\Windows\System32\drivers\raspppoe.sys
15:00:10.0980 3432 C:\Windows\System32\drivers\raspppoe.sys - ok
15:00:10.0995 3432 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] C:\Windows\System32\drivers\raspptp.sys
15:00:10.0995 3432 C:\Windows\System32\drivers\raspptp.sys - ok
15:00:11.0011 3432 [ 44101F495A83EA6401D886E7FD70096B ] C:\Windows\System32\drivers\rassstp.sys
15:00:11.0011 3432 C:\Windows\System32\drivers\rassstp.sys - ok
15:00:11.0027 3432 [ ADEF52CA1AEAE82B50DF86B56413107E ] C:\Windows\System32\drivers\kbdclass.sys
15:00:11.0027 3432 C:\Windows\System32\drivers\kbdclass.sys - ok
15:00:11.0042 3432 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] C:\Windows\System32\drivers\mouclass.sys
15:00:11.0042 3432 C:\Windows\System32\drivers\mouclass.sys - ok
15:00:11.0058 3432 [ 5DCEF0C32BE0F33277326586FA503689 ] C:\Windows\System32\drivers\ks.sys
15:00:11.0058 3432 C:\Windows\System32\drivers\ks.sys - ok
15:00:11.0073 3432 [ E58C78A848ADD9610A4DB6D214AF5224 ] C:\Windows\System32\drivers\swenum.sys
15:00:11.0073 3432 C:\Windows\System32\drivers\swenum.sys - ok
15:00:11.0089 3432 [ D295BED4B898F0FD999FCFA9B32B071B ] C:\Windows\System32\drivers\umbus.sys
15:00:11.0089 3432 C:\Windows\System32\drivers\umbus.sys - ok
15:00:11.0089 3432 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] C:\Windows\System32\drivers\usbhub.sys
15:00:11.0089 3432 C:\Windows\System32\drivers\usbhub.sys - ok
15:00:11.0105 3432 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] C:\Windows\System32\drivers\ndproxy.sys
15:00:11.0105 3432 C:\Windows\System32\drivers\ndproxy.sys - ok
15:00:11.0120 3432 [ 27F9288AF019E6DACA281EDE51FF5928 ] C:\Windows\System32\drivers\drmk.sys
15:00:11.0120 3432 C:\Windows\System32\drivers\drmk.sys - ok
15:00:11.0120 3432 [ D72708C9F49500C13D7D067E169B7715 ] C:\Windows\System32\drivers\portcls.sys
15:00:11.0120 3432 C:\Windows\System32\drivers\portcls.sys - ok
15:00:11.0136 3432 [ 0FD8A26BB84F61F9301B2D7B91151818 ] C:\Windows\System32\drivers\RTKVHDA.sys
15:00:11.0136 3432 C:\Windows\System32\drivers\RTKVHDA.sys - ok
15:00:11.0151 3432 [ 931A1DF1520ABC6E84BA4A75E6957025 ] C:\Windows\System32\drivers\hidclass.sys
15:00:11.0151 3432 C:\Windows\System32\drivers\hidclass.sys - ok
15:00:11.0151 3432 [ 6C26122F1931D4D7810240F32DDCE890 ] C:\Windows\System32\drivers\hidparse.sys
15:00:11.0151 3432 C:\Windows\System32\drivers\hidparse.sys - ok
15:00:11.0167 3432 [ 5787196F32D043572EC6565C0EF1B8E0 ] C:\Windows\System32\drivers\usbd.sys
15:00:11.0167 3432 C:\Windows\System32\drivers\usbd.sys - ok
15:00:11.0183 3432 [ 10C19F8290891AF023EAEC0832E1EB4D ] C:\Windows\System32\drivers\hidusb.sys
15:00:11.0183 3432 C:\Windows\System32\drivers\hidusb.sys - ok
15:00:11.0183 3432 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] C:\Windows\System32\drivers\mouhid.sys
15:00:11.0183 3432 C:\Windows\System32\drivers\mouhid.sys - ok
15:00:11.0198 3432 [ 65C95886E1B17001ADDF163AC18C5525 ] C:\Windows\System32\urlmon.dll
15:00:11.0198 3432 C:\Windows\System32\urlmon.dll - ok
15:00:11.0214 3432 [ BD9C55D7023C5DE374507ACC7A14E2AC ] C:\Windows\System32\drivers\usbccgp.sys
15:00:11.0214 3432 C:\Windows\System32\drivers\usbccgp.sys - ok
15:00:11.0214 3432 [ F991AB9CC6B908DB552166768176896A ] C:\Windows\System32\drivers\USBSTOR.SYS
15:00:11.0214 3432 C:\Windows\System32\drivers\USBSTOR.SYS - ok
15:00:11.0229 3432 [ EE43346C7E4B5E63E54F927BABBB32FF ] C:\Windows\System32\drivers\udfs.sys
15:00:11.0229 3432 C:\Windows\System32\drivers\udfs.sys - ok
15:00:11.0245 3432 [ 5ABB3F36AF17007F33FA275E96A2C95E ] C:\Windows\System32\wininet.dll
15:00:11.0245 3432 C:\Windows\System32\wininet.dll - ok
15:00:11.0245 3432 [ 928CF7268086631F54C3D8E17238C6DD ] C:\Windows\System32\ole32.dll
15:00:11.0245 3432 C:\Windows\System32\ole32.dll - ok
15:00:11.0261 3432 [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\System32\msctf.dll
15:00:11.0261 3432 C:\Windows\System32\msctf.dll - ok
15:00:11.0276 3432 [ AE09B85158C66E2C154C5C9B3C0027B3 ] C:\Windows\System32\kernel32.dll
15:00:11.0276 3432 C:\Windows\System32\kernel32.dll - ok
15:00:11.0276 3432 [ A8BB45F9ECAD993461E0FEF8E2A99152 ] C:\Windows\System32\Wldap32.dll
15:00:11.0276 3432 C:\Windows\System32\Wldap32.dll - ok
15:00:11.0292 3432 [ 565D78187494FB5F08B5A52DEB2AEA7A ] C:\Windows\System32\shell32.dll
15:00:11.0292 3432 C:\Windows\System32\shell32.dll - ok
15:00:11.0307 3432 [ 9E3CED91863E6EE98C24794D05E27A71 ] C:\Windows\System32\drivers\kbdhid.sys
15:00:11.0307 3432 C:\Windows\System32\drivers\kbdhid.sys - ok
15:00:11.0307 3432 [ 4F154D2C9C6DF951FD6E5AABBAE6B5EE ] C:\Windows\System32\lpk.dll
15:00:11.0307 3432 C:\Windows\System32\lpk.dll - ok
15:00:11.0323 3432 [ 6400774E903729ADD0A62A24A334EE56 ] C:\Windows\System32\rpcrt4.dll
15:00:11.0323 3432 C:\Windows\System32\rpcrt4.dll - ok
15:00:11.0339 3432 [ B7230010D97787AF3D25E4C82F2B06B9 ] C:\Windows\System32\usp10.dll
15:00:11.0339 3432 C:\Windows\System32\usp10.dll - ok
15:00:11.0339 3432 [ FF5688D309347F2720911D8796912834 ] C:\Windows\System32\clbcatq.dll
15:00:11.0339 3432 C:\Windows\System32\clbcatq.dll - ok
15:00:11.0354 3432 [ 7FF15A4F092CD4A96055BA69F903E3E9 ] C:\Windows\System32\ws2_32.dll
15:00:11.0354 3432 C:\Windows\System32\ws2_32.dll - ok
15:00:11.0370 3432 [ 6C765E82B57F2E66CE9C54AC238471D9 ] C:\Windows\System32\oleaut32.dll
15:00:11.0370 3432 C:\Windows\System32\oleaut32.dll - ok
15:00:11.0370 3432 [ 9DC80A8AAAAAC397BDAB3C67165A824E ] C:\Windows\System32\msvcrt.dll
15:00:11.0370 3432 C:\Windows\System32\msvcrt.dll - ok
15:00:11.0385 3432 [ B2DB6ABA2E292235749B80A9C3DFA867 ] C:\Windows\System32\imagehlp.dll
15:00:11.0385 3432 C:\Windows\System32\imagehlp.dll - ok
15:00:11.0401 3432 [ 8CC3C111D653E96F3EA1590891491D71 ] C:\Windows\System32\shlwapi.dll
15:00:11.0401 3432 C:\Windows\System32\shlwapi.dll - ok
15:00:11.0401 3432 [ 10FB16B50AFFDA6D44588F3C445DC273 ] C:\Windows\System32\setupapi.dll
15:00:11.0401 3432 C:\Windows\System32\setupapi.dll - ok
15:00:11.0417 3432 [ 95E2376B3323F062EB562B8586D0F14A ] C:\Windows\System32\advapi32.dll
15:00:11.0417 3432 C:\Windows\System32\advapi32.dll - ok
15:00:11.0432 3432 [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\System32\normaliz.dll
15:00:11.0432 3432 C:\Windows\System32\normaliz.dll - ok
15:00:11.0432 3432 [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\System32\psapi.dll
15:00:11.0432 3432 C:\Windows\System32\psapi.dll - ok
15:00:11.0448 3432 [ F59A16A9418044C1D505C53DA370B099 ] C:\Windows\System32\iertutil.dll
15:00:11.0448 3432 C:\Windows\System32\iertutil.dll - ok
15:00:11.0448 3432 [ D1DE1EAFDE97BE41CF6585027FF3E732 ] C:\Windows\System32\comdlg32.dll
15:00:11.0448 3432 C:\Windows\System32\comdlg32.dll - ok
15:00:11.0463 3432 [ F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 ] C:\Windows\System32\user32.dll
15:00:11.0463 3432 C:\Windows\System32\user32.dll - ok
15:00:11.0479 3432 [ 070C5B9D3006602A07757179D9B56F5D ] C:\Windows\System32\difxapi.dll
15:00:11.0479 3432 C:\Windows\System32\difxapi.dll - ok
15:00:11.0495 3432 [ E87F5393F7D8CE2FACC4DFF703531392 ] C:\Windows\System32\gdi32.dll
15:00:11.0495 3432 C:\Windows\System32\gdi32.dll - ok
15:00:11.0495 3432 [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\System32\nsi.dll
15:00:11.0495 3432 C:\Windows\System32\nsi.dll - ok
15:00:11.0510 3432 [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\System32\sechost.dll
15:00:11.0510 3432 C:\Windows\System32\sechost.dll - ok
15:00:11.0526 3432 [ 4A8E2F20809CC161107FAA94F6CF2685 ] C:\Windows\System32\imm32.dll
15:00:11.0526 3432 C:\Windows\System32\imm32.dll - ok
15:00:11.0526 3432 [ AD88D390C9417C959E08F8BF6F2B8154 ] C:\Windows\System32\KernelBase.dll
15:00:11.0526 3432 C:\Windows\System32\KernelBase.dll - ok
15:00:11.0541 3432 [ 6A13B4F3B3F575F1E24B877B9359AABA ] C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
15:00:11.0541 3432 C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll - ok
15:00:11.0557 3432 [ 2E33DFD10F28F86C3FC40EE123CC3904 ] C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
15:00:11.0557 3432 C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll - ok
15:00:11.0557 3432 [ 1C60E09CA1C3A045BC4D367F67C915B7 ] C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
15:00:11.0557 3432 C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll - ok
15:00:11.0573 3432 [ 3BE0D923AA45A4DBE091C2D84F0B4FE7 ] C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
15:00:11.0573 3432 C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll - ok
15:00:11.0588 3432 [ 3FFAEA12666E565FF51BF2FCA674F543 ] C:\Windows\System32\cfgmgr32.dll
15:00:11.0588 3432 C:\Windows\System32\cfgmgr32.dll - ok
15:00:11.0588 3432 [ BDAC1AA64495D0F7E1FF810EBBF1F018 ] C:\Windows\System32\comctl32.dll
15:00:11.0588 3432 C:\Windows\System32\comctl32.dll - ok
15:00:11.0604 3432 [ 6951562DC4625EEFC6EACD52AD165866 ] C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
15:00:11.0604 3432 C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll - ok
15:00:11.0619 3432 [ 60D21799A4AF4EDCE65FB98830E4B0C8 ] C:\Windows\System32\crypt32.dll
15:00:11.0619 3432 C:\Windows\System32\crypt32.dll - ok
15:00:11.0619 3432 [ CC4ED8BEA78B0DCA6F217E014C3291A7 ] C:\Windows\System32\devobj.dll
15:00:11.0619 3432 C:\Windows\System32\devobj.dll - ok
15:00:11.0635 3432 [ 17448AF0BBA9E7AB5EC955AF93F271BD ] C:\Windows\System32\wintrust.dll
15:00:11.0635 3432 C:\Windows\System32\wintrust.dll - ok
15:00:11.0651 3432 [ 589CBC4989F750E1DA35625AB481CF43 ] C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
15:00:11.0651 3432 C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll - ok
15:00:11.0666 3432 [ 938F39B50BAFE13D6F58C7790682C010 ] C:\Windows\System32\msasn1.dll
15:00:11.0666 3432 C:\Windows\System32\msasn1.dll - ok
15:00:11.0666 3432 [ 5FCD3320AAE71506B43F9E12E4E72172 ] C:\Windows\System32\drivers\dxapi.sys
15:00:11.0666 3432 C:\Windows\System32\drivers\dxapi.sys - ok
15:00:11.0682 3432 [ 52948A58E4E64427DC399A409EF1CAB5 ] C:\Windows\System32\win32k.sys
15:00:11.0682 3432 C:\Windows\System32\win32k.sys - ok
15:00:11.0697 3432 [ 23AB7E36551C6BA5370EF7F05142F0EB ] C:\Windows\System32\csrsrv.dll
15:00:11.0697 3432 C:\Windows\System32\csrsrv.dll - ok
15:00:11.0697 3432 [ 342271F6142E7C70805B8A81E1BA5F5C ] C:\Windows\System32\csrss.exe
15:00:11.0697 3432 C:\Windows\System32\csrss.exe - ok
15:00:11.0713 3432 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\System32\basesrv.dll
15:00:11.0713 3432 C:\Windows\System32\basesrv.dll - ok
15:00:11.0729 3432 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\System32\winsrv.dll
15:00:11.0729 3432 C:\Windows\System32\winsrv.dll - ok
15:00:11.0729 3432 [ 79D10964DE86B292320E9DFE02282A23 ] C:\Windows\System32\drivers\monitor.sys
15:00:11.0729 3432 C:\Windows\System32\drivers\monitor.sys - ok
15:00:11.0744 3432 [ 7C76B61A5E1EF5D1FA554CF134100F18 ] C:\Windows\System32\tsddd.dll
15:00:11.0744 3432 C:\Windows\System32\tsddd.dll - ok
15:00:11.0760 3432 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\System32\sxssrv.dll
15:00:11.0760 3432 C:\Windows\System32\sxssrv.dll - ok
15:00:11.0760 3432 [ B5C5DCAD3899512020D135600129D665 ] C:\Windows\System32\wininit.exe
15:00:11.0760 3432 C:\Windows\System32\wininit.exe - ok
15:00:11.0775 3432 [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\System32\profapi.dll
15:00:11.0775 3432 C:\Windows\System32\profapi.dll - ok
15:00:11.0791 3432 [ 357B990A4249D7F7485B230C0CC8825A ] C:\Windows\System32\KBDUS.DLL
15:00:11.0791 3432 C:\Windows\System32\KBDUS.DLL - ok
15:00:11.0791 3432 [ 5997D769CDB108390DCFAEBF442BF816 ] C:\Windows\System32\RpcRtRemote.dll
15:00:11.0791 3432 C:\Windows\System32\RpcRtRemote.dll - ok
15:00:11.0807 3432 [ CAEF9CD6C10B1017E2C298D849CD31DB ] C:\Windows\System32\cdd.dll
15:00:11.0807 3432 C:\Windows\System32\cdd.dll - ok
15:00:11.0822 3432 [ 633C2C060CF857099F6C4F8D75C952B1 ] C:\Windows\System32\WlS0WndH.dll
15:00:11.0822 3432 C:\Windows\System32\WlS0WndH.dll - ok
15:00:11.0838 3432 [ 919001D2BB17DF06CA3F8AC16AD039F6 ] C:\Windows\System32\sxs.dll
15:00:11.0838 3432 C:\Windows\System32\sxs.dll - ok
15:00:11.0838 3432 [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\System32\cryptbase.dll
15:00:11.0838 3432 C:\Windows\System32\cryptbase.dll - ok
15:00:11.0853 3432 [ 863F793D15B4026B1A5FDECA873D4D84 ] C:\Windows\System32\apphelp.dll
15:00:11.0853 3432 C:\Windows\System32\apphelp.dll - ok
15:00:11.0869 3432 [ 8AEA9A37C1A3565A204D37C5E72AB791 ] C:\Windows\System32\lsm.exe
15:00:11.0869 3432 C:\Windows\System32\lsm.exe - ok
15:00:11.0885 3432 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\System32\services.exe
15:00:11.0885 3432 C:\Windows\System32\services.exe - ok
15:00:11.0885 3432 [ 81951F51E318AECC2D68559E47485CC4 ] C:\Windows\System32\lsass.exe
15:00:11.0885 3432 C:\Windows\System32\lsass.exe - ok
15:00:11.0900 3432 [ 4A054C853031616D161A84BECF281F47 ] C:\Windows\System32\sspicli.dll
15:00:11.0900 3432 C:\Windows\System32\sspicli.dll - ok
15:00:11.0916 3432 [ BA51FFE170C5B3AE8EC4F5BD2581A29E ] C:\Windows\System32\sysntfy.dll
15:00:11.0916 3432 C:\Windows\System32\sysntfy.dll - ok
15:00:11.0916 3432 [ D412B1B72C5AB020218E9A047D90CA05 ] C:\Windows\System32\wmsgapi.dll
15:00:11.0916 3432 C:\Windows\System32\wmsgapi.dll - ok
15:00:11.0931 3432 [ 3369D021265E369D57317D61FA86DD79 ] C:\Windows\System32\scext.dll
15:00:11.0931 3432 C:\Windows\System32\scext.dll - ok
15:00:11.0947 3432 [ 69678722290C78D5D7198C60B5A4E3E8 ] C:\Windows\System32\secur32.dll
15:00:11.0947 3432 C:\Windows\System32\secur32.dll - ok
15:00:11.0947 3432 [ 444430C44727B5F22B4DC17284798EBD ] C:\Windows\System32\lsasrv.dll
15:00:11.0947 3432 C:\Windows\System32\lsasrv.dll - ok
15:00:11.0963 3432 [ 250AA41DE690561AF1282D598914564C ] C:\Windows\System32\scesrv.dll
15:00:11.0963 3432 C:\Windows\System32\scesrv.dll - ok
15:00:11.0978 3432 [ E361AE3010EA4B3123DAB5BDAE21798F ] C:\Windows\System32\sspisrv.dll
15:00:11.0978 3432 C:\Windows\System32\sspisrv.dll - ok
15:00:11.0978 3432 [ 5CCDCD40E732D54E0F7451AC66AC1C87 ] C:\Windows\System32\srvcli.dll
15:00:11.0978 3432 C:\Windows\System32\srvcli.dll - ok
15:00:11.0994 3432 [ 245F4691314F42D4D1BC06442F0B2086 ] C:\Windows\System32\samsrv.dll
15:00:11.0994 3432 C:\Windows\System32\samsrv.dll - ok
15:00:12.0009 3432 [ 1128637CAD49A8E3C8B5FA5D0A061525 ] C:\Windows\System32\cryptdll.dll
15:00:12.0009 3432 C:\Windows\System32\cryptdll.dll - ok
15:00:12.0025 3432 [ 82C089EA2A3EEFADF3588EA71E8BDADA ] C:\Windows\System32\wevtapi.dll
15:00:12.0025 3432 C:\Windows\System32\wevtapi.dll - ok
15:00:12.0025 3432 [ FB4EB9352B7D698E6B3C2AA2ED724DAD ] C:\Windows\System32\authz.dll
15:00:12.0025 3432 C:\Windows\System32\authz.dll - ok
15:00:12.0041 3432 [ 50BA656134F78AF64E4DD3C8B6FEFD7E ] C:\Windows\System32\cngaudit.dll
15:00:12.0041 3432 C:\Windows\System32\cngaudit.dll - ok
15:00:12.0056 3432 [ FC7650224790CAE75A5E9231961FDEC5 ] C:\Windows\System32\bcrypt.dll
15:00:12.0056 3432 C:\Windows\System32\bcrypt.dll - ok
15:00:12.0056 3432 [ BF6D6ED5FADCEEE885BD0144ECF1BA27 ] C:\Windows\System32\ncrypt.dll
15:00:12.0056 3432 C:\Windows\System32\ncrypt.dll - ok
15:00:12.0072 3432 [ C90878913DF3DC504790282043DB5F4C ] C:\Windows\System32\msprivs.dll
15:00:12.0072 3432 C:\Windows\System32\msprivs.dll - ok
15:00:12.0087 3432 [ E343CABBD8D600ABAF3F11625D33B3D0 ] C:\Windows\System32\netjoin.dll
15:00:12.0087 3432 C:\Windows\System32\netjoin.dll - ok
15:00:12.0087 3432 [ 9CE253214ACAA5A7D323327D2055EFAA ] C:\Windows\System32\drivers\TsUsbFlt.sys
15:00:12.0087 3432 C:\Windows\System32\drivers\TsUsbFlt.sys - ok
15:00:12.0103 3432 [ 6DCFAEC6D1334AA6CDF8961DB4633CBF ] C:\Windows\System32\negoexts.dll
15:00:12.0103 3432 C:\Windows\System32\negoexts.dll - ok
15:00:12.0119 3432 [ 6D13E1406F50C66E2A95D97F22C47560 ] C:\Windows\System32\winlogon.exe
15:00:12.0119 3432 C:\Windows\System32\winlogon.exe - ok
15:00:12.0134 3432 [ 5DAF8A6B7F127C4E70A5C1F707347859 ] C:\Windows\System32\atmfd.dll
15:00:12.0134 3432 C:\Windows\System32\atmfd.dll - ok
15:00:12.0134 3432 [ BDA0B954A30498B5A7EDC6204CBA07ED ] C:\Windows\System32\kerberos.dll
15:00:12.0134 3432 C:\Windows\System32\kerberos.dll - ok
15:00:12.0150 3432 [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\System32\cryptsp.dll
15:00:12.0150 3432 C:\Windows\System32\cryptsp.dll - ok
15:00:12.0165 3432 [ 8999B8631C7FD9F7F9EC3CAFD953BA24 ] C:\Windows\System32\mswsock.dll
15:00:12.0165 3432 C:\Windows\System32\mswsock.dll - ok
15:00:12.0165 3432 [ 4C1E16B9A53102C8D6FBA587CBCB95DE ] C:\Windows\System32\msv1_0.dll
15:00:12.0165 3432 C:\Windows\System32\msv1_0.dll - ok
15:00:12.0181 3432 [ C1809B9907ADEDAF16F50C894100883B ] C:\Windows\System32\netlogon.dll
15:00:12.0181 3432 C:\Windows\System32\netlogon.dll - ok
15:00:12.0197 3432 [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\System32\wship6.dll
15:00:12.0197 3432 C:\Windows\System32\wship6.dll - ok
15:00:12.0197 3432 [ 418E881201583A3039D81F43E39E6C78 ] C:\Windows\System32\winsta.dll
15:00:12.0197 3432 C:\Windows\System32\winsta.dll - ok
15:00:12.0212 3432 [ B40420876B9288E0A1C8CCA8A84E5DC9 ] C:\Windows\System32\dnsapi.dll
15:00:12.0212 3432 C:\Windows\System32\dnsapi.dll - ok
15:00:12.0228 3432 [ 8EA53101FF2B15BDFF934B62A8FB326D ] C:\Windows\System32\logoncli.dll
15:00:12.0228 3432 C:\Windows\System32\logoncli.dll - ok
15:00:12.0228 3432 [ AF78F66116814FDD6677CEBD73035CDD ] C:\Windows\System32\schannel.dll
15:00:12.0228 3432 C:\Windows\System32\schannel.dll - ok
15:00:12.0243 3432 [ 0450CF487ECD8A67B56F59F9A96D024D ] C:\Windows\System32\wdigest.dll
15:00:12.0243 3432 C:\Windows\System32\wdigest.dll - ok
15:00:12.0243 3432 [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\System32\rsaenh.dll
15:00:12.0243 3432 C:\Windows\System32\rsaenh.dll - ok
15:00:12.0259 3432 [ D29E45078CF4020CE0AAC82EC652D1EA ] C:\Windows\System32\TSpkg.dll
15:00:12.0259 3432 C:\Windows\System32\TSpkg.dll - ok
15:00:12.0275 3432 [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\System32\bcryptprimitives.dll
15:00:12.0275 3432 C:\Windows\System32\bcryptprimitives.dll - ok
15:00:12.0275 3432 [ 37CC990D4E2CDFAE12AC47F6B620FC13 ] C:\Windows\System32\pku2u.dll
15:00:12.0275 3432 C:\Windows\System32\pku2u.dll - ok
15:00:12.0290 3432 [ 4E5FE39C1076D115EC8BFCFE14D75B80 ] C:\Windows\System32\credssp.dll
15:00:12.0290 3432 C:\Windows\System32\credssp.dll - ok
15:00:12.0306 3432 [ 91F434FF6606ED9BDC6A05D651B69553 ] C:\Windows\System32\efslsaext.dll
15:00:12.0306 3432 C:\Windows\System32\efslsaext.dll - ok
15:00:12.0306 3432 [ 8124944EC89D6A1815E4E53F5B96AAF4 ] C:\Windows\System32\scecli.dll
15:00:12.0306 3432 C:\Windows\System32\scecli.dll - ok
15:00:12.0321 3432 [ 7222995615BF93B628DCEA4BD6CCACF7 ] C:\Windows\System32\ubpm.dll
15:00:12.0321 3432 C:\Windows\System32\ubpm.dll - ok
15:00:12.0337 3432 [ 54A47F6B5E09A77E61649109C6A08866 ] C:\Windows\System32\svchost.exe
15:00:12.0337 3432 C:\Windows\System32\svchost.exe - ok
15:00:12.0337 3432 [ FD07F21E0A19C27ED4E1EEC2B07452B3 ] C:\Windows\System32\devrtl.dll
15:00:12.0337 3432 C:\Windows\System32\devrtl.dll - ok
15:00:12.0353 3432 [ 4BDBBE5E4208022DD794F7EEEB0F7366 ] C:\Windows\System32\SPInf.dll
15:00:12.0353 3432 C:\Windows\System32\SPInf.dll - ok
15:00:12.0368 3432 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] C:\Windows\System32\umpnpmgr.dll
15:00:12.0368 3432 C:\Windows\System32\umpnpmgr.dll - ok
15:00:12.0384 3432 [ D15618A0FF8DBC2C5BF3726BACC75A0B ] C:\Windows\System32\userenv.dll
15:00:12.0384 3432 C:\Windows\System32\userenv.dll - ok
15:00:12.0384 3432 [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\System32\gpapi.dll
15:00:12.0384 3432 C:\Windows\System32\gpapi.dll - ok
15:00:12.0399 3432 [ F87D30E72E03D579A5199CCB3831D6EA ] C:\Windows\System32\umpo.dll
15:00:12.0399 3432 C:\Windows\System32\umpo.dll - ok
15:00:12.0399 3432 [ 5893EBDCE371174AC89ECD7731DD6D77 ] C:\Windows\System32\pcwum.dll
15:00:12.0399 3432 C:\Windows\System32\pcwum.dll - ok
15:00:12.0415 3432 [ 08DFDBD2FD4EA951DC46B1C7661ED35A ] C:\Windows\System32\powrprof.dll
15:00:12.0415 3432 C:\Windows\System32\powrprof.dll - ok
15:00:12.0431 3432 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] C:\Windows\System32\drivers\luafv.sys
15:00:12.0431 3432 C:\Windows\System32\drivers\luafv.sys - ok
15:00:12.0431 3432 [ 1F7094D4268D46F718C51286DC189791 ] C:\Windows\System32\drivers\aswMonFlt.sys
15:00:12.0431 3432 C:\Windows\System32\drivers\aswMonFlt.sys - ok
15:00:12.0446 3432 [ 4470E3C1E0C3378E4CAB137893C12C3A ] C:\Windows\System32\drivers\mbam.sys
15:00:12.0446 3432 C:\Windows\System32\drivers\mbam.sys - ok
15:00:12.0462 3432 [ 4AF5F360BA1E8794D32B366E45A64A0A ] C:\Windows\System32\drivers\aswFsBlk.sys
15:00:12.0462 3432 C:\Windows\System32\drivers\aswFsBlk.sys - ok
15:00:12.0477 3432 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] C:\Windows\System32\drivers\WUDFPf.sys
15:00:12.0477 3432 C:\Windows\System32\drivers\WUDFPf.sys - ok
15:00:12.0477 3432 [ 7660F01D3B38ACA1747E397D21D790AF ] C:\Windows\System32\rpcss.dll
15:00:12.0477 3432 C:\Windows\System32\rpcss.dll - ok
15:00:12.0493 3432 [ 78D072F35BC45D9E4E1B61895C152234 ] C:\Windows\System32\RpcEpMap.dll
15:00:12.0493 3432 C:\Windows\System32\RpcEpMap.dll - ok
15:00:12.0509 3432 [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\System32\WSHTCPIP.DLL
15:00:12.0509 3432 C:\Windows\System32\WSHTCPIP.DLL - ok
15:00:12.0509 3432 [ 81F08948A0F1475894C99D4D19A158A8 ] C:\Windows\System32\wshqos.dll
15:00:12.0509 3432 C:\Windows\System32\wshqos.dll - ok
15:00:12.0524 3432 [ EC98CA8298F67926FA50876348534B1D ] C:\Windows\System32\atiesrxx.exe
15:00:12.0524 3432 C:\Windows\System32\atiesrxx.exe - ok
15:00:12.0540 3432 [ 3F50200237961034FACE602373838980 ] C:\Windows\System32\FirewallAPI.dll
15:00:12.0540 3432 C:\Windows\System32\FirewallAPI.dll - ok
15:00:12.0540 3432 [ 6A6B2EE4565A178035BE2A4FF6F2C968 ] C:\Windows\System32\wtsapi32.dll
15:00:12.0540 3432 C:\Windows\System32\wtsapi32.dll - ok
15:00:12.0555 3432 [ 702254574E7E52052DE39408457B7149 ] C:\Windows\System32\version.dll
15:00:12.0555 3432 C:\Windows\System32\version.dll - ok
15:00:12.0571 3432 [ 3EF0D8AB08385AAB5802E773511A2E6A ] C:\Windows\System32\LogonUI.exe
15:00:12.0571 3432 C:\Windows\System32\LogonUI.exe - ok
15:00:12.0571 3432 [ E904178851A6A44BFA97E064EF779E9D ] C:\Windows\System32\authui.dll
15:00:12.0571 3432 C:\Windows\System32\authui.dll - ok
15:00:12.0587 3432 [ 241E015DD809CFB23242F890B1FC575B ] C:\Windows\System32\wevtsvc.dll
15:00:12.0587 3432 C:\Windows\System32\wevtsvc.dll - ok
15:00:12.0602 3432 [ 28CA821606669BB9215CE010767720FA ] C:\Windows\System32\cryptui.dll
15:00:12.0602 3432 C:\Windows\System32\cryptui.dll - ok
15:00:12.0618 3432 [ 352B3DC62A0D259A82A052238425C872 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
15:00:12.0618 3432 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll - ok
15:00:12.0618 3432 [ CADEFAC453040E370A1BDFF3973BE00D ] C:\Windows\System32\profsvc.dll
15:00:12.0618 3432 C:\Windows\System32\profsvc.dll - ok
15:00:12.0633 3432 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] C:\Windows\System32\audiosrv.dll
15:00:12.0633 3432 C:\Windows\System32\audiosrv.dll - ok
15:00:12.0649 3432 [ C30A3E5DEEEBA22E782AC54C5AF5F352 ] C:\Windows\System32\samlib.dll
15:00:12.0649 3432 C:\Windows\System32\samlib.dll - ok
15:00:12.0649 3432 [ F14A9B1778376D0B1788E402AC1F831A ] C:\Windows\System32\shacct.dll
15:00:12.0649 3432 C:\Windows\System32\shacct.dll - ok
15:00:12.0665 3432 [ AC8C80DC4F1A6E60C9A762C1799F0B39 ] C:\Windows\System32\adtschema.dll
15:00:12.0665 3432 C:\Windows\System32\adtschema.dll - ok
15:00:12.0680 3432 [ 243974EC02F7AE49E4179C54624143AB ] C:\Windows\System32\MMDevAPI.dll
15:00:12.0680 3432 C:\Windows\System32\MMDevAPI.dll - ok
15:00:12.0696 3432 [ 12C45E3CB6D65F73209549E2D02ECA7A ] C:\Windows\System32\propsys.dll
15:00:12.0696 3432 C:\Windows\System32\propsys.dll - ok
15:00:12.0696 3432 [ E12C4928B32ACE04610259647F072635 ] C:\Windows\System32\FntCache.dll
15:00:12.0696 3432 C:\Windows\System32\FntCache.dll - ok
15:00:12.0711 3432 [ 139D3AB6AA920C34C50CBFFB9EB7D222 ] C:\Windows\System32\avrt.dll
15:00:12.0711 3432 C:\Windows\System32\avrt.dll - ok
15:00:12.0727 3432 [ 146B6F43A673379A3C670E86D89BE5EA ] C:\Windows\System32\mmcss.dll
15:00:12.0727 3432 C:\Windows\System32\mmcss.dll - ok
15:00:12.0743 3432 [ 8C338238C16777A802D6A9211EB2BA50 ] C:\Windows\System32\netprofm.dll
15:00:12.0743 3432 C:\Windows\System32\netprofm.dll - ok
15:00:12.0743 3432 [ 16935C98FF639D185086A3529B1F2067 ] C:\Windows\System32\wlansvc.dll
15:00:12.0743 3432 C:\Windows\System32\wlansvc.dll - ok
15:00:12.0758 3432 [ 63BFDF555DA2075A77D677829C3CCCD0 ] C:\Windows\System32\uxtheme.dll
15:00:12.0758 3432 C:\Windows\System32\uxtheme.dll - ok
15:00:12.0774 3432 [ 7717F84F483002815490033BF069DABD ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll
15:00:12.0774 3432 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll - ok
15:00:12.0774 3432 [ 9835584E999D25004E1EE8E5F3E3B881 ] C:\Windows\System32\MPSSVC.dll
15:00:12.0774 3432 C:\Windows\System32\MPSSVC.dll - ok
15:00:12.0789 3432 [ 5826854E4E420E29F59C2865F0FA562F ] C:\Program Files\Windows Defender\MpEvMsg.dll
15:00:12.0789 3432 C:\Program Files\Windows Defender\MpEvMsg.dll - ok
15:00:12.0805 3432 [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\System32\dui70.dll
15:00:12.0805 3432 C:\Windows\System32\dui70.dll - ok
15:00:12.0805 3432 [ 8B0B4C5927A333A05513791758350DC4 ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
15:00:12.0805 3432 C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
15:00:12.0821 3432 [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\System32\duser.dll
15:00:12.0821 3432 C:\Windows\System32\duser.dll - ok
15:00:12.0836 3432 [ 2CFA4569350B7F84F815E9EC34E85766 ] C:\Windows\System32\SndVolSSO.dll
15:00:12.0836 3432 C:\Windows\System32\SndVolSSO.dll - ok
15:00:12.0852 3432 [ D5CF1536137026ACDED95BF6CBF849F6 ] C:\Windows\System32\WUDFPlatform.dll
15:00:12.0852 3432 C:\Windows\System32\WUDFPlatform.dll - ok
15:00:12.0852 3432 [ 7520EC808E0C35E0EE6F841294316653 ] C:\Windows\System32\drivers\fltMgr.sys
15:00:12.0852 3432 C:\Windows\System32\drivers\fltMgr.sys - ok
15:00:12.0867 3432 [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\System32\dwmapi.dll
15:00:12.0867 3432 C:\Windows\System32\dwmapi.dll - ok
15:00:12.0883 3432 [ 63DF770DF74ACB370EF5A16727069AAF ] C:\Windows\System32\hid.dll
15:00:12.0883 3432 C:\Windows\System32\hid.dll - ok
15:00:12.0883 3432 [ D93A937A2A9D2CBC06B3A615A197011F ] C:\Windows\System32\PSHED.DLL
15:00:12.0883 3432 C:\Windows\System32\PSHED.DLL - ok
15:00:12.0899 3432 [ EDF2A5E96BEC469DA3F64E9BDD386111 ] C:\Windows\System32\xmllite.dll
15:00:12.0899 3432 C:\Windows\System32\xmllite.dll - ok
15:00:12.0914 3432 [ 1F5497D7D3D79C7BF0AB0C8B4C5BFE6E ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
15:00:12.0914 3432 C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok
15:00:12.0930 3432 [ 3BCECD87AB4E6743BFB45B352AD1A529 ] C:\Windows\System32\WindowsCodecs.dll
15:00:12.0930 3432 C:\Windows\System32\WindowsCodecs.dll - ok
15:00:12.0930 3432 [ F68194F74350D4A2ADE98961E33F884C ] C:\Windows\System32\audiodg.exe
15:00:12.0930 3432 C:\Windows\System32\audiodg.exe - ok
15:00:12.0945 3432 [ 326C7F76A29897A892AA7726E91C1C67 ] C:\Windows\System32\winbrand.dll
15:00:12.0945 3432 C:\Windows\System32\winbrand.dll - ok
15:00:12.0961 3432 [ 65BF13016A3C22775F3E17591AE5268A ] C:\Windows\System32\VaultCredProvider.dll
15:00:12.0961 3432 C:\Windows\System32\VaultCredProvider.dll - ok
15:00:12.0977 3432 [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\System32\ntmarta.dll
15:00:12.0977 3432 C:\Windows\System32\ntmarta.dll - ok
15:00:12.0977 3432 [ 05BF975CA428E04B462FB90841B37C95 ] C:\Windows\System32\SmartcardCredentialProvider.dll
15:00:12.0977 3432 C:\Windows\System32\SmartcardCredentialProvider.dll - ok
15:00:12.0992 3432 [ E59F08ED9D2A128CE436BBFC232247F6 ] C:\Windows\System32\BioCredProv.dll
15:00:12.0992 3432 C:\Windows\System32\BioCredProv.dll - ok
15:00:13.0008 3432 [ E897EAF5ED6BA41E081060C9B447A673 ] C:\Windows\System32\gpsvc.dll
15:00:13.0008 3432 C:\Windows\System32\gpsvc.dll - ok
15:00:13.0023 3432 [ F10E5311E5093FA3C00FF88C54C32FCA ] C:\Windows\System32\atl.dll
15:00:13.0023 3432 C:\Windows\System32\atl.dll - ok
15:00:13.0023 3432 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] C:\Windows\System32\themeservice.dll
15:00:13.0023 3432 C:\Windows\System32\themeservice.dll - ok
15:00:13.0039 3432 [ F6916EFC29D9953D5D0DF06882AE8E16 ] C:\Windows\System32\es.dll
15:00:13.0039 3432 C:\Windows\System32\es.dll - ok
15:00:13.0039 3432 [ 108C2CFA5527458C096A699929ECBD80 ] C:\Windows\System32\credui.dll
15:00:13.0039 3432 C:\Windows\System32\credui.dll - ok
15:00:13.0055 3432 [ 3FAD263CE1E2A6FFF40D00043B2275E3 ] C:\Windows\System32\winbio.dll
15:00:13.0055 3432 C:\Windows\System32\winbio.dll - ok
15:00:13.0070 3432 [ 2FCA0D2C59A855C54BAFA22AA329DF0F ] C:\Windows\System32\netapi32.dll
15:00:13.0070 3432 C:\Windows\System32\netapi32.dll - ok
15:00:13.0086 3432 [ 36B8D5903CEEF0AA42A1EE002BD27FF1 ] C:\Windows\System32\vaultcli.dll
15:00:13.0086 3432 C:\Windows\System32\vaultcli.dll - ok
15:00:13.0086 3432 [ 20B3934DB73EABA2B49B7177873CB81F ] C:\Windows\System32\netutils.dll
15:00:13.0086 3432 C:\Windows\System32\netutils.dll - ok
15:00:13.0101 3432 [ 50E0DD0A5B8D8BC353578F2F73926697 ] C:\Windows\System32\nlaapi.dll
15:00:13.0101 3432 C:\Windows\System32\nlaapi.dll - ok
15:00:13.0117 3432 [ 68ECCA523ED760AAFC03C5D587569859 ] C:\Windows\System32\samcli.dll
15:00:13.0117 3432 C:\Windows\System32\samcli.dll - ok
15:00:13.0133 3432 [ E5A4A1326A02F8E7B59E6C3270CE7202 ] C:\Windows\System32\wkscli.dll
15:00:13.0133 3432 C:\Windows\System32\wkscli.dll - ok
15:00:13.0148 3432 [ 6D8CACF3B1B54943EFCF420C2D667B37 ] C:\Windows\System32\certCredProvider.dll
15:00:13.0148 3432 C:\Windows\System32\certCredProvider.dll - ok
15:00:13.0148 3432 [ 2F040CF0613A6D64DCBBA9EE81F5A5AE ] C:\Windows\System32\dsrole.dll
15:00:13.0148 3432 C:\Windows\System32\dsrole.dll - ok
15:00:13.0164 3432 [ 8B74CEC6980D4816B0037AE9A27E538F ] C:\Windows\System32\slc.dll
15:00:13.0164 3432 C:\Windows\System32\slc.dll - ok
15:00:13.0179 3432 [ FFE4BEC5C187C426A17AE76A773063A6 ] C:\Windows\System32\rasplap.dll
15:00:13.0179 3432 C:\Windows\System32\rasplap.dll - ok
15:00:13.0179 3432 [ 808D8A8B2A3074002852BC856D419576 ] C:\Windows\System32\comres.dll
15:00:13.0179 3432 C:\Windows\System32\comres.dll - ok
15:00:13.0195 3432 [ 839F96DBAAFD3353E0B248A5E0BD2A51 ] C:\Windows\System32\rasapi32.dll
15:00:13.0195 3432 C:\Windows\System32\rasapi32.dll - ok
15:00:13.0211 3432 [ DCB7FCDCC97F87360F75D77425B81737 ] C:\Windows\System32\Sens.dll
15:00:13.0211 3432 C:\Windows\System32\Sens.dll - ok
15:00:13.0226 3432 [ 081E6E1C91AEC36758902A9F727CD23C ] C:\Windows\System32\uxsms.dll
15:00:13.0226 3432 C:\Windows\System32\uxsms.dll - ok
15:00:13.0226 3432 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] C:\Windows\System32\WUDFSvc.dll
15:00:13.0226 3432 C:\Windows\System32\WUDFSvc.dll - ok
15:00:13.0242 3432 [ FFA7172354B9256DBB2CDD75F16F33FE ] C:\Windows\System32\rasman.dll
15:00:13.0242 3432 C:\Windows\System32\rasman.dll - ok
15:00:13.0257 3432 [ 0915C4DB6DBC3BB9E11B7ECBBE4B7159 ] C:\Windows\System32\rtutils.dll
15:00:13.0257 3432 C:\Windows\System32\rtutils.dll - ok
15:00:13.0257 3432 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] C:\Windows\System32\drivers\lltdio.sys
15:00:13.0257 3432 C:\Windows\System32\drivers\lltdio.sys - ok
15:00:13.0273 3432 [ D8A65DAFB3EB41CBB622745676FCD072 ] C:\Windows\System32\drivers\ndisuio.sys
15:00:13.0273 3432 C:\Windows\System32\drivers\ndisuio.sys - ok
15:00:13.0289 3432 [ 26384429FCD85D83746F63E798AB1480 ] C:\Windows\System32\drivers\nwifi.sys
15:00:13.0289 3432 C:\Windows\System32\drivers\nwifi.sys - ok
15:00:13.0289 3432 [ 032B0D36AD92B582D869879F5AF5B928 ] C:\Windows\System32\drivers\rspndr.sys
15:00:13.0289 3432 C:\Windows\System32\drivers\rspndr.sys - ok
15:00:13.0304 3432 [ A90DC9ABD65DB1A8902F361103029952 ] C:\Windows\System32\IPHLPAPI.DLL
15:00:13.0304 3432 C:\Windows\System32\IPHLPAPI.DLL - ok
15:00:13.0320 3432 [ 55CA01BA19D0006C8F2639B6C045E08B ] C:\Windows\System32\lmhsvc.dll
15:00:13.0320 3432 C:\Windows\System32\lmhsvc.dll - ok
15:00:13.0320 3432 [ A12829E9974F57E9B5DBFEA7C93190F6 ] C:\Windows\System32\UXInit.dll
15:00:13.0320 3432 C:\Windows\System32\UXInit.dll - ok
15:00:13.0335 3432 [ D63E32285C4031A4C9A1EA8BC1F21229 ] C:\Windows\System32\atieclxx.exe
15:00:13.0335 3432 C:\Windows\System32\atieclxx.exe - ok
15:00:13.0351 3432 [ BA387E955E890C8A88306D9B8D06BF17 ] C:\Windows\System32\nsisvc.dll
15:00:13.0351 3432 C:\Windows\System32\nsisvc.dll - ok
15:00:13.0351 3432 [ D2A937964199F647B1C3BC435712E5D9 ] C:\Windows\System32\nrpsrv.dll
15:00:13.0351 3432 C:\Windows\System32\nrpsrv.dll - ok
15:00:13.0367 3432 [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\System32\winnsi.dll
15:00:13.0367 3432 C:\Windows\System32\winnsi.dll - ok
15:00:13.0382 3432 [ E9E01EB683C132F7FA27CD607B8A2B63 ] C:\Windows\System32\dhcpcore.dll
15:00:13.0382 3432 C:\Windows\System32\dhcpcore.dll - ok
15:00:13.0382 3432 [ EF71BA5DF59034962B0C62314A71351A ] C:\Windows\System32\dhcpcore6.dll
15:00:13.0382 3432 C:\Windows\System32\dhcpcore6.dll - ok
15:00:13.0398 3432 [ D079246AF03C0090E0FEC1F7801BFC1E ] C:\Windows\System32\atiadlxx.dll
15:00:13.0398 3432 C:\Windows\System32\atiadlxx.dll - ok
15:00:13.0413 3432 [ 33EF4861F19A0736B11314AAD9AE28D0 ] C:\Windows\System32\dnsrslvr.dll
15:00:13.0413 3432 C:\Windows\System32\dnsrslvr.dll - ok
15:00:13.0429 3432 [ AF75DBA674E55221B7A055B0A4345F16 ] C:\Windows\System32\keyiso.dll
15:00:13.0429 3432 C:\Windows\System32\keyiso.dll - ok
15:00:13.0429 3432 [ 8600142FA91C1B96367D3300AD0F3F3A ] C:\Windows\System32\eapsvc.dll
15:00:13.0429 3432 C:\Windows\System32\eapsvc.dll - ok
15:00:13.0445 3432 [ 03A03A453F1AAAE0C73AAAF895321C7A ] C:\Windows\System32\FWPUCLNT.DLL
15:00:13.0445 3432 C:\Windows\System32\FWPUCLNT.DLL - ok
15:00:13.0460 3432 [ 9A892B3439884C62B04718F0303A49E9 ] C:\Windows\System32\eapphost.dll
15:00:13.0460 3432 C:\Windows\System32\eapphost.dll - ok
15:00:13.0460 3432 [ 100103C6535C66265267F5EEA5F5846E ] C:\Windows\System32\dnsext.dll
15:00:13.0460 3432 C:\Windows\System32\dnsext.dll - ok
15:00:13.0476 3432 [ D33E95C0A2754061233B58DC41F8094C ] C:\Windows\System32\umb.dll
15:00:13.0476 3432 C:\Windows\System32\umb.dll - ok
15:00:13.0491 3432 [ 505A327F8577625EF0C469914903170E ] C:\Windows\System32\atimuixx.dll
15:00:13.0491 3432 C:\Windows\System32\atimuixx.dll - ok
15:00:13.0507 3432 [ 3C9035085141162416A0DD34DBF3F3C1 ] C:\Windows\System32\wlanmsm.dll
15:00:13.0507 3432 C:\Windows\System32\wlanmsm.dll - ok
15:00:13.0507 3432 [ 20C06A50DFC097E134BC6FA8444CA9BC ] C:\Windows\System32\wlansec.dll
15:00:13.0507 3432 C:\Windows\System32\wlansec.dll - ok
15:00:13.0523 3432 [ F748F53FE09D21D8ECBB6421E6792024 ] C:\Windows\System32\onex.dll
15:00:13.0523 3432 C:\Windows\System32\onex.dll - ok
15:00:13.0538 3432 [ 81F6C1AE23B1C493D9E996C3103915D7 ] C:\Windows\System32\dhcpcsvc6.dll
15:00:13.0538 3432 C:\Windows\System32\dhcpcsvc6.dll - ok
15:00:13.0538 3432 [ 666E57B6B51824D1D235F80A3DD70A13 ] C:\Windows\System32\eappprxy.dll
15:00:13.0538 3432 C:\Windows\System32\eappprxy.dll - ok
15:00:13.0554 3432 [ 9A85ABCE0FDD1AF8E79E731EB0B679F3 ] C:\Windows\System32\dhcpcsvc.dll
15:00:13.0554 3432 C:\Windows\System32\dhcpcsvc.dll - ok
15:00:13.0569 3432 [ 5A5FEDDF02588B8F9FE4A95E5E7EAE97 ] C:\Windows\System32\eappcfg.dll
15:00:13.0569 3432 C:\Windows\System32\eappcfg.dll - ok
15:00:13.0569 3432 [ C1585EAA67C37A05BF6F93726FAFC069 ] C:\Windows\System32\l2gpstore.dll
15:00:13.0569 3432 C:\Windows\System32\l2gpstore.dll - ok
15:00:13.0585 3432 [ 9419ABF3163B6F0E3AD3DD2B381C879F ] C:\Windows\System32\WinSCard.dll
15:00:13.0585 3432 C:\Windows\System32\WinSCard.dll - ok
15:00:13.0601 3432 [ 1D6A771D1D702AE07919DB52C889A249 ] C:\Windows\System32\wlanutil.dll
15:00:13.0601 3432 C:\Windows\System32\wlanutil.dll - ok
15:00:13.0601 3432 [ 749F9795F01C35EEBE100A87D82B9681 ] C:\Windows\System32\wlgpclnt.dll
15:00:13.0601 3432 C:\Windows\System32\wlgpclnt.dll - ok
15:00:13.0616 3432 [ EAADD6E47ED2A7003ACE1793B98CF63F ] C:\Windows\System32\msxml6.dll
15:00:13.0616 3432 C:\Windows\System32\msxml6.dll - ok
15:00:13.0632 3432 [ 827CB0D6C3F8057EA037FF271F8E9795 ] C:\Windows\System32\imageres.dll
15:00:13.0632 3432 C:\Windows\System32\imageres.dll - ok
15:00:13.0632 3432 [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:00:13.0632 3432 C:\Program Files\AVAST Software\Avast\AvastSvc.exe - ok
15:00:13.0647 3432 [ 54AE15322C30814FC23FC26907A563B3 ] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll
15:00:13.0647 3432 C:\Program Files\AVAST Software\Avast\aswCmnBS.dll - ok
15:00:13.0663 3432 [ 40F2889475EDC401F98FD7938F0BBF66 ] C:\Program Files\AVAST Software\Avast\aswCmnOS.dll
15:00:13.0663 3432 C:\Program Files\AVAST Software\Avast\aswCmnOS.dll - ok
15:00:13.0679 3432 [ 1F9319EA6D87522C70271A55AC3BE365 ] C:\Program Files\AVAST Software\Avast\aswCmnIS.dll
15:00:13.0679 3432 C:\Program Files\AVAST Software\Avast\aswCmnIS.dll - ok
15:00:13.0679 3432 [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
15:00:13.0679 3432 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll - ok
15:00:13.0694 3432 [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
15:00:13.0694 3432 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll - ok
15:00:13.0710 3432 [ 0C70F8F5CC8359AC633724BECF6ABAF3 ] C:\Program Files\AVAST Software\Avast\ashBase.dll
15:00:13.0710 3432 C:\Program Files\AVAST Software\Avast\ashBase.dll - ok
15:00:13.0725 3432 [ F79B2469046122E24450FB66AE580C83 ] C:\Program Files\AVAST Software\Avast\aswEngLdr.dll
15:00:13.0725 3432 C:\Program Files\AVAST Software\Avast\aswEngLdr.dll - ok
15:00:13.0741 3432 [ DF13A51A5C591887D2EC6AE64CEED0FA ] C:\Windows\System32\wsock32.dll
15:00:13.0741 3432 C:\Windows\System32\wsock32.dll - ok
15:00:13.0741 3432 [ C86121BF74BB07FC99DB9DB0ED1B49FF ] C:\Program Files\AVAST Software\Avast\avBugReport.exe
15:00:13.0741 3432 C:\Program Files\AVAST Software\Avast\avBugReport.exe - ok
15:00:13.0757 3432 [ 5C5E3AFD499E5146FEF1DA5EF8A23205 ] C:\Program Files\AVAST Software\Avast\dbghelp.dll
15:00:13.0757 3432 C:\Program Files\AVAST Software\Avast\dbghelp.dll - ok
15:00:13.0772 3432 [ 3FA214B377B8711D859F950FDFEFF739 ] C:\Windows\System32\conhost.exe
15:00:13.0772 3432 C:\Windows\System32\conhost.exe - ok
15:00:13.0788 3432 [ 920B4D089E02FB4A3F8ADA8B4BEF9B26 ] C:\Program Files\AVAST Software\Avast\1033\Base.dll
15:00:13.0788 3432 C:\Program Files\AVAST Software\Avast\1033\Base.dll - ok
15:00:13.0788 3432 [ DA8B8A95780F406EBB213C1C5D4C0D90 ] C:\Program Files\AVAST Software\Avast\ashServ.dll
15:00:13.0788 3432 C:\Program Files\AVAST Software\Avast\ashServ.dll - ok
15:00:13.0803 3432 [ 414DA952A35BF5D50192E28263B40577 ] C:\Windows\System32\shsvcs.dll
15:00:13.0803 3432 C:\Windows\System32\shsvcs.dll - ok
15:00:13.0819 3432 [ D873AF6112E377CDBCBF3055B86C30A9 ] C:\Program Files\AVAST Software\Avast\aswAux.dll
15:00:13.0819 3432 C:\Program Files\AVAST Software\Avast\aswAux.dll - ok
15:00:13.0819 3432 [ 69B9DD83535C421F229227B0B303082A ] C:\Program Files\AVAST Software\Avast\ashTask.dll
15:00:13.0819 3432 C:\Program Files\AVAST Software\Avast\ashTask.dll - ok
15:00:13.0835 3432 [ 91F1D56F6DC6B2AEC45369765787B64D ] C:\Program Files\AVAST Software\Avast\ashTaskEx.dll
15:00:13.0835 3432 C:\Program Files\AVAST Software\Avast\ashTaskEx.dll - ok
15:00:13.0835 3432 [ 1919B2A6BB69BD206A4F0C20FBA5E4B6 ] C:\Program Files\AVAST Software\Avast\aswLog.dll
15:00:13.0835 3432 C:\Program Files\AVAST Software\Avast\aswLog.dll - ok
15:00:13.0850 3432 [ CA9F7888B524D8100B977C81F44C3234 ] C:\Windows\System32\winhttp.dll
15:00:13.0850 3432 C:\Windows\System32\winhttp.dll - ok
15:00:13.0866 3432 [ B3B4DDCD7263993FA3C42573066A16BE ] C:\Program Files\AVAST Software\Avast\aswSqLt.dll
15:00:13.0866 3432 C:\Program Files\AVAST Software\Avast\aswSqLt.dll - ok
15:00:13.0881 3432 [ D068312FEC645A9D7C1398808734B142 ] C:\Program Files\AVAST Software\Avast\aswProperty.dll
15:00:13.0881 3432 C:\Program Files\AVAST Software\Avast\aswProperty.dll - ok
15:00:13.0881 3432 [ FB19FC5951A88F3C523E35C2C98D23C0 ] C:\Windows\System32\webio.dll
15:00:13.0881 3432 C:\Windows\System32\webio.dll - ok
15:00:13.0897 3432 [ 64BF5CD9B9D7BD391CBC9EDE847A2902 ] C:\Program Files\AVAST Software\Avast\AavmRpch.dll
15:00:13.0897 3432 C:\Program Files\AVAST Software\Avast\AavmRpch.dll - ok
15:00:13.0913 3432 [ 7D289D7E6253BC998F51CAADB54C5192 ] C:\Program Files\AVAST Software\Avast\Aavm4h.dll
15:00:13.0913 3432 C:\Program Files\AVAST Software\Avast\Aavm4h.dll - ok
15:00:13.0928 3432 [ E43B269964099D96DDDAAED0E57F109E ] C:\Program Files\AVAST Software\Avast\avastIP.dll
15:00:13.0928 3432 C:\Program Files\AVAST Software\Avast\avastIP.dll - ok
15:00:13.0928 3432 [ 79B5BAEC23456D3F7EC10FC8374DA2CC ] C:\Program Files\AVAST Software\Avast\aswIdle.dll
15:00:13.0928 3432 C:\Program Files\AVAST Software\Avast\aswIdle.dll - ok
15:00:13.0944 3432 [ BB2BE07A396B5B22AC56787FACF8D86F ] C:\Program Files\AVAST Software\Avast\aswDld.dll
15:00:13.0944 3432 C:\Program Files\AVAST Software\Avast\aswDld.dll - ok
15:00:13.0959 3432 [ 52D0FE133CBE687ED4E83FBDA70EBC9C ] C:\Program Files\AVAST Software\Avast\aswStrm.dll
15:00:13.0959 3432 C:\Program Files\AVAST Software\Avast\aswStrm.dll - ok
15:00:13.0959 3432 [ 8258362DDB18B644A82D8B5061AD9426 ] C:\Windows\System32\wscisvif.dll
15:00:13.0959 3432 C:\Windows\System32\wscisvif.dll - ok
15:00:13.0975 3432 [ A04BB13F8A72F8B6E8B4071723E4E336 ] C:\Windows\System32\schedsvc.dll
15:00:13.0975 3432 C:\Windows\System32\schedsvc.dll - ok
15:00:13.0991 3432 [ A8CDF3768604FF95B54669E20053D569 ] C:\Windows\System32\wscapi.dll
15:00:13.0991 3432 C:\Windows\System32\wscapi.dll - ok
15:00:14.0006 3432 [ 38B13C0DF479DBA23ECFA815159BA86E ] C:\Windows\System32\ktmw32.dll
15:00:14.0006 3432 C:\Windows\System32\ktmw32.dll - ok
15:00:14.0006 3432 [ 9B09C037B4A993A89C3B642A2C182F2D ] C:\Program Files\AVAST Software\Avast\defs\13061101\aswEngin.dll
15:00:14.0006 3432 C:\Program Files\AVAST Software\Avast\defs\13061101\aswEngin.dll - ok
15:00:14.0022 3432 [ E6D90DC604F407B3B5E0FD285E46B2A0 ] C:\Windows\System32\fveapi.dll
15:00:14.0022 3432 C:\Windows\System32\fveapi.dll - ok
15:00:14.0037 3432 [ C87F28A34B3840F4B40011D170B1A159 ] C:\Windows\System32\fvecerts.dll
15:00:14.0037 3432 C:\Windows\System32\fvecerts.dll - ok
15:00:14.0037 3432 [ EAFC149CD3BD78C443E31BB157841197 ] C:\Windows\System32\tbs.dll
15:00:14.0037 3432 C:\Windows\System32\tbs.dll - ok
15:00:14.0053 3432 [ A65F3FE4C49711EEA6705242AE9636CC ] C:\Program Files\AVAST Software\Avast\defs\13061101\aswCmnIS.dll
15:00:14.0053 3432 C:\Program Files\AVAST Software\Avast\defs\13061101\aswCmnIS.dll - ok
15:00:14.0069 3432 [ 1C3E8371377E988B683797A132EFFE1B ] C:\Windows\System32\taskcomp.dll
15:00:14.0069 3432 C:\Windows\System32\taskcomp.dll - ok
15:00:14.0084 3432 [ 40D0BB31817312CD0169C47BDDFA65C2 ] C:\Program Files\AVAST Software\Avast\defs\13061101\aswCmnOS.dll
15:00:14.0084 3432 C:\Program Files\AVAST Software\Avast\defs\13061101\aswCmnOS.dll - ok
15:00:14.0084 3432 [ 3DC6EA849640691E822BCFCE2BC999A2 ] C:\Program Files\AVAST Software\Avast\defs\13061101\aswCmnBS.dll
15:00:14.0084 3432 C:\Program Files\AVAST Software\Avast\defs\13061101\aswCmnBS.dll - ok
15:00:14.0100 3432 [ A63DC5C2EA944E6657203E0C8EDEAF61 ] C:\Windows\System32\dllhost.exe
15:00:14.0100 3432 C:\Windows\System32\dllhost.exe - ok
15:00:14.0115 3432 [ 871917B07A141BFF43D76D8844D48106 ] C:\Windows\System32\drivers\http.sys
15:00:14.0115 3432 C:\Windows\System32\drivers\http.sys - ok
15:00:14.0115 3432 [ 0F167FBAF67B8472B128FC0C621B6FE1 ] C:\Program Files\AVAST Software\Avast\defs\13061101\aswScan.dll
15:00:14.0115 3432 C:\Program Files\AVAST Software\Avast\defs\13061101\aswScan.dll - ok
15:00:14.0131 3432 [ BDAC1AA64495D0F7E1FF810EBBF1F018 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
15:00:14.0131 3432 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll - ok
15:00:14.0147 3432 [ 32ED62D8C410117E09B0B7CA44FC4456 ] C:\Program Files\AVAST Software\Avast\defs\13061101\aswRep.dll
15:00:14.0147 3432 C:\Program Files\AVAST Software\Avast\defs\13061101\aswRep.dll - ok
15:00:14.0162 3432 [ 9AEA093B8F9C37CF45538382CABA2475 ] C:\Windows\System32\spoolsv.exe
15:00:14.0162 3432 C:\Windows\System32\spoolsv.exe - ok
15:00:14.0162 3432 [ 0B31464B7B2D616BD5F7036673588EC1 ] C:\Windows\System32\IDStore.dll
15:00:14.0162 3432 C:\Windows\System32\IDStore.dll - ok
15:00:14.0178 3432 [ 72E953215CADE1A726C04AAFDF6B463D ] C:\Windows\System32\taskhost.exe
15:00:14.0178 3432 C:\Windows\System32\taskhost.exe - ok
15:00:14.0193 3432 [ E2D56AE1D40E3725084054CD8E9CFBB1 ] C:\Windows\System32\wiarpc.dll
15:00:14.0193 3432 C:\Windows\System32\wiarpc.dll - ok
15:00:14.0193 3432 [ 2399F8068E969D9C25A05B6F779A790A ] C:\Program Files\AVAST Software\Avast\defs\13061101\aswFiDb.dll
15:00:14.0193 3432 C:\Program Files\AVAST Software\Avast\defs\13061101\aswFiDb.dll - ok
15:00:14.0209 3432 [ 3CA2BB895E204478C7A4C9BAF70970CE ] C:\Windows\System32\AtBroker.exe
15:00:14.0209 3432 C:\Windows\System32\AtBroker.exe - ok
15:00:14.0225 3432 [ EE28BD8229F236D6FB4FA2A39F01C5D6 ] C:\Program Files\AVAST Software\Avast\defs\13061101\algo.dll
15:00:14.0225 3432 C:\Program Files\AVAST Software\Avast\defs\13061101\algo.dll - ok
15:00:14.0225 3432 [ D861EB4D6719D6738270E6A376B87F18 ] C:\Windows\System32\slui.exe
15:00:14.0225 3432 C:\Windows\System32\slui.exe - ok
15:00:14.0240 3432 [ 7319102526BD11B45FD66335CF90CA12 ] C:\Windows\System32\HotStartUserAgent.dll
15:00:14.0240 3432 C:\Windows\System32\HotStartUserAgent.dll - ok
15:00:14.0256 3432 [ 74563DB8DC5CA963F77161EE82CAE92A ] C:\Windows\System32\sppcommdlg.dll
15:00:14.0256 3432 C:\Windows\System32\sppcommdlg.dll - ok
15:00:14.0271 3432 [ 8E4B58E12B3FA65ED1462846906E0B59 ] C:\Windows\System32\sppc.dll
15:00:14.0271 3432 C:\Windows\System32\sppc.dll - ok
15:00:14.0271 3432 [ 1E2BAC209D184BB851E1A187D8A29136 ] C:\Windows\System32\BFE.DLL
15:00:14.0271 3432 C:\Windows\System32\BFE.DLL - ok
15:00:14.0287 3432 [ B43687C534A49700BF4B3C9898763752 ] C:\Windows\System32\MsCtfMonitor.dll
15:00:14.0287 3432 C:\Windows\System32\MsCtfMonitor.dll - ok
15:00:14.0303 3432 [ 56CEED370508F69A1BA04939BD1BADDA ] C:\Windows\System32\msutb.dll
15:00:14.0303 3432 C:\Windows\System32\msutb.dll - ok
15:00:14.0303 3432 [ E3AE23569749DE12D45BA3B489A036AE ] C:\Windows\System32\sppcomapi.dll
15:00:14.0303 3432 C:\Windows\System32\sppcomapi.dll - ok
15:00:14.0318 3432 [ 7A3AFE50417B94910A6DAE1D07DF6E3A ] C:\Windows\System32\sppcext.dll
15:00:14.0318 3432 C:\Windows\System32\sppcext.dll - ok
15:00:14.0334 3432 [ F58516E2DC0D963EF70D6BFC21FD82C4 ] C:\Windows\System32\PlaySndSrv.dll
15:00:14.0334 3432 C:\Windows\System32\PlaySndSrv.dll - ok
15:00:14.0334 3432 [ 49ACA548B2423F1C67898E6AC719A9A6 ] C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
15:00:14.0334 3432 C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll - ok
15:00:14.0349 3432 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] C:\Windows\System32\drivers\bowser.sys
15:00:14.0349 3432 C:\Windows\System32\drivers\bowser.sys - ok
15:00:14.0365 3432 [ D5AEFAD57C08349A4393D987DF7C715D ] C:\Windows\System32\winmm.dll
15:00:14.0365 3432 C:\Windows\System32\winmm.dll - ok
15:00:14.0381 3432 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] C:\Windows\System32\drivers\mpsdrv.sys
15:00:14.0381 3432 C:\Windows\System32\drivers\mpsdrv.sys - ok
15:00:14.0381 3432 [ 5C3F9DBA818CD93379D1A0F215270374 ] C:\Windows\System32\esent.dll
15:00:14.0381 3432 C:\Windows\System32\esent.dll - ok
15:00:14.0396 3432 [ C1DD6288ABA16EECBA39C3299C4040FE ] C:\Program Files\AVAST Software\Avast\Setup\setiface.dll
15:00:14.0396 3432 C:\Program Files\AVAST Software\Avast\Setup\setiface.dll - ok
15:00:14.0412 3432 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] C:\Windows\System32\drivers\mrxsmb.sys
15:00:14.0412 3432 C:\Windows\System32\drivers\mrxsmb.sys - ok
15:00:14.0427 3432 [ 6D17A4791ACA19328C685D256349FEFC ] C:\Windows\System32\drivers\mrxsmb10.sys
15:00:14.0427 3432 C:\Windows\System32\drivers\mrxsmb10.sys - ok
15:00:14.0427 3432 [ BA32509D9B340162327B341013DE6522 ] C:\Windows\System32\tapi32.dll
15:00:14.0427 3432 C:\Windows\System32\tapi32.dll - ok
15:00:14.0443 3432 [ A6C29DB53ECA94FA8591C5388D604B82 ] C:\Windows\System32\msi.dll
15:00:14.0443 3432 C:\Windows\System32\msi.dll - ok
15:00:14.0459 3432 [ 019C372B1A9DA73A22D0D35A4D40F5C9 ] C:\Windows\System32\wfapigp.dll
15:00:14.0459 3432 C:\Windows\System32\wfapigp.dll - ok
15:00:14.0459 3432 [ B81F204D146000BE76651A50670A5E9E ] C:\Windows\System32\drivers\mrxsmb20.sys
15:00:14.0459 3432 C:\Windows\System32\drivers\mrxsmb20.sys - ok
15:00:14.0474 3432 [ 7F8678C59F188528D60104E697C2361E ] C:\Windows\System32\mscms.dll
15:00:14.0474 3432 C:\Windows\System32\mscms.dll - ok
15:00:14.0490 3432 [ 58405E4F68BA8E4057C6E914F326ABA2 ] C:\Windows\System32\wkssvc.dll
15:00:14.0490 3432 C:\Windows\System32\wkssvc.dll - ok
15:00:14.0505 3432 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] C:\Windows\System32\drivers\parport.sys
15:00:14.0505 3432 C:\Windows\System32\drivers\parport.sys - ok
15:00:14.0505 3432 [ 96C0E38905CFD788313BE8E11DAE3F2F ] C:\Windows\System32\cryptsvc.dll
15:00:14.0505 3432 C:\Windows\System32\cryptsvc.dll - ok
15:00:14.0521 3432 [ CA79539D3D4C0BA66F0F051A5EE5E923 ] C:\Windows\System32\cryptnet.dll
15:00:14.0521 3432 C:\Windows\System32\cryptnet.dll - ok
15:00:14.0537 3432 [ 13337A3FB17F2242487FD45488ED0485 ] C:\Windows\System32\vssapi.dll
15:00:14.0537 3432 C:\Windows\System32\vssapi.dll - ok
15:00:14.0537 3432 [ A8C362018EFC87BEB013EE28F29C0863 ] C:\Windows\ehome\ehrecvr.exe
15:00:14.0537 3432 C:\Windows\ehome\ehrecvr.exe - ok
15:00:14.0552 3432 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] C:\Windows\System32\dps.dll
15:00:14.0552 3432 C:\Windows\System32\dps.dll - ok
15:00:14.0568 3432 [ 358AB7956D3160000726574083DFC8A6 ] C:\Windows\System32\pcasvc.dll
15:00:14.0568 3432 C:\Windows\System32\pcasvc.dll - ok
15:00:14.0583 3432 [ 544EFF88AC6C85DF5A4D6F18DFE08CFC ] C:\Windows\System32\taskschd.dll
15:00:14.0583 3432 C:\Windows\System32\taskschd.dll - ok
15:00:14.0583 3432 [ 6A984831644ECA1A33FFEAE4126F4F37 ] C:\Windows\System32\snmptrap.exe
15:00:14.0583 3432 C:\Windows\System32\snmptrap.exe - ok
15:00:14.0599 3432 [ 26F2383A97CD632E883F0644F3BFF700 ] C:\Windows\ehome\ehtrace.dll
15:00:14.0599 3432 C:\Windows\ehome\ehtrace.dll - ok
15:00:14.0615 3432 [ D389BFF34F80CAEDE417BF9D1507996A ] C:\Windows\ehome\ehsched.exe
15:00:14.0615 3432 C:\Windows\ehome\ehsched.exe - ok
15:00:14.0615 3432 [ B940289C83121046BD6A60ACC6028593 ] C:\Windows\System32\vsstrace.dll
15:00:14.0615 3432 C:\Windows\System32\vsstrace.dll - ok
15:00:14.0630 3432 [ A86F5616EACB7155998011CEFFFB52F6 ] C:\Windows\System32\RdpGroupPolicyExtension.dll
15:00:14.0630 3432 C:\Windows\System32\RdpGroupPolicyExtension.dll - ok
15:00:14.0646 3432 [ 19F75D71E4256F5113D64CE2BB66B838 ] C:\Windows\System32\slwga.dll
15:00:14.0646 3432 C:\Windows\System32\slwga.dll - ok
15:00:14.0646 3432 [ F95622F161474511B8D80D6B093AA610 ] C:\Windows\System32\IKEEXT.DLL
15:00:14.0646 3432 C:\Windows\System32\IKEEXT.DLL - ok
15:00:14.0661 3432 [ 65085456FD9A74D7F1A999520C299ECB ] C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
15:00:14.0661 3432 C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe - ok
15:00:14.0677 3432 [ D318F23BE45D5E3A107469EB64815B50 ] C:\Windows\System32\sstpsvc.dll
15:00:14.0677 3432 C:\Windows\System32\sstpsvc.dll - ok
15:00:14.0677 3432 [ EF39CCCC9AD927A25334AE0B41A8A343 ] C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
15:00:14.0677 3432 C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll - ok
15:00:14.0693 3432 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] C:\Windows\System32\provsvc.dll
15:00:14.0693 3432 C:\Windows\System32\provsvc.dll - ok
15:00:14.0708 3432 [ 9275F02BEA644F43A459E316A932658F ] C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll
15:00:14.0708 3432 C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll - ok
15:00:14.0724 3432 [ 5845B1C54380FB980F68024B3A8B1E66 ] C:\Windows\System32\vpnikeapi.dll
15:00:14.0724 3432 C:\Windows\System32\vpnikeapi.dll - ok
15:00:14.0724 3432 [ 7E865AD3D556F427F23FEC15C02649BA ] C:\Windows\ehome\ehprivjob.exe
15:00:14.0724 3432 C:\Windows\ehome\ehprivjob.exe - ok
15:00:14.0739 3432 [ 4D05D7A79E970398D8C687712E65A9B0 ] C:\Windows\System32\sbe.dll
15:00:14.0739 3432 C:\Windows\System32\sbe.dll - ok
15:00:14.0755 3432 [ 59D16C3D5CC0D573256A01783ED5CCB4 ] C:\Windows\System32\MSVidCtl.dll
15:00:14.0755 3432 C:\Windows\System32\MSVidCtl.dll - ok
15:00:14.0755 3432 [ 0B4F5F5982E277F39CA6E1548F6B0D53 ] C:\Windows\System32\slcext.dll
15:00:14.0755 3432 C:\Windows\System32\slcext.dll - ok
15:00:14.0771 3432 [ 394117608EB031E622D4812E67746F09 ] C:\Windows\System32\wmdrmsdk.dll
15:00:14.0771 3432 C:\Windows\System32\wmdrmsdk.dll - ok
15:00:14.0786 3432 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:00:14.0786 3432 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe - ok
15:00:14.0786 3432 [ 40B82688907A7DBA4DB3B5ADDE3EAB3B ] C:\Windows\System32\mfplat.dll
15:00:14.0786 3432 C:\Windows\System32\mfplat.dll - ok
15:00:14.0802 3432 [ 80D8679BF84A9383BFF33E07D5D9FC35 ] C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll
15:00:14.0802 3432 C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll - ok
15:00:14.0817 3432 [ B9A8CBCFCD3EC9D2EA4740AF347BF108 ] C:\Windows\System32\mpr.dll
15:00:14.0817 3432 C:\Windows\System32\mpr.dll - ok
15:00:14.0833 3432 [ 9E0104BA49F4E6973749A02BF41344ED ] C:\Windows\System32\drivers\PEAuth.sys
15:00:14.0833 3432 C:\Windows\System32\drivers\PEAuth.sys - ok
15:00:14.0833 3432 [ 374071043F9E4231EE43BE2BB48DD36D ] C:\Windows\System32\nlasvc.dll
15:00:14.0833 3432 C:\Windows\System32\nlasvc.dll - ok
15:00:14.0849 3432 [ 140D9F911182357626165EA0BEB98C4F ] C:\Windows\System32\ncsi.dll
15:00:14.0849 3432 C:\Windows\System32\ncsi.dll - ok
15:00:14.0864 3432 [ 0AE0C4955E1DE29CCDC9DA1B816FE5EE ] C:\Windows\System32\quartz.dll
15:00:14.0864 3432 C:\Windows\System32\quartz.dll - ok
15:00:14.0864 3432 [ 90A3935D05B494A5A39D37E71F09A677 ] C:\Windows\System32\drivers\secdrv.sys
15:00:14.0864 3432 C:\Windows\System32\drivers\secdrv.sys - ok
15:00:14.0880 3432 [ A59B3A4442C52060CC7A85293AA3546F ] C:\Windows\System32\seclogon.dll
15:00:14.0880 3432 C:\Windows\System32\seclogon.dll - ok
15:00:14.0895 3432 [ 28E2231BD34A39C854BDF3923AB2FF86 ] C:\Windows\System32\ssdpapi.dll
15:00:14.0895 3432 C:\Windows\System32\ssdpapi.dll - ok
15:00:14.0895 3432 [ CF87A1DE791347E75B98885214CED2B8 ] C:\Windows\System32\sppsvc.exe
15:00:14.0895 3432 C:\Windows\System32\sppsvc.exe - ok
15:00:14.0911 3432 [ D1D5DAB39DCB4BE0359943738D87409B ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
15:00:14.0911 3432 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe - ok
15:00:14.0927 3432 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] C:\Windows\System32\drivers\srvnet.sys
15:00:14.0927 3432 C:\Windows\System32\drivers\srvnet.sys - ok
15:00:14.0927 3432 [ 284B59D7B56FC76C80E622AB856B1FAB ] C:\Windows\System32\davclnt.dll
15:00:14.0927 3432 C:\Windows\System32\davclnt.dll - ok
15:00:14.0942 3432 [ D6692338B985D4A0CA52B828314D897D ] C:\Windows\System32\drprov.dll
15:00:14.0942 3432 C:\Windows\System32\drprov.dll - ok
15:00:14.0958 3432 [ D7B7159BC8374E87D8C45A30377A3440 ] C:\Windows\System32\ntlanman.dll
15:00:14.0958 3432 C:\Windows\System32\ntlanman.dll - ok
15:00:14.0958 3432 [ 465BEA35F7ED4A4A57686DEA7EA10F47 ] C:\Windows\System32\cscapi.dll
15:00:14.0958 3432 C:\Windows\System32\cscapi.dll - ok
15:00:14.0973 3432 [ 179BECE8D1A4C488DDB7191FF9BE3FB0 ] C:\Windows\System32\davhlpr.dll
15:00:14.0973 3432 C:\Windows\System32\davhlpr.dll - ok
15:00:14.0989 3432 [ D16D818E9930A6E5B4F6476DD0998D1A ] C:\Windows\System32\drivers\spsys.sys
15:00:14.0989 3432 C:\Windows\System32\drivers\spsys.sys - ok
15:00:15.0005 3432 [ 3A11396EAC2414012155AB14E5C1E332 ] C:\Windows\System32\sppwinob.dll
15:00:15.0005 3432 C:\Windows\System32\sppwinob.dll - ok
15:00:15.0005 3432 [ 5BB8C06EB5EA4BA22EE8A678F2D79B25 ] C:\Windows\System32\devenum.dll
15:00:15.0005 3432 C:\Windows\System32\devenum.dll - ok
15:00:15.0020 3432 [ 7069AAB8536F29ED7323140973A2894B ] C:\Windows\System32\msdmo.dll
15:00:15.0020 3432 C:\Windows\System32\msdmo.dll - ok
15:00:15.0036 3432 [ 26EF8C37B8D58E98EE49F0DA81E77283 ] C:\Windows\System32\msdri.dll
15:00:15.0036 3432 C:\Windows\System32\msdri.dll - ok
15:00:15.0036 3432 [ E1FB3706030FB4578A0D72C2FC3689E4 ] C:\Windows\System32\wiaservc.dll
15:00:15.0036 3432 C:\Windows\System32\wiaservc.dll - ok
15:00:15.0051 3432 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] C:\Windows\System32\drivers\tcpipreg.sys
15:00:15.0051 3432 C:\Windows\System32\drivers\tcpipreg.sys - ok
15:00:15.0067 3432 [ 36650D618CA34C9D357DFD3D89B2C56F ] C:\Windows\System32\sysmain.dll
15:00:15.0067 3432 C:\Windows\System32\sysmain.dll - ok
15:00:15.0067 3432 [ F62E510B6AD4C21EB9FE8668ED251826 ] C:\Windows\System32\wbem\WMIsvc.dll
15:00:15.0067 3432 C:\Windows\System32\wbem\WMIsvc.dll - ok
15:00:15.0083 3432 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] C:\Program Files\Windows Media Player\wmpnetwk.exe
15:00:15.0083 3432 C:\Program Files\Windows Media Player\wmpnetwk.exe - ok
15:00:15.0098 3432 [ B087F2B901570F6EF62F6C2E01A480F3 ] C:\Windows\System32\wiatrace.dll
15:00:15.0098 3432 C:\Windows\System32\wiatrace.dll - ok
15:00:15.0114 3432 [ 421D9645B72CD341ECDBB0FCE06C97DE ] C:\Windows\System32\sppobjs.dll
15:00:15.0114 3432 C:\Windows\System32\sppobjs.dll - ok
15:00:15.0114 3432 [ 954EA9B34F155C844B11F4047A8F6F89 ] C:\Windows\System32\upnp.dll
15:00:15.0114 3432 C:\Windows\System32\upnp.dll - ok
15:00:15.0129 3432 [ 704314FD398C81D5F342CAA5DF7B7F21 ] C:\Windows\System32\wbemcomn.dll
15:00:15.0129 3432 C:\Windows\System32\wbemcomn.dll - ok
15:00:15.0145 3432 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] C:\Windows\System32\trkwks.dll
15:00:15.0145 3432 C:\Windows\System32\trkwks.dll - ok
15:00:15.0161 3432 [ 701C9EB15E1E23D22F7C7184C0506673 ] C:\Windows\System32\wbem\WmiDcPrv.dll
15:00:15.0161 3432 C:\Windows\System32\wbem\WmiDcPrv.dll - ok
15:00:15.0161 3432 [ CFC7D8289D2B5F3CF8D16E2DB7F93D4A ] C:\Windows\System32\wbem\fastprox.dll
15:00:15.0161 3432 C:\Windows\System32\wbem\fastprox.dll - ok
15:00:15.0176 3432 [ E3E811471DE781900FF21C1FD84E941E ] C:\Windows\System32\ntdsapi.dll
15:00:15.0176 3432 C:\Windows\System32\ntdsapi.dll - ok
15:00:15.0176 3432 [ C5B0324DB461559ADD070E632A6919FA ] C:\Windows\System32\wbem\wbemprox.dll
15:00:15.0176 3432 C:\Windows\System32\wbem\wbemprox.dll - ok
15:00:15.0192 3432 [ 236F286E103FD44BD85FDD93097FD5DD ] C:\Windows\System32\SearchIndexer.exe
15:00:15.0192 3432 C:\Windows\System32\SearchIndexer.exe - ok
15:00:15.0207 3432 [ 881D9F2D6E04E1C323050CF1574870F7 ] C:\Windows\System32\wbem\WinMgmtR.dll
15:00:15.0207 3432 C:\Windows\System32\wbem\WinMgmtR.dll - ok
15:00:15.0207 3432 [ 465DBF63A5049E4DB4BC5C12FFE781CB ] C:\Windows\System32\tquery.dll
15:00:15.0207 3432 C:\Windows\System32\tquery.dll - ok
15:00:15.0223 3432 [ 585EB475E7AF55C9065256E8FFB751A1 ] C:\Windows\System32\wbem\wbemcore.dll
15:00:15.0223 3432 C:\Windows\System32\wbem\wbemcore.dll - ok
15:00:15.0239 3432 [ 5AE88135C6A86FCD67BA16AFBB1C8389 ] C:\Windows\System32\wbem\esscli.dll
15:00:15.0239 3432 C:\Windows\System32\wbem\esscli.dll - ok
15:00:15.0254 3432 [ 5CF15474FFDB5005E54958DF6EDD97AB ] C:\Windows\System32\wmdrmdev.dll
15:00:15.0254 3432 C:\Windows\System32\wmdrmdev.dll - ok
15:00:15.0254 3432 [ 47D052D9EE1FD3BA2A55D13F61E3EF24 ] C:\Windows\System32\drmv2clt.dll
15:00:15.0254 3432 C:\Windows\System32\drmv2clt.dll - ok
15:00:15.0270 3432 [ 776AE0564F8B1C282E331FD95A1BDC5F ] C:\Windows\System32\wbem\wbemsvc.dll
15:00:15.0270 3432 C:\Windows\System32\wbem\wbemsvc.dll - ok
15:00:15.0285 3432 [ 0241CB16136B9A4939CA0395768AE286 ] C:\Windows\System32\mssrch.dll
15:00:15.0285 3432 C:\Windows\System32\mssrch.dll - ok
15:00:15.0285 3432 [ 5610B0425518D185331CB8E968D060E6 ] C:\Windows\System32\wbem\wmiutils.dll
15:00:15.0285 3432 C:\Windows\System32\wbem\wmiutils.dll - ok
15:00:15.0301 3432 [ 371E3B05894549113D07CD3081ED55EF ] C:\Windows\System32\wbem\repdrvfs.dll
15:00:15.0301 3432 C:\Windows\System32\wbem\repdrvfs.dll - ok
15:00:15.0317 3432 [ 3CDE2911462FEC80064A409C07710C06 ] C:\Windows\System32\wbem\WmiPrvSD.dll
15:00:15.0317 3432 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
15:00:15.0317 3432 [ A4CC7227A452C4909F9499D91B184364 ] C:\Windows\System32\ncobjapi.dll
15:00:15.0332 3432 C:\Windows\System32\ncobjapi.dll - ok
15:00:15.0332 3432 [ B350509B6C9296529BC464C60FEEAEF1 ] C:\Windows\System32\wbem\wbemess.dll
15:00:15.0332 3432 C:\Windows\System32\wbem\wbemess.dll - ok
15:00:15.0348 3432 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] C:\Windows\System32\iphlpsvc.dll
15:00:15.0348 3432 C:\Windows\System32\iphlpsvc.dll - ok
15:00:15.0363 3432 [ 81600E2E27ED61427AAD865B9BCDDB9D ] C:\Windows\System32\msidle.dll
15:00:15.0363 3432 C:\Windows\System32\msidle.dll - ok
15:00:15.0363 3432 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] C:\Windows\System32\drivers\srv2.sys
15:00:15.0363 3432 C:\Windows\System32\drivers\srv2.sys - ok
15:00:15.0379 3432 [ 523CF74A52C9A1762DA8B83AEE734498 ] C:\Windows\System32\IconCodecService.dll
15:00:15.0379 3432 C:\Windows\System32\IconCodecService.dll - ok
15:00:15.0395 3432 [ CE292C4C10B8DB6070F262EA2733F0DC ] C:\Windows\System32\sqmapi.dll
15:00:15.0395 3432 C:\Windows\System32\sqmapi.dll - ok
15:00:15.0410 3432 [ A399514D3B28C9A3453A486BBAAFF1C7 ] C:\Windows\System32\wdscore.dll
15:00:15.0410 3432 C:\Windows\System32\wdscore.dll - ok
15:00:15.0410 3432 [ B63E24E9271E99FD4540E3CA22A937DA ] C:\Windows\System32\en-US\tquery.dll.mui
15:00:15.0410 3432 C:\Windows\System32\en-US\tquery.dll.mui - ok
15:00:15.0426 3432 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] C:\Windows\System32\drivers\srv.sys
15:00:15.0426 3432 C:\Windows\System32\drivers\srv.sys - ok
15:00:15.0426 3432 [ 1FF7E4F548C7C372C804938F0D5B36AE ] C:\Windows\System32\netcfgx.dll
15:00:15.0426 3432 C:\Windows\System32\netcfgx.dll - ok
15:00:15.0441 3432 [ 45D9F6CD2469CDB6A640DD4BD2B01471 ] C:\Windows\System32\nci.dll
15:00:15.0441 3432 C:\Windows\System32\nci.dll - ok
15:00:15.0457 3432 [ 6383C60EC0133B14F5705F96369421B2 ] C:\Windows\System32\hnetcfg.dll
15:00:15.0457 3432 C:\Windows\System32\hnetcfg.dll - ok
15:00:15.0473 3432 [ 8E01332CC4B68BC6B5B7EFFE374442AA ] C:\Windows\System32\oleacc.dll
15:00:15.0473 3432 C:\Windows\System32\oleacc.dll - ok
15:00:15.0473 3432 [ 1EBE9524683C7C4EED8B8BC93FB6FBCC ] C:\Windows\System32\fltLib.dll
15:00:15.0473 3432 C:\Windows\System32\fltLib.dll - ok
15:00:15.0488 3432 [ E385B9E07B08C3F686B45D52C9F5A9B9 ] C:\Program Files\AVAST Software\Avast\AhResBhv.dll
15:00:15.0488 3432 C:\Program Files\AVAST Software\Avast\AhResBhv.dll - ok
15:00:15.0504 3432 [ E28034BDEDD48E44C889FF40C462005D ] C:\Program Files\AVAST Software\Avast\AhResJs.dll
15:00:15.0504 3432 C:\Program Files\AVAST Software\Avast\AhResJs.dll - ok
15:00:15.0504 3432 [ B20C06BDE50900C33CEE861E5B288ABF ] C:\Program Files\AVAST Software\Avast\AhResMai.dll
15:00:15.0504 3432 C:\Program Files\AVAST Software\Avast\AhResMai.dll - ok
15:00:15.0519 3432 [ DAC5B3F300E08EFA9782F6DD0E4A9FDA ] C:\Program Files\AVAST Software\Avast\AhResMes.dll
15:00:15.0519 3432 C:\Program Files\AVAST Software\Avast\AhResMes.dll - ok
15:00:15.0535 3432 [ 5B07E1B2414CE6A7F8942493F194B697 ] C:\Program Files\AVAST Software\Avast\AhResNS.dll
15:00:15.0535 3432 C:\Program Files\AVAST Software\Avast\AhResNS.dll - ok
15:00:15.0551 3432 [ F9AA8285BE0CCB3BDD77549DFC817423 ] C:\Program Files\AVAST Software\Avast\AhResP2P.dll
15:00:15.0551 3432 C:\Program Files\AVAST Software\Avast\AhResP2P.dll - ok
15:00:15.0551 3432 [ 90622E62EABD12FFEACEF083E765707C ] C:\Program Files\AVAST Software\Avast\AhResStd.dll
15:00:15.0551 3432 C:\Program Files\AVAST Software\Avast\AhResStd.dll - ok
15:00:15.0566 3432 [ B7F721185071CF20CAB25CC2869BE0C2 ] C:\Program Files\AVAST Software\Avast\AhResWS.dll
15:00:15.0566 3432 C:\Program Files\AVAST Software\Avast\AhResWS.dll - ok
15:00:15.0582 3432 [ B010CF886420EE29C2C276646721D255 ] C:\Windows\System32\wlanapi.dll
15:00:15.0582 3432 C:\Windows\System32\wlanapi.dll - ok
15:00:15.0582 3432 [ EAB975DB4C2805927FE5BD047D05C9AA ] C:\Windows\System32\netshell.dll
15:00:15.0582 3432 C:\Windows\System32\netshell.dll - ok
15:00:15.0597 3432 [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\System32\rasadhlp.dll
15:00:15.0597 3432 C:\Windows\System32\rasadhlp.dll - ok
15:00:15.0613 3432 [ 10AA3E99691C9782308A4768F0485D8D ] C:\Program Files\AVAST Software\Avast\aswPatchMgt.dll
15:00:15.0613 3432 C:\Program Files\AVAST Software\Avast\aswPatchMgt.dll - ok
15:00:15.0613 3432 [ 8FC931CA97B8DA19A380AB653AC3D6B7 ] C:\Program Files\AVAST Software\Avast\defs\13061101\aswAR.dll
15:00:15.0613 3432 C:\Program Files\AVAST Software\Avast\defs\13061101\aswAR.dll - ok
15:00:15.0629 3432 [ 112EEF699F3E5EFBE13EDDB50AEDE249 ] C:\Program Files\AVAST Software\Avast\defs\13061101\swhealthex.dll
15:00:15.0629 3432 C:\Program Files\AVAST Software\Avast\defs\13061101\swhealthex.dll - ok
15:00:15.0644 3432 [ 9EC1D983086E5FA14FFB3518B7E3B596 ] C:\Program Files\AVAST Software\Avast\defs\13061101\aswRawFS.dll
15:00:15.0644 3432 C:\Program Files\AVAST Software\Avast\defs\13061101\aswRawFS.dll - ok
15:00:15.0644 3432 [ 8598C2AE3A7C7281B1290297C7CCFD57 ] C:\Program Files\AVAST Software\Avast\Setup\avast.setup
15:00:15.0644 3432 C:\Program Files\AVAST Software\Avast\Setup\avast.setup - ok
15:00:15.0660 3432 [ 9E4B0E7472B4CEBA9E17F440B8CB0AB8 ] C:\Windows\System32\winspool.drv
15:00:15.0660 3432 C:\Windows\System32\winspool.drv - ok
15:00:15.0675 3432 [ 18AB2E5A40064ED5F7791AC5946A90F3 ] C:\Windows\System32\msimg32.dll
15:00:15.0675 3432 C:\Windows\System32\msimg32.dll - ok
15:00:15.0675 3432 [ 936F728E04ACCF3F38801CFFCF1E3F40 ] C:\Windows\System32\oledlg.dll
15:00:15.0675 3432 C:\Windows\System32\oledlg.dll - ok
15:00:15.0691 3432 [ B5B2896034D8ADEBD79E0C281B52508F ] C:\Windows\AppPatch\AcGenral.dll
15:00:15.0691 3432 C:\Windows\AppPatch\AcGenral.dll - ok
15:00:15.0691 3432 [ 85683DF1F917E4D7F6BE1A04986BF1C8 ] C:\Windows\System32\msacm32.dll
15:00:15.0691 3432 C:\Windows\System32\msacm32.dll - ok
15:00:15.0707 3432 [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9 ] C:\Windows\System32\sfc.dll
15:00:15.0707 3432 C:\Windows\System32\sfc.dll - ok
15:00:15.0722 3432 [ 84799328D87B3091A3BDD251E1AD31F9 ] C:\Windows\System32\sfc_os.dll
15:00:15.0722 3432 C:\Windows\System32\sfc_os.dll - ok
15:00:15.0722 3432 [ 0B7E85364CB878E2AD531DB7B601A9E5 ] C:\Windows\System32\NapiNSP.dll
15:00:15.0722 3432 C:\Windows\System32\NapiNSP.dll - ok
15:00:15.0738 3432 [ 5CF640EDDB1E40A5AB1BB743BCDEC610 ] C:\Windows\System32\pnrpnsp.dll
15:00:15.0738 3432 C:\Windows\System32\pnrpnsp.dll - ok
15:00:15.0753 3432 [ 5DF5D8CFD9B9573FA3B2C89D9061A240 ] C:\Windows\System32\winrnr.dll
15:00:15.0753 3432 C:\Windows\System32\winrnr.dll - ok
15:00:15.0753 3432 [ EA2B00551F3E7B3D5F7FB730A55F8246 ] C:\Windows\System32\blackbox.dll
15:00:15.0753 3432 C:\Windows\System32\blackbox.dll - ok
15:00:15.0769 3432 [ 61AC3EFDFACFDD3F0F11DD4FD4044223 ] C:\Windows\System32\userinit.exe
15:00:15.0769 3432 C:\Windows\System32\userinit.exe - ok
15:00:15.0785 3432 [ 505BF4D1CADEB8D4F8BCD08D944DE25D ] C:\Windows\System32\dwm.exe
15:00:15.0785 3432 C:\Windows\System32\dwm.exe - ok
15:00:15.0785 3432 [ 754AFC50022C95DA7C86B7020DB78136 ] C:\Windows\System32\dwmredir.dll
15:00:15.0785 3432 C:\Windows\System32\dwmredir.dll - ok
15:00:15.0800 3432 [ 497E59D9F01C6F247E72222A61835119 ] C:\Windows\System32\dwmcore.dll
15:00:15.0800 3432 C:\Windows\System32\dwmcore.dll - ok
15:00:15.0816 3432 [ 3C1936A12C62254F914A01BBC6A8DC69 ] C:\Windows\System32\d3d10_1.dll
15:00:15.0816 3432 C:\Windows\System32\d3d10_1.dll - ok
15:00:15.0816 3432 [ 8B88EBBB05A0E56B7DCC708498C02B3E ] C:\Windows\explorer.exe
15:00:15.0816 3432 C:\Windows\explorer.exe - ok
15:00:15.0831 3432 [ E2A17BCC08D92F42E08AF6BA2F93ABA7 ] C:\Windows\System32\ExplorerFrame.dll
15:00:15.0831 3432 C:\Windows\System32\ExplorerFrame.dll - ok
15:00:15.0847 3432 [ CD89FA96371429B0BEE893B156DB8932 ] C:\Program Files\AVAST Software\Avast\ashShell.dll
15:00:15.0847 3432 C:\Program Files\AVAST Software\Avast\ashShell.dll - ok
15:00:15.0847 3432 [ D4212AB475A3B25EC4DF574536C3EDC5 ] C:\Windows\System32\d3d10_1core.dll
15:00:15.0847 3432 C:\Windows\System32\d3d10_1core.dll - ok
15:00:15.0863 3432 [ 846D0E4DB261CFAF363902E41498E961 ] C:\Windows\System32\EhStorShell.dll
15:00:15.0863 3432 C:\Windows\System32\EhStorShell.dll - ok
15:00:15.0878 3432 [ 03F3B770DFBED6131653CEDA8CA780F0 ] C:\Windows\System32\ntshrui.dll
15:00:15.0878 3432 C:\Windows\System32\ntshrui.dll - ok
15:00:15.0878 3432 [ E1AC89F6C5252057E6062843E36A6701 ] C:\Windows\System32\SearchProtocolHost.exe
15:00:15.0878 3432 C:\Windows\System32\SearchProtocolHost.exe - ok
15:00:15.0894 3432 [ A5D237B8673025B052C0E6FDB6A883E8 ] C:\Windows\System32\msshooks.dll
15:00:15.0894 3432 C:\Windows\System32\msshooks.dll - ok
15:00:15.0909 3432 [ A6CD6B3F71E13E2E45B727FB8A47EA87 ] C:\Windows\System32\SearchFilterHost.exe
15:00:15.0909 3432 C:\Windows\System32\SearchFilterHost.exe - ok
15:00:15.0909 3432 [ D83947A58613E9091B4C9CC0F1546A8D ] C:\Windows\System32\mscoree.dll
15:00:15.0909 3432 C:\Windows\System32\mscoree.dll - ok
15:00:15.0925 3432 [ F5DF6846F30E9F54EA60CCAEB3FB2055 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
15:00:15.0925 3432 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok
15:00:15.0941 3432 [ D64AF876D53ECA3668BB97B51B4E70AB ] C:\Windows\System32\srvsvc.dll
15:00:15.0941 3432 C:\Windows\System32\srvsvc.dll - ok
15:00:15.0941 3432 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] C:\Windows\System32\browser.dll
15:00:15.0941 3432 C:\Windows\System32\browser.dll - ok
15:00:15.0956 3432 [ E4B72E71EC37A59FE574A998A0C0EB9B ] C:\Windows\System32\netmsg.dll
15:00:15.0956 3432 C:\Windows\System32\netmsg.dll - ok
15:00:15.0956 3432 [ 89E783711AF91AF09E1EF30EF3107446 ] C:\Windows\System32\sscore.dll
15:00:15.0956 3432 C:\Windows\System32\sscore.dll - ok
15:00:15.0972 3432 [ AE9898D5600A232CD8AE3298692162E5 ] C:\Windows\System32\clusapi.dll
15:00:15.0972 3432 C:\Windows\System32\clusapi.dll - ok
15:00:15.0987 3432 [ 1CBF15FDB0310345A68972EB5C5B948F ] C:\Windows\System32\mssprxy.dll
15:00:15.0987 3432 C:\Windows\System32\mssprxy.dll - ok
15:00:15.0987 3432 [ 2AF094C822BD6094F14A8E85FB51D52A ] C:\Windows\System32\resutils.dll
15:00:15.0987 3432 C:\Windows\System32\resutils.dll - ok
15:00:16.0003 3432 [ DB67C7C62038BDE813CB6486581A7611 ] C:\Windows\System32\mssph.dll
15:00:16.0003 3432 C:\Windows\System32\mssph.dll - ok
15:00:16.0019 3432 [ 8BC9DB92C4B2F3BE89185BEAB2AFC1F6 ] C:\Windows\System32\mapi32.dll
15:00:16.0019 3432 C:\Windows\System32\mapi32.dll - ok
15:00:16.0019 3432 [ D4F264FE23F8953D840904418220C15E ] C:\Windows\System32\dxgi.dll
15:00:16.0019 3432 C:\Windows\System32\dxgi.dll - ok
15:00:16.0034 3432 [ EACFDF31921F51C097629F1F3C9129B4 ] C:\Windows\System32\appinfo.dll
15:00:16.0034 3432 C:\Windows\System32\appinfo.dll - ok
15:00:16.0050 3432 [ E585445D5021971FAE10393F0F1C3961 ] C:\Windows\System32\qmgr.dll
15:00:16.0050 3432 C:\Windows\System32\qmgr.dll - ok
15:00:16.0050 3432 [ 0552A8684BF7566F744D5B19FF6AEC6B ] C:\Windows\System32\bitsperf.dll
15:00:16.0050 3432 C:\Windows\System32\bitsperf.dll - ok
15:00:16.0065 3432 [ F45ED8C4F9AF862CD9992849B5203C11 ] C:\Windows\System32\bitsigd.dll
15:00:16.0065 3432 C:\Windows\System32\bitsigd.dll - ok
15:00:16.0081 3432 [ D887C9FD02AC9FA880F6E5027A43E118 ] C:\Windows\System32\ssdpsrv.dll
15:00:16.0081 3432 C:\Windows\System32\ssdpsrv.dll - ok
15:00:16.0081 3432 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] C:\Windows\System32\netman.dll
15:00:16.0081 3432 C:\Windows\System32\netman.dll - ok
15:00:16.0097 3432 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] C:\Windows\System32\wdi.dll
15:00:16.0097 3432 C:\Windows\System32\wdi.dll - ok
15:00:16.0112 3432 [ ECF036299AA554B5E0455262857B39D0 ] C:\Windows\System32\diagperf.dll
15:00:16.0112 3432 C:\Windows\System32\diagperf.dll - ok
15:00:16.0112 3432 [ 15E298B5EC5B89C5994A59863969D9FF ] C:\Windows\System32\npmproxy.dll
15:00:16.0112 3432 C:\Windows\System32\npmproxy.dll - ok
15:00:16.0128 3432 [ AA53356D60AF47EACC85BC617A4F3F66 ] C:\Windows\System32\wpdbusenum.dll
15:00:16.0128 3432 C:\Windows\System32\wpdbusenum.dll - ok
15:00:16.0143 3432 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] C:\Windows\System32\hidserv.dll
15:00:16.0143 3432 C:\Windows\System32\hidserv.dll - ok
15:00:16.0143 3432 [ 7E82616BEE76BF5EAA5B30F681414E21 ] C:\Windows\System32\perftrack.dll
15:00:16.0143 3432 C:\Windows\System32\perftrack.dll - ok
15:00:16.0159 3432 [ F8E882C10AF4C29E378D1E28D4817CB1 ] C:\Windows\System32\pnpts.dll
15:00:16.0159 3432 C:\Windows\System32\pnpts.dll - ok
15:00:16.0159 3432 [ E98278865E8DABA21CFE5FE4BE34210A ] C:\Windows\System32\PortableDeviceApi.dll
15:00:16.0175 3432 C:\Windows\System32\PortableDeviceApi.dll - ok
15:00:16.0175 3432 [ 590D5C506044FE02FF7643E32FF9BDAC ] C:\Windows\System32\wer.dll
15:00:16.0175 3432 C:\Windows\System32\wer.dll - ok
15:00:16.0190 3432 [ 7FFD52D73352806969D424EF327D10A7 ] C:\Windows\System32\radardt.dll
15:00:16.0190 3432 C:\Windows\System32\radardt.dll - ok
15:00:16.0190 3432 [ F0016853FA3F38F55FD868FF74C0359B ] C:\Windows\System32\wdiasqmmodule.dll
15:00:16.0190 3432 C:\Windows\System32\wdiasqmmodule.dll - ok
15:00:16.0206 3432 [ D99621C0735B21DCC8BC4FEF02F379EF ] C:\Windows\System32\Apphlpdm.dll
15:00:16.0206 3432 C:\Windows\System32\Apphlpdm.dll - ok
15:00:16.0221 3432 [ 8B794AE6D5C7D42092804BC39A2EB8F6 ] C:\Windows\System32\aepic.dll
15:00:16.0221 3432 C:\Windows\System32\aepic.dll - ok
15:00:16.0221 3432 [ 04B88428A872390D235BE52D38A9D4EF ] C:\Windows\System32\dot3api.dll
15:00:16.0221 3432 C:\Windows\System32\dot3api.dll - ok
15:00:16.0237 3432 [ 8063046AA70B97CA9985672B8848FB2E ] C:\Windows\System32\wlanhlp.dll
15:00:16.0237 3432 C:\Windows\System32\wlanhlp.dll - ok
15:00:16.0253 3432 [ C693E642ACFBDD76433AF6BE3C3EEE6F ] C:\Windows\System32\PortableDeviceConnectApi.dll
15:00:16.0253 3432 C:\Windows\System32\PortableDeviceConnectApi.dll - ok
15:00:16.0253 3432 [ 85B45B4B285B159ACDB355FC8C1E8925 ] C:\Windows\System32\qmgrprxy.dll
15:00:16.0253 3432 C:\Windows\System32\qmgrprxy.dll - ok
15:00:16.0268 3432 [ 95110A1C5A1D228AC1DDF6AB67D00BEB ] C:\Program Files\Mozilla Firefox\firefox.exe
15:00:16.0268 3432 C:\Program Files\Mozilla Firefox\firefox.exe - ok
15:00:16.0284 3432 [ 1957D49A9613FAAD1C73B508CCE02AA5 ] C:\Windows\System32\wmp.dll
15:00:16.0284 3432 C:\Windows\System32\wmp.dll - ok
15:00:16.0284 3432 [ 867C301E8B790040AE9CF6486E8041DF ] C:\Windows\System32\drivers\WUDFRd.sys
15:00:16.0284 3432 C:\Windows\System32\drivers\WUDFRd.sys - ok
15:00:16.0299 3432 [ D44741F65A1D71F65814A12CF6E2400A ] C:\Windows\System32\runonce.exe
15:00:16.0299 3432 C:\Windows\System32\runonce.exe - ok
15:00:16.0299 3432 [ 980B6A5F92B8DB235C4A26728C2BE732 ] C:\Windows\System32\WUDFHost.exe
15:00:16.0299 3432 C:\Windows\System32\WUDFHost.exe - ok
15:00:16.0315 3432 [ C5C867CD7EFAC60D5021223E374DEEC5 ] C:\Windows\System32\dimsjob.dll
15:00:16.0315 3432 C:\Windows\System32\dimsjob.dll - ok
15:00:16.0331 3432 [ 0FBC74AA20FE0AE6884279F893169C60 ] C:\Windows\System32\wmploc.DLL
15:00:16.0331 3432 C:\Windows\System32\wmploc.DLL - ok
15:00:16.0331 3432 [ A36F7A256E65D858A7039DB00ADEEBDD ] C:\Windows\System32\WUDFx.dll
15:00:16.0331 3432 C:\Windows\System32\WUDFx.dll - ok
15:00:16.0346 3432 [ 7ABBDC3B08950992D218FA1E52D52A96 ] C:\Windows\System32\drivers\UMDF\WpdFs.dll
15:00:16.0346 3432 C:\Windows\System32\drivers\UMDF\WpdFs.dll - ok
15:00:16.0362 3432 [ 0F416E23DD2EB4DEBE70608020CFD283 ] C:\Windows\System32\WMVCORE.DLL
15:00:16.0362 3432 C:\Windows\System32\WMVCORE.DLL - ok
15:00:16.0362 3432 [ 14486EB6AF542F2BD3239F7FC3E713F7 ] C:\Windows\System32\pautoenr.dll
15:00:16.0362 3432 C:\Windows\System32\pautoenr.dll - ok
15:00:16.0377 3432 [ 61B1ED5F429EFAC7E2036769870AB93E ] C:\Windows\System32\certcli.dll
15:00:16.0377 3432 C:\Windows\System32\certcli.dll - ok
15:00:16.0393 3432 [ 29BC473072568C072EC8B176498DE996 ] C:\Windows\System32\CertEnroll.dll
15:00:16.0393 3432 C:\Windows\System32\CertEnroll.dll - ok
15:00:16.0393 3432 [ A7DD56261518373F70F23079EB3CD0A2 ] C:\Windows\System32\WMASF.DLL
15:00:16.0393 3432 C:\Windows\System32\WMASF.DLL - ok
15:00:16.0409 3432 [ 81490FDAE27F0082E5CC2DC78DCA96FA ] C:\Windows\System32\PortableDeviceClassExtension.dll
15:00:16.0409 3432 C:\Windows\System32\PortableDeviceClassExtension.dll - ok
15:00:16.0424 3432 [ ADB45A977BD9E45790CA496DB84BA148 ] C:\Windows\System32\PortableDeviceTypes.dll
15:00:16.0424 3432 C:\Windows\System32\PortableDeviceTypes.dll - ok
15:00:16.0424 3432 [ 5C694FA52B6A9A71C8B1D1D749548B55 ] C:\Program Files\Internet Explorer\ieproxy.dll
15:00:16.0424 3432 C:\Program Files\Internet Explorer\ieproxy.dll - ok
15:00:16.0440 3432 [ 3F2B83695E5BF11930C16AF50E991F96 ] C:\Windows\System32\wmpps.dll
15:00:16.0440 3432 C:\Windows\System32\wmpps.dll - ok
15:00:16.0455 3432 [ 7ACDFB4CC67F4993DF0E0731576309B2 ] C:\Windows\System32\d3d11.dll
15:00:16.0455 3432 C:\Windows\System32\d3d11.dll - ok
15:00:16.0455 3432 [ 1CDEA9188899E76D4FFD54C9D512CCDB ] C:\Windows\System32\msxml3.dll
15:00:16.0455 3432 C:\Windows\System32\msxml3.dll - ok
15:00:16.0471 3432 [ EE04D1EAA3093341C7E3070C33A82152 ] C:\Windows\System32\aticfx32.dll
15:00:16.0471 3432 C:\Windows\System32\aticfx32.dll - ok
15:00:16.0487 3432 [ B3ADC081829E4CA1D529C075209BD8FE ] C:\Windows\System32\atiuxpag.dll
15:00:16.0487 3432 C:\Windows\System32\atiuxpag.dll - ok
15:00:16.0487 3432 [ B559197BF162E95498B7ABCCF04748E9 ] C:\Windows\System32\atidxx32.dll
15:00:16.0487 3432 C:\Windows\System32\atidxx32.dll - ok
15:00:16.0502 3432 [ 60EDF8622CAD337A3629E9E6561EAC73 ] C:\Program Files\VideoLAN\VLC\vlc.exe
15:00:16.0502 3432 C:\Program Files\VideoLAN\VLC\vlc.exe - ok
15:00:16.0518 3432 [ AAD90795E84E710543C6C7C2F7048E30 ] C:\Program Files\Internet Explorer\iexplore.exe
15:00:16.0518 3432 C:\Program Files\Internet Explorer\iexplore.exe - ok
15:00:16.0518 3432 [ 99B9343280AF6A4C0F27CF2E28E94BBF ] C:\Windows\System32\dssenh.dll
15:00:16.0518 3432 C:\Windows\System32\dssenh.dll - ok
15:00:16.0533 3432 [ 7FBD0587CAF0CDC137A34B014E1E6257 ] C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll
15:00:16.0533 3432 C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll - ok
15:00:16.0549 3432 [ 2100560AF3F7F2948F2676E44DFB4ECF ] C:\Windows\System32\uDWM.dll
15:00:16.0549 3432 C:\Windows\System32\uDWM.dll - ok
15:00:16.0549 3432 [ BD3165A325F222F642F743B6CF2937ED ] C:\Program Files\WinRAR\WinRAR.exe
15:00:16.0549 3432 C:\Program Files\WinRAR\WinRAR.exe - ok
15:00:16.0565 3432 [ 091C84FE9C2A2C4AE1F30AC7C6A4BDD1 ] C:\Program Files\Java\jre7\bin\java.exe
15:00:16.0565 3432 C:\Program Files\Java\jre7\bin\java.exe - ok
15:00:16.0565 3432 [ AD7B9C14083B52BC532FBA5948342B98 ] C:\Windows\System32\cmd.exe
15:00:16.0565 3432 C:\Windows\System32\cmd.exe - ok
15:00:16.0580 3432 [ D5E5A86F49ACC11768D8339094C3AFD8 ] C:\Windows\System32\ieframe.dll
15:00:16.0580 3432 C:\Windows\System32\ieframe.dll - ok
15:00:16.0596 3432 [ 007863E45F25AA47A4C30D0930BBFD85 ] C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
15:00:16.0596 3432 C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll - ok
15:00:16.0596 3432 [ 60F4AEFA103D421EA4A40E31409B4756 ] C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
15:00:16.0596 3432 C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll - ok
15:00:16.0611 3432 [ 1F05F5A16881CD928C82D53CEFCF4477 ] C:\Windows\System32\shdocvw.dll
15:00:16.0611 3432 C:\Windows\System32\shdocvw.dll - ok
15:00:16.0627 3432 [ 178A34E5554DCE485E1262DDF027960C ] C:\Users\Alfred\AppData\Local\temp\8A6E3A0F-8A2F-4EAC-8E53-5B8097E966C0.exe
15:00:16.0627 3432 C:\Users\Alfred\AppData\Local\temp\8A6E3A0F-8A2F-4EAC-8E53-5B8097E966C0.exe - ok
15:00:16.0643 3432 [ 7E9917D5309A90E7576653BFE39F80D8 ] C:\Windows\System32\timedate.cpl
15:00:16.0643 3432 C:\Windows\System32\timedate.cpl - ok
15:00:16.0643 3432 [ D2958325C1AE1AE37A83334C6229E3BC ] C:\Windows\System32\actxprxy.dll
15:00:16.0643 3432 C:\Windows\System32\actxprxy.dll - ok
15:00:16.0658 3432 [ 64E211E0FDFCE4D186DF58BB7D0503BC ] C:\Windows\System32\gameux.dll
15:00:16.0658 3432 C:\Windows\System32\gameux.dll - ok
15:00:16.0658 3432 [ 3A16EA01FCFAAB40882DB5BFEE632322 ] C:\Windows\System32\msftedit.dll
15:00:16.0658 3432 C:\Windows\System32\msftedit.dll - ok
15:00:16.0674 3432 [ C225E5307D8D4982A1687F2702C37C78 ] C:\Windows\System32\msls31.dll
15:00:16.0674 3432 C:\Windows\System32\msls31.dll - ok
15:00:16.0689 3432 [ 7896EFFDEE215C172BE724A64931EF1C ] C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
15:00:16.0689 3432 C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll - ok
15:00:16.0689 3432 [ 393F021E2A9FA19AC94BA4482E32FC6C ] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
15:00:16.0689 3432 C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe - ok
15:00:16.0705 3432 [ 2A39F32E0067CBF221611FE1FA8C6D8F ] C:\Windows\System32\DeviceCenter.dll
15:00:16.0705 3432 C:\Windows\System32\DeviceCenter.dll - ok
15:00:16.0721 3432 [ 5987EA8A82C53359BCD2C29D6588583E ] C:\Windows\System32\linkinfo.dll
15:00:16.0721 3432 C:\Windows\System32\linkinfo.dll - ok
15:00:16.0736 3432 [ 672D7C5080ACB003343006405DA2E621 ] C:\Windows\System32\thumbcache.dll
15:00:16.0736 3432 C:\Windows\System32\thumbcache.dll - ok
15:00:16.0736 3432 [ 3D57FFBAD3ED16B63DE3879BAB0FB56F ] C:\Windows\System32\networkexplorer.dll
15:00:16.0736 3432 C:\Windows\System32\networkexplorer.dll - ok
15:00:16.0752 3432 [ F577910A133A592234EBAAD3F3AFA258 ] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:00:16.0752 3432 C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe - ok
15:00:16.0752 3432 [ E1636F57581CAB5D995FD54D2991EF57 ] C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
15:00:16.0752 3432 C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe - ok
15:00:16.0767 3432 [ D205C24A9D069049FE2DF2A1B38726A7 ] C:\Windows\System32\wdmaud.drv
15:00:16.0767 3432 C:\Windows\System32\wdmaud.drv - ok
15:00:16.0783 3432 [ 9C67F6BBDA3881CFD02095160CF91576 ] C:\Windows\System32\ksuser.dll
15:00:16.0783 3432 C:\Windows\System32\ksuser.dll - ok
15:00:16.0783 3432 [ 175383778EB24D98C84E624021E3AA0B ] C:\Windows\System32\aeevts.dll
15:00:16.0783 3432 C:\Windows\System32\aeevts.dll - ok
15:00:16.0799 3432 [ 0BF81A48DC987D27359C6B7C404E7356 ] C:\Program Files\PowerISO\PWRISOVM.EXE
15:00:16.0799 3432 C:\Program Files\PowerISO\PWRISOVM.EXE - ok
15:00:16.0814 3432 [ 114E5342884A174F0E261526F07B63A1 ] C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\libcurl.dll
15:00:16.0814 3432 C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\libcurl.dll - ok
15:00:16.0814 3432 [ C940F2F5C60B3727C5F18840735B229C ] C:\Windows\System32\AudioSes.dll
15:00:16.0814 3432 C:\Windows\System32\AudioSes.dll - ok
15:00:16.0830 3432 [ D63797E8E7781EE1500A810CB6194FA6 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
15:00:16.0830 3432 C:\Program Files\Common Files\Java\Java Update\jusched.exe - ok
15:00:16.0845 3432 [ 6307849B9BE3C206DB46A62316BF191F ] C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\libeay32.dll
15:00:16.0845 3432 C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\libeay32.dll - ok
15:00:16.0861 3432 [ 07393A09C46083588E751B63B03C8301 ] C:\Windows\System32\msacm32.drv
15:00:16.0861 3432 C:\Windows\System32\msacm32.drv - ok
15:00:16.0861 3432 [ 5A12C364AD1D4FCC0AD0E56DBBC34462 ] C:\Windows\System32\midimap.dll
15:00:16.0861 3432 C:\Windows\System32\midimap.dll - ok
15:00:16.0877 3432 [ 3F11B20D12D89365D7721BDC860CE5F0 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
15:00:16.0877 3432 C:\Program Files\AVAST Software\Avast\AvastUI.exe - ok
15:00:16.0892 3432 [ 5FF5E12F28725D14CAA3B408848ADFFC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
15:00:16.0892 3432 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll - ok
15:00:16.0892 3432 [ F92B3868E3801653AF196C76078829FA ] C:\Program Files\AVAST Software\Avast\aswUtil.dll
15:00:16.0892 3432 C:\Program Files\AVAST Software\Avast\aswUtil.dll - ok
15:00:16.0908 3432 [ A7B1D114D0315BCDD9731385E76F356C ] C:\Users\Alfred\AppData\Roaming\BitTorrent\BitTorrent.exe
15:00:16.0908 3432 C:\Users\Alfred\AppData\Roaming\BitTorrent\BitTorrent.exe - ok
15:00:16.0923 3432 [ BBA9D5A730D5E304117AD26923EBD8AA ] C:\Windows\System32\AudioEng.dll
15:00:16.0923 3432 C:\Windows\System32\AudioEng.dll - ok
15:00:16.0923 3432 [ CA6ADE4F7761BB15B3325356DC3B82BB ] C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll
15:00:16.0923 3432 C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll - ok
15:00:16.0939 3432 [ 96F0F8F4DEE598C8D12AD9633E0CFE2A ] C:\Windows\System32\AUDIOKSE.dll
15:00:16.0939 3432 C:\Windows\System32\AUDIOKSE.dll - ok
15:00:16.0955 3432 [ AAA55B127EC38BDEBD2A3891A2E5FD54 ] C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\ssleay32.dll
15:00:16.0955 3432 C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\ssleay32.dll - ok
15:00:16.0955 3432 [ 3A14F952737E0C2DDDE423AC7D3D11AF ] C:\Windows\System32\RtkAPO.dll
15:00:16.0955 3432 C:\Windows\System32\RtkAPO.dll - ok
15:00:16.0970 3432 [ 907B50DE97ED835EFE151F203818216D ] C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\zlib1.dll
15:00:16.0970 3432 C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\zlib1.dll - ok
15:00:16.0970 3432 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\Windows\System32\drivers\66495479.sys
15:00:16.0970 3432 C:\Windows\System32\drivers\66495479.sys - ok
15:00:16.0986 3432 [ FBFCA1A574D47EE575448B719CBBF2E4 ] C:\Windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ENU.DLL
15:00:16.0986 3432 C:\Windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ENU.DLL - ok
15:00:17.0001 3432 [ 4E30ED3E551E867ADD1C8D58F5EDD9DF ] C:\Windows\System32\WMALFXGFXDSP.dll
15:00:17.0001 3432 C:\Windows\System32\WMALFXGFXDSP.dll - ok
15:00:17.0017 3432 [ 56DB34F4DC39CECBC871A895C6FCF1C3 ] C:\Program Files\AVAST Software\Avast\aswAra.dll
15:00:17.0017 3432 C:\Program Files\AVAST Software\Avast\aswAra.dll - ok
15:00:17.0017 3432 [ 44BD658E0E4D21C42023AD9EBEFFDB90 ] C:\Program Files\AVAST Software\Avast\ssleay32.dll
15:00:17.0017 3432 C:\Program Files\AVAST Software\Avast\ssleay32.dll - ok
15:00:17.0033 3432 [ 8ED6DA45BAB5CFC809229F26D4D4A2CE ] C:\Program Files\AVAST Software\Avast\libeay32.dll
15:00:17.0033 3432 C:\Program Files\AVAST Software\Avast\libeay32.dll - ok
15:00:17.0033 3432 [ 3851909899A5E6210C58DB9CC02068D3 ] C:\Program Files\AVAST Software\Avast\aswData.dll
15:00:17.0033 3432 C:\Program Files\AVAST Software\Avast\aswData.dll - ok
15:00:17.0048 3432 [ 5CE2C1433B9B634591F0A1C4C1203A0B ] C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
15:00:17.0048 3432 C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe - ok
15:00:17.0064 3432 [ A3BB91467FBDDA34039686C95A31C8C2 ] C:\Program Files\AVAST Software\Avast\1033\uiLangRes.dll
15:00:17.0064 3432 C:\Program Files\AVAST Software\Avast\1033\uiLangRes.dll - ok
15:00:17.0064 3432 [ 5684CD3B207C1668DEE6BD2802C25B19 ] C:\Program Files\AVAST Software\Avast\CommonRes.dll
15:00:17.0064 3432 C:\Program Files\AVAST Software\Avast\CommonRes.dll - ok
15:00:17.0079 3432 [ 102CF6879887BBE846A00C459E6D4ABC ] C:\Windows\System32\riched20.dll
15:00:17.0079 3432 C:\Windows\System32\riched20.dll - ok
15:00:17.0095 3432 [ 8B285BDAB7735FDFB18E6F7122923B77 ] C:\Windows\System32\UIAnimation.dll
15:00:17.0095 3432 C:\Windows\System32\UIAnimation.dll - ok
15:00:17.0095 3432 [ CC96587B1C07F84B95271223B19537A8 ] C:\Program Files\AVAST Software\Avast\defs\13061101\uiext.dll
15:00:17.0095 3432 C:\Program Files\AVAST Software\Avast\defs\13061101\uiext.dll - ok
15:00:17.0111 3432 [ 521B748A7F9923302CA18B7E6AA2EEAE ] C:\Windows\System32\activeds.dll
15:00:17.0111 3432 C:\Windows\System32\activeds.dll - ok
15:00:17.0126 3432 [ 51F5CC1E7DA3D9C664C2D0D61F315E06 ] C:\Windows\System32\adsldpc.dll
15:00:17.0126 3432 C:\Windows\System32\adsldpc.dll - ok
15:00:17.0126 3432 [ 3E709F7BFA217CD3B6FC338780465E20 ] C:\Windows\System32\adsldp.dll
15:00:17.0126 3432 C:\Windows\System32\adsldp.dll - ok
15:00:17.0142 3432 [ 8B23045F8D972C365693A82B1A94C309 ] C:\Program Files\Internet Explorer\sqmapi.dll
15:00:17.0142 3432 C:\Program Files\Internet Explorer\sqmapi.dll - ok
15:00:17.0157 3432 [ 2D11BC8B460957E62E4420373A0D8BDA ] C:\Windows\System32\imapi2.dll
15:00:17.0157 3432 C:\Windows\System32\imapi2.dll - ok
15:00:17.0157 3432 [ C8333F1F77A1B2E25F2202E892CAF634 ] C:\Windows\System32\prnfldr.dll
15:00:17.0157 3432 C:\Windows\System32\prnfldr.dll - ok
15:00:17.0173 3432 [ 8CD1DEE212E52B9C22E66DBA44991D32 ] C:\Windows\System32\httpapi.dll
15:00:17.0173 3432 C:\Windows\System32\httpapi.dll - ok
15:00:17.0189 3432 [ 912649A1B3F9E6ACB3899FBDABA2ED5F ] C:\Windows\System32\stobject.dll
15:00:17.0189 3432 C:\Windows\System32\stobject.dll - ok
15:00:17.0189 3432 [ 67C1B58706B47EEBA4E117AC197289E6 ] C:\Windows\System32\batmeter.dll
15:00:17.0189 3432 C:\Windows\System32\batmeter.dll - ok
15:00:17.0204 3432 [ ADDB05C93272A62606599B24730BD645 ] C:\Windows\System32\DXP.dll
15:00:17.0204 3432 C:\Windows\System32\DXP.dll - ok
15:00:17.0220 3432 [ 856CFFCD835528136367BB1A8FE1DB87 ] C:\Windows\System32\Syncreg.dll
15:00:17.0220 3432 C:\Windows\System32\Syncreg.dll - ok
15:00:17.0220 3432 [ F8F03D206F7D5811D630349A23E9B9B9 ] C:\Windows\ehome\ehSSO.dll
15:00:17.0220 3432 C:\Windows\ehome\ehSSO.dll - ok
15:00:17.0235 3432 [ 2B08CD29B8C031D4132403773E47FFA0 ] C:\Program Files\Your Uninstaller 2010\urmain.exe
15:00:17.0235 3432 C:\Program Files\Your Uninstaller 2010\urmain.exe - ok
15:00:17.0251 3432 [ A7DC47DBBE3C0384BA719DC4188AFA7E ] C:\Windows\ehome\ehtray.exe
15:00:17.0251 3432 C:\Windows\ehome\ehtray.exe - ok
15:00:17.0251 3432 [ 178A34E5554DCE485E1262DDF027960C ] C:\Users\Alfred\Desktop\TDSSKiller.exe
15:00:17.0251 3432 C:\Users\Alfred\Desktop\TDSSKiller.exe - ok
15:00:17.0267 3432 [ B2B3DAE040F6B5AE1DF52B0CD7631A18 ] C:\Windows\System32\AltTab.dll
15:00:17.0267 3432 C:\Windows\System32\AltTab.dll - ok
15:00:17.0282 3432 [ 5AD4FA5C3E0B4C28888276A84ECA9381 ] C:\Program Files\CFS-Technologies\Speakonia\Speakonia.exe
15:00:17.0282 3432 C:\Program Files\CFS-Technologies\Speakonia\Speakonia.exe - ok
15:00:17.0282 3432 [ 735263DA17BF5BAF9CCD483843BF9D5A ] C:\Windows\System32\WPDShServiceObj.dll
15:00:17.0282 3432 C:\Windows\System32\WPDShServiceObj.dll - ok
15:00:17.0298 3432 [ 70615C5C6E118B3008629B3E2A23400C ] C:\Program Files\psx emulation cheater\pec.exe
15:00:17.0298 3432 C:\Program Files\psx emulation cheater\pec.exe - ok
15:00:17.0313 3432 [ 3D6F22551D422F97AACB0BB927E4C846 ] C:\Windows\System32\pnidui.dll
15:00:17.0313 3432 C:\Windows\System32\pnidui.dll - ok
15:00:17.0313 3432 [ BD626EF05967D14C772B8096292731A3 ] C:\Windows\System32\QUTIL.DLL
15:00:17.0313 3432 C:\Windows\System32\QUTIL.DLL - ok
15:00:17.0329 3432 [ ADAFE4DD46E39EA1AA28601E545DDE56 ] C:\Program Files\Smart Projects\IsoBuster\IsoBuster.exe
15:00:17.0329 3432 C:\Program Files\Smart Projects\IsoBuster\IsoBuster.exe - ok
15:00:17.0345 3432 [ 674B0C0F6A448EB185CAAB9C51D44032 ] C:\Windows\System32\srchadmin.dll
15:00:17.0345 3432 C:\Windows\System32\srchadmin.dll - ok
15:00:17.0345 3432 [ 00000000000000000000000000000000 ] C:\Users\Alfred\Desktop\avast_free_antivirus_setup.exe
15:00:17.0345 3432 C:\Users\Alfred\Desktop\avast_free_antivirus_setup.exe - ok
15:00:17.0360 3432 [ D8B924F925FA4A8839C144F79CA5FCD4 ] C:\Program Files\Adobe\Adobe Photoshop CS5.1\Photoshop.exe
15:00:17.0360 3432 C:\Program Files\Adobe\Adobe Photoshop CS5.1\Photoshop.exe - ok
15:00:17.0376 3432 [ 4825D2A98FAB45D4938DA9196ADDFAD4 ] C:\Windows\ehome\ehProxy.dll
15:00:17.0376 3432 C:\Windows\ehome\ehProxy.dll - ok
15:00:17.0376 3432 [ 6A0CE6378716E61EC766D7D05D80046F ] C:\Windows\ehome\ehrec.exe
15:00:17.0376 3432 C:\Windows\ehome\ehrec.exe - ok
15:00:17.0391 3432 [ 8B92BED5B8D4A8480E7AA631F35A6F35 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
15:00:17.0391 3432 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - ok
15:00:17.0391 3432 [ C3E39FB1398EEE8E612C2FE53A9192EF ] C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
15:00:17.0391 3432 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll - ok
15:00:17.0407 3432 [ 3518CB4E2D896CAB53D5386F15AC0566 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
15:00:17.0407 3432 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll - ok
15:00:17.0423 3432 [ 7CD6A7B31295E1B475B5376FF7E57FF7 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\ehCIR\e1e78ef0d73f9000d79281cd40868882\ehCIR.ni.dll
15:00:17.0423 3432 C:\Windows\assembly\NativeImages_v2.0.50727_32\ehCIR\e1e78ef0d73f9000d79281cd40868882\ehCIR.ni.dll - ok
15:00:17.0438 3432 [ 8B829F5E540A5EB43483792C8D6E3875 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\cefccb1ed79e63eddf972c6c20ae240b\ehRecObj.ni.dll
15:00:17.0438 3432 C:\Windows\assembly\NativeImages_v2.0.50727_32\ehRecObj\cefccb1ed79e63eddf972c6c20ae240b\ehRecObj.ni.dll - ok
15:00:17.0438 3432 [ 4BC8285C485DA27770E0921E68BF196E ] C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiProxy\454ecc5a1795270b2dbe55bfe3dd87be\ehiProxy.ni.dll
15:00:17.0438 3432 C:\Windows\assembly\NativeImages_v2.0.50727_32\ehiProxy\454ecc5a1795270b2dbe55bfe3dd87be\ehiProxy.ni.dll - ok
15:00:17.0454 3432 [ E66C4435F0F7A638A82A37EFEBF8D0EA ] C:\Windows\assembly\NativeImages_v2.0.50727_32\mcepg\1355556186a0cfcef21dadab36b38355\mcepg.ni.dll
15:00:17.0454 3432 C:\Windows\assembly\NativeImages_v2.0.50727_32\mcepg\1355556186a0cfcef21dadab36b38355\mcepg.ni.dll - ok
15:00:17.0469 3432 [ F13D62D250FA03DE41BCB84ED1A37704 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\mcstore\744604b4a3bb3625de9541f0f81a3893\mcstore.ni.dll
15:00:17.0469 3432 C:\Windows\assembly\NativeImages_v2.0.50727_32\mcstore\744604b4a3bb3625de9541f0f81a3893\mcstore.ni.dll - ok
15:00:17.0485 3432 [ AD4FFFDF60B1F3D414079C24D5AA02DB ] C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\840830c6a4fd76901574202fa9e7c9ef\Microsoft.MediaCenter.UI.ni.dll
15:00:17.0485 3432 C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.MediaCent#\840830c6a4fd76901574202fa9e7c9ef\Microsoft.MediaCenter.UI.ni.dll - ok
15:00:17.0485 3432 [ 21396E35E0717D6A65440B6A5BF708C8 ] C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe
15:00:17.0485 3432 C:\Program Files\THQ\Gas Powered Games\Supreme Commander\bin\SupremeCommander.exe - ok
15:00:17.0501 3432 [ F2CFD565C7AD5038E319D8155724EEE3 ] C:\Program Files\PowerISO\PowerISO.exe
15:00:17.0501 3432 C:\Program Files\PowerISO\PowerISO.exe - ok
15:00:17.0516 3432 [ 534A3CB0847BA114F0D8A5F2BB2EF6D0 ] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
15:00:17.0516 3432 C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe - ok
15:00:17.0516 3432 [ 60A8C2F0ADCF999D7542EC589C026C2B ] C:\Windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\b8e516ed0f2c0bee78580ac0a758d7b3\mcstoredb.ni.dll
15:00:17.0516 3432 C:\Windows\assembly\NativeImages_v2.0.50727_32\mcstoredb\b8e516ed0f2c0bee78580ac0a758d7b3\mcstoredb.ni.dll - ok
15:00:17.0532 3432 [ 7D8676EC6A6ABCF57E1F6CA5372E56EE ] C:\Windows\assembly\GAC_32\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll
15:00:17.0532 3432 C:\Windows\assembly\GAC_32\mcstoredb\6.1.0.0__31bf3856ad364e35\mcstoredb.dll - ok
15:00:17.0547 3432 [ 09A116FB06C5E362EF8938D29CDAB27B ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
15:00:17.0547 3432 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll - ok
15:00:17.0547 3432 [ 539C49CEBB3C50957AC8A09D95ECD880 ] C:\Windows\System32\shfolder.dll
15:00:17.0547 3432 C:\Windows\System32\shfolder.dll - ok
15:00:17.0563 3432 [ D378BFFB70923139D6A4F546864AA61C ] C:\Windows\System32\notepad.exe
15:00:17.0563 3432 C:\Windows\System32\notepad.exe - ok
15:00:17.0579 3432 [ 9A39A2A5F443A756C568C6ED5748AFE4 ] C:\Windows\System32\ActionCenter.dll
15:00:17.0579 3432 C:\Windows\System32\ActionCenter.dll - ok
15:00:17.0579 3432 [ B6C756FA661C5EB7B3547E60647F87A7 ] C:\Windows\System32\sqlceoledb30.dll
15:00:17.0579 3432 C:\Windows\System32\sqlceoledb30.dll - ok
15:00:17.0594 3432 [ 13CDD3FF0961A2EC6D9829A1640DD6DC ] C:\Windows\System32\sqlcese30.dll
15:00:17.0594 3432 C:\Windows\System32\sqlcese30.dll - ok
15:00:17.0610 3432 [ 60236C8C3B8C2D8B9A59326890533EB8 ] C:\Windows\System32\sqlceqp30.dll
15:00:17.0610 3432 C:\Windows\System32\sqlceqp30.dll - ok
15:00:17.0610 3432 [ A80C173AC5C75706BB74AE4D78F2A53D ] C:\Program Files\Windows Media Player\wmplayer.exe
15:00:17.0610 3432 C:\Program Files\Windows Media Player\wmplayer.exe - ok
15:00:17.0625 3432 [ 9DF7A7C74D8632CB5EBD37E3A374825E ] C:\Windows\System32\webcheck.dll
15:00:17.0625 3432 C:\Windows\System32\webcheck.dll - ok
15:00:17.0641 3432 [ 8EE6BDE1D572677AA35707C52C585F75 ] C:\Windows\System32\mlang.dll
15:00:17.0641 3432 C:\Windows\System32\mlang.dll - ok
15:00:17.0641 3432 [ 2DDEA2C345DA5BC589EFD398F220DB0E ] C:\Windows\System32\SyncCenter.dll
15:00:17.0641 3432 C:\Windows\System32\SyncCenter.dll - ok
15:00:17.0657 3432 [ 015FF57E5B1F43F4554CAA7824095D24 ] C:\Windows\ehome\ehepgres.dll
15:00:17.0657 3432 C:\Windows\ehome\ehepgres.dll - ok
15:00:17.0672 3432 [ C2D6A4475B87651D5909E364439FDA52 ] C:\Windows\System32\FXSST.dll
15:00:17.0672 3432 C:\Windows\System32\FXSST.dll - ok
15:00:17.0672 3432 [ 942E57152F1CD0533644AB30EF1A4728 ] C:\Windows\System32\FXSAPI.dll
15:00:17.0672 3432 C:\Windows\System32\FXSAPI.dll - ok
15:00:17.0688 3432 [ C4096CA42199428B3D63DC206C197F0E ] C:\Windows\System32\FXSRESM.dll
15:00:17.0688 3432 C:\Windows\System32\FXSRESM.dll - ok
15:00:17.0703 3432 [ 967EA5B213E9984CBE270205DF37755B ] C:\Windows\System32\FXSSVC.exe
15:00:17.0703 3432 C:\Windows\System32\FXSSVC.exe - ok
15:00:17.0703 3432 [ D39DA70FEA6BD713682F70635587DA9E ] C:\Windows\System32\rasdlg.dll
15:00:17.0703 3432 C:\Windows\System32\rasdlg.dll - ok
15:00:17.0719 3432 [ D4191EFAB91E00FC09257AA5EBAF503B ] C:\Windows\System32\mprapi.dll
15:00:17.0719 3432 C:\Windows\System32\mprapi.dll - ok
15:00:17.0719 3432 [ 871F7F32E3441580138E61A4AA072DF6 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
15:00:17.0719 3432 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll - ok
15:00:17.0735 3432 [ 53683A331F8A1BB20ADD0330F1DE6388 ] C:\Program Files\Windows Media Player\wmpnscfg.exe
15:00:17.0735 3432 C:\Program Files\Windows Media Player\wmpnscfg.exe - ok
15:00:17.0750 3432 [ C02AA67276FEE0C15CC4D6D616BDE95E ] C:\Windows\System32\WWanAPI.dll
15:00:17.0750 3432 C:\Windows\System32\WWanAPI.dll - ok
15:00:17.0766 3432 [ F2ED6D00921CA138289E5E0CCB9ABF87 ] C:\Windows\System32\wwapi.dll
15:00:17.0766 3432 C:\Windows\System32\wwapi.dll - ok
15:00:17.0766 3432 [ 02530B0B7E048DD5AC8D52DAEACAEB2B ] C:\Windows\System32\QAGENT.DLL
15:00:17.0766 3432 C:\Windows\System32\QAGENT.DLL - ok
15:00:17.0781 3432 [ C7952D0A4C43A965A1741916BB134751 ] C:\Windows\System32\hgcpl.dll
15:00:17.0781 3432 C:\Windows\System32\hgcpl.dll - ok
15:00:17.0797 3432 [ 8F8AB20AA863EA95A421B9D54C74F20C ] C:\Program Files\Windows Media Player\wmpnssci.dll
15:00:17.0797 3432 C:\Program Files\Windows Media Player\wmpnssci.dll - ok
15:00:17.0797 3432 [ E3D5E244807AD655787FCD25477CC1BC ] C:\Windows\System32\bthprops.cpl
15:00:17.0797 3432 C:\Windows\System32\bthprops.cpl - ok
15:00:17.0813 3432 [ F3222C893BD2F5821A0179E5C71E88FB ] C:\Windows\System32\fdPHost.dll
15:00:17.0813 3432 C:\Windows\System32\fdPHost.dll - ok
15:00:17.0813 3432 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] C:\Windows\System32\FDResPub.dll
15:00:17.0813 3432 C:\Windows\System32\FDResPub.dll - ok
15:00:17.0828 3432 [ DE6F4B7E62FDE776F3DE8E5FB5A05C48 ] C:\Windows\System32\fdWSD.dll
15:00:17.0828 3432 C:\Windows\System32\fdWSD.dll - ok
15:00:17.0828 3432 [ 73F6C5223F7E9B5780DD4A6C30FCF569 ] C:\Windows\System32\WSDApi.dll
15:00:17.0828 3432 C:\Windows\System32\WSDApi.dll - ok
15:00:17.0844 3432 [ DB846EECA70EE9D2E2FF31147C57B0F4 ] C:\Windows\System32\webservices.dll
15:00:17.0844 3432 C:\Windows\System32\webservices.dll - ok
15:00:17.0859 3432 [ 674611721264013DB169EC12AFC9C3B6 ] C:\Windows\System32\fdSSDP.dll
15:00:17.0859 3432 C:\Windows\System32\fdSSDP.dll - ok
15:00:17.0859 3432 [ 89D90579E5FB1469CB0464F6512E42B7 ] C:\Windows\System32\fundisc.dll
15:00:17.0859 3432 C:\Windows\System32\fundisc.dll - ok
15:00:17.0891 3432 [ 3FF0FA0A81910617739644A06D06D016 ] C:\Windows\System32\fdProxy.dll
15:00:17.0891 3432 C:\Windows\System32\fdProxy.dll - ok
15:00:17.0891 3432 ============================================================
15:00:17.0891 3432 Scan finished
15:00:17.0891 3432 ============================================================
15:00:17.0906 2960 Detected object count: 0
15:00:17.0906 2960 Actual detected object count: 0
15:00:25.0706 3376 Deinitialize success

#10 Slayer90

Slayer90
  • Topic Starter

  • Members
  • 216 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 11 June 2013 - 09:50 PM

My computer continues to have problems. As I said before yesterday my computer restarts all by itself after a freezing and icons disappearing in the desktop briefly which I speculate is a bootkit infection. I also still wasn't able to detect or find these trojans that I been infected with for a least a month. Also I cannot go into safemode anymore. Eset, adwcleaner,Rkill, Malwarebytes, Avast! still couldn't find them Is there some some scanner that could detect encrypted trojans I want to get rid of these trojans first before I deal with the bootkit.



#11 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:10:58 PM

Posted 12 June 2013 - 04:34 PM

Hello Salyer90. :)

 

Is there some some scanner that could detect encrypted trojans I want to get rid of these trojans first before I deal with the bootkit.

Is there some some scanner that could detect encrypted trojans I want to get rid of these trojans first before I deal with the bootkit.

 

The infection might just be a rootkit. I haven't seen any evidence of encrypted trojans yet.

 

Please post the logs from MBAR. :)


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#12 Slayer90

Slayer90
  • Topic Starter

  • Members
  • 216 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 12 June 2013 - 07:18 PM

Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org

Database version: v2013.06.12.09

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16618
Alfred :: ALFRED-PC [administrator]

6/12/2013 4:52:31 PM
mbar-log-2013-06-12 (16-52-31).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 201204
Time elapsed: 20 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 



#13 Slayer90

Slayer90
  • Topic Starter

  • Members
  • 216 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 12 June 2013 - 11:03 PM

Just remember that My computer been having problems for months and my computer suddenly restart last monday which is most likely a bootkit.. Which concludes me to still think my computer is infect with very advance trojans  The symptoms is getting worse.



#14 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:10:58 PM

Posted 13 June 2013 - 07:19 AM

Hey Slayer90,

 

There should be another log from MBAR. Please post it too. :)


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#15 Slayer90

Slayer90
  • Topic Starter

  • Members
  • 216 posts
  • OFFLINE
  •  
  • Local time:04:58 AM

Posted 13 June 2013 - 12:15 PM

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1003

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 10.0.9200.16618

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.646000 GHz
Memory total: 3077095424, free: 2040823808

Initializing...
------------ Kernel report ------------
     06/12/2013 16:52:23
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\amd_sata.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\amd_xata.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\System32\Drivers\SCDEmu.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\L1C62x86.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\drivers\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amd_sata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff861ca8b8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006f\
Lower Device Object: 0xffffffff861ca3b0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff85e97ac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000005f\
Lower Device Object: 0xffffffff857efc68
Lower Device Driver Name: \Driver\amd_sata\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff85e97ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85e97700, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff85e97ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85dc6c08, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xffffffff857efc68, DeviceName: \Device\0000005f\, DriverName: \Driver\amd_sata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 8CDB91AE

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 426749952

    Partition 2 type is Other (0x6)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 426956800  Numsec = 61437952

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff861ca8b8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff861ca020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff861ca8b8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff861ca3b0, DeviceName: \Device\0000006f\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================


Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users