Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan.Agent infection [Solved]


  • This topic is locked This topic is locked

#16
jkabat

jkabat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Hi,

I disabled Security Essentials and Avast and ran combofix.

No problem running combofix.

Upon reboot I restarted Security Essentials. It continues to put up big red warnings that the computer is infected.

I also restarted Avast. I get nearly continual popups saying that avast blocked a malicious trojan horse site from accessing my computer.

Other than that, the computer seems to run well.

Log pasted in next reply. Thanks.


  • 0

Advertisements


#17
jkabat

jkabat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
ComboFix 13-03-19.01 - Jessie 03/19/2013 7:25.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3687.2372 [GMT -4:00]
Running from: c:\users\Jessie\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-02-19 to 2013-03-19 )))))))))))))))))))))))))))))))
.
.
2013-03-19 11:41 . 2013-03-19 11:41 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C954082C-C550-4C78-B728-00B5A69FA430}\offreg.dll
2013-03-19 11:41 . 2013-03-19 11:41 35664 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C954082C-C550-4C78-B728-00B5A69FA430}\MpKslfd642d2d.sys
2013-03-19 11:40 . 2013-03-19 11:40 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-03-19 11:40 . 2013-03-19 11:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-19 11:40 . 2013-03-19 11:40 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-03-18 02:24 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C954082C-C550-4C78-B728-00B5A69FA430}\mpengine.dll
2013-03-18 02:14 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-16 03:10 . 2013-03-06 22:33 377920 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-03-16 03:10 . 2013-03-06 22:33 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-03-16 03:10 . 2013-03-06 22:33 70992 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-03-16 03:10 . 2013-03-06 22:33 68920 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-03-16 03:10 . 2013-03-06 22:33 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-03-16 03:10 . 2013-03-06 22:33 178624 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-03-16 03:10 . 2013-03-06 22:33 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-03-16 03:10 . 2013-03-06 22:33 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-03-16 03:10 . 2013-03-06 22:32 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-16 03:09 . 2013-03-06 22:32 41664 ----a-w- c:\windows\avastSS.scr
2013-03-16 03:08 . 2013-03-16 03:08 -------- d-----w- c:\program files\AVAST Software
2013-03-16 03:07 . 2013-03-16 03:08 -------- d-----w- c:\programdata\AVAST Software
2013-03-13 22:10 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-13 12:49 . 2013-03-13 12:49 -------- d-----w- C:\bab0277241d68e0d82426f
2013-03-12 20:27 . 2012-11-28 19:26 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6671647A-D593-488C-A849-D3C86E0F9E6F}\gapaengine.dll
2013-02-28 02:42 . 2013-01-13 20:08 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-02-27 13:39 . 2013-02-27 13:39 -------- d-----w- c:\windows\Temp82CDD929-2E6E-2530-5D64-35AA60D79BF9-Signatures
2013-02-27 13:38 . 2013-02-27 13:38 -------- d-----w- C:\92727f19c0eaaa9427c34e
2013-02-24 14:40 . 2013-02-24 14:40 -------- d-----w- c:\users\Jessie\AppData\Local\Programs
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-12 21:03 . 2012-11-25 22:05 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-12 21:03 . 2011-11-24 03:13 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-12 05:45 . 2013-03-13 13:03 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 13:03 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 13:03 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 13:03 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 13:03 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 13:03 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-30 10:53 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-20 20:59 . 2013-01-20 20:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 20:59 . 2011-04-27 22:25 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-05 05:53 . 2013-02-13 13:29 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-13 13:29 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 13:29 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-02-13 13:29 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-13 13:29 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-13 13:29 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-13 13:29 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-13 13:29 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-13 13:29 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-13 13:29 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-13 13:29 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-13 13:29 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-13 13:29 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-19 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R3 82506647;82506647; [x]
R3 aswVmm;aswVmm; [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-09 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 aswRvrt;aswRvrt; [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2011-03-24 36992]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-30 14784]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 MpKslfd642d2d;MpKslfd642d2d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C954082C-C550-4C78-B728-00B5A69FA430}\MpKslfd642d2d.sys [2013-03-19 35664]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-08 204288]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-03-06 80816]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2011-07-28 313448]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-17 533096]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-04-13 1143912]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLFD642D2D
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-13 02:26 1629648 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-25 21:03]
.
2013-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-19 09:12]
.
2013-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-19 09:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-29 11905128]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
DPF: {20BBA18F-5BC8-47B5-8FC9-5DFCA8E56A4B} - hxxps://mpi.dacom.net/XMPI/js/LGUplus_XMPI_20110503.cab
DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} - hxxps://mpi.dacom.net/XPayMPI/XPayMPI.cab
DPF: {7C98E005-7DA3-4C02-8D9F-FAA9C4D1C343} - hxxp://service.ewha.ac.kr:88/web_kiosk_061100/ReportX/ictReportX.cab
DPF: {AC2CE4A7-75CE-4B11-B245-CE697861C3C1} - hxxp://ems.shinhanlife.co.kr/automail/initech/mail_pki/downn/INISAFEMailv4.cab
DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxps://www.vpay.co.kr/kvpfiles_new/KVPISPCTLD_VISTA64.cab
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-01330967.sys
SafeBoot-35968523.sys
SafeBoot-49229991.sys
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\\.\globalroot\systemroot\svchost.exe
.
**************************************************************************
.
Completion time: 2013-03-19 07:53:29 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-19 11:53
.
Pre-Run: 248,111,722,496 bytes free
Post-Run: 248,947,118,080 bytes free
.
- - End Of File - - 6FF477E1E887AE34772513507AC72FEF
  • 0

#18
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts

Upon reboot I restarted Security Essentials. It continues to put up big red warnings that the computer is infected.


Can you open Security Essentials and give me some more info about this warning. There should be description of warning.
  • 0

#19
jkabat

jkabat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Security Essentials detected a potential threat on your PC.

Additional Cleaning Required.
Dectected threats could not be cleaned. To complete the cleaning process you need to download Defender offline.

Potential Threat: Trojan:DOS/Aleuron.A alter level: severe

I did that prior to starting this thread. Defender offline said all was clean. When restarting normally, Security Essentials repeated the warning of detected threat.

Thanks
  • 0

#20
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. Looks like we still have work to do.

Step 1

Please run TDSSKiller one more time an dpost log here for me.

Step 2

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post aswMBR.txt in your next reply
  • Also, aswMBR will save additional file named MBR.dat. Attach it to your next reply

Step 3

  • Run OTL.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

Step 4

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • aswMBR log
  • New OTL scan log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#21
jkabat

jkabat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
Hi,

I ran tdsskiller first. From the reboot the Security essentials icon has been green.

I ran aswMBR and OTL. I will paste all logs in individual replies below.

I haven't seen any avira pop-up notices since tdsskiller either.

Computer seems to be running well.

THanks.


  • 0

#22
jkabat

jkabat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
There are 3 different TDS notes. I will paste each to its own reply:

08:52:31.0187 5088 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
08:52:31.0998 5088 ============================================================
08:52:31.0998 5088 Current date / time: 2013/03/19 08:52:31.0998
08:52:31.0998 5088 SystemInfo:
08:52:31.0998 5088
08:52:31.0998 5088 OS Version: 6.1.7601 ServicePack: 1.0
08:52:31.0998 5088 Product type: Workstation
08:52:31.0998 5088 ComputerName: JESSIE-PC
08:52:31.0998 5088 UserName: Jessie
08:52:31.0998 5088 Windows directory: C:\windows
08:52:31.0998 5088 System windows directory: C:\windows
08:52:31.0998 5088 Running under WOW64
08:52:31.0998 5088 Processor architecture: Intel x64
08:52:31.0998 5088 Number of processors: 2
08:52:31.0998 5088 Page size: 0x1000
08:52:31.0998 5088 Boot type: Normal boot
08:52:31.0998 5088 ============================================================
08:52:35.0602 5088 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:52:35.0617 5088 ============================================================
08:52:35.0617 5088 \Device\Harddisk0\DR0:
08:52:35.0633 5088 MBR partitions:
08:52:35.0633 5088 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x234C4000
08:52:35.0633 5088 ============================================================
08:52:35.0680 5088 C: <-> \Device\Harddisk0\DR0\Partition1
08:52:35.0680 5088 ============================================================
08:52:35.0680 5088 Initialize success
08:52:35.0680 5088 ============================================================
08:52:47.0973 4808 Deinitialize success



  • 0

#23
jkabat

jkabat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
08:55:46.0365 2660 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
08:55:46.0615 2660 ============================================================
08:55:46.0615 2660 Current date / time: 2013/03/19 08:55:46.0615
08:55:46.0615 2660 SystemInfo:
08:55:46.0615 2660
08:55:46.0615 2660 OS Version: 6.1.7601 ServicePack: 1.0
08:55:46.0615 2660 Product type: Workstation
08:55:46.0615 2660 ComputerName: JESSIE-PC
08:55:46.0615 2660 UserName: Jessie
08:55:46.0615 2660 Windows directory: C:\windows
08:55:46.0615 2660 System windows directory: C:\windows
08:55:46.0615 2660 Running under WOW64
08:55:46.0615 2660 Processor architecture: Intel x64
08:55:46.0615 2660 Number of processors: 2
08:55:46.0615 2660 Page size: 0x1000
08:55:46.0615 2660 Boot type: Normal boot
08:55:46.0615 2660 ============================================================
08:55:49.0235 2660 BG loaded
08:55:50.0671 2660 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:55:50.0811 2660 ============================================================
08:55:50.0811 2660 \Device\Harddisk0\DR0:
08:55:50.0873 2660 MBR partitions:
08:55:50.0873 2660 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x234C4000
08:55:50.0873 2660 ============================================================
08:55:51.0092 2660 C: <-> \Device\Harddisk0\DR0\Partition1
08:55:51.0092 2660 ============================================================
08:55:51.0092 2660 Initialize success
08:55:51.0092 2660 ============================================================
08:56:15.0675 3868 ============================================================
08:56:15.0675 3868 Scan started
08:56:15.0675 3868 Mode: Manual; SigCheck; TDLFS;
08:56:15.0675 3868 ============================================================
08:56:22.0071 3868 ================ Scan system memory ========================
08:56:22.0071 3868 System memory - ok
08:56:22.0071 3868 ================ Scan services =============================
08:56:25.0784 3868 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
08:56:26.0190 3868 1394ohci - ok
08:56:26.0346 3868 82506647 - ok
08:56:26.0564 3868 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
08:56:26.0658 3868 ACPI - ok
08:56:26.0720 3868 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
08:56:26.0892 3868 AcpiPmi - ok
08:56:31.0930 3868 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:56:32.0024 3868 AdobeFlashPlayerUpdateSvc - ok
08:56:32.0508 3868 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
08:56:32.0773 3868 adp94xx - ok
08:56:32.0960 3868 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
08:56:33.0022 3868 adpahci - ok
08:56:33.0178 3868 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
08:56:33.0428 3868 adpu320 - ok
08:56:33.0646 3868 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
08:56:33.0802 3868 AeLookupSvc - ok
08:56:33.0958 3868 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
08:56:34.0052 3868 AFD - ok
08:56:34.0161 3868 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
08:56:34.0317 3868 agp440 - ok
08:56:34.0426 3868 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
08:56:34.0629 3868 ALG - ok
08:56:34.0676 3868 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
08:56:34.0785 3868 aliide - ok
08:56:34.0926 3868 [ 2F2E91FD092811353C3BC968BEC274D8 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
08:56:35.0097 3868 AMD External Events Utility - ok
08:56:35.0175 3868 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
08:56:35.0316 3868 amdide - ok
08:56:35.0362 3868 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
08:56:35.0518 3868 AmdK8 - ok
08:56:37.0983 3868 [ 194D76D2083318A2E7071A988E02ECF4 ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys
08:56:38.0280 3868 amdkmdag - ok
08:56:38.0436 3868 [ 1EEFFCE9A3A65A56A28793EAA3F57026 ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
08:56:38.0529 3868 amdkmdap - ok
08:56:38.0638 3868 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
08:56:38.0701 3868 AmdPPM - ok
08:56:38.0748 3868 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
08:56:38.0810 3868 amdsata - ok
08:56:38.0904 3868 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
08:56:38.0982 3868 amdsbs - ok
08:56:39.0028 3868 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
08:56:39.0106 3868 amdxata - ok
08:56:39.0200 3868 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
08:56:39.0450 3868 AppID - ok
08:56:39.0574 3868 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
08:56:39.0762 3868 AppIDSvc - ok
08:56:39.0808 3868 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
08:56:39.0980 3868 Appinfo - ok
08:56:40.0027 3868 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
08:56:40.0105 3868 arc - ok
08:56:40.0230 3868 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
08:56:40.0339 3868 arcsas - ok
08:56:40.0510 3868 [ B217378ED9A964E15346A67FEF609A17 ] aswFsBlk C:\windows\system32\drivers\aswFsBlk.sys
08:56:41.0618 3868 aswFsBlk - ok
08:56:41.0930 3868 [ E92635BB235B03ED03B17CBB59F77FA4 ] aswMonFlt C:\windows\system32\drivers\aswMonFlt.sys
08:56:41.0992 3868 aswMonFlt - ok
08:56:42.0211 3868 [ 8F90459AFB7FD4557D935CE639EF6110 ] aswRdr C:\windows\System32\Drivers\aswrdr2.sys
08:56:42.0258 3868 aswRdr - ok
08:56:42.0320 3868 [ DE6759B8D8E62BF0FFF2B05F05AFCEE6 ] aswRvrt C:\windows\system32\drivers\aswRvrt.sys
08:56:42.0398 3868 aswRvrt - ok
08:56:42.0694 3868 [ AB8B4D3136D18A20777036E0F0CFC5E1 ] aswSnx C:\windows\system32\drivers\aswSnx.sys
08:56:42.0772 3868 aswSnx - ok
08:56:43.0069 3868 [ 97D4D725BD32C965119E6C8E252F8C64 ] aswSP C:\windows\system32\drivers\aswSP.sys
08:56:43.0147 3868 aswSP - ok
08:56:43.0584 3868 [ D62C10D1829C65115111C160EA956260 ] aswTdi C:\windows\system32\drivers\aswTdi.sys
08:56:43.0630 3868 aswTdi - ok
08:56:43.0693 3868 [ 7E44C2684A6CA779B9D07CB4BD3F649D ] aswVmm C:\windows\system32\drivers\aswVmm.sys
08:56:43.0755 3868 aswVmm - ok
08:56:43.0786 3868 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
08:56:43.0911 3868 AsyncMac - ok
08:56:43.0974 3868 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
08:56:44.0005 3868 atapi - ok
08:56:44.0223 3868 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
08:56:44.0379 3868 AudioEndpointBuilder - ok
08:56:44.0520 3868 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
08:56:44.0644 3868 AudioSrv - ok
08:56:44.0941 3868 [ 41735B82DB57E4EBE9504EC400FD120E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
08:56:45.0003 3868 avast! Antivirus - ok
08:56:45.0066 3868 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
08:56:45.0253 3868 AxInstSV - ok
08:56:45.0440 3868 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
08:56:45.0565 3868 b06bdrv - ok
08:56:45.0705 3868 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
08:56:45.0799 3868 b57nd60a - ok
08:56:45.0861 3868 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
08:56:45.0970 3868 BDESVC - ok
08:56:46.0017 3868 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
08:56:46.0189 3868 Beep - ok
08:56:46.0423 3868 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
08:56:46.0563 3868 BFE - ok
08:56:46.0782 3868 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll
08:56:46.0938 3868 BITS - ok
08:56:46.0953 3868 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
08:56:47.0016 3868 blbdrive - ok
08:56:47.0062 3868 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
08:56:47.0125 3868 bowser - ok
08:56:47.0140 3868 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
08:56:47.0265 3868 BrFiltLo - ok
08:56:47.0312 3868 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
08:56:47.0437 3868 BrFiltUp - ok
08:56:47.0468 3868 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
08:56:47.0577 3868 BridgeMP - ok
08:56:47.0624 3868 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
08:56:47.0702 3868 Browser - ok
08:56:47.0764 3868 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
08:56:47.0889 3868 Brserid - ok
08:56:47.0936 3868 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
08:56:48.0014 3868 BrSerWdm - ok
08:56:48.0045 3868 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
08:56:48.0123 3868 BrUsbMdm - ok
08:56:48.0201 3868 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
08:56:48.0342 3868 BrUsbSer - ok
08:56:48.0373 3868 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
08:56:48.0466 3868 BTHMODEM - ok
08:56:48.0544 3868 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
08:56:48.0732 3868 bthserv - ok
08:56:49.0356 3868 catchme - ok
08:56:49.0387 3868 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
08:56:49.0527 3868 cdfs - ok
08:56:49.0621 3868 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
08:56:49.0668 3868 cdrom - ok
08:56:49.0730 3868 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
08:56:49.0886 3868 CertPropSvc - ok
08:56:49.0933 3868 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
08:56:50.0011 3868 circlass - ok
08:56:50.0120 3868 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
08:56:50.0167 3868 CLFS - ok
08:56:50.0370 3868 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:56:50.0541 3868 clr_optimization_v2.0.50727_32 - ok
08:56:50.0619 3868 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:56:50.0697 3868 clr_optimization_v2.0.50727_64 - ok
08:56:50.0806 3868 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:56:50.0869 3868 clr_optimization_v4.0.30319_32 - ok
08:56:50.0916 3868 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:56:50.0962 3868 clr_optimization_v4.0.30319_64 - ok
08:56:50.0978 3868 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
08:56:51.0134 3868 CmBatt - ok
08:56:51.0165 3868 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
08:56:51.0228 3868 cmdide - ok
08:56:51.0259 3868 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
08:56:51.0352 3868 CNG - ok
08:56:51.0430 3868 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
08:56:51.0477 3868 Compbatt - ok
08:56:51.0508 3868 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
08:56:51.0586 3868 CompositeBus - ok
08:56:51.0602 3868 COMSysApp - ok
08:56:51.0633 3868 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
08:56:51.0680 3868 crcdisk - ok
08:56:51.0742 3868 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
08:56:51.0805 3868 CryptSvc - ok
08:56:51.0883 3868 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
08:56:52.0008 3868 DcomLaunch - ok
08:56:52.0117 3868 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
08:56:52.0257 3868 defragsvc - ok
08:56:52.0304 3868 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
08:56:52.0413 3868 DfsC - ok
08:56:52.0569 3868 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
08:56:52.0663 3868 Dhcp - ok
08:56:52.0694 3868 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
08:56:52.0803 3868 discache - ok
08:56:52.0881 3868 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
08:56:52.0975 3868 Disk - ok
08:56:53.0053 3868 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
08:56:53.0131 3868 Dnscache - ok
08:56:53.0178 3868 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
08:56:53.0302 3868 dot3svc - ok
08:56:53.0365 3868 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
08:56:53.0490 3868 DPS - ok
08:56:53.0505 3868 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
08:56:53.0583 3868 drmkaud - ok
08:56:53.0630 3868 [ 85DBF6EC7BDFA6187F4A1EC8F3145CD0 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
08:56:53.0708 3868 DXGKrnl - ok
08:56:53.0770 3868 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
08:56:53.0895 3868 EapHost - ok
08:56:54.0192 3868 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
08:56:54.0379 3868 ebdrv - ok
08:56:54.0426 3868 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
08:56:54.0472 3868 EFS - ok
08:56:54.0535 3868 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
08:56:54.0660 3868 ehRecvr - ok
08:56:54.0691 3868 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
08:56:54.0738 3868 ehSched - ok
08:56:54.0784 3868 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
08:56:54.0847 3868 elxstor - ok
08:56:54.0862 3868 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
08:56:54.0909 3868 ErrDev - ok
08:56:55.0003 3868 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
08:56:55.0128 3868 EventSystem - ok
08:56:55.0159 3868 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
08:56:55.0268 3868 exfat - ok
08:56:55.0284 3868 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
08:56:55.0408 3868 fastfat - ok
08:56:55.0471 3868 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
08:56:55.0533 3868 Fax - ok
08:56:55.0564 3868 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
08:56:55.0627 3868 fdc - ok
08:56:55.0658 3868 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
08:56:55.0752 3868 fdPHost - ok
08:56:55.0783 3868 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
08:56:55.0892 3868 FDResPub - ok
08:56:55.0908 3868 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
08:56:55.0954 3868 FileInfo - ok
08:56:55.0970 3868 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
08:56:56.0095 3868 Filetrace - ok
08:56:56.0110 3868 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
08:56:56.0157 3868 flpydisk - ok
08:56:56.0188 3868 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
08:56:56.0235 3868 FltMgr - ok
08:56:56.0282 3868 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\windows\system32\FntCache.dll
08:56:56.0360 3868 FontCache - ok
08:56:56.0422 3868 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:56:56.0469 3868 FontCache3.0.0.0 - ok
08:56:56.0500 3868 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
08:56:56.0532 3868 FsDepends - ok
08:56:56.0547 3868 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
08:56:56.0594 3868 Fs_Rec - ok
08:56:56.0625 3868 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
08:56:56.0688 3868 fvevol - ok
08:56:56.0719 3868 [ 60ACB128E64C35C2B4E4AAB1B0A5C293 ] FwLnk C:\windows\system32\DRIVERS\FwLnk.sys
08:56:56.0750 3868 FwLnk - ok
08:56:56.0781 3868 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
08:56:56.0812 3868 gagp30kx - ok
08:56:56.0875 3868 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
08:56:56.0984 3868 gpsvc - ok
08:56:57.0109 3868 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:56:57.0156 3868 gupdate - ok
08:56:57.0171 3868 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:56:57.0202 3868 gupdatem - ok
08:56:57.0234 3868 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
08:56:57.0280 3868 gusvc - ok
08:56:57.0312 3868 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
08:56:57.0374 3868 hcw85cir - ok
08:56:57.0405 3868 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
08:56:57.0483 3868 HdAudAddService - ok
08:56:57.0514 3868 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
08:56:57.0577 3868 HDAudBus - ok
08:56:57.0624 3868 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
08:56:57.0670 3868 HidBatt - ok
08:56:57.0764 3868 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
08:56:57.0826 3868 HidBth - ok
08:56:57.0873 3868 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
08:56:57.0920 3868 HidIr - ok
08:56:57.0936 3868 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
08:56:58.0060 3868 hidserv - ok
08:56:58.0092 3868 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
08:56:58.0138 3868 HidUsb - ok
08:56:58.0170 3868 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
08:56:58.0279 3868 hkmsvc - ok
08:56:58.0310 3868 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
08:56:58.0372 3868 HomeGroupListener - ok
08:56:58.0419 3868 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
08:56:58.0497 3868 HomeGroupProvider - ok
08:56:58.0544 3868 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
08:56:58.0606 3868 HpSAMD - ok
08:56:58.0684 3868 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
08:56:58.0825 3868 HTTP - ok
08:56:58.0872 3868 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
08:56:58.0918 3868 hwpolicy - ok
08:56:58.0965 3868 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
08:56:58.0996 3868 i8042prt - ok
08:56:59.0074 3868 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
08:56:59.0137 3868 iaStorV - ok
08:56:59.0262 3868 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:56:59.0324 3868 idsvc - ok
08:56:59.0355 3868 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
08:56:59.0402 3868 iirsp - ok
08:56:59.0496 3868 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
08:56:59.0636 3868 IKEEXT - ok
08:56:59.0948 3868 [ 0A30A899C6295F908729EDA7F95615A8 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
08:57:00.0073 3868 IntcAzAudAddService - ok
08:57:00.0104 3868 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
08:57:00.0151 3868 intelide - ok
08:57:00.0166 3868 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\drivers\intelppm.sys
08:57:00.0229 3868 intelppm - ok
08:57:00.0260 3868 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
08:57:00.0400 3868 IPBusEnum - ok
08:57:00.0416 3868 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
08:57:00.0525 3868 IpFilterDriver - ok
08:57:00.0900 3868 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
08:57:00.0978 3868 iphlpsvc - ok
08:57:01.0024 3868 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
08:57:01.0087 3868 IPMIDRV - ok
08:57:01.0134 3868 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
08:57:01.0243 3868 IPNAT - ok
08:57:01.0274 3868 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
08:57:01.0336 3868 IRENUM - ok
08:57:01.0368 3868 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
08:57:01.0399 3868 isapnp - ok
08:57:01.0461 3868 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
08:57:01.0524 3868 iScsiPrt - ok
08:57:01.0570 3868 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
08:57:01.0602 3868 kbdclass - ok
08:57:01.0648 3868 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
08:57:01.0726 3868 kbdhid - ok
08:57:01.0758 3868 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
08:57:01.0804 3868 KeyIso - ok
08:57:01.0851 3868 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
08:57:01.0882 3868 KSecDD - ok
08:57:01.0914 3868 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
08:57:01.0960 3868 KSecPkg - ok
08:57:02.0007 3868 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
08:57:02.0132 3868 ksthunk - ok
08:57:02.0210 3868 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
08:57:02.0397 3868 KtmRm - ok
08:57:02.0491 3868 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll
08:57:02.0662 3868 LanmanServer - ok
08:57:02.0756 3868 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
08:57:02.0912 3868 LanmanWorkstation - ok
08:57:02.0974 3868 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
08:57:03.0115 3868 lltdio - ok
08:57:03.0224 3868 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
08:57:03.0396 3868 lltdsvc - ok
08:57:03.0458 3868 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
08:57:03.0567 3868 lmhosts - ok
08:57:03.0692 3868 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
08:57:03.0739 3868 LSI_FC - ok
08:57:03.0786 3868 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
08:57:03.0817 3868 LSI_SAS - ok
08:57:03.0848 3868 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
08:57:03.0879 3868 LSI_SAS2 - ok
08:57:03.0910 3868 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
08:57:03.0957 3868 LSI_SCSI - ok
08:57:03.0988 3868 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
08:57:04.0129 3868 luafv - ok
08:57:04.0176 3868 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\windows\system32\drivers\mbam.sys
08:57:04.0238 3868 MBAMProtector - ok
08:57:04.0332 3868 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
08:57:04.0378 3868 MBAMScheduler - ok
08:57:04.0456 3868 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
08:57:04.0519 3868 MBAMService - ok
08:57:04.0628 3868 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
08:57:04.0722 3868 Mcx2Svc - ok
08:57:04.0784 3868 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
08:57:04.0831 3868 megasas - ok
08:57:04.0846 3868 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
08:57:04.0893 3868 MegaSR - ok
08:57:04.0924 3868 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
08:57:05.0049 3868 MMCSS - ok
08:57:05.0080 3868 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
08:57:05.0205 3868 Modem - ok
08:57:05.0236 3868 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
08:57:05.0299 3868 monitor - ok
08:57:05.0330 3868 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
08:57:05.0377 3868 mouclass - ok
08:57:05.0377 3868 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
08:57:05.0439 3868 mouhid - ok
08:57:05.0486 3868 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
08:57:05.0517 3868 mountmgr - ok
08:57:05.0564 3868 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys
08:57:05.0611 3868 MpFilter - ok
08:57:05.0642 3868 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
08:57:05.0673 3868 mpio - ok
08:57:05.0845 3868 [ 0EBB390B7AEEC45EC061D9870A34FD42 ] MpKsl10b4c302 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C52080FF-C318-4387-B394-CB1E50E95591}\MpKsl10b4c302.sys
08:57:05.0892 3868 MpKsl10b4c302 - ok
08:57:05.0954 3868 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
08:57:06.0079 3868 mpsdrv - ok
08:57:06.0188 3868 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
08:57:06.0344 3868 MpsSvc - ok
08:57:06.0360 3868 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
08:57:06.0438 3868 MRxDAV - ok
08:57:06.0469 3868 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
08:57:06.0547 3868 mrxsmb - ok
08:57:06.0562 3868 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
08:57:06.0625 3868 mrxsmb10 - ok
08:57:06.0640 3868 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
08:57:06.0687 3868 mrxsmb20 - ok
08:57:06.0718 3868 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
08:57:06.0750 3868 msahci - ok
08:57:06.0781 3868 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
08:57:06.0828 3868 msdsm - ok
08:57:06.0859 3868 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
08:57:06.0906 3868 MSDTC - ok
08:57:06.0984 3868 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
08:57:07.0077 3868 Msfs - ok
08:57:07.0108 3868 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
08:57:07.0218 3868 mshidkmdf - ok
08:57:07.0249 3868 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
08:57:07.0296 3868 msisadrv - ok
08:57:07.0358 3868 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
08:57:07.0483 3868 MSiSCSI - ok
08:57:07.0483 3868 msiserver - ok
08:57:07.0514 3868 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
08:57:07.0623 3868 MSKSSRV - ok
08:57:07.0748 3868 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
08:57:07.0795 3868 MsMpSvc - ok
08:57:07.0826 3868 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
08:57:07.0935 3868 MSPCLOCK - ok
08:57:07.0966 3868 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
08:57:08.0076 3868 MSPQM - ok
08:57:08.0122 3868 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
08:57:08.0185 3868 MsRPC - ok
08:57:08.0216 3868 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
08:57:08.0247 3868 mssmbios - ok
08:57:08.0325 3868 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
08:57:08.0434 3868 MSTEE - ok
08:57:08.0481 3868 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
08:57:08.0544 3868 MTConfig - ok
08:57:08.0653 3868 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
08:57:08.0684 3868 Mup - ok
08:57:08.0840 3868 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
08:57:08.0980 3868 napagent - ok
08:57:09.0121 3868 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
08:57:09.0214 3868 NativeWifiP - ok
08:57:09.0277 3868 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
08:57:09.0355 3868 NDIS - ok
08:57:09.0386 3868 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
08:57:09.0511 3868 NdisCap - ok
08:57:09.0542 3868 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
08:57:09.0651 3868 NdisTapi - ok
08:57:09.0667 3868 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
08:57:09.0807 3868 Ndisuio - ok
08:57:09.0838 3868 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
08:57:09.0963 3868 NdisWan - ok
08:57:09.0994 3868 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
08:57:10.0104 3868 NDProxy - ok
08:57:10.0197 3868 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
08:57:10.0306 3868 NetBIOS - ok
08:57:10.0353 3868 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
08:57:10.0478 3868 NetBT - ok
08:57:10.0494 3868 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
08:57:10.0556 3868 Netlogon - ok
08:57:10.0681 3868 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
08:57:10.0852 3868 Netman - ok
08:57:10.0915 3868 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
08:57:11.0040 3868 netprofm - ok
08:57:11.0086 3868 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:57:11.0149 3868 NetTcpPortSharing - ok
08:57:11.0196 3868 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
08:57:11.0227 3868 nfrd960 - ok
08:57:11.0274 3868 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys
08:57:11.0320 3868 NisDrv - ok
08:57:11.0352 3868 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
08:57:11.0398 3868 NisSrv - ok
08:57:11.0445 3868 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
08:57:11.0508 3868 NlaSvc - ok
08:57:11.0539 3868 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
08:57:11.0632 3868 Npfs - ok
08:57:11.0664 3868 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
08:57:11.0773 3868 nsi - ok
08:57:11.0788 3868 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
08:57:11.0898 3868 nsiproxy - ok
08:57:11.0991 3868 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
08:57:12.0100 3868 Ntfs - ok
08:57:12.0116 3868 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
08:57:12.0210 3868 Null - ok
08:57:12.0256 3868 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
08:57:12.0288 3868 nvraid - ok
08:57:12.0334 3868 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
08:57:12.0366 3868 nvstor - ok
08:57:12.0397 3868 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
08:57:12.0444 3868 nv_agp - ok
08:57:12.0459 3868 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
08:57:12.0506 3868 ohci1394 - ok
08:57:12.0662 3868 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:57:12.0724 3868 ose - ok
08:57:12.0927 3868 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:57:13.0239 3868 osppsvc - ok
08:57:13.0286 3868 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
08:57:13.0348 3868 p2pimsvc - ok
08:57:13.0395 3868 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
08:57:13.0458 3868 p2psvc - ok
08:57:13.0489 3868 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
08:57:13.0536 3868 Parport - ok
08:57:13.0551 3868 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
08:57:13.0598 3868 partmgr - ok
08:57:13.0614 3868 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
08:57:13.0692 3868 PcaSvc - ok
08:57:13.0723 3868 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
08:57:13.0754 3868 pci - ok
08:57:13.0770 3868 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\DRIVERS\pciide.sys
08:57:13.0816 3868 pciide - ok
08:57:13.0832 3868 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
08:57:13.0879 3868 pcmcia - ok
08:57:13.0894 3868 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
08:57:13.0941 3868 pcw - ok
08:57:13.0972 3868 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
08:57:14.0097 3868 PEAUTH - ok
08:57:14.0175 3868 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
08:57:14.0238 3868 PerfHost - ok
08:57:14.0300 3868 [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
08:57:14.0347 3868 PGEffect - ok
08:57:14.0425 3868 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
08:57:14.0581 3868 pla - ok
08:57:14.0893 3868 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
08:57:14.0955 3868 PlugPlay - ok
08:57:15.0002 3868 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
08:57:15.0064 3868 PNRPAutoReg - ok
08:57:15.0096 3868 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
08:57:15.0142 3868 PNRPsvc - ok
08:57:15.0189 3868 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
08:57:15.0314 3868 PolicyAgent - ok
08:57:15.0345 3868 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
08:57:15.0470 3868 Power - ok
08:57:15.0501 3868 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
08:57:15.0610 3868 PptpMiniport - ok
08:57:15.0642 3868 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
08:57:15.0688 3868 Processor - ok
08:57:15.0720 3868 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
08:57:15.0782 3868 ProfSvc - ok
08:57:15.0813 3868 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
08:57:15.0844 3868 ProtectedStorage - ok
08:57:15.0876 3868 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
08:57:15.0985 3868 Psched - ok
08:57:16.0047 3868 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
08:57:16.0141 3868 ql2300 - ok
08:57:16.0172 3868 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
08:57:16.0203 3868 ql40xx - ok
08:57:16.0250 3868 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
08:57:16.0312 3868 QWAVE - ok
08:57:16.0328 3868 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
08:57:16.0390 3868 QWAVEdrv - ok
08:57:16.0422 3868 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
08:57:16.0531 3868 RasAcd - ok
08:57:16.0640 3868 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
08:57:16.0734 3868 RasAgileVpn - ok
08:57:16.0765 3868 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
08:57:16.0874 3868 RasAuto - ok
08:57:16.0905 3868 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
08:57:17.0014 3868 Rasl2tp - ok
08:57:17.0046 3868 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
08:57:17.0155 3868 RasMan - ok
08:57:17.0170 3868 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
08:57:17.0280 3868 RasPppoe - ok
08:57:17.0311 3868 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
08:57:17.0420 3868 RasSstp - ok
08:57:17.0451 3868 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
08:57:17.0576 3868 rdbss - ok
08:57:17.0592 3868 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
08:57:17.0670 3868 rdpbus - ok
08:57:17.0685 3868 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
08:57:17.0794 3868 RDPCDD - ok
08:57:17.0826 3868 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
08:57:17.0935 3868 RDPENCDD - ok
08:57:17.0966 3868 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
08:57:18.0060 3868 RDPREFMP - ok
08:57:18.0106 3868 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
08:57:18.0153 3868 RDPWD - ok
08:57:18.0184 3868 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
08:57:18.0231 3868 rdyboost - ok
08:57:18.0262 3868 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
08:57:18.0372 3868 RemoteAccess - ok
08:57:18.0403 3868 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
08:57:18.0512 3868 RemoteRegistry - ok
08:57:18.0574 3868 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
08:57:18.0684 3868 RpcEptMapper - ok
08:57:18.0730 3868 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
08:57:18.0777 3868 RpcLocator - ok
08:57:18.0808 3868 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\System32\rpcss.dll
08:57:18.0918 3868 RpcSs - ok
08:57:18.0933 3868 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
08:57:19.0042 3868 rspndr - ok
08:57:19.0089 3868 [ 36FCA0C67BCDC0DA047F5F36743B5CB9 ] RSUSBVSTOR C:\windows\system32\Drivers\RtsUVStor.sys
08:57:19.0136 3868 RSUSBVSTOR - ok
08:57:19.0183 3868 [ E50CFB92986DCAB49DE93788FD695813 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
08:57:19.0230 3868 RTL8167 - ok
08:57:19.0292 3868 [ 513338976B722822B555D739D78F9E9F ] RTL8192Ce C:\windows\system32\DRIVERS\rtl8192Ce.sys
08:57:19.0354 3868 RTL8192Ce - ok
08:57:19.0370 3868 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
08:57:19.0417 3868 SamSs - ok
08:57:19.0448 3868 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
08:57:19.0510 3868 sbp2port - ok
08:57:19.0526 3868 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
08:57:19.0635 3868 SCardSvr - ok
08:57:19.0666 3868 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
08:57:19.0776 3868 scfilter - ok
08:57:19.0822 3868 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
08:57:19.0963 3868 Schedule - ok
08:57:20.0010 3868 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
08:57:20.0103 3868 SCPolicySvc - ok
08:57:20.0134 3868 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
08:57:20.0197 3868 SDRSVC - ok
08:57:20.0228 3868 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
08:57:20.0337 3868 secdrv - ok
08:57:20.0368 3868 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
08:57:20.0462 3868 seclogon - ok
08:57:20.0493 3868 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
08:57:20.0602 3868 SENS - ok
08:57:20.0634 3868 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
08:57:20.0712 3868 SensrSvc - ok
08:57:20.0758 3868 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
08:57:20.0821 3868 Serenum - ok
08:57:20.0836 3868 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
08:57:20.0914 3868 Serial - ok
08:57:20.0930 3868 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
08:57:20.0992 3868 sermouse - ok
08:57:21.0055 3868 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
08:57:21.0180 3868 SessionEnv - ok
08:57:21.0195 3868 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
08:57:21.0242 3868 sffdisk - ok
08:57:21.0273 3868 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
08:57:21.0336 3868 sffp_mmc - ok
08:57:21.0351 3868 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
08:57:21.0429 3868 sffp_sd - ok
08:57:21.0445 3868 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
08:57:21.0492 3868 sfloppy - ok
08:57:21.0601 3868 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
08:57:21.0710 3868 SharedAccess - ok
08:57:21.0741 3868 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
08:57:21.0866 3868 ShellHWDetection - ok
08:57:21.0882 3868 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
08:57:21.0928 3868 SiSRaid2 - ok
08:57:21.0960 3868 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
08:57:22.0006 3868 SiSRaid4 - ok
08:57:22.0022 3868 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
08:57:22.0147 3868 Smb - ok
08:57:22.0209 3868 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
08:57:22.0272 3868 SNMPTRAP - ok
08:57:22.0287 3868 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
08:57:22.0334 3868 spldr - ok
08:57:22.0428 3868 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
08:57:22.0490 3868 Spooler - ok
08:57:22.0771 3868 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
08:57:22.0974 3868 sppsvc - ok
08:57:23.0005 3868 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
08:57:23.0114 3868 sppuinotify - ok
08:57:23.0145 3868 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
08:57:23.0208 3868 srv - ok
08:57:23.0254 3868 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
08:57:23.0317 3868 srv2 - ok
08:57:23.0332 3868 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
08:57:23.0379 3868 srvnet - ok
08:57:23.0410 3868 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
08:57:23.0535 3868 SSDPSRV - ok
08:57:23.0551 3868 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
08:57:23.0660 3868 SstpSvc - ok
08:57:23.0676 3868 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
08:57:23.0722 3868 stexstor - ok
08:57:23.0754 3868 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
08:57:23.0832 3868 stisvc - ok
08:57:23.0863 3868 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
08:57:23.0894 3868 swenum - ok
08:57:23.0956 3868 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
08:57:24.0097 3868 swprv - ok
08:57:24.0175 3868 [ 06D602A637E171E151853F1D8ECD34F1 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
08:57:24.0253 3868 SynTP - ok
08:57:24.0346 3868 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
08:57:24.0456 3868 SysMain - ok
08:57:24.0487 3868 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
08:57:24.0580 3868 TabletInputService - ok
08:57:24.0674 3868 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
08:57:24.0877 3868 TapiSrv - ok
08:57:24.0877 3868 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
08:57:24.0986 3868 TBS - ok
08:57:25.0064 3868 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\windows\system32\drivers\tcpip.sys
08:57:25.0173 3868 Tcpip - ok
08:57:25.0220 3868 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
08:57:25.0329 3868 TCPIP6 - ok
08:57:25.0376 3868 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
08:57:25.0407 3868 tcpipreg - ok
08:57:25.0438 3868 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
08:57:25.0485 3868 tdcmdpst - ok
08:57:25.0516 3868 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
08:57:25.0563 3868 TDPIPE - ok
08:57:25.0594 3868 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
08:57:25.0657 3868 TDTCP - ok
08:57:25.0672 3868 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
08:57:25.0766 3868 tdx - ok
08:57:25.0782 3868 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
08:57:25.0828 3868 TermDD - ok
08:57:25.0875 3868 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
08:57:26.0016 3868 TermService - ok
08:57:26.0047 3868 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
08:57:26.0094 3868 Themes - ok
08:57:26.0140 3868 [ 7F35CA8296A52C7161088EB1D952E8ED ] Thpdrv C:\windows\system32\DRIVERS\thpdrv.sys
08:57:26.0187 3868 Thpdrv - ok
08:57:26.0203 3868 [ B4E609047434ED948AF7BDEF2FA66E38 ] Thpevm C:\windows\system32\DRIVERS\Thpevm.SYS
08:57:26.0234 3868 Thpevm - ok
08:57:26.0281 3868 [ 0B4734AE9EC70B843DF02E7B1C056377 ] Thpsrv C:\windows\system32\ThpSrv.exe
08:57:26.0328 3868 Thpsrv ( UnsignedFile.Multi.Generic ) - warning
08:57:26.0328 3868 Thpsrv - detected UnsignedFile.Multi.Generic (1)
08:57:26.0359 3868 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
08:57:26.0468 3868 THREADORDER - ok
08:57:26.0593 3868 [ 71C321649B28638EE80A2EEB164C1DC8 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
08:57:26.0686 3868 TMachInfo - ok
08:57:26.0764 3868 [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv C:\windows\system32\TODDSrv.exe
08:57:26.0827 3868 TODDSrv - ok
08:57:26.0920 3868 [ 1C73689B900428C7D054A41C4687F55C ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
08:57:26.0983 3868 TosCoSrv - ok
08:57:27.0014 3868 [ 29D0886CF250FCEF1BF9E65AB8D2C0C8 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
08:57:27.0061 3868 TOSHIBA HDD SSD Alert Service - ok
08:57:27.0108 3868 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
08:57:27.0248 3868 TrkWks - ok
08:57:27.0310 3868 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
08:57:27.0404 3868 TrustedInstaller - ok
08:57:27.0435 3868 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
08:57:27.0544 3868 tssecsrv - ok
08:57:27.0576 3868 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
08:57:27.0622 3868 TsUsbFlt - ok
08:57:27.0654 3868 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
08:57:27.0700 3868 TsUsbGD - ok
08:57:27.0732 3868 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
08:57:27.0825 3868 tunnel - ok
08:57:27.0856 3868 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
08:57:27.0888 3868 TVALZ - ok
08:57:27.0903 3868 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
08:57:27.0950 3868 uagp35 - ok
08:57:27.0981 3868 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
08:57:28.0122 3868 udfs - ok
08:57:28.0184 3868 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
08:57:28.0246 3868 UI0Detect - ok
08:57:28.0293 3868 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
08:57:28.0324 3868 uliagpkx - ok
08:57:28.0356 3868 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
08:57:28.0418 3868 umbus - ok
08:57:28.0449 3868 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
08:57:28.0496 3868 UmPass - ok
08:57:28.0668 3868 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
08:57:28.0777 3868 upnphost - ok
08:57:28.0870 3868 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
08:57:28.0933 3868 usbccgp - ok
08:57:28.0964 3868 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
08:57:29.0011 3868 usbcir - ok
08:57:29.0042 3868 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
08:57:29.0089 3868 usbehci - ok
08:57:29.0120 3868 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
08:57:29.0198 3868 usbhub - ok
08:57:29.0229 3868 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
08:57:29.0292 3868 usbohci - ok
08:57:29.0307 3868 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
08:57:29.0370 3868 usbprint - ok
08:57:29.0416 3868 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
08:57:29.0463 3868 usbscan - ok
08:57:29.0494 3868 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
08:57:29.0557 3868 USBSTOR - ok
08:57:29.0572 3868 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
08:57:29.0635 3868 usbuhci - ok
08:57:29.0650 3868 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
08:57:29.0713 3868 usbvideo - ok
08:57:29.0744 3868 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
08:57:29.0853 3868 UxSms - ok
08:57:29.0900 3868 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
08:57:29.0947 3868 VaultSvc - ok
08:57:29.0978 3868 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
08:57:30.0009 3868 vdrvroot - ok
08:57:30.0056 3868 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
08:57:30.0165 3868 vds - ok
08:57:30.0196 3868 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
08:57:30.0243 3868 vga - ok
08:57:30.0259 3868 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
08:57:30.0368 3868 VgaSave - ok
08:57:30.0399 3868 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
08:57:30.0446 3868 vhdmp - ok
08:57:30.0462 3868 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
08:57:30.0508 3868 viaide - ok
08:57:30.0524 3868 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
08:57:30.0696 3868 volmgr - ok
08:57:30.0961 3868 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
08:57:31.0008 3868 volmgrx - ok
08:57:31.0039 3868 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\windows\system32\drivers\volsnap.sys
08:57:31.0086 3868 volsnap - ok
08:57:31.0117 3868 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
08:57:31.0164 3868 vsmraid - ok
08:57:31.0242 3868 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
08:57:31.0413 3868 VSS - ok
08:57:31.0460 3868 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
08:57:31.0522 3868 vwifibus - ok
08:57:31.0554 3868 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
08:57:31.0616 3868 vwififlt - ok
08:57:31.0647 3868 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
08:57:31.0694 3868 vwifimp - ok
08:57:31.0741 3868 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
08:57:31.0866 3868 W32Time - ok
08:57:31.0897 3868 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
08:57:31.0944 3868 WacomPen - ok
08:57:31.0975 3868 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
08:57:32.0084 3868 WANARP - ok
08:57:32.0100 3868 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
08:57:32.0193 3868 Wanarpv6 - ok
08:57:32.0271 3868 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
08:57:32.0349 3868 WatAdminSvc - ok
08:57:32.0412 3868 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
08:57:32.0521 3868 wbengine - ok
08:57:32.0848 3868 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
08:57:32.0942 3868 WbioSrvc - ok
08:57:33.0004 3868 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
08:57:33.0114 3868 wcncsvc - ok
08:57:33.0145 3868 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
08:57:33.0192 3868 WcsPlugInService - ok
08:57:33.0223 3868 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
08:57:33.0270 3868 Wd - ok
08:57:33.0316 3868 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
08:57:33.0379 3868 Wdf01000 - ok
08:57:33.0394 3868 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
08:57:33.0472 3868 WdiServiceHost - ok
08:57:33.0488 3868 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
08:57:33.0550 3868 WdiSystemHost - ok
08:57:33.0582 3868 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
08:57:33.0675 3868 WebClient - ok
08:57:33.0691 3868 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
08:57:33.0800 3868 Wecsvc - ok
08:57:33.0847 3868 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
08:57:33.0956 3868 wercplsupport - ok
08:57:33.0987 3868 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
08:57:34.0096 3868 WerSvc - ok
08:57:34.0143 3868 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
08:57:34.0237 3868 WfpLwf - ok
08:57:34.0252 3868 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
08:57:34.0284 3868 WIMMount - ok
08:57:34.0315 3868 WinDefend - ok
08:57:34.0330 3868 WinHttpAutoProxySvc - ok
08:57:34.0393 3868 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
08:57:34.0564 3868 Winmgmt - ok
08:57:35.0438 3868 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
08:57:35.0625 3868 WinRM - ok
08:57:35.0766 3868 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
08:57:35.0859 3868 Wlansvc - ok
08:57:35.0906 3868 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
08:57:35.0968 3868 wlcrasvc - ok
08:57:36.0078 3868 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:57:36.0249 3868 wlidsvc - ok
08:57:36.0327 3868 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
08:57:36.0468 3868 WmiAcpi - ok
08:57:36.0514 3868 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
08:57:36.0748 3868 wmiApSrv - ok
08:57:36.0873 3868 WMPNetworkSvc - ok
08:57:36.0951 3868 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
08:57:37.0138 3868 WPCSvc - ok
08:57:37.0201 3868 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
08:57:37.0341 3868 WPDBusEnum - ok
08:57:37.0435 3868 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
08:57:37.0622 3868 ws2ifsl - ok
08:57:37.0700 3868 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll
08:57:37.0887 3868 wscsvc - ok
08:57:37.0887 3868 WSearch - ok
08:57:38.0184 3868 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
08:57:38.0324 3868 wuauserv - ok
08:57:38.0418 3868 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
08:57:38.0480 3868 WudfPf - ok
08:57:38.0542 3868 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
08:57:38.0683 3868 WUDFRd - ok
08:57:38.0776 3868 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
08:57:38.0932 3868 wudfsvc - ok
08:57:39.0026 3868 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
08:57:39.0104 3868 WwanSvc - ok
08:57:39.0151 3868 ================ Scan global ===============================
08:57:39.0260 3868 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
08:57:39.0338 3868 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
08:57:39.0369 3868 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
08:57:39.0416 3868 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
08:57:39.0510 3868 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
08:57:39.0541 3868 [Global] - ok
08:57:39.0541 3868 ================ Scan MBR ==================================
08:57:39.0572 3868 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
08:57:39.0572 3868 Suspicious mbr (Forged): \Device\Harddisk0\DR0
08:57:39.0681 3868 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
08:57:39.0697 3868 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
08:57:39.0900 3868 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
08:57:39.0900 3868 \Device\Harddisk0\DR0 - detected TDSS File System (1)
08:57:39.0900 3868 ================ Scan VBR ==================================
08:57:39.0915 3868 [ 097449B306C9E02264A8382D8BBE3894 ] \Device\Harddisk0\DR0\Partition1
08:57:39.0931 3868 \Device\Harddisk0\DR0\Partition1 - ok
08:57:39.0931 3868 ================ Scan active images ========================
08:57:39.0946 3868 [ 3E588B60EC061686BA05D33574A344C6 ] C:\Windows\System32\drivers\crashdmp.sys
08:57:39.0946 3868 C:\Windows\System32\drivers\crashdmp.sys - ok
08:57:39.0962 3868 [ 839B5FE3D48E9F35B22C21A3D5103F6C ] C:\Windows\System32\drivers\Dumpata.sys
08:57:39.0962 3868 C:\Windows\System32\drivers\Dumpata.sys - ok
08:57:39.0993 3868 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] C:\Windows\System32\drivers\msahci.sys
08:57:39.0993 3868 C:\Windows\System32\drivers\msahci.sys - ok
08:57:40.0009 3868 [ 814DB88F2641691575A455CF25354098 ] C:\Windows\System32\drivers\dumpfve.sys
08:57:40.0009 3868 C:\Windows\System32\drivers\dumpfve.sys - ok
08:57:40.0024 3868 [ F036CE71586E93D94DAB220D7BDF4416 ] C:\Windows\System32\drivers\cdrom.sys
08:57:40.0024 3868 C:\Windows\System32\drivers\cdrom.sys - ok
08:57:40.0040 3868 [ AB8B4D3136D18A20777036E0F0CFC5E1 ] C:\Windows\System32\drivers\aswSnx.sys
08:57:40.0040 3868 C:\Windows\System32\drivers\aswSnx.sys - ok
08:57:40.0056 3868 [ 16A47CE2DECC9B099349A5F840654746 ] C:\Windows\System32\drivers\beep.sys
08:57:40.0056 3868 C:\Windows\System32\drivers\beep.sys - ok
08:57:40.0071 3868 [ 9899284589F75FA8724FF3D16AED75C1 ] C:\Windows\System32\drivers\null.sys
08:57:40.0071 3868 C:\Windows\System32\drivers\null.sys - ok
08:57:40.0071 3868 [ FC438D1430B28618E2D0C7C332A710AD ] C:\Windows\System32\drivers\watchdog.sys
08:57:40.0071 3868 C:\Windows\System32\drivers\watchdog.sys - ok
08:57:40.0087 3868 [ CEA6CC257FC9B7715F1C2B4849286D24 ] C:\Windows\System32\drivers\RDPCDD.sys
08:57:40.0087 3868 C:\Windows\System32\drivers\RDPCDD.sys - ok
08:57:40.0102 3868 [ 53E92A310193CB3C03BEA963DE7D9CFC ] C:\Windows\System32\drivers\vga.sys
08:57:40.0102 3868 C:\Windows\System32\drivers\vga.sys - ok
08:57:40.0118 3868 [ E7353D59C9842BC7299FAEB7E7E09340 ] C:\Windows\System32\drivers\videoprt.sys
08:57:40.0118 3868 C:\Windows\System32\drivers\videoprt.sys - ok
08:57:40.0134 3868 [ BB5971A4F00659529A5C44831AF22365 ] C:\Windows\System32\drivers\RDPENCDD.sys
08:57:40.0134 3868 C:\Windows\System32\drivers\RDPENCDD.sys - ok
08:57:40.0149 3868 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] C:\Windows\System32\drivers\msfs.sys
08:57:40.0149 3868 C:\Windows\System32\drivers\msfs.sys - ok
08:57:40.0165 3868 [ 216F3FA57533D98E1F74DED70113177A ] C:\Windows\System32\drivers\RDPREFMP.sys
08:57:40.0165 3868 C:\Windows\System32\drivers\RDPREFMP.sys - ok
08:57:40.0180 3868 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] C:\Windows\System32\drivers\npfs.sys
08:57:40.0180 3868 C:\Windows\System32\drivers\npfs.sys - ok
08:57:40.0196 3868 [ 6F020A220388ECA0AB6062DC27BD16B6 ] C:\Windows\System32\drivers\tdi.sys
08:57:40.0196 3868 C:\Windows\System32\drivers\tdi.sys - ok
08:57:40.0212 3868 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] C:\Windows\System32\drivers\tdx.sys
08:57:40.0212 3868 C:\Windows\System32\drivers\tdx.sys - ok
08:57:40.0212 3868 [ D62C10D1829C65115111C160EA956260 ] C:\Windows\System32\drivers\aswTdi.sys
08:57:40.0212 3868 C:\Windows\System32\drivers\aswTdi.sys - ok
08:57:40.0227 3868 [ 1C7857B62DE5994A75B054A9FD4C3825 ] C:\Windows\System32\drivers\afd.sys
08:57:40.0227 3868 C:\Windows\System32\drivers\afd.sys - ok
08:57:40.0243 3868 [ 8F90459AFB7FD4557D935CE639EF6110 ] C:\Windows\System32\drivers\aswRdr2.sys
08:57:40.0243 3868 C:\Windows\System32\drivers\aswRdr2.sys - ok
08:57:40.0258 3868 [ 09594D1089C523423B32A4229263F068 ] C:\Windows\System32\drivers\netbt.sys
08:57:40.0258 3868 C:\Windows\System32\drivers\netbt.sys - ok
08:57:40.0274 3868 [ 611B23304BF067451A9FDEE01FBDD725 ] C:\Windows\System32\drivers\wfplwf.sys
08:57:40.0274 3868 C:\Windows\System32\drivers\wfplwf.sys - ok
08:57:40.0290 3868 [ 6BCC1D7D2FD2453957C5479A32364E52 ] C:\Windows\System32\drivers\ws2ifsl.sys
08:57:40.0290 3868 C:\Windows\System32\drivers\ws2ifsl.sys - ok
08:57:40.0290 3868 [ 0557CF5A2556BD58E26384169D72438D ] C:\Windows\System32\drivers\pacer.sys
08:57:40.0290 3868 C:\Windows\System32\drivers\pacer.sys - ok
08:57:40.0305 3868 [ 86743D9F5D2B1048062B14B1D84501C4 ] C:\Windows\System32\drivers\netbios.sys
08:57:40.0305 3868 C:\Windows\System32\drivers\netbios.sys - ok
08:57:40.0321 3868 [ 6A3D66263414FF0D6FA754C646612F3F ] C:\Windows\System32\drivers\vwififlt.sys
08:57:40.0321 3868 C:\Windows\System32\drivers\vwififlt.sys - ok
08:57:40.0336 3868 [ 356AFD78A6ED4457169241AC3965230C ] C:\Windows\System32\drivers\wanarp.sys
08:57:40.0336 3868 C:\Windows\System32\drivers\wanarp.sys - ok
08:57:40.0352 3868 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] C:\Windows\System32\drivers\termdd.sys
08:57:40.0352 3868 C:\Windows\System32\drivers\termdd.sys - ok
08:57:40.0368 3868 [ E7F5AE18AF4168178A642A9247C63001 ] C:\Windows\System32\drivers\nsiproxy.sys
08:57:40.0368 3868 C:\Windows\System32\drivers\nsiproxy.sys - ok
08:57:40.0383 3868 [ 77F665941019A1594D887A74F301FA2F ] C:\Windows\System32\drivers\rdbss.sys
08:57:40.0383 3868 C:\Windows\System32\drivers\rdbss.sys - ok
08:57:40.0399 3868 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] C:\Windows\System32\drivers\mssmbios.sys
08:57:40.0399 3868 C:\Windows\System32\drivers\mssmbios.sys - ok
08:57:40.0414 3868 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] C:\Windows\System32\drivers\dfsc.sys
08:57:40.0414 3868 C:\Windows\System32\drivers\dfsc.sys - ok
08:57:40.0430 3868 [ 13096B05847EC78F0977F2C0F79E9AB3 ] C:\Windows\System32\drivers\discache.sys
08:57:40.0430 3868 C:\Windows\System32\drivers\discache.sys - ok
08:57:40.0446 3868 [ 61583EE3C3A17003C4ACD0475646B4D3 ] C:\Windows\System32\drivers\blbdrive.sys
08:57:40.0446 3868 C:\Windows\System32\drivers\blbdrive.sys - ok
08:57:40.0461 3868 [ 97D4D725BD32C965119E6C8E252F8C64 ] C:\Windows\System32\drivers\aswSP.sys
08:57:40.0461 3868 C:\Windows\System32\drivers\aswSP.sys - ok
08:57:40.0477 3868 [ 3566A8DAAFA27AF944F5D705EAA64894 ] C:\Windows\System32\drivers\tunnel.sys
08:57:40.0477 3868 C:\Windows\System32\drivers\tunnel.sys - ok
08:57:40.0492 3868 [ 1911A3356FA3F77CCC825CCBAC038C2A ] C:\Windows\System32\smss.exe
08:57:40.0492 3868 C:\Windows\System32\smss.exe - ok
08:57:40.0508 3868 [ 1E56388B3FE0D031C44144EB8C4D6217 ] C:\Windows\System32\drivers\amdppm.sys
08:57:40.0508 3868 C:\Windows\System32\drivers\amdppm.sys - ok
08:57:40.0524 3868 [ 1EEFFCE9A3A65A56A28793EAA3F57026 ] C:\Windows\System32\drivers\atikmpag.sys
08:57:40.0524 3868 C:\Windows\System32\drivers\atikmpag.sys - ok
08:57:40.0539 3868 [ CF95B85FF8D128385ABD411C8CA74DED ] C:\Windows\System32\ntdll.dll
08:57:40.0539 3868 C:\Windows\System32\ntdll.dll - ok
08:57:40.0555 3868 [ 3B536A8BEC3B4F23FFDFD78B11A2AB93 ] C:\Windows\System32\autochk.exe
08:57:40.0555 3868 C:\Windows\System32\autochk.exe - ok
08:57:40.0570 3868 [ 194D76D2083318A2E7071A988E02ECF4 ] C:\Windows\System32\drivers\atikmdag.sys
08:57:40.0570 3868 C:\Windows\System32\drivers\atikmdag.sys - ok
08:57:40.0586 3868 [ 85DBF6EC7BDFA6187F4A1EC8F3145CD0 ] C:\Windows\System32\drivers\dxgkrnl.sys
08:57:40.0586 3868 C:\Windows\System32\drivers\dxgkrnl.sys - ok
08:57:40.0602 3868 [ D0BF5B74A3B75F5B07DF04DA258A29B9 ] C:\Windows\System32\drivers\dxgmms1.sys
08:57:40.0602 3868 C:\Windows\System32\drivers\dxgmms1.sys - ok
08:57:40.0617 3868 [ FD542B661BD22FA69CA789AD0AC58C29 ] C:\Windows\System32\drivers\tdcmdpst.sys
08:57:40.0617 3868 C:\Windows\System32\drivers\tdcmdpst.sys - ok
08:57:40.0633 3868 [ AE259C75F9A0B057B6BF9E9695632B09 ] C:\Windows\System32\drivers\usbport.sys
08:57:40.0633 3868 C:\Windows\System32\drivers\usbport.sys - ok
08:57:40.0633 3868 [ C025055FE7B87701EB042095DF1A2D7B ] C:\Windows\System32\drivers\usbehci.sys
08:57:40.0633 3868 C:\Windows\System32\drivers\usbehci.sys - ok
08:57:40.0648 3868 [ 9840FC418B4CBD632D3D0A667A725C31 ] C:\Windows\System32\drivers\usbohci.sys
08:57:40.0648 3868 C:\Windows\System32\drivers\usbohci.sys - ok
08:57:40.0664 3868 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] C:\Windows\System32\drivers\hdaudbus.sys
08:57:40.0664 3868 C:\Windows\System32\drivers\hdaudbus.sys - ok
08:57:40.0680 3868 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] C:\Windows\System32\drivers\i8042prt.sys
08:57:40.0680 3868 C:\Windows\System32\drivers\i8042prt.sys - ok
08:57:40.0695 3868 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] C:\Windows\System32\drivers\kbdclass.sys
08:57:40.0695 3868 C:\Windows\System32\drivers\kbdclass.sys - ok
08:57:40.0711 3868 [ CCA2AB1752A61F29C3C941CD79D78CEA ] C:\Windows\System32\drivers\usbd.sys
08:57:40.0711 3868 C:\Windows\System32\drivers\usbd.sys - ok
08:57:40.0726 3868 [ 06D602A637E171E151853F1D8ECD34F1 ] C:\Windows\System32\drivers\SynTP.sys
08:57:40.0726 3868 C:\Windows\System32\drivers\SynTP.sys - ok
08:57:40.0742 3868 [ 7D27EA49F3C1F687D357E77A470AEA99 ] C:\Windows\System32\drivers\mouclass.sys
08:57:40.0742 3868 C:\Windows\System32\drivers\mouclass.sys - ok
08:57:40.0758 3868 [ 0840155D0BDDF1190F84A663C284BD33 ] C:\Windows\System32\drivers\CmBatt.sys
08:57:40.0758 3868 C:\Windows\System32\drivers\CmBatt.sys - ok
08:57:40.0773 3868 [ 513338976B722822B555D739D78F9E9F ] C:\Windows\System32\drivers\rtl8192ce.sys
08:57:40.0773 3868 C:\Windows\System32\drivers\rtl8192ce.sys - ok
08:57:40.0773 3868 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] C:\Windows\System32\drivers\vwifibus.sys
08:57:40.0773 3868 C:\Windows\System32\drivers\vwifibus.sys - ok
08:57:40.0789 3868 [ E50CFB92986DCAB49DE93788FD695813 ] C:\Windows\System32\drivers\Rt64win7.sys
08:57:40.0789 3868 C:\Windows\System32\drivers\Rt64win7.sys - ok
08:57:40.0804 3868 [ 03EDB043586CCEBA243D689BDDA370A8 ] C:\Windows\System32\drivers\CompositeBus.sys
08:57:40.0804 3868 C:\Windows\System32\drivers\CompositeBus.sys - ok
08:57:40.0820 3868 [ 60ACB128E64C35C2B4E4AAB1B0A5C293 ] C:\Windows\System32\drivers\FwLnk.sys
08:57:40.0820 3868 C:\Windows\System32\drivers\FwLnk.sys - ok
08:57:40.0836 3868 [ 7ECFF9B22276B73F43A99A15A6094E90 ] C:\Windows\System32\drivers\agilevpn.sys
08:57:40.0836 3868 C:\Windows\System32\drivers\agilevpn.sys - ok
08:57:40.0851 3868 [ 30639C932D9FEF22B31268FE25A1B6E5 ] C:\Windows\System32\drivers\ndistapi.sys
08:57:40.0851 3868 C:\Windows\System32\drivers\ndistapi.sys - ok
08:57:40.0867 3868 [ 471815800AE33E6F1C32FB1B97C490CA ] C:\Windows\System32\drivers\rasl2tp.sys
08:57:40.0867 3868 C:\Windows\System32\drivers\rasl2tp.sys - ok
08:57:40.0882 3868 [ 53F7305169863F0A2BDDC49E116C2E11 ] C:\Windows\System32\drivers\ndiswan.sys
08:57:40.0882 3868 C:\Windows\System32\drivers\ndiswan.sys - ok
08:57:40.0898 3868 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] C:\Windows\System32\drivers\raspppoe.sys
08:57:40.0898 3868 C:\Windows\System32\drivers\raspppoe.sys - ok
08:57:40.0914 3868 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] C:\Windows\System32\drivers\raspptp.sys
08:57:40.0914 3868 C:\Windows\System32\drivers\raspptp.sys - ok
08:57:40.0929 3868 [ E8B1E447B008D07FF47D016C2B0EEECB ] C:\Windows\System32\drivers\rassstp.sys
08:57:40.0929 3868 C:\Windows\System32\drivers\rassstp.sys - ok
08:57:40.0945 3868 [ 24FBF5CC5C04150073C315A7C83521EE ] C:\Windows\System32\drivers\ks.sys
08:57:40.0945 3868 C:\Windows\System32\drivers\ks.sys - ok
08:57:40.0960 3868 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] C:\Windows\System32\drivers\swenum.sys
08:57:40.0960 3868 C:\Windows\System32\drivers\swenum.sys - ok
08:57:40.0976 3868 [ DC54A574663A895C8763AF0FA1FF7561 ] C:\Windows\System32\drivers\umbus.sys
08:57:40.0976 3868 C:\Windows\System32\drivers\umbus.sys - ok
08:57:40.0976 3868 [ 287C6C9410B111B68B52CA298F7B8C24 ] C:\Windows\System32\drivers\usbhub.sys
08:57:40.0976 3868 C:\Windows\System32\drivers\usbhub.sys - ok
08:57:40.0992 3868 [ D202223587518B13D72D68937B7E3F70 ] C:\Windows\System32\lpk.dll
08:57:40.0992 3868 C:\Windows\System32\lpk.dll - ok
08:57:41.0007 3868 [ C391FC68282A000CDF953F8B6B55D2EF ] C:\Windows\System32\msvcrt.dll
08:57:41.0007 3868 C:\Windows\System32\msvcrt.dll - ok
08:57:41.0023 3868 [ 044FE45FFD6AD40E3BBBE60B7F41BABE ] C:\Windows\System32\nsi.dll
08:57:41.0023 3868 C:\Windows\System32\nsi.dll - ok
08:57:41.0038 3868 [ 0611473C1AD9E2D991CD9482068417F7 ] C:\Windows\System32\rpcrt4.dll
08:57:41.0038 3868 C:\Windows\System32\rpcrt4.dll - ok
08:57:41.0054 3868 [ C06B32165E23A72A898B7A89679AD754 ] C:\Windows\System32\oleaut32.dll
08:57:41.0054 3868 C:\Windows\System32\oleaut32.dll - ok
08:57:41.0070 3868 [ 4E4FFB09D895AA000DD56D1404F69A7E ] C:\Windows\System32\Wldap32.dll
08:57:41.0070 3868 C:\Windows\System32\Wldap32.dll - ok
08:57:41.0085 3868 [ 65C113214F7B05820F6D8A65B1485196 ] C:\Windows\System32\kernel32.dll
08:57:41.0085 3868 C:\Windows\System32\kernel32.dll - ok
08:57:41.0101 3868 [ C6689007B3A749C49A5438DCF36E0CE4 ] C:\Windows\System32\shell32.dll
08:57:41.0101 3868 C:\Windows\System32\shell32.dll - ok
08:57:41.0101 3868 [ C431EAF5CAA1C82CAC2534A2EAB348A3 ] C:\Windows\System32\msctf.dll
08:57:41.0101 3868 C:\Windows\System32\msctf.dll - ok
08:57:41.0116 3868 [ 83404DCBCE4925B6A5A77C5170F46D86 ] C:\Windows\System32\sechost.dll
08:57:41.0116 3868 C:\Windows\System32\sechost.dll - ok
08:57:41.0132 3868 [ FE70103391A64039A921DBFFF9C7AB1B ] C:\Windows\System32\user32.dll
08:57:41.0132 3868 C:\Windows\System32\user32.dll - ok
08:57:41.0148 3868 [ 6C60B5ACA7442EFB794082CDACFC001C ] C:\Windows\System32\ole32.dll
08:57:41.0148 3868 C:\Windows\System32\ole32.dll - ok
08:57:41.0163 3868 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] C:\Windows\System32\drivers\ndproxy.sys
08:57:41.0163 3868 C:\Windows\System32\drivers\ndproxy.sys - ok
08:57:41.0179 3868 [ 21D26064AEDB4988F785BB4A3A2C051E ] C:\Windows\System32\drivers\drmk.sys
08:57:41.0179 3868 C:\Windows\System32\drivers\drmk.sys - ok
08:57:41.0194 3868 [ 32E11315B5126921FFD9074840EF13D3 ] C:\Windows\System32\drivers\portcls.sys
08:57:41.0194 3868 C:\Windows\System32\drivers\portcls.sys - ok
08:57:41.0210 3868 [ 0A30A899C6295F908729EDA7F95615A8 ] C:\Windows\System32\drivers\RTKVHD64.sys
08:57:41.0210 3868 C:\Windows\System32\drivers\RTKVHD64.sys - ok
08:57:41.0226 3868 [ 6869281E78CB31A43E969F06B57347C4 ] C:\Windows\System32\drivers\ksthunk.sys
08:57:41.0226 3868 C:\Windows\System32\drivers\ksthunk.sys - ok
08:57:41.0241 3868 [ 6F1A3157A1C89435352CEB543CDB359C ] C:\Windows\System32\drivers\usbccgp.sys
08:57:41.0241 3868 C:\Windows\System32\drivers\usbccgp.sys - ok
08:57:41.0257 3868 [ 49EE2E52E6CD03947DAD72F65367BE06 ] C:\Windows\System32\drivers\hidparse.sys
08:57:41.0257 3868 C:\Windows\System32\drivers\hidparse.sys - ok
08:57:41.0272 3868 [ 8B0E40E7E8BBF5ACF390465609D89FF1 ] C:\Windows\System32\drivers\hidclass.sys
08:57:41.0272 3868 C:\Windows\System32\drivers\hidclass.sys - ok
08:57:41.0272 3868 [ 9592090A7E2B61CD582B612B6DF70536 ] C:\Windows\System32\drivers\hidusb.sys
08:57:41.0272 3868 C:\Windows\System32\drivers\hidusb.sys - ok
08:57:41.0288 3868 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] C:\Windows\System32\drivers\mouhid.sys
08:57:41.0288 3868 C:\Windows\System32\drivers\mouhid.sys - ok
08:57:41.0304 3868 [ 36FCA0C67BCDC0DA047F5F36743B5CB9 ] C:\Windows\System32\drivers\rtsuvstor.sys
08:57:41.0304 3868 C:\Windows\System32\drivers\rtsuvstor.sys - ok
08:57:41.0319 3868 [ 454800C2BC7F3927CE030141EE4F4C50 ] C:\Windows\System32\drivers\usbvideo.sys
08:57:41.0319 3868 C:\Windows\System32\drivers\usbvideo.sys - ok
08:57:41.0335 3868 [ 91111CEBBDE8015E822C46120ED9537C ] C:\Windows\System32\drivers\PGEffect.sys
08:57:41.0335 3868 C:\Windows\System32\drivers\PGEffect.sys - ok
08:57:41.0350 3868 [ D87E1E59C73C1F98D5DED5B3850C40F5 ] C:\Windows\System32\psapi.dll
08:57:41.0350 3868 C:\Windows\System32\psapi.dll - ok
08:57:41.0366 3868 [ A54A16DAE7497CDCB8C5A021C0F6FEB8 ] C:\Windows\System32\iertutil.dll
08:57:41.0366 3868 C:\Windows\System32\iertutil.dll - ok
08:57:41.0382 3868 [ 28C0B5024F5C5A438E78B188CFC81B7F ] C:\Windows\System32\normaliz.dll
08:57:41.0382 3868 C:\Windows\System32\normaliz.dll - ok
08:57:41.0397 3868 [ 5D8E6C95156ED1F79A63D1EADE6F9ED5 ] C:\Windows\System32\setupapi.dll
08:57:41.0397 3868 C:\Windows\System32\setupapi.dll - ok
08:57:41.0397 3868 [ FA274190682AA41A46B285208ED46A74 ] C:\Windows\System32\wininet.dll
08:57:41.0397 3868 C:\Windows\System32\wininet.dll - ok
08:57:41.0413 3868 [ 25983DE69B57142039AC8D95E71CD9C9 ] C:\Windows\System32\clbcatq.dll
08:57:41.0413 3868 C:\Windows\System32\clbcatq.dll - ok
08:57:41.0428 3868 [ 6DF46D2BD74E3DA1B45F08F10D172732 ] C:\Windows\System32\advapi32.dll
08:57:41.0428 3868 C:\Windows\System32\advapi32.dll - ok
08:57:41.0444 3868 [ 4BBFA57F594F7E8A8EDC8F377184C3F0 ] C:\Windows\System32\ws2_32.dll
08:57:41.0444 3868 C:\Windows\System32\ws2_32.dll - ok
08:57:41.0460 3868 [ EAF32CB8C1F810E4715B4DFBE785C7FF ] C:\Windows\System32\shlwapi.dll
08:57:41.0460 3868 C:\Windows\System32\shlwapi.dll - ok
08:57:41.0475 3868 [ FF1AAEDD4A1A0FC3C5ED66B4EE0B254A ] C:\Windows\System32\urlmon.dll
08:57:41.0475 3868 C:\Windows\System32\urlmon.dll - ok
08:57:41.0491 3868 [ DBF99FD9CAF75CA66D042BD8D050FF71 ] C:\Windows\System32\usp10.dll
08:57:41.0491 3868 C:\Windows\System32\usp10.dll - ok
08:57:41.0506 3868 [ 1084AA52CCC324EA54C7121FA24C2221 ] C:\Windows\System32\gdi32.dll
08:57:41.0506 3868 C:\Windows\System32\gdi32.dll - ok
08:57:41.0522 3868 [ A1BE6A720D02E37F72E9CD89AE9CB3CF ] C:\Windows\System32\imagehlp.dll
08:57:41.0522 3868 C:\Windows\System32\imagehlp.dll - ok
08:57:41.0538 3868 [ 9835E63E09F824D22B689D2BB789BAB9 ] C:\Windows\System32\comdlg32.dll
08:57:41.0538 3868 C:\Windows\System32\comdlg32.dll - ok
08:57:41.0538 3868 [ F7CE0C81C545364020ED8203CF0A633E ] C:\Windows\System32\difxapi.dll
08:57:41.0538 3868 C:\Windows\System32\difxapi.dll - ok
08:57:41.0553 3868 [ AA2C08CE85653B1A0D2E4AB407FA176C ] C:\Windows\System32\imm32.dll
08:57:41.0553 3868 C:\Windows\System32\imm32.dll - ok
08:57:41.0569 3868 [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\System32\comctl32.dll
08:57:41.0569 3868 C:\Windows\System32\comctl32.dll - ok
08:57:41.0584 3868 [ 06FEC9E8117103BB1141A560E98077DA ] C:\Windows\System32\devobj.dll
08:57:41.0584 3868 C:\Windows\System32\devobj.dll - ok
08:57:41.0600 3868 [ AA06902362B1422D7A7DA7061E07C624 ] C:\Windows\System32\wintrust.dll
08:57:41.0600 3868 C:\Windows\System32\wintrust.dll - ok
08:57:41.0600 3868 [ 2477A28081BDAEE622CF045ACF8EE124 ] C:\Windows\System32\cfgmgr32.dll
08:57:41.0600 3868 C:\Windows\System32\cfgmgr32.dll - ok
08:57:41.0616 3868 [ 12EE6FE9268CEE6D90FDCCBF89236C65 ] C:\Windows\System32\crypt32.dll
08:57:41.0616 3868 C:\Windows\System32\crypt32.dll - ok
08:57:41.0631 3868 [ 1F56F209585F350A5666E3CC7931FD67 ] C:\Windows\System32\KernelBase.dll
08:57:41.0631 3868 C:\Windows\System32\KernelBase.dll - ok
08:57:41.0647 3868 [ 884415BD4269C02EAF8E2613BF85500D ] C:\Windows\System32\msasn1.dll
08:57:41.0647 3868 C:\Windows\System32\msasn1.dll - ok
08:57:41.0662 3868 [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\SysWOW64\normaliz.dll
08:57:41.0662 3868 C:\Windows\SysWOW64\normaliz.dll - ok
08:57:41.0678 3868 [ BF24D6F2ED97FE830BFD52B246F98E67 ] C:\Windows\System32\drivers\dxapi.sys
08:57:41.0678 3868 C:\Windows\System32\drivers\dxapi.sys - ok
08:57:41.0694 3868 [ 59E21156113E438D1D91AF4FC0C3B19F ] C:\Windows\System32\win32k.sys
08:57:41.0694 3868 C:\Windows\System32\win32k.sys - ok
08:57:41.0709 3868 [ 60C2862B4BF0FD9F582EF344C2B1EC72 ] C:\Windows\System32\csrss.exe
08:57:41.0709 3868 C:\Windows\System32\csrss.exe - ok
08:57:41.0725 3868 [ 96F587CA26A6AA894BD8CACE4540CFFC ] C:\Windows\System32\csrsrv.dll
08:57:41.0725 3868 C:\Windows\System32\csrsrv.dll - ok
08:57:41.0740 3868 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\System32\basesrv.dll
08:57:41.0740 3868 C:\Windows\System32\basesrv.dll - ok
08:57:41.0756 3868 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\System32\winsrv.dll
08:57:41.0756 3868 C:\Windows\System32\winsrv.dll - ok
08:57:41.0756 3868 [ B03D591DC7DA45ECE20B3B467E6AADAA ] C:\Windows\System32\drivers\monitor.sys
08:57:41.0756 3868 C:\Windows\System32\drivers\monitor.sys - ok
08:57:41.0772 3868 [ F29FE765E1448EF371CFE05BFAC74ADB ] C:\Windows\System32\tsddd.dll
08:57:41.0772 3868 C:\Windows\System32\tsddd.dll - ok
08:57:41.0787 3868 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\System32\sxssrv.dll
08:57:41.0787 3868 C:\Windows\System32\sxssrv.dll - ok
08:57:41.0803 3868 [ 94355C28C1970635A31B3FE52EB7CEBA ] C:\Windows\System32\wininit.exe
08:57:41.0803 3868 C:\Windows\System32\wininit.exe - ok
08:57:41.0818 3868 [ 2C942733A5983DD4502219FF37C7EBC7 ] C:\Windows\System32\profapi.dll
08:57:41.0818 3868 C:\Windows\System32\profapi.dll - ok
08:57:41.0834 3868 [ C2A8CB1275ECB85D246A9ECC02A728E3 ] C:\Windows\System32\RpcRtRemote.dll
08:57:41.0834 3868 C:\Windows\System32\RpcRtRemote.dll - ok
08:57:41.0834 3868 [ 78523A26F5604C0568FE9D1CE86E36F4 ] C:\Windows\System32\KBDUS.DLL
08:57:41.0834 3868 C:\Windows\System32\KBDUS.DLL - ok
08:57:41.0850 3868 [ 943F527DF79E6B400104341AA7023C75 ] C:\Windows\System32\cdd.dll
08:57:41.0850 3868 C:\Windows\System32\cdd.dll - ok
08:57:41.0865 3868 [ 9CEAD32E79A62150FE9F8557E58E008B ] C:\Windows\System32\sxs.dll
08:57:41.0865 3868 C:\Windows\System32\sxs.dll - ok
08:57:41.0881 3868 [ B26B1801356760841C3BC69F9F91537F ] C:\Windows\System32\WlS0WndH.dll
08:57:41.0881 3868 C:\Windows\System32\WlS0WndH.dll - ok
08:57:41.0896 3868 [ 784FA3DF338E2E8F5F0389D6FAC428AF ] C:\Windows\System32\cryptbase.dll
08:57:41.0896 3868 C:\Windows\System32\cryptbase.dll - ok
08:57:41.0912 3868 [ 90499F3163A9F815CF196A205EA3CD5D ] C:\Windows\System32\apphelp.dll
08:57:41.0912 3868 C:\Windows\System32\apphelp.dll - ok
08:57:41.0928 3868 [ C118A82CD78818C29AB228366EBF81C3 ] C:\Windows\System32\lsass.exe
08:57:41.0928 3868 C:\Windows\System32\lsass.exe - ok
08:57:41.0943 3868 [ 9662EE182644511439F1C53745DC1C88 ] C:\Windows\System32\lsm.exe
08:57:41.0943 3868 C:\Windows\System32\lsm.exe - ok
08:57:41.0943 3868 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\System32\services.exe
08:57:41.0943 3868 C:\Windows\System32\services.exe - ok
08:57:41.0959 3868 [ 1151B1BAA6F350B1DB6598E0FEA7C457 ] C:\Windows\System32\winlogon.exe
08:57:41.0959 3868 C:\Windows\System32\winlogon.exe - ok
08:57:41.0974 3868 [ B66BC8B20B7F33975865B1DF99783FD8 ] C:\Windows\System32\sspicli.dll
08:57:41.0974 3868 C:\Windows\System32\sspicli.dll - ok
08:57:41.0990 3868 [ 3A0CE5FE781708CD6ABD55313607EC8B ] C:\Windows\System32\sspisrv.dll
08:57:41.0990 3868 C:\Windows\System32\sspisrv.dll - ok
08:57:42.0006 3868 [ 66A6063D0BAAD3F7B2B9868859E0743B ] C:\Windows\System32\lsasrv.dll
08:57:42.0006 3868 C:\Windows\System32\lsasrv.dll - ok
08:57:42.0021 3868 [ 0D9764D58C5EFD672B7184854B152E5E ] C:\Windows\System32\winsta.dll
08:57:42.0021 3868 C:\Windows\System32\winsta.dll - ok
08:57:42.0037 3868 [ E914A50A151DFFE63D3935226DB5E2C1 ] C:\Windows\System32\scext.dll
08:57:42.0037 3868 C:\Windows\System32\scext.dll - ok
08:57:42.0037 3868 [ 0144D8D75A0B12938AEEE859E3310A46 ] C:\Windows\System32\secur32.dll
08:57:42.0037 3868 C:\Windows\System32\secur32.dll - ok
08:57:42.0052 3868 [ 68083118797CAF30FB2EA3E71494D67E ] C:\Windows\System32\sysntfy.dll
08:57:42.0052 3868 C:\Windows\System32\sysntfy.dll - ok
08:57:42.0068 3868 [ DEE7267C5D232A3B816866872CE199E6 ] C:\Windows\System32\wmsgapi.dll
08:57:42.0068 3868 C:\Windows\System32\wmsgapi.dll - ok
08:57:42.0084 3868 [ BBCDF350817BA86416C0F06B6981BE8D ] C:\Windows\System32\scesrv.dll
08:57:42.0084 3868 C:\Windows\System32\scesrv.dll - ok
08:57:42.0099 3868 [ 3A9C9BAF610B0DD4967086040B3B62A9 ] C:\Windows\System32\srvcli.dll
08:57:42.0099 3868 C:\Windows\System32\srvcli.dll - ok
08:57:42.0115 3868 [ A744BA6E04C8AA4592818178DBF89521 ] C:\Windows\System32\samsrv.dll
08:57:42.0115 3868 C:\Windows\System32\samsrv.dll - ok
08:57:42.0115 3868 [ 3A061472B38233BAFF9CFEFF2E49C46B ] C:\Windows\System32\cryptdll.dll
08:57:42.0115 3868 C:\Windows\System32\cryptdll.dll - ok
08:57:42.0130 3868 [ 3C073B0C596A0AF84933E7406766B040 ] C:\Windows\System32\wevtapi.dll
08:57:42.0130 3868 C:\Windows\System32\wevtapi.dll - ok
08:57:42.0146 3868 [ 7FBEBD2229EA5FD48D41B199EC2D541C ] C:\Windows\System32\authz.dll
08:57:42.0146 3868 C:\Windows\System32\authz.dll - ok
08:57:42.0162 3868 [ 86FE1B1F8FD42CD0DB641AB1CDB13093 ] C:\Windows\System32\cngaudit.dll
08:57:42.0162 3868 C:\Windows\System32\cngaudit.dll - ok
08:57:42.0177 3868 [ 5F3307352216618221A17CFEF273EEE2 ] C:\Windows\System32\ncrypt.dll
08:57:42.0177 3868 C:\Windows\System32\ncrypt.dll - ok
08:57:42.0193 3868 [ B9A95365E52F421A20E1501935FADDA5 ] C:\Windows\System32\bcrypt.dll
08:57:42.0193 3868 C:\Windows\System32\bcrypt.dll - ok
08:57:42.0208 3868 [ 02B64609F865A39365FF88580DF11738 ] C:\Windows\System32\msprivs.dll
08:57:42.0208 3868 C:\Windows\System32\msprivs.dll - ok
08:57:42.0208 3868 [ C6505DE3561537BA1004D638C2F93F2F ] C:\Windows\System32\netjoin.dll
08:57:42.0224 3868 C:\Windows\System32\netjoin.dll - ok
08:57:42.0224 3868 [ 50532FCD7ECF02DD169CE5C485F02534 ] C:\Windows\System32\negoexts.dll
08:57:42.0224 3868 C:\Windows\System32\negoexts.dll - ok
08:57:42.0240 3868 [ 44E1A196DFCB53B01FE4B855C3B56A15 ] C:\Windows\System32\kerberos.dll
08:57:42.0240 3868 C:\Windows\System32\kerberos.dll - ok
08:57:42.0255 3868 [ D0C2FBB6D97416B0166478FC7AE2B212 ] C:\Windows\System32\cryptsp.dll
08:57:42.0255 3868 C:\Windows\System32\cryptsp.dll - ok
08:57:42.0271 3868 [ 94E026870A55AAEAFF7853C1754091E9 ] C:\Windows\System32\version.dll
08:57:42.0271 3868 C:\Windows\System32\version.dll - ok
08:57:42.0286 3868 [ 1D5185A4C7E6695431AE4B55C3D7D333 ] C:\Windows\System32\mswsock.dll
08:57:42.0286 3868 C:\Windows\System32\mswsock.dll - ok
08:57:42.0302 3868 [ EC7CBFF96B05ECF3D366355B3C64ADCF ] C:\Windows\System32\wship6.dll
08:57:42.0302 3868 C:\Windows\System32\wship6.dll - ok
08:57:42.0318 3868 [ EF12B8385AA2849999008A977918F96B ] C:\Windows\System32\msv1_0.dll
08:57:42.0318 3868 C:\Windows\System32\msv1_0.dll - ok
08:57:42.0318 3868 [ AA339DD8BB128EF66660DFBBB59043D3 ] C:\Windows\System32\netlogon.dll
08:57:42.0318 3868 C:\Windows\System32\netlogon.dll - ok
08:57:42.0333 3868 [ 492D07D79E7024CA310867B526D9636D ] C:\Windows\System32\dnsapi.dll
08:57:42.0333 3868 C:\Windows\System32\dnsapi.dll - ok
08:57:42.0349 3868 [ 8FFE297B8449386E7B6851458B6E474E ] C:\Windows\System32\logoncli.dll
08:57:42.0349 3868 C:\Windows\System32\logoncli.dll - ok
08:57:42.0364 3868 [ 1573C45E65DE32B1BC3572634F8F1E8E ] C:\Windows\System32\schannel.dll
08:57:42.0364 3868 C:\Windows\System32\schannel.dll - ok
08:57:42.0380 3868 [ 95FB6CA4374E343DDD653FCC43F9D26B ] C:\Windows\System32\wdigest.dll
08:57:42.0380 3868 C:\Windows\System32\wdigest.dll - ok
08:57:42.0380 3868 [ 5D8874A8C11DDDDE29E12DE0E2013493 ] C:\Windows\System32\rsaenh.dll
08:57:42.0380 3868 C:\Windows\System32\rsaenh.dll - ok
08:57:42.0396 3868 [ 8A25506B6948EFBD5A7F37E53CCD36D9 ] C:\Windows\System32\TSpkg.dll
08:57:42.0396 3868 C:\Windows\System32\TSpkg.dll - ok
08:57:42.0411 3868 [ E08088A97F95345E181C3DFCE2C615EF ] C:\Windows\System32\pku2u.dll
08:57:42.0411 3868 C:\Windows\System32\pku2u.dll - ok
08:57:42.0427 3868 [ 7DBA64AD70C2E2481C68D9E0F7CD7840 ] C:\Windows\System32\LIVESSP.DLL
08:57:42.0427 3868 C:\Windows\System32\LIVESSP.DLL - ok
08:57:42.0442 3868 [ D6C7780A364C6BBACFA796BAB9F1B374 ] C:\Windows\System32\bcryptprimitives.dll
08:57:42.0442 3868 C:\Windows\System32\bcryptprimitives.dll - ok
08:57:42.0458 3868 [ 90BDEFC5DF334E5100EAA781D798DE1A ] C:\Windows\System32\efslsaext.dll
08:57:42.0458 3868 C:\Windows\System32\efslsaext.dll - ok
08:57:42.0474 3868 [ 52D3D5E3586988D4D9E34ACAAC33105C ] C:\Windows\System32\credssp.dll
08:57:42.0474 3868 C:\Windows\System32\credssp.dll - ok
08:57:42.0474 3868 [ ED78427259134C63ED69804D2132B86C ] C:\Windows\System32\scecli.dll
08:57:42.0474 3868 C:\Windows\System32\scecli.dll - ok
08:57:42.0489 3868 [ 7CC7DF5B654DA579613F811D8C637E29 ] C:\Windows\System32\ubpm.dll
08:57:42.0489 3868 C:\Windows\System32\ubpm.dll - ok
08:57:42.0505 3868 [ 6F68F63794097E54F36474ED4384B759 ] C:\Windows\System32\svchost.exe
08:57:42.0505 3868 C:\Windows\System32\svchost.exe - ok
08:57:42.0520 3868 [ 25FBDEF06C4D92815B353F6E792C8129 ] C:\Windows\System32\umpnpmgr.dll
08:57:42.0520 3868 C:\Windows\System32\umpnpmgr.dll - ok
08:57:42.0536 3868 [ E6EB44ABAAF1F330119F854856C53EBE ] C:\Windows\System32\SPInf.dll
08:57:42.0536 3868 C:\Windows\System32\SPInf.dll - ok
08:57:42.0552 3868 [ CD1B5AD07E5F7FEF30E055DCC9E96180 ] C:\Windows\System32\devrtl.dll
08:57:42.0552 3868 C:\Windows\System32\devrtl.dll - ok
08:57:42.0567 3868 [ 7A17485DC7D8A7AC81321A42CD034519 ] C:\Windows\System32\userenv.dll
08:57:42.0567 3868 C:\Windows\System32\userenv.dll - ok
08:57:42.0583 3868 [ 9C9307C95671AC962F3D6EB3A4A89BAE ] C:\Windows\System32\gpapi.dll
08:57:42.0583 3868 C:\Windows\System32\gpapi.dll - ok
08:57:42.0583 3868 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] C:\Windows\System32\umpo.dll
08:57:42.0583 3868 C:\Windows\System32\umpo.dll - ok
08:57:42.0598 3868 [ F6C011B46FAEEF33536B2E80F48B5CBE ] C:\Windows\System32\pcwum.dll
08:57:42.0598 3868 C:\Windows\System32\pcwum.dll - ok
08:57:42.0614 3868 [ 716175021BDA290504CE434273F666BC ] C:\Windows\System32\powrprof.dll
08:57:42.0614 3868 C:\Windows\System32\powrprof.dll - ok
08:57:42.0630 3868 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] C:\Windows\System32\drivers\luafv.sys
08:57:42.0630 3868 C:\Windows\System32\drivers\luafv.sys - ok
08:57:42.0645 3868 [ E92635BB235B03ED03B17CBB59F77FA4 ] C:\Windows\System32\drivers\aswMonFlt.sys
08:57:42.0645 3868 C:\Windows\System32\drivers\aswMonFlt.sys - ok
08:57:42.0661 3868 [ 92EB844D90615CB266F84C3202B8786E ] C:\Windows\System32\drivers\mbam.sys
08:57:42.0661 3868 C:\Windows\System32\drivers\mbam.sys - ok
08:57:42.0676 3868 [ B217378ED9A964E15346A67FEF609A17 ] C:\Windows\System32\drivers\aswFsBlk.sys
08:57:42.0676 3868 C:\Windows\System32\drivers\aswFsBlk.sys - ok
08:57:42.0692 3868 [ 5C627D1B1138676C0A7AB2C2C190D123 ] C:\Windows\System32\rpcss.dll
08:57:42.0692 3868 C:\Windows\System32\rpcss.dll - ok
08:57:42.0692 3868 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] C:\Windows\System32\RpcEpMap.dll
08:57:42.0692 3868 C:\Windows\System32\RpcEpMap.dll - ok
08:57:42.0708 3868 [ 31559F3244C6BC00A52030CAA83B6B91 ] C:\Windows\System32\WSHTCPIP.DLL
08:57:42.0708 3868 C:\Windows\System32\WSHTCPIP.DLL - ok
08:57:42.0723 3868 [ 16E964ABF6D1E0F0CC7822FCA9BA754D ] C:\Windows\System32\wshqos.dll
08:57:42.0723 3868 C:\Windows\System32\wshqos.dll - ok
08:57:42.0739 3868 [ E07DEC52FF801841BA9B6878A60304FB ] C:\Program Files\Microsoft Security Client\MsMpEng.exe
08:57:42.0739 3868 C:\Program Files\Microsoft Security Client\MsMpEng.exe - ok
08:57:42.0754 3868 [ 9AD9E06F8656F296D91FAE8EE5B95A27 ] C:\Windows\System32\FirewallAPI.dll
08:57:42.0754 3868 C:\Windows\System32\FirewallAPI.dll - ok
08:57:42.0770 3868 [ 715F03B4C7223349768013EA95D9E5B7 ] C:\Windows\System32\LogonUI.exe
08:57:42.0770 3868 C:\Windows\System32\LogonUI.exe - ok
08:57:42.0786 3868 [ 905601FFF40D8DA9FA82CBE77D1F5EB1 ] C:\Program Files\Microsoft Security Client\MpSvc.dll
08:57:42.0786 3868 C:\Program Files\Microsoft Security Client\MpSvc.dll - ok
08:57:42.0801 3868 [ BD3674BE7FC9D8D3732C83E8499576ED ] C:\Windows\System32\wtsapi32.dll
08:57:42.0801 3868 C:\Windows\System32\wtsapi32.dll - ok
08:57:42.0801 3868 [ 0BEE002C68E28CE6DA161DCF1376D7D7 ] C:\Windows\System32\authui.dll
08:57:42.0801 3868 C:\Windows\System32\authui.dll - ok
08:57:42.0817 3868 [ 2D4230F2F1D204A523998DF93F9DF066 ] C:\Program Files\Microsoft Security Client\MpClient.dll
08:57:42.0817 3868 C:\Program Files\Microsoft Security Client\MpClient.dll - ok
08:57:42.0832 3868 [ B3BFBD758506ECB50C5804AAA76318F9 ] C:\Windows\System32\cryptui.dll
08:57:42.0832 3868 C:\Windows\System32\cryptui.dll - ok
08:57:42.0848 3868 [ 1F4492FE41767CDB8B89D17655847CDD ] C:\Windows\System32\ntmarta.dll
08:57:42.0848 3868 C:\Windows\System32\ntmarta.dll - ok
08:57:42.0864 3868 [ 7FA8FDC2C2A27817FD0F624E78D3B50C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll
08:57:42.0864 3868 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll - ok
08:57:42.0879 3868 [ 4E9C2DB10F7E6AE91BF761139D4B745B ] C:\Windows\System32\shacct.dll
08:57:42.0879 3868 C:\Windows\System32\shacct.dll - ok
08:57:42.0895 3868 [ 5B3EBFC3DA142324B388DDCC4465E1FF ] C:\Windows\System32\samlib.dll
08:57:42.0895 3868 C:\Windows\System32\samlib.dll - ok
08:57:42.0895 3868 [ F06BB4E336EA57511FDBAFAFCC47DE62 ] C:\Windows\System32\propsys.dll
08:57:42.0895 3868 C:\Windows\System32\propsys.dll - ok
08:57:42.0910 3868 [ D29E998E8277666982B4F0303BF4E7AF ] C:\Windows\System32\uxtheme.dll
08:57:42.0910 3868 C:\Windows\System32\uxtheme.dll - ok
08:57:42.0926 3868 [ 179E8401224D557ECFF3695F2016EA5B ] C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll
08:57:42.0926 3868 C:\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\GdiPlus.dll - ok
08:57:42.0942 3868 [ 3CB6A7286422C72C34DAB54A5DFF1A34 ] C:\Windows\System32\dui70.dll
08:57:42.0942 3868 C:\Windows\System32\dui70.dll - ok
08:57:42.0957 3868 [ 9121C2E2507AD0BCBF9A7438051BEF34 ] C:\Program Files\Microsoft Security Client\EppManifest.dll
08:57:42.0957 3868 C:\Program Files\Microsoft Security Client\EppManifest.dll - ok
08:57:42.0973 3868 [ 2F2E91FD092811353C3BC968BEC274D8 ] C:\Windows\System32\atiesrxx.exe
08:57:42.0973 3868 C:\Windows\System32\atiesrxx.exe - ok
08:57:42.0973 3868 [ 8CCDE014A4CDF84564E03ACE064CA753 ] C:\Windows\System32\duser.dll
08:57:42.0973 3868 C:\Windows\System32\duser.dll - ok
08:57:42.0988 3868 [ D7F1EF374A90709B31591823B002F918 ] C:\Windows\System32\SndVolSSO.dll
08:57:42.0988 3868 C:\Windows\System32\SndVolSSO.dll - ok
08:57:43.0004 3868 [ 896F15A6434D93EDB42519D5E18E6B50 ] C:\Windows\System32\hid.dll
08:57:43.0004 3868 C:\Windows\System32\hid.dll - ok
08:57:43.0020 3868 [ 227E2C382A1E02F8D4965E664D3BBE43 ] C:\Windows\System32\MMDevAPI.dll
08:57:43.0020 3868 C:\Windows\System32\MMDevAPI.dll - ok
08:57:43.0035 3868 [ DA1B7075260F3872585BFCDD668C648B ] C:\Windows\System32\dwmapi.dll
08:57:43.0035 3868 C:\Windows\System32\dwmapi.dll - ok
08:57:43.0051 3868 [ 2F034150ECCBC498C53B61F98C5378AC ] C:\Program Files\Microsoft Security Client\MpRTP.dll
08:57:43.0051 3868 C:\Program Files\Microsoft Security Client\MpRTP.dll - ok
08:57:43.0066 3868 [ 6F8B48F3D343E4B186AB6A9E302B7E16 ] C:\Windows\System32\xmllite.dll
08:57:43.0066 3868 C:\Windows\System32\xmllite.dll - ok
08:57:43.0066 3868 [ F3D202F53A222D5F6944D459B73CF967 ] C:\Windows\System32\fltLib.dll
08:57:43.0066 3868 C:\Windows\System32\fltLib.dll - ok
08:57:43.0082 3868 [ C4C1947985144721A809965A19D616BC ] C:\Program Files\Microsoft Security Client\MsMpLics.dll
08:57:43.0082 3868 C:\Program Files\Microsoft Security Client\MsMpLics.dll - ok
08:57:43.0098 3868 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] C:\Windows\System32\drivers\MpFilter.sys
08:57:43.0098 3868 C:\Windows\System32\drivers\MpFilter.sys - ok
08:57:43.0113 3868 [ BDDF242A49E7B7DC5CCEC291BCE53ACB ] C:\Windows\System32\WindowsCodecs.dll
08:57:43.0113 3868 C:\Windows\System32\WindowsCodecs.dll - ok
08:57:43.0129 3868 [ 6011714C8C5C55CBFFAD24D61E879FBD ] C:\Windows\System32\wevtsvc.dll
08:57:43.0129 3868 C:\Windows\System32\wevtsvc.dll - ok
08:57:43.0144 3868 [ 967BC3664DDC26959BD43A7B1681FF86 ] C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll
08:57:43.0144 3868 C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll - ok
08:57:43.0160 3868 [ 76A11F575782DBAE74F05B8796EF7F9D ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C52080FF-C318-4387-B394-CB1E50E95591}\mpengine.dll
08:57:43.0160 3868 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C52080FF-C318-4387-B394-CB1E50E95591}\mpengine.dll - ok
08:57:43.0160 3868 [ 436EB2742ED35C1ED9DDCB83C9BCF68A ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C52080FF-C318-4387-B394-CB1E50E95591}\mpasbase.vdm
08:57:43.0160 3868 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C52080FF-C318-4387-B394-CB1E50E95591}\mpasbase.vdm - ok
08:57:43.0176 3868 [ 9F2BACD5E1776A4BB7CC0EC3C3A4F96D ] C:\Windows\System32\winbrand.dll
08:57:43.0176 3868 C:\Windows\System32\winbrand.dll - ok
08:57:43.0191 3868 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] C:\Windows\System32\wlansvc.dll
08:57:43.0191 3868 C:\Windows\System32\wlansvc.dll - ok
08:57:43.0207 3868 [ C2762A57DF0EE85E63CE4893C5215313 ] C:\Windows\System32\VaultCredProvider.dll
08:57:43.0207 3868 C:\Windows\System32\VaultCredProvider.dll - ok
08:57:43.0222 3868 [ CA2985996BB49924B677113DF95CFEA7 ] C:\Windows\System32\SmartcardCredentialProvider.dll
08:57:43.0222 3868 C:\Windows\System32\SmartcardCredentialProvider.dll - ok
08:57:43.0238 3868 [ 588CD0C78A7FAAE4186B5EEA0AF3ED67 ] C:\Windows\System32\adtschema.dll
08:57:43.0238 3868 C:\Windows\System32\adtschema.dll - ok
08:57:43.0254 3868 [ BF352E73615F5461AA6884472435A544 ] C:\Windows\System32\BioCredProv.dll
08:57:43.0254 3868 C:\Windows\System32\BioCredProv.dll - ok
08:57:43.0269 3868 [ 796B8123A7859AFD3A4AE10514DBAEB5 ] C:\Windows\System32\winbio.dll
08:57:43.0269 3868 C:\Windows\System32\winbio.dll - ok
08:57:43.0269 3868 [ CC0AB40F02D2C2A12209715A3C1B07B8 ] C:\Windows\System32\credui.dll
08:57:43.0269 3868 C:\Windows\System32\credui.dll - ok
08:57:43.0285 3868 [ F23FEF6D569FCE88671949894A8BECF1 ] C:\Windows\System32\audiosrv.dll
08:57:43.0285 3868 C:\Windows\System32\audiosrv.dll - ok
08:57:43.0300 3868 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] C:\Windows\System32\netprofm.dll
08:57:43.0300 3868 C:\Windows\System32\netprofm.dll - ok
08:57:43.0316 3868 [ EEEA40F0EDB0A6E5359E539E15D0BC77 ] C:\Windows\System32\netapi32.dll
08:57:43.0316 3868 C:\Windows\System32\netapi32.dll - ok
08:57:43.0332 3868 [ 44B9C66177651F3F53C87B665D58D17A ] C:\Windows\System32\vaultcli.dll
08:57:43.0332 3868 C:\Windows\System32\vaultcli.dll - ok
08:57:43.0347 3868 [ 6CECA4C6A489C9B2E6073AFDAAE3F607 ] C:\Windows\System32\netutils.dll
08:57:43.0347 3868 C:\Windows\System32\netutils.dll - ok
08:57:43.0363 3868 [ 3C91392D448F6E5D525A85B7550D8BA9 ] C:\Windows\System32\wkscli.dll
08:57:43.0363 3868 C:\Windows\System32\wkscli.dll - ok
08:57:43.0378 3868 [ 78A1E65207484B7F8D3217507745F47C ] C:\Windows\System32\avrt.dll
08:57:43.0378 3868 C:\Windows\System32\avrt.dll - ok
08:57:43.0378 3868 [ FC51229C7D4AFA0D6F186133728B95AB ] C:\Windows\System32\samcli.dll
08:57:43.0378 3868 C:\Windows\System32\samcli.dll - ok
08:57:43.0394 3868 [ 50544D04AD845C43130B70212EC05CCD ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
08:57:43.0394 3868 C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
08:57:43.0410 3868 [ 08D8C5E32648D6E7976F0458545EA600 ] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVCP.dll
08:57:43.0410 3868 C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVCP.dll - ok
08:57:43.0425 3868 [ DA6B67270FD9DB3697B20FCE94950741 ] C:\Windows\System32\drivers\fltMgr.sys
08:57:43.0425 3868 C:\Windows\System32\drivers\fltMgr.sys - ok
08:57:43.0441 3868 [ D037BEA6039248D4DE0C5F361F19970D ] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVHelper.dll
08:57:43.0441 3868 C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVHelper.dll - ok
08:57:43.0456 3868 [ C4C183E6551084039EC862DA1C945E3D ] C:\Windows\System32\FntCache.dll
08:57:43.0456 3868 C:\Windows\System32\FntCache.dll - ok
08:57:43.0456 3868 [ A3DB3C17EE6CAE65D53602B4E80BCCBC ] C:\Windows\System32\PSHED.DLL
08:57:43.0456 3868 C:\Windows\System32\PSHED.DLL - ok
08:57:43.0472 3868 [ 7AE92C896AF9ABFBDB18C1D055B6EBA7 ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcp80.dll
08:57:43.0472 3868 C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcp80.dll - ok
08:57:43.0488 3868 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] C:\Windows\System32\MPSSVC.dll
08:57:43.0488 3868 C:\Windows\System32\MPSSVC.dll - ok
08:57:43.0503 3868 [ E40E80D0304A73E8D269F7141D77250B ] C:\Windows\System32\mmcss.dll
08:57:43.0503 3868 C:\Windows\System32\mmcss.dll - ok
08:57:43.0519 3868 [ 06A754FE28A06F780A099703CFCAAA22 ] C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcr80.dll
08:57:43.0519 3868 C:\Windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcr80.dll - ok
08:57:43.0534 3868 [ D5CCA1453B98A5801E6D5FF0FF89DC6C ] C:\Windows\System32\audiodg.exe
08:57:43.0534 3868 C:\Windows\System32\audiodg.exe - ok
08:57:43.0550 3868 [ B0945E538CF906BBDDC5A11C8EE868CC ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
08:57:43.0550 3868 C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok
08:57:43.0566 3868 [ 9AE75388EE2C110216B8319584E8AC34 ] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVCtrl.dll
08:57:43.0566 3868 C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVCtrl.dll - ok
08:57:43.0581 3868 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] C:\Windows\System32\gpsvc.dll
08:57:43.0581 3868 C:\Windows\System32\gpsvc.dll - ok
08:57:43.0597 3868 [ EF2AE43BCD46ABB13FC3E5B2B1935C73 ] C:\Windows\System32\winmm.dll
08:57:43.0597 3868 C:\Windows\System32\winmm.dll - ok
08:57:43.0597 3868 [ 2A9238A326763122424E07EF320D5D3A ] C:\Program Files\TOSHIBA\SmartFaceV\FaceRec.dll
08:57:43.0597 3868 C:\Program Files\TOSHIBA\SmartFaceV\FaceRec.dll - ok
08:57:43.0612 3868 [ 46BB91A169B9B31FF44EB04C48EC1D41 ] C:\Windows\System32\nlaapi.dll
08:57:43.0612 3868 C:\Windows\System32\nlaapi.dll - ok
08:57:43.0628 3868 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] C:\Windows\System32\profsvc.dll
08:57:43.0628 3868 C:\Windows\System32\profsvc.dll - ok
08:57:43.0644 3868 [ 91175B7E997CFAC64F271A15B4217BC7 ] C:\Program Files\TOSHIBA\SmartFaceV\FaceHI.dll
08:57:43.0644 3868 C:\Program Files\TOSHIBA\SmartFaceV\FaceHI.dll - ok
08:57:43.0659 3868 [ 58775492FFD419248B08325E583C527F ] C:\Windows\System32\atl.dll
08:57:43.0659 3868 C:\Windows\System32\atl.dll - ok
08:57:43.0675 3868 [ F0344071948D1A1FA732231785A0664C ] C:\Windows\System32\themeservice.dll
08:57:43.0675 3868 C:\Windows\System32\themeservice.dll - ok
08:57:43.0690 3868 [ A77BE7CB3222B4FB0AC6C71D1C2698D4 ] C:\Windows\System32\dsrole.dll
08:57:43.0690 3868 C:\Windows\System32\dsrole.dll - ok
08:57:43.0706 3868 [ 4166F82BE4D24938977DD1746BE9B8A0 ] C:\Windows\System32\es.dll
08:57:43.0706 3868 C:\Windows\System32\es.dll - ok
08:57:43.0722 3868 [ BE097F5BB10F9079FCEB2DC4E7E20F02 ] C:\Windows\System32\slc.dll
08:57:43.0722 3868 C:\Windows\System32\slc.dll - ok
08:57:43.0722 3868 [ 1A47D52E303B7543E4E6026595B95422 ] C:\Windows\System32\comres.dll
08:57:43.0722 3868 C:\Windows\System32\comres.dll - ok
08:57:43.0737 3868 [ C32AB8FA018EF34C0F113BD501436D21 ] C:\Windows\System32\Sens.dll
08:57:43.0737 3868 C:\Windows\System32\Sens.dll - ok
08:57:43.0753 3868 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] C:\Windows\System32\uxsms.dll
08:57:43.0753 3868 C:\Windows\System32\uxsms.dll - ok
08:57:43.0768 3868 [ 1538831CF8AD2979A04C423779465827 ] C:\Windows\System32\drivers\lltdio.sys
08:57:43.0768 3868 C:\Windows\System32\drivers\lltdio.sys - ok
08:57:43.0784 3868 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] C:\Windows\System32\drivers\nwifi.sys
08:57:43.0784 3868 C:\Windows\System32\drivers\nwifi.sys - ok
08:57:43.0800 3868 [ 136185F9FB2CC61E573E676AA5402356 ] C:\Windows\System32\drivers\ndisuio.sys
08:57:43.0800 3868 C:\Windows\System32\drivers\ndisuio.sys - ok
08:57:43.0815 3868 [ DDC86E4F8E7456261E637E3552E804FF ] C:\Windows\System32\drivers\rspndr.sys
08:57:43.0815 3868 C:\Windows\System32\drivers\rspndr.sys - ok
08:57:43.0831 3868 [ 2B81776DA02017A37FE26C662827470E ] C:\Windows\System32\IPHLPAPI.DLL
08:57:43.0831 3868 C:\Windows\System32\IPHLPAPI.DLL - ok
08:57:43.0846 3868 [ F993A32249B66C9D622EA5592A8B76B8 ] C:\Windows\System32\lmhsvc.dll
08:57:43.0846 3868 C:\Windows\System32\lmhsvc.dll - ok
08:57:43.0862 3868 [ D54BFDF3E0C953F823B3D0BFE4732528 ] C:\Windows\System32\nsisvc.dll
08:57:43.0862 3868 C:\Windows\System32\nsisvc.dll - ok
08:57:43.0862 3868 [ B73A6E4B319AFFE64582AC5C1801BB3F ] C:\Windows\System32\nrpsrv.dll
08:57:43.0862 3868 C:\Windows\System32\nrpsrv.dll - ok
08:57:43.0878 3868 [ 4C9210E8F4E052F6A4EB87716DA0C24C ] C:\Windows\System32\winnsi.dll
08:57:43.0878 3868 C:\Windows\System32\winnsi.dll - ok
08:57:43.0893 3868 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] C:\Windows\System32\dhcpcore.dll
08:57:43.0893 3868 C:\Windows\System32\dhcpcore.dll - ok
08:57:43.0909 3868 [ 3CC16A849E6092E43909F48EF0E60306 ] C:\Windows\System32\dhcpcore6.dll
08:57:43.0909 3868 C:\Windows\System32\dhcpcore6.dll - ok
08:57:43.0924 3868 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] C:\Windows\System32\dnsrslvr.dll
08:57:43.0924 3868 C:\Windows\System32\dnsrslvr.dll - ok
08:57:43.0940 3868 [ F9EC845C5EECF20E9A67F9F805F2EF1F ] C:\Windows\System32\keyiso.dll
08:57:43.0940 3868 C:\Windows\System32\keyiso.dll - ok
08:57:43.0956 3868 [ 87356377F31DA5F20A833811CD59499C ] C:\Windows\System32\eapphost.dll
08:57:43.0956 3868 C:\Windows\System32\eapphost.dll - ok
08:57:43.0971 3868 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] C:\Windows\System32\eapsvc.dll
08:57:43.0971 3868 C:\Windows\System32\eapsvc.dll - ok
08:57:43.0987 3868 [ 0040C486584A8E582C861CFB57AB5387 ] C:\Windows\System32\FWPUCLNT.DLL
08:57:43.0987 3868 C:\Windows\System32\FWPUCLNT.DLL - ok
08:57:43.0987 3868 [ 9FCA3A84338ADEF2AFF67CDA46EF8539 ] C:\Windows\System32\umb.dll
08:57:43.0987 3868 C:\Windows\System32\umb.dll - ok
08:57:44.0002 3868 [ A648C4A06DE367065B24056D067B4460 ] C:\Windows\System32\wlanmsm.dll
08:57:44.0002 3868 C:\Windows\System32\wlanmsm.dll - ok
08:57:44.0018 3868 [ 06A1386B6E3A0CBC368665C1840906F4 ] C:\Windows\System32\wlansec.dll
08:57:44.0018 3868 C:\Windows\System32\wlansec.dll - ok
08:57:44.0034 3868 [ 73FCB7919DEE80EE556F2E498594EBAE ] C:\Windows\System32\onex.dll
08:57:44.0034 3868 C:\Windows\System32\onex.dll - ok
08:57:44.0049 3868 [ 885D0942E0F28DB90919BE3129ECF279 ] C:\Windows\System32\dnsext.dll
08:57:44.0049 3868 C:\Windows\System32\dnsext.dll - ok
08:57:44.0065 3868 [ F568F7C08458D69E4FCD8675BBB107E4 ] C:\Windows\System32\dhcpcsvc.dll
08:57:44.0065 3868 C:\Windows\System32\dhcpcsvc.dll - ok
08:57:44.0065 3868 [ 65522E77A1360DBC8D199DA3BF5EFFE4 ] C:\Windows\System32\eappprxy.dll
08:57:44.0065 3868 C:\Windows\System32\eappprxy.dll - ok
08:57:44.0080 3868 [ 3C06D5A929B798D0B13F6481242A0FD2 ] C:\Windows\System32\dhcpcsvc6.dll
08:57:44.0080 3868 C:\Windows\System32\dhcpcsvc6.dll - ok
08:57:44.0096 3868 [ 0D753307D274F3688BD21C377B616700 ] C:\Windows\System32\eappcfg.dll
08:57:44.0096 3868 C:\Windows\System32\eappcfg.dll - ok
08:57:44.0112 3868 [ 97E43F324BE1503CB2FFB058534688DA ] C:\Windows\System32\l2gpstore.dll
08:57:44.0112 3868 C:\Windows\System32\l2gpstore.dll - ok
08:57:44.0127 3868 [ 730BF204A595D5B6D7DC57A247CC741C ] C:\Windows\System32\wlgpclnt.dll
08:57:44.0127 3868 C:\Windows\System32\wlgpclnt.dll - ok
08:57:44.0143 3868 [ 7D5645EE0EA77D539828433D9B95F5EB ] C:\Windows\System32\WinSCard.dll
08:57:44.0143 3868 C:\Windows\System32\WinSCard.dll - ok
08:57:44.0158 3868 [ 7F1B4C6FF3B85F9ADF74055187B8A22C ] C:\Windows\System32\wlanutil.dll
08:57:44.0158 3868 C:\Windows\System32\wlanutil.dll - ok
08:57:44.0174 3868 [ 99B91C5D2FCEF218CAD3600ECB62A799 ] C:\Windows\System32\msxml6.dll
08:57:44.0174 3868 C:\Windows\System32\msxml6.dll - ok
08:57:44.0190 3868 [ 9C5BF3E0541B8A2F85DF1D642E495EE4 ] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVLogOn.dll
08:57:44.0190 3868 C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVLogOn.dll - ok
08:57:44.0205 3868 [ 41735B82DB57E4EBE9504EC400FD120E ] C:\Program Files\AVAST Software\Avast\AvastSvc.exe
08:57:44.0205 3868 C:\Program Files\AVAST Software\Avast\AvastSvc.exe - ok
08:57:44.0221 3868 [ 972C3301DB3DA91AE06A95F6B4160B1B ] C:\Windows\System32\certCredProvider.dll
08:57:44.0221 3868 C:\Windows\System32\certCredProvider.dll - ok
08:57:44.0236 3868 [ E73B0F1819602CB6EF176FB78D76A47B ] C:\Windows\SysWOW64\ntdll.dll
08:57:44.0236 3868 C:\Windows\SysWOW64\ntdll.dll - ok
08:57:44.0268 3868 [ 032229246107C5C7211E6D1498B52D3D ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL
08:57:44.0268 3868 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL - ok
08:57:44.0268 3868 [ 87FA0C48C3B2E9FEE518818FE26B15B5 ] C:\Windows\System32\rasplap.dll
08:57:44.0268 3868 C:\Windows\System32\rasplap.dll - ok
08:57:44.0283 3868 [ 259EB5F7D95A29842B476C5B3EB6E186 ] C:\Windows\System32\wow64.dll
08:57:44.0283 3868 C:\Windows\System32\wow64.dll - ok
08:57:44.0299 3868 [ 5674E21E82CFBEA36DDAD5DB285D6DBC ] C:\Windows\System32\wow64win.dll
08:57:44.0299 3868 C:\Windows\System32\wow64win.dll - ok
08:57:44.0314 3868 [ 3EE3AA76D8AB6D5644C4C8F34471CEB3 ] C:\Windows\System32\wow64cpu.dll
08:57:44.0314 3868 C:\Windows\System32\wow64cpu.dll - ok
08:57:44.0330 3868 [ AC0B6F41882FC6ED186962D770EBF1D2 ] C:\Windows\SysWOW64\kernel32.dll
08:57:44.0330 3868 C:\Windows\SysWOW64\kernel32.dll - ok
08:57:44.0346 3868 [ 019CD868461B646E09BDF04474C19341 ] C:\Windows\System32\rasapi32.dll
08:57:44.0346 3868 C:\Windows\System32\rasapi32.dll - ok
08:57:44.0361 3868 [ B28DEEC597C8DEB70C744C7CF9210E3E ] C:\Windows\System32\rasman.dll
08:57:44.0361 3868 C:\Windows\System32\rasman.dll - ok
08:57:44.0377 3868 [ B53C4B69B695EDA1B7E41D35CA4244E2 ] C:\Windows\System32\rtutils.dll
08:57:44.0377 3868 C:\Windows\System32\rtutils.dll - ok
08:57:44.0392 3868 [ 1473768973453DE50DC738C2955FC4DD ] C:\Windows\System32\wdmaud.drv
08:57:44.0392 3868 C:\Windows\System32\wdmaud.drv - ok
08:57:44.0408 3868 [ 9BC8610C32C96A2983A65DC21CAFA921 ] C:\Windows\System32\UXInit.dll
08:57:44.0408 3868 C:\Windows\System32\UXInit.dll - ok
08:57:44.0424 3868 [ 13EB517A22F8AE2E4A02718C163BA401 ] C:\Windows\System32\atieclxx.exe
08:57:44.0424 3868 C:\Windows\System32\atieclxx.exe - ok
08:57:44.0439 3868 [ AAAB85C6D3790072BDA81F76C6E9B794 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C52080FF-C318-4387-B394-CB1E50E95591}\mpasdlta.vdm
08:57:44.0439 3868 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C52080FF-C318-4387-B394-CB1E50E95591}\mpasdlta.vdm - ok
08:57:44.0455 3868 [ 8560FFFC8EB3A806DCD4F82252CFC8C6 ] C:\Windows\System32\ksuser.dll
08:57:44.0455 3868 C:\Windows\System32\ksuser.dll - ok
08:57:44.0470 3868 [ 03706015DB44368375AEBE6339490E66 ] C:\Windows\System32\netcfgx.dll
08:57:44.0470 3868 C:\Windows\System32\netcfgx.dll - ok
08:57:44.0486 3868 [ CF636C92B762B26F0B39B38E92380A09 ] C:\Windows\System32\oleacc.dll
08:57:44.0486 3868 C:\Windows\System32\oleacc.dll - ok
08:57:44.0502 3868 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] C:\Windows\System32\drivers\vwifimp.sys
08:57:44.0502 3868 C:\Windows\System32\drivers\vwifimp.sys - ok
08:57:44.0502 3868 [ 019BDD35DE269CB98B22DE8923C2AA3B ] C:\Windows\System32\UIAutomationCore.dll
08:57:44.0502 3868 C:\Windows\System32\UIAutomationCore.dll - ok
08:57:44.0517 3868 [ E954A79D6A754A5475582CACED1565E6 ] C:\Windows\SysWOW64\KernelBase.dll
08:57:44.0533 3868 C:\Windows\SysWOW64\KernelBase.dll - ok
08:57:44.0548 3868 [ 7FF15A4F092CD4A96055BA69F903E3E9 ] C:\Windows\SysWOW64\ws2_32.dll
08:57:44.0548 3868 C:\Windows\SysWOW64\ws2_32.dll - ok
08:57:44.0564 3868 [ 9DC80A8AAAAAC397BDAB3C67165A824E ] C:\Windows\SysWOW64\msvcrt.dll
08:57:44.0564 3868 C:\Windows\SysWOW64\msvcrt.dll - ok
08:57:44.0580 3868 [ DC220AE6F64819099F7EBD6F137E32E7 ] C:\Windows\System32\AudioSes.dll
08:57:44.0580 3868 C:\Windows\System32\AudioSes.dll - ok
08:57:44.0595 3868 [ 10AC5CE9F78DC281A1BBD9B8CC587B8A ] C:\Windows\System32\msacm32.dll
08:57:44.0595 3868 C:\Windows\System32\msacm32.dll - ok
08:57:44.0611 3868 [ 1B7C3A37362C7B2890168C5FC61C8D9B ] C:\Windows\System32\msacm32.drv
08:57:44.0611 3868 C:\Windows\System32\msacm32.drv - ok
08:57:44.0626 3868 [ C5AD8083CF94201F1F8084ECC696A8B7 ] C:\Windows\SysWOW64\rpcrt4.dll
08:57:44.0626 3868 C:\Windows\SysWOW64\rpcrt4.dll - ok
08:57:44.0642 3868 [ CA2A0750ED830678997695FF61B04C30 ] C:\Windows\System32\midimap.dll
08:57:44.0642 3868 C:\Windows\System32\midimap.dll - ok
08:57:44.0642 3868 [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\SysWOW64\cryptbase.dll
08:57:44.0658 3868 C:\Windows\SysWOW64\cryptbase.dll - ok
08:57:44.0658 3868 [ EDA7AD21DF8945528F01F0A86D69E524 ] C:\Windows\SysWOW64\sspicli.dll
08:57:44.0658 3868 C:\Windows\SysWOW64\sspicli.dll - ok
08:57:44.0673 3868 [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\SysWOW64\sechost.dll
08:57:44.0673 3868 C:\Windows\SysWOW64\sechost.dll - ok
08:57:44.0689 3868 [ 3449B6738794D2234ED2C3FADA85D487 ] C:\Windows\System32\atiadlxx.dll
08:57:44.0689 3868 C:\Windows\System32\atiadlxx.dll - ok
08:57:44.0704 3868 [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\SysWOW64\nsi.dll
08:57:44.0704 3868 C:\Windows\SysWOW64\nsi.dll - ok
08:57:44.0720 3868 [ 81BC2B7B6C5C46EB31DEDAC66548053E ] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll
08:57:44.0720 3868 C:\Program Files\AVAST Software\Avast\aswCmnBS.dll - ok
08:57:44.0736 3868 [ 4021AEBD765FBFD22E5E7B21FB0E9549 ] C:\Program Files\AVAST Software\Avast\aswCmnOS.dll
08:57:44.0736 3868 C:\Program Files\AVAST Software\Avast\aswCmnOS.dll - ok
08:57:44.0751 3868 [ 5EDBB34736DD7AC1A73CF8792A835E10 ] C:\Windows\System32\AudioEng.dll
08:57:44.0751 3868 C:\Windows\System32\AudioEng.dll - ok
08:57:44.0767 3868 [ 35868C1F8B1BFF5CA1F957E3548A96FC ] C:\Program Files\AVAST Software\Avast\aswCmnIS.dll
08:57:44.0767 3868 C:\Program Files\AVAST Software\Avast\aswCmnIS.dll - ok
08:57:44.0767 3868 [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
08:57:44.0767 3868 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll - ok
08:57:44.0782 3868 [ C1395286B822E306B4FE1568A8A77813 ] C:\Windows\System32\AUDIOKSE.dll
08:57:44.0782 3868 C:\Windows\System32\AUDIOKSE.dll - ok
08:57:44.0798 3868 [ 5AA945234E9D4CCE4F715276B9AA712C ] C:\Windows\System32\imageres.dll
08:57:44.0798 3868 C:\Windows\System32\imageres.dll - ok
08:57:44.0814 3868 [ B6C244055D019CAC3FE8298DAD973D6D ] C:\Windows\System32\atimuixx.dll
08:57:44.0814 3868 C:\Windows\System32\atimuixx.dll - ok
08:57:44.0829 3868 [ 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 ] C:\Windows\SysWOW64\user32.dll
08:57:44.0829 3868 C:\Windows\SysWOW64\user32.dll - ok
08:57:44.0845 3868 [ D6D3AD7BF1D6F6CE9547613ED5E170A2 ] C:\Windows\SysWOW64\gdi32.dll
08:57:44.0845 3868 C:\Windows\SysWOW64\gdi32.dll - ok
08:57:44.0845 3868 [ 706B9A55E4B1EDD2F6C2D7A1CF37E197 ] C:\Windows\System32\RtkAPO64.dll
08:57:44.0845 3868 C:\Windows\System32\RtkAPO64.dll - ok
08:57:44.0860 3868 [ 384721EF4024890092625E20CADFAF85 ] C:\Windows\SysWOW64\lpk.dll
08:57:44.0860 3868 C:\Windows\SysWOW64\lpk.dll - ok
08:57:44.0876 3868 [ B7230010D97787AF3D25E4C82F2B06B9 ] C:\Windows\SysWOW64\usp10.dll
08:57:44.0876 3868 C:\Windows\SysWOW64\usp10.dll - ok
08:57:44.0892 3868 [ 95E2376B3323F062EB562B8586D0F14A ] C:\Windows\SysWOW64\advapi32.dll
08:57:44.0892 3868 C:\Windows\SysWOW64\advapi32.dll - ok
08:57:44.0907 3868 [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
08:57:44.0907 3868 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll - ok
08:57:44.0923 3868 [ E9CE9F8CD76B81B1CE5C9F3F58D0591A ] C:\Program Files\AVAST Software\Avast\ashBase.dll
08:57:44.0923 3868 C:\Program Files\AVAST Software\Avast\ashBase.dll - ok
08:57:44.0938 3868 [ FFF65CA2746E1FA5673D2BF2CC706955 ] C:\Program Files\AVAST Software\Avast\aswEngLdr.dll
08:57:44.0938 3868 C:\Program Files\AVAST Software\Avast\aswEngLdr.dll - ok
08:57:44.0954 3868 [ 702254574E7E52052DE39408457B7149 ] C:\Windows\SysWOW64\version.dll
08:57:44.0954 3868 C:\Windows\SysWOW64\version.dll - ok
08:57:44.0970 3868 [ DF13A51A5C591887D2EC6AE64CEED0FA ] C:\Windows\SysWOW64\wsock32.dll
08:57:44.0970 3868 C:\Windows\SysWOW64\wsock32.dll - ok
08:57:44.0985 3868 [ 60D21799A4AF4EDCE65FB98830E4B0C8 ] C:\Windows\SysWOW64\crypt32.dll
08:57:44.0985 3868 C:\Windows\SysWOW64\crypt32.dll - ok
08:57:44.0985 3868 [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\SysWOW64\psapi.dll
08:57:44.0985 3868 C:\Windows\SysWOW64\psapi.dll - ok
08:57:45.0001 3868 [ 938F39B50BAFE13D6F58C7790682C010 ] C:\Windows\SysWOW64\msasn1.dll
08:57:45.0001 3868 C:\Windows\SysWOW64\msasn1.dll - ok
08:57:45.0016 3868 [ 03728C624D05C2F157BBD46F6B7F6EA0 ] C:\Windows\SysWOW64\wininet.dll
08:57:45.0016 3868 C:\Windows\SysWOW64\wininet.dll - ok
08:57:45.0032 3868 [ 8CC3C111D653E96F3EA1590891491D71 ] C:\Windows\SysWOW64\shlwapi.dll
08:57:45.0032 3868 C:\Windows\SysWOW64\shlwapi.dll - ok
08:57:45.0048 3868 [ ECAEC5FBBBEF8612AF0A866AFA5F7EF2 ] C:\Windows\System32\RTEEL64A.dll
08:57:45.0048 3868 C:\Windows\System32\RTEEL64A.dll - ok
08:57:45.0063 3868 [ 73BDB1C0801D44BEA5F6749FD340CC0F ] C:\Windows\SysWOW64\iertutil.dll
08:57:45.0063 3868 C:\Windows\SysWOW64\iertutil.dll - ok
08:57:45.0063 3868 [ A6286A6C7A1BBFCBA17AA54384A21D1C ] C:\Windows\System32\RTEED64A.dll
08:57:45.0063 3868 C:\Windows\System32\RTEED64A.dll - ok
08:57:45.0079 3868 [ 180D098704551DE37C6299AA888D6821 ] C:\Windows\SysWOW64\urlmon.dll
08:57:45.0079 3868 C:\Windows\SysWOW64\urlmon.dll - ok
08:57:45.0094 3868 [ 928CF7268086631F54C3D8E17238C6DD ] C:\Windows\SysWOW64\ole32.dll
08:57:45.0094 3868 C:\Windows\SysWOW64\ole32.dll - ok
08:57:45.0110 3868 [ 6C765E82B57F2E66CE9C54AC238471D9 ] C:\Windows\SysWOW64\oleaut32.dll
08:57:45.0110 3868 C:\Windows\SysWOW64\oleaut32.dll - ok
08:57:45.0126 3868 [ A6F09E5669D9A19035F6D942CAA15882 ] C:\Windows\SysWOW64\imm32.dll
08:57:45.0126 3868 C:\Windows\SysWOW64\imm32.dll - ok
08:57:45.0141 3868 [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\SysWOW64\msctf.dll
08:57:45.0141 3868 C:\Windows\SysWOW64\msctf.dll - ok
08:57:45.0157 3868 [ F10E5311E5093FA3C00FF88C54C32FCA ] C:\Windows\SysWOW64\atl.dll
08:57:45.0157 3868 C:\Windows\SysWOW64\atl.dll - ok
08:57:45.0172 3868 [ D5AEFAD57C08349A4393D987DF7C715D ] C:\Windows\SysWOW64\winmm.dll
08:57:45.0172 3868 C:\Windows\SysWOW64\winmm.dll - ok
08:57:45.0188 3868 [ 29E9794708DF51DB5DC89FB2E903A0F6 ] C:\Windows\SysWOW64\shell32.dll
08:57:45.0188 3868 C:\Windows\SysWOW64\shell32.dll - ok
08:57:45.0204 3868 [ 425800DD197C336EF1D6A3AC6428DEB3 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C52080FF-C318-4387-B394-CB1E50E95591}\mpavbase.vdm
08:57:45.0204 3868 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C52080FF-C318-4387-B394-CB1E50E95591}\mpavbase.vdm - ok
08:57:45.0219 3868 [ 863F793D15B4026B1A5FDECA873D4D84 ] C:\Windows\SysWOW64\apphelp.dll
08:57:45.0219 3868 C:\Windows\SysWOW64\apphelp.dll - ok
08:57:45.0219 3868 [ 47742160BBC1B66D0CB09AA45F907540 ] C:\Program Files\AVAST Software\Avast\avBugReport.exe
08:57:45.0219 3868 C:\Program Files\AVAST Software\Avast\avBugReport.exe - ok
08:57:45.0235 3868 [ 53223B673A3FA2F9A4D1C31C8D3F6CD8 ] C:\Windows\SysWOW64\dbghelp.dll
08:57:45.0235 3868 C:\Windows\SysWOW64\dbghelp.dll - ok
08:57:45.0250 3868 [ 0127F0E5C76C1C02842952DD7B38157A ] C:\Program Files\AVAST Software\Avast\1033\Base.dll
08:57:45.0250 3868 C:\Program Files\AVAST Software\Avast\1033\Base.dll - ok
08:57:45.0266 3868 [ 1BE8D8DCCEBD1174BCC22D0BC575C237 ] C:\Program Files\AVAST Software\Avast\ashServ.dll
08:57:45.0266 3868 C:\Program Files\AVAST Software\Avast\ashServ.dll - ok
08:57:45.0282 3868 [ AAF932B4011D14052955D4B212A4DA8D ] C:\Windows\System32\shsvcs.dll
08:57:45.0282 3868 C:\Windows\System32\shsvcs.dll - ok
08:57:45.0313 3868 [ FD639FEEE160F399DB58A3FDB2E0DF4D ] C:\Program Files\AVAST Software\Avast\aswAux.dll
08:57:45.0313 3868 C:\Program Files\AVAST Software\Avast\aswAux.dll - ok
08:57:45.0328 3868 [ 3B8707AC8BB05CD0D4D96333D4411EE7 ] C:\Program Files\AVAST Software\Avast\ashTask.dll
08:57:45.0328 3868 C:\Program Files\AVAST Software\Avast\ashTask.dll - ok
08:57:45.0344 3868 [ 8588D68F3A51C147EA8019E496F805EB ] C:\Program Files\AVAST Software\Avast\ashTaskEx.dll
08:57:45.0344 3868 C:\Program Files\AVAST Software\Avast\ashTaskEx.dll - ok
08:57:45.0360 3868 [ 720B5083FC3037150801504F9ECA1591 ] C:\Program Files\AVAST Software\Avast\aswLog.dll
08:57:45.0360 3868 C:\Program Files\AVAST Software\Avast\aswLog.dll - ok
08:57:45.0360 3868 [ F5FEDB7D35E030A2DACD40FB3245C765 ] C:\Program Files\AVAST Software\Avast\aswSqLt.dll
08:57:45.0360 3868 C:\Program Files\AVAST Software\Avast\aswSqLt.dll - ok
08:57:45.0391 3868 [ 129D3C6FF2E0C60FBD757C63C72F15B8 ] C:\Program Files\AVAST Software\Avast\aswProperty.dll
08:57:45.0391 3868 C:\Program Files\AVAST Software\Avast\aswProperty.dll - ok
08:57:45.0391 3868 [ 31472162FB12CFE31226343FDEE94318 ] C:\Program Files\AVAST Software\Avast\AavmRpch.dll
08:57:45.0391 3868 C:\Program Files\AVAST Software\Avast\AavmRpch.dll - ok
08:57:45.0406 3868 [ 482310DD75538EB321210FF1E2538C72 ] C:\Program Files\AVAST Software\Avast\Aavm4h.dll
08:57:45.0406 3868 C:\Program Files\AVAST Software\Avast\Aavm4h.dll - ok
08:57:45.0422 3868 [ 1650A06EB48C18969057761AFCCBF001 ] C:\Program Files\AVAST Software\Avast\avastIP.dll
08:57:45.0422 3868 C:\Program Files\AVAST Software\Avast\avastIP.dll - ok
08:57:45.0438 3868 [ A90DC9ABD65DB1A8902F361103029952 ] C:\Windows\SysWOW64\IPHLPAPI.DLL
08:57:45.0438 3868 C:\Windows\SysWOW64\IPHLPAPI.DLL - ok
08:57:45.0453 3868 [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\SysWOW64\winnsi.dll
08:57:45.0453 3868 C:\Windows\SysWOW64\winnsi.dll - ok
08:57:45.0469 3868 [ CA9F7888B524D8100B977C81F44C3234 ] C:\Windows\SysWOW64\winhttp.dll
08:57:45.0469 3868 C:\Windows\SysWOW64\winhttp.dll - ok
08:57:45.0484 3868 [ 945E54F23C72D37B8CD1987AF0DB63BF ] C:\Windows\System32\fveapi.dll
08:57:45.0484 3868 C:\Windows\System32\fveapi.dll - ok
08:57:45.0500 3868 [ 1BCDB508143B517F21BBDAC10F5777BF ] C:\Windows\System32\conhost.exe
08:57:45.0500 3868 C:\Windows\System32\conhost.exe - ok
08:57:45.0516 3868 [ 694865362F0965779F92BCFE97712323 ] C:\Windows\System32\tbs.dll
08:57:45.0516 3868 C:\Windows\System32\tbs.dll - ok
08:57:45.0531 3868 [ FB19FC5951A88F3C523E35C2C98D23C0 ] C:\Windows\SysWOW64\webio.dll
08:57:45.0531 3868 C:\Windows\SysWOW64\webio.dll - ok
08:57:45.0531 3868 [ 891ECFD08E2C538B7948CBC45106D697 ] C:\Windows\System32\fvecerts.dll
08:57:45.0531 3868 C:\Windows\System32\fvecerts.dll - ok
08:57:45.0547 3868 [ 8269210DAF3B12BC8300631B28A2A442 ] C:\Windows\System32\wiarpc.dll
08:57:45.0547 3868 C:\Windows\System32\wiarpc.dll - ok
08:57:45.0562 3868 [ EB6613261E287A8B9783C9C8B7F118F8 ] C:\Program Files\AVAST Software\Avast\aswDld.dll
08:57:45.0562 3868 C:\Program Files\AVAST Software\Avast\aswDld.dll - ok
08:57:45.0578 3868 [ 682F67B86B4F586D813BACA7A0AA06A7 ] C:\Program Files\AVAST Software\Avast\aswIdle.dll
08:57:45.0578 3868 C:\Program Files\AVAST Software\Avast\aswIdle.dll - ok
08:57:45.0594 3868 [ 20EEC2605DC89048E9989FE8D73E26BD ] C:\Program Files\AVAST Software\Avast\aswStrm.dll
08:57:45.0594 3868 C:\Program Files\AVAST Software\Avast\aswStrm.dll - ok
08:57:45.0594 3868 [ F436E847FA799ECD75AD8C313673F450 ] C:\Windows\SysWOW64\cfgmgr32.dll
08:57:45.0594 3868 C:\Windows\SysWOW64\cfgmgr32.dll - ok
08:57:45.0609 3868 [ 262F6592C3299C005FD6BEC90FC4463A ] C:\Windows\System32\schedsvc.dll
08:57:45.0609 3868 C:\Windows\System32\schedsvc.dll - ok
08:57:45.0625 3868 [ 5997D769CDB108390DCFAEBF442BF816 ] C:\Windows\SysWOW64\RpcRtRemote.dll
08:57:45.0625 3868 C:\Windows\SysWOW64\RpcRtRemote.dll - ok
08:57:45.0640 3868 [ A8CDF3768604FF95B54669E20053D569 ] C:\Windows\SysWOW64\wscapi.dll
08:57:45.0640 3868 C:\Windows\SysWOW64\wscapi.dll - ok
08:57:45.0656 3868 [ 8258362DDB18B644A82D8B5061AD9426 ] C:\Windows\SysWOW64\wscisvif.dll
08:57:45.0656 3868 C:\Windows\SysWOW64\wscisvif.dll - ok
08:57:45.0672 3868 [ BC414631876B2F28B8DAB08E849C12C5 ] C:\Windows\System32\ktmw32.dll
08:57:45.0672 3868 C:\Windows\System32\ktmw32.dll - ok
08:57:45.0687 3868 [ 6DC4A7242F565C9E9C9CCC7BB0FA75C7 ] C:\Windows\System32\taskcomp.dll
08:57:45.0687 3868 C:\Windows\System32\taskcomp.dll - ok
08:57:45.0703 3868 [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\SysWOW64\cryptsp.dll
08:57:45.0703 3868 C:\Windows\SysWOW64\cryptsp.dll - ok
08:57:45.0718 3868 [ 4E5FE39C1076D115EC8BFCFE14D75B80 ] C:\Windows\SysWOW64\credssp.dll
08:57:45.0718 3868 C:\Windows\SysWOW64\credssp.dll - ok
08:57:45.0718 3868 [ 8999B8631C7FD9F7F9EC3CAFD953BA24 ] C:\Windows\SysWOW64\mswsock.dll
08:57:45.0718 3868 C:\Windows\SysWOW64\mswsock.dll - ok
08:57:45.0734 3868 [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\SysWOW64\WSHTCPIP.DLL
08:57:45.0734 3868 C:\Windows\SysWOW64\WSHTCPIP.DLL - ok
08:57:45.0750 3868 [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\SysWOW64\wship6.dll
08:57:45.0750 3868 C:\Windows\SysWOW64\wship6.dll - ok
08:57:45.0765 3868 [ 7C8F47424B45A14D4CBDB1803E3F25BC ] C:\Program Files\AVAST Software\Avast\defs\13031801\aswEngin.dll
08:57:45.0765 3868 C:\Program Files\AVAST Software\Avast\defs\13031801\aswEngin.dll - ok
08:57:45.0781 3868 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] C:\Windows\System32\drivers\http.sys
08:57:45.0781 3868 C:\Windows\System32\drivers\http.sys - ok
08:57:45.0796 3868 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] C:\Windows\System32\spoolsv.exe
08:57:45.0796 3868 C:\Windows\System32\spoolsv.exe - ok
08:57:45.0812 3868 [ E479DDDD960DCCD8B5338B6E0F34AA97 ] C:\Program Files\AVAST Software\Avast\defs\13031801\aswCmnIS.dll
08:57:45.0812 3868 C:\Program Files\AVAST Software\Avast\defs\13031801\aswCmnIS.dll - ok
08:57:45.0828 3868 [ 3E4604CDB52F5E242C6E7D373160A684 ] C:\Program Files\AVAST Software\Avast\defs\13031801\aswCmnOS.dll
08:57:45.0828 3868 C:\Program Files\AVAST Software\Avast\defs\13031801\aswCmnOS.dll - ok
08:57:45.0843 3868 [ 08CEB05CD6B318D1E36CB122B062FFE4 ] C:\Program Files\AVAST Software\Avast\defs\13031801\aswCmnBS.dll
08:57:45.0843 3868 C:\Program Files\AVAST Software\Avast\defs\13031801\aswCmnBS.dll - ok
08:57:45.0859 3868 [ 6769DBB1021EA758A86E0D8927F49E69 ] C:\Program Files\AVAST Software\Avast\defs\13031801\aswScan.dll
08:57:45.0859 3868 C:\Program Files\AVAST Software\Avast\defs\13031801\aswScan.dll - ok
08:57:45.0859 3868 [ 8539ED943138AF05A92BD69A4DA092B2 ] C:\Program Files\AVAST Software\Avast\defs\13031801\aswRep.dll
08:57:45.0859 3868 C:\Program Files\AVAST Software\Avast\defs\13031801\aswRep.dll - ok
08:57:45.0874 3868 [ 0928FFC8BD4391F5878AD08085AE676E ] C:\Program Files\AVAST Software\Avast\defs\13031801\aswFiDb.dll
08:57:45.0874 3868 C:\Program Files\AVAST Software\Avast\defs\13031801\aswFiDb.dll - ok
08:57:45.0890 3868 [ 9F6502C41C14FDCE272C9928100A0CF5 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C52080FF-C318-4387-B394-CB1E50E95591}\mpavdlta.vdm
08:57:45.0890 3868 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C52080FF-C318-4387-B394-CB1E50E95591}\mpavdlta.vdm - ok
08:57:45.0906 3868 [ 82974D6A2FD19445CC5171FC378668A4 ] C:\Windows\System32\BFE.DLL
08:57:45.0906 3868 C:\Windows\System32\BFE.DLL - ok
08:57:45.0921 3868 [ FA95E132331D4D68758AB3B135B92AF6 ] C:\Program Files\AVAST Software\Avast\defs\13031801\algo.dll
08:57:45.0921 3868 C:\Program Files\AVAST Software\Avast\defs\13031801\algo.dll - ok
08:57:45.0937 3868 [ 6C02A83164F5CC0A262F4199F0871CF5 ] C:\Windows\System32\drivers\bowser.sys
08:57:45.0937 3868 C:\Windows\System32\drivers\bowser.sys - ok
08:57:45.0952 3868 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] C:\Windows\System32\drivers\mpsdrv.sys
08:57:45.0952 3868 C:\Windows\System32\drivers\mpsdrv.sys - ok
08:57:45.0968 3868 [ A5D9106A73DC88564C825D317CAC68AC ] C:\Windows\System32\drivers\mrxsmb.sys
08:57:45.0968 3868 C:\Windows\System32\drivers\mrxsmb.sys - ok
08:57:45.0968 3868 [ D711B3C1D5F42C0C2415687BE09FC163 ] C:\Windows\System32\drivers\mrxsmb10.sys
08:57:45.0968 3868 C:\Windows\System32\drivers\mrxsmb10.sys - ok
08:57:45.0984 3868 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] C:\Windows\System32\drivers\mrxsmb20.sys
08:57:45.0984 3868 C:\Windows\System32\drivers\mrxsmb20.sys - ok
08:57:45.0999 3868 [ 851A1382EED3E3A7476DB004F4EE3E1A ] C:\Windows\System32\wkssvc.dll
08:57:45.0999 3868 C:\Windows\System32\wkssvc.dll - ok
08:57:46.0015 3868 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] C:\Windows\System32\cryptsvc.dll
08:57:46.0015 3868 C:\Windows\System32\cryptsvc.dll - ok
08:57:46.0030 3868 [ 8792BAB371B4B1589E015B6FD1ED3B15 ] C:\Windows\System32\cryptnet.dll
08:57:46.0030 3868 C:\Windows\System32\cryptnet.dll - ok
08:57:46.0046 3868 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] C:\Windows\System32\dps.dll
08:57:46.0046 3868 C:\Windows\System32\dps.dll - ok
08:57:46.0062 3868 [ 0E2F58F6E698EDCB9E58FAD0CBCD0567 ] C:\Windows\System32\vssapi.dll
08:57:46.0062 3868 C:\Windows\System32\vssapi.dll - ok
08:57:46.0077 3868 [ BAAFAF9CEAEC0B73C2A3550A01F6CECB ] C:\Windows\System32\taskschd.dll
08:57:46.0077 3868 C:\Windows\System32\taskschd.dll - ok
08:57:46.0077 3868 [ 903FF9BA73E379237C0EDDDA8F17168C ] C:\Program Files\AVAST Software\Avast\Setup\setiface.dll
08:57:46.0077 3868 C:\Program Files\AVAST Software\Avast\Setup\setiface.dll - ok
08:57:46.0093 3868 [ C67F8A962B2534224D5908D16D2AD3CE ] C:\Windows\System32\wfapigp.dll
08:57:46.0093 3868 C:\Windows\System32\wfapigp.dll - ok
08:57:46.0108 3868 [ 287923557447D7E4BDD7E65B1F0F5428 ] C:\Windows\System32\vsstrace.dll
08:57:46.0108 3868 C:\Windows\System32\vsstrace.dll - ok
08:57:46.0124 3868 [ 1834B31C749B86DAC233BBBA1C03BC48 ] C:\Windows\System32\mscms.dll
08:57:46.0124 3868 C:\Windows\System32\mscms.dll - ok
08:57:46.0140 3868 [ 3AEAA8B561E63452C655DC0584922257 ] C:\Windows\System32\pcasvc.dll
08:57:46.0140 3868 C:\Windows\System32\pcasvc.dll - ok
08:57:46.0140 3868 [ 6313F223E817CC09AA41811DAA7F541D ] C:\Windows\System32\snmptrap.exe
08:57:46.0155 3868 C:\Windows\System32\snmptrap.exe - ok
08:57:46.0155 3868 [ 802496CB59A30349F9A6DD22D6947644 ] C:\Windows\System32\FDResPub.dll
08:57:46.0155 3868 C:\Windows\System32\FDResPub.dll - ok
08:57:46.0171 3868 [ F1B205F932F62F94506A5F332C895DAF ] C:\Windows\System32\WSDApi.dll
08:57:46.0171 3868 C:\Windows\System32\WSDApi.dll - ok
08:57:46.0186 3868 [ C55516D98DD5D8F0153C2A9B4227DA86 ] C:\Windows\System32\webservices.dll
08:57:46.0186 3868 C:\Windows\System32\webservices.dll - ok
08:57:46.0202 3868 [ FCD84C381E0140AF901E58D48882D26B ] C:\Windows\System32\IKEEXT.DLL
08:57:46.0202 3868 C:\Windows\System32\IKEEXT.DLL - ok
08:57:46.0218 3868 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
08:57:46.0218 3868 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe - ok
08:57:46.0233 3868 [ 10EAB90C1AE8271B5FE5A8930987EE5C ] C:\Program Files\Windows Live\Mesh\WLRemoteServiceResource.dll
08:57:46.0233 3868 C:\Program Files\Windows Live\Mesh\WLRemoteServiceResource.dll - ok
08:57:46.0249 3868 [ B5055B51BAA0FD0A736A88653DA3C1C0 ] C:\Windows\System32\fundisc.dll
08:57:46.0249 3868 C:\Windows\System32\fundisc.dll - ok
08:57:46.0264 3868 [ 908ACB1F594274965A53926B10C81E89 ] C:\Windows\System32\provsvc.dll
08:57:46.0264 3868 C:\Windows\System32\provsvc.dll - ok
08:57:46.0264 3868 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] C:\Windows\System32\sstpsvc.dll
08:57:46.0264 3868 C:\Windows\System32\sstpsvc.dll - ok
08:57:46.0280 3868 [ 8624E0E2418413614EE1FECDB7B76B88 ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll
08:57:46.0280 3868 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll - ok
08:57:46.0296 3868 [ 77B5035BC6EDF4D1B6265391AECEE4C0 ] C:\Windows\System32\vpnikeapi.dll
08:57:46.0296 3868 C:\Windows\System32\vpnikeapi.dll - ok
08:57:46.0311 3868 [ D4467A285C91752018F67CDBA8680BAB ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamnet.dll
08:57:46.0311 3868 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamnet.dll - ok
08:57:46.0327 3868 [ D15618A0FF8DBC2C5BF3726BACC75A0B ] C:\Windows\SysWOW64\userenv.dll
08:57:46.0327 3868 C:\Windows\SysWOW64\userenv.dll - ok
08:57:46.0342 3868 [ 6A6B2EE4565A178035BE2A4FF6F2C968 ] C:\Windows\SysWOW64\wtsapi32.dll
08:57:46.0342 3868 C:\Windows\SysWOW64\wtsapi32.dll - ok
08:57:46.0358 3868 [ 58F4493BF748A3A89689997B7BD00E95 ] C:\Windows\System32\winhttp.dll
08:57:46.0358 3868 C:\Windows\System32\winhttp.dll - ok
08:57:46.0374 3868 [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\SysWOW64\profapi.dll
08:57:46.0374 3868 C:\Windows\SysWOW64\profapi.dll - ok
08:57:46.0389 3868 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
08:57:46.0389 3868 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe - ok
08:57:46.0405 3868 [ 603EBD34E216C5654A2D774EAC98D278 ] C:\Windows\System32\webio.dll
08:57:46.0405 3868 C:\Windows\System32\webio.dll - ok
08:57:46.0420 3868 [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\SysWOW64\rsaenh.dll
08:57:46.0420 3868 C:\Windows\SysWOW64\rsaenh.dll - ok
08:57:46.0420 3868 [ BCEA9AB347E53BC03B2E36BE0B8BA0EF ] C:\Windows\System32\httpapi.dll
08:57:46.0420 3868 C:\Windows\System32\httpapi.dll - ok
08:57:46.0436 3868 [ 4BE1DCAD76BE96D1EC887A41E570C404 ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamcore.dll
08:57:46.0436 3868 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamcore.dll - ok
08:57:46.0452 3868 [ B9A8CBCFCD3EC9D2EA4740AF347BF108 ] C:\Windows\SysWOW64\mpr.dll
08:57:46.0452 3868 C:\Windows\SysWOW64\mpr.dll - ok
08:57:46.0467 3868 [ 17448AF0BBA9E7AB5EC955AF93F271BD ] C:\Windows\SysWOW64\wintrust.dll
08:57:46.0467 3868 C:\Windows\SysWOW64\wintrust.dll - ok
08:57:46.0483 3868 [ 847D3AE376C0817161A14A82C8922A9E ] C:\Windows\System32\netman.dll
08:57:46.0483 3868 C:\Windows\System32\netman.dll - ok
08:57:46.0498 3868 [ 8AD77806D336673F270DB31645267293 ] C:\Windows\System32\nlasvc.dll
08:57:46.0498 3868 C:\Windows\System32\nlasvc.dll - ok
08:57:46.0514 3868 [ D4FAC263861BAE06971C7F7D0A8EBF15 ] C:\Windows\System32\ncsi.dll
08:57:46.0514 3868 C:\Windows\System32\ncsi.dll - ok
08:57:46.0530 3868 [ 2BBF3FDB70B8965DFA0258CBAB41ECCE ] C:\Windows\System32\ssdpapi.dll
08:57:46.0530 3868 C:\Windows\System32\ssdpapi.dll - ok
08:57:46.0545 3868 [ 68769C3356B3BE5D1C732C97B9A80D6E ] C:\Windows\System32\drivers\PEAuth.sys
08:57:46.0545 3868 C:\Windows\System32\drivers\PEAuth.sys - ok
08:57:46.0545 3868 [ 1727B2A2F379A32B864C096FA794AADC ] C:\Windows\System32\aepic.dll
08:57:46.0545 3868 C:\Windows\System32\aepic.dll - ok
08:57:46.0561 3868 [ 3EA8A16169C26AFBEB544E0E48421186 ] C:\Windows\System32\drivers\secdrv.sys
08:57:46.0561 3868 C:\Windows\System32\drivers\secdrv.sys - ok
08:57:46.0576 3868 [ C6DCD1D11ED6827F05C00773C3E7053C ] C:\Windows\System32\sfc.dll
08:57:46.0576 3868 C:\Windows\System32\sfc.dll - ok
08:57:46.0592 3868 [ 895C9AB0A855547445C4181195230757 ] C:\Windows\System32\sfc_os.dll
08:57:46.0592 3868 C:\Windows\System32\sfc_os.dll - ok
08:57:46.0608 3868 [ 27E461F0BE5BFF5FC737328F749538C3 ] C:\Windows\System32\drivers\srvnet.sys
08:57:46.0608 3868 C:\Windows\System32\drivers\srvnet.sys - ok
08:57:46.0623 3868 [ BC617A4E1B4FA8DF523A061739A0BD87 ] C:\Windows\System32\seclogon.dll
08:57:46.0623 3868 C:\Windows\System32\seclogon.dll - ok
08:57:46.0639 3868 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] C:\Windows\System32\sysmain.dll
08:57:46.0639 3868 C:\Windows\System32\sysmain.dll - ok
08:57:46.0654 3868 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] C:\Windows\System32\tapisrv.dll
08:57:46.0654 3868 C:\Windows\System32\tapisrv.dll - ok
08:57:46.0654 3868 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] C:\Windows\System32\wiaservc.dll
08:57:46.0654 3868 C:\Windows\System32\wiaservc.dll - ok
08:57:46.0670 3868 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] C:\Windows\System32\drivers\tcpipreg.sys
08:57:46.0670 3868 C:\Windows\System32\drivers\tcpipreg.sys - ok
08:57:46.0686 3868 [ 0B4734AE9EC70B843DF02E7B1C056377 ] C:\Windows\System32\ThpSrv.exe
08:57:46.0686 3868 C:\Windows\System32\ThpSrv.exe - ok
08:57:46.0701 3868 [ 0364256B4A2A93A8C8CDA6B3B5A0EFF5 ] C:\Windows\System32\wiatrace.dll
08:57:46.0701 3868 C:\Windows\System32\wiatrace.dll - ok
08:57:46.0717 3868 [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] C:\Windows\System32\TODDSrv.exe
08:57:46.0717 3868 C:\Windows\System32\TODDSrv.exe - ok
08:57:46.0732 3868 [ 1C73689B900428C7D054A41C4687F55C ] C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
08:57:46.0732 3868 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe - ok
08:57:46.0732 3868 [ E3BF12C68F844E689D1A9D7E6B54742A ] C:\Program Files\Microsoft Security Client\MpAsDesc.dll
08:57:46.0732 3868 C:\Program Files\Microsoft Security Client\MpAsDesc.dll - ok
08:57:46.0748 3868 [ 0BEB0C931BC24F610EE87179F31A8A42 ] C:\Program Files\Microsoft Security Client\MpCmdRun.exe
08:57:46.0748 3868 C:\Program Files\Microsoft Security Client\MpCmdRun.exe - ok
08:57:46.0764 3868 [ 3EAE925DCD7D2704982BBCA4DC7EAE7E ] C:\Program Files\TOSHIBA\Power Saver\TPwrReg.dll
08:57:46.0764 3868 C:\Program Files\TOSHIBA\Power Saver\TPwrReg.dll - ok
08:57:46.0779 3868 [ 218A400108F280428FA22282D3268BBC ] C:\Windows\System32\wscapi.dll
08:57:46.0779 3868 C:\Windows\System32\wscapi.dll - ok
08:57:46.0795 3868 [ D1103CFC8D7EA09ED22536EC301603F9 ] C:\Program Files\TOSHIBA\Power Saver\TPwrFunc.dll
08:57:46.0795 3868 C:\Program Files\TOSHIBA\Power Saver\TPwrFunc.dll - ok
08:57:46.0810 3868 [ DF5246F51E8557E20D40B3641CAE57B7 ] C:\Program Files\TOSHIBA\Power Saver\TtosFunc.dll
08:57:46.0810 3868 C:\Program Files\TOSHIBA\Power Saver\TtosFunc.dll - ok
08:57:46.0826 3868 [ FA43D418BC945D27D0625B697B8442B5 ] C:\Windows\System32\cabinet.dll
08:57:46.0826 3868 C:\Windows\System32\cabinet.dll - ok
08:57:46.0842 3868 [ 0015ACFBBDD164A8A730009908868CA7 ] C:\Windows\System32\winspool.drv
08:57:46.0842 3868 C:\Windows\System32\winspool.drv - ok
08:57:46.0857 3868 [ 7E7AFD841694F6AC397E99D75CEAD49D ] C:\Windows\System32\trkwks.dll
08:57:46.0857 3868 C:\Windows\System32\trkwks.dll - ok
08:57:46.0857 3868 [ 19B07E7E8915D701225DA41CB3877306 ] C:\Windows\System32\wbem\WMIsvc.dll
08:57:46.0857 3868 C:\Windows\System32\wbem\WMIsvc.dll - ok
08:57:46.0873 3868 [ 2BACD71123F42CEA603F4E205E1AE337 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:57:46.0873 3868 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE - ok
08:57:46.0888 3868 [ 7DB5AA22A8A8E5C2D335F44853C1F6DE ] C:\Windows\System32\wbemcomn.dll
08:57:46.0888 3868 C:\Windows\System32\wbemcomn.dll - ok
08:57:46.0904 3868 [ 0C52762C606BCF6A377D5E4688191A6B ] C:\Windows\System32\wbem\WmiDcPrv.dll
08:57:46.0904 3868 C:\Windows\System32\wbem\WmiDcPrv.dll - ok
08:57:46.0920 3868 [ 93812FDC01AA864195816CD814445F95 ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL
08:57:46.0920 3868 C:\Program Files\Common Files\Microsoft Shared\Windows Live\SQMAPI.DLL - ok
08:57:46.0935 3868 [ B837D1528CE2E3CB79F09496BC08DDC6 ] C:\Windows\System32\SensApi.dll
08:57:46.0935 3868 C:\Windows\System32\SensApi.dll - ok
08:57:46.0935 3868 [ A3F5E8EC1316C3E2562B82694A251C9E ] C:\Windows\System32\wbem\fastprox.dll
08:57:46.0935 3868 C:\Windows\System32\wbem\fastprox.dll - ok
08:57:46.0951 3868 [ 0255C22D99602534F15CBB8D9B6F152F ] C:\Windows\System32\wbem\WinMgmtR.dll
08:57:46.0951 3868 C:\Windows\System32\wbem\WinMgmtR.dll - ok
08:57:46.0966 3868 [ EE26D130808D16C0E417BBBED0451B34 ] C:\Windows\System32\ntdsapi.dll
08:57:46.0966 3868 C:\Windows\System32\ntdsapi.dll - ok
08:57:46.0982 3868 [ 9689A9C7F7C2A1A423CDA2C3B43FFF65 ] C:\Windows\System32\wer.dll
08:57:46.0982 3868 C:\Windows\System32\wer.dll - ok
08:57:46.0998 3868 [ 92E0508D924512F63FFEEFE498CBD11F ] C:\Windows\System32\p2pcollab.dll
08:57:46.0998 3868 C:\Windows\System32\p2pcollab.dll - ok
08:57:47.0013 3868 [ 210FCACAF902B2CD47CF9FD17D846146 ] C:\Windows\System32\aeevts.dll
08:57:47.0013 3868 C:\Windows\System32\aeevts.dll - ok
08:57:47.0029 3868 [ 666A60F6F5E719856FF6254E0966EFF7 ] C:\Windows\System32\wbem\wbemprox.dll
08:57:47.0029 3868 C:\Windows\System32\wbem\wbemprox.dll - ok
08:57:47.0044 3868 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] C:\Windows\System32\drivers\srv2.sys
08:57:47.0044 3868 C:\Windows\System32\drivers\srv2.sys - ok
08:57:47.0044 3868 [ 08C2957BB30058E663720C5606885653 ] C:\Windows\System32\iphlpsvc.dll
08:57:47.0044 3868 C:\Windows\System32\iphlpsvc.dll - ok
08:57:47.0060 3868 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] C:\Windows\System32\drivers\srv.sys
08:57:47.0060 3868 C:\Windows\System32\drivers\srv.sys - ok
08:57:47.0076 3868 [ 27B9E163740A226B65E4B9E186117911 ] C:\Windows\System32\sqmapi.dll
08:57:47.0076 3868 C:\Windows\System32\sqmapi.dll - ok
08:57:47.0091 3868 [ 7B38D7916A7CD058C16A0A6CA5077901 ] C:\Windows\System32\wdscore.dll
08:57:47.0091 3868 C:\Windows\System32\wdscore.dll - ok
08:57:47.0107 3868 [ 079FD1D59EAD19270C979AF174D881A3 ] C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
08:57:47.0107 3868 C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll - ok
08:57:47.0122 3868 [ 371948BC5911ABA06168FAC91ED25F06 ] C:\Windows\System32\msxml3.dll
08:57:47.0122 3868 C:\Windows\System32\msxml3.dll - ok
08:57:47.0138 3868 [ EE867A0870FC9E4972BA9EAAD35651E2 ] C:\Windows\System32\rasmans.dll
08:57:47.0138 3868 C:\Windows\System32\rasmans.dll - ok
08:57:47.0154 3868 [ 5EB55F661DEBF156E126160BCD4D89F8 ] C:\Windows\System32\wbem\wbemcore.dll
08:57:47.0154 3868 C:\Windows\System32\wbem\wbemcore.dll - ok
08:57:47.0154 3868 [ 2A46FFE841EC43001D5A293A54DB34DE ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
08:57:47.0154 3868 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE - ok
08:57:47.0169 3868 [ 087D8668C71634A3A3761135ABF16EEE ] C:\Windows\System32\wbem\esscli.dll
08:57:47.0169 3868 C:\Windows\System32\wbem\esscli.dll - ok
08:57:47.0185 3868 [ D9F42719019740BAA6D1C6D536CBDAA6 ] C:\Windows\System32\srvsvc.dll
08:57:47.0185 3868 C:\Windows\System32\srvsvc.dll - ok
08:57:47.0200 3868 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] C:\Windows\System32\browser.dll
08:57:47.0200 3868 C:\Windows\System32\browser.dll - ok
08:57:47.0216 3868 [ 718B6F51AB7F6FE2988A36868F9AD3AB ] C:\Windows\System32\wbem\wbemsvc.dll
08:57:47.0216 3868 C:\Windows\System32\wbem\wbemsvc.dll - ok
08:57:47.0232 3868 [ CFEFA40DDE34659BE5211966EAD86437 ] C:\Windows\System32\netmsg.dll
08:57:47.0232 3868 C:\Windows\System32\netmsg.dll - ok
08:57:47.0247 3868 [ 44C96B48112EB24AE7764EBF1C527000 ] C:\Windows\System32\rastapi.dll
08:57:47.0247 3868 C:\Windows\System32\rastapi.dll - ok
08:57:47.0247 3868 [ FAFAE01E889DC9C05A6CA2138CFC220B ] C:\Windows\System32\tapi32.dll
08:57:47.0247 3868 C:\Windows\System32\tapi32.dll - ok
08:57:47.0263 3868 [ 3B367397320C26DBA890B260F80D1B1B ] C:\Windows\System32\hnetcfg.dll
08:57:47.0263 3868 C:\Windows\System32\hnetcfg.dll - ok
08:57:47.0278 3868 [ 0143DB80DACFB7C2B5B7009ED9063353 ] C:\Windows\System32\wbem\wmiutils.dll
08:57:47.0278 3868 C:\Windows\System32\wbem\wmiutils.dll - ok
08:57:47.0294 3868 [ 81749E073AC5857B044A686B406E5244 ] C:\Windows\System32\clusapi.dll
08:57:47.0294 3868 C:\Windows\System32\clusapi.dll - ok
08:57:47.0310 3868 [ FF80CAD87555E8E4D2CFD7B9058343F8 ] C:\Windows\System32\sscore.dll
08:57:47.0310 3868 C:\Windows\System32\sscore.dll - ok
08:57:47.0325 3868 [ 344FCC9850C3A8A3B4D3C65151AF8E4C ] C:\Windows\System32\resutils.dll
08:57:47.0325 3868 C:\Windows\System32\resutils.dll - ok
08:57:47.0341 3868 [ 0AB34456654C283DAA13B8D2BA21439B ] C:\Windows\System32\wbem\repdrvfs.dll
08:57:47.0341 3868 C:\Windows\System32\wbem\repdrvfs.dll - ok
08:57:47.0341 3868 [ D2A0FFA75AB181B19B5EB93BB29C7686 ] C:\Windows\System32\unimdm.tsp
08:57:47.0341 3868 C:\Windows\System32\unimdm.tsp - ok
08:57:47.0356 3868 [ AFB5B500AD69E24ED1BC15D1161641EF ] C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
08:57:47.0356 3868 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL - ok
08:57:47.0372 3868 [ 88351B29B622B30962D2FEB6CA8D860B ] C:\Windows\System32\rasadhlp.dll
08:57:47.0372 3868 C:\Windows\System32\rasadhlp.dll - ok
08:57:47.0388 3868 [ 45CFBFA8EDC3DF4E2B7FB0D0260FE051 ] C:\Windows\System32\localspl.dll
08:57:47.0388 3868 C:\Windows\System32\localspl.dll - ok
08:57:47.0403 3868 [ 94B7DF336815B47236724019FAB24B7C ] C:\Windows\System32\uniplat.dll
08:57:47.0403 3868 C:\Windows\System32\uniplat.dll - ok
08:57:47.0419 3868 [ 41326DD08ACC0CDC5F8177AF96C066E8 ] C:\Windows\System32\kmddsp.tsp
08:57:47.0419 3868 C:\Windows\System32\kmddsp.tsp - ok
08:57:47.0434 3868 [ 1D6BC2769DA66C1145F4DA5A65F52E61 ] C:\Windows\System32\ndptsp.tsp
08:57:47.0434 3868 C:\Windows\System32\ndptsp.tsp - ok
08:57:47.0450 3868 [ DDD0357A92FA843EFF8915ED17253D6C ] C:\Windows\System32\wbem\WmiPrvSD.dll
08:57:47.0450 3868 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
08:57:47.0450 3868 [ 7C1BAE7D23D4874FEE256A2B9C00E019 ] C:\Windows\System32\hidphone.tsp
08:57:47.0450 3868 C:\Windows\System32\hidphone.tsp - ok
08:57:47.0466 3868 [ 3285481F5C12305CA104A6C493CA5A0B ] C:\Windows\System32\spoolss.dll
08:57:47.0466 3868 C:\Windows\System32\spoolss.dll - ok
08:57:47.0481 3868 [ C5AC93CF3BA30D367FB49148A2B673B9 ] C:\Windows\System32\PrintIsolationProxy.dll
08:57:47.0481 3868 C:\Windows\System32\PrintIsolationProxy.dll - ok
08:57:47.0497 3868 [ D41FEBD098234F02485A4EA98D4730A4 ] C:\Windows\System32\ncobjapi.dll
08:57:47.0497 3868 C:\Windows\System32\ncobjapi.dll - ok
08:57:47.0512 3868 [ A8EDB86FC2A4D6D1285E4C70384AC35A ] C:\Windows\System32\dllhost.exe
08:57:47.0512 3868 C:\Windows\System32\dllhost.exe - ok
08:57:47.0512 3868 [ 6F40D6FB05E0C1E5402812B426971AF0 ] C:\Windows\System32\wbem\wbemess.dll
08:57:47.0512 3868 C:\Windows\System32\wbem\wbemess.dll - ok
08:57:47.0528 3868 [ A717A35120DBAB5AB707AB40662AF9DD ] C:\Windows\System32\rasppp.dll
08:57:47.0528 3868 C:\Windows\System32\rasppp.dll - ok
08:57:47.0544 3868 [ 0FE5CD5F9C9248F42D1EF56E495B182E ] C:\Windows\System32\vpnike.dll
08:57:47.0544 3868 C:\Windows\System32\vpnike.dll - ok
08:57:47.0559 3868 [ 14DFDEAF4E589ED3F1FF187A86B9408C ] C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll
08:57:47.0559 3868 C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll - ok
08:57:47.0575 3868 [ 418E881201583A3039D81F43E39E6C78 ] C:\Windows\SysWOW64\winsta.dll
08:57:47.0575 3868 C:\Windows\SysWOW64\winsta.dll - ok
08:57:47.0590 3868 [ 6A84E68B538B8B04608BF2F0D426CE6F ] C:\Windows\System32\raschap.dll
08:57:47.0590 3868 C:\Windows\System32\raschap.dll - ok
08:57:47.0606 3868 [ F93674263F6B07C77956E966953242D9 ] C:\Windows\SysWOW64\secur32.dll
08:57:47.0606 3868 C:\Windows\SysWOW64\secur32.dll - ok
08:57:47.0606 3868 [ A0A2C1D812C231C9BFE119FDC68E341B ] C:\Windows\System32\IDStore.dll
08:57:47.0606 3868 C:\Windows\System32\IDStore.dll - ok
08:57:47.0622 3868 [ B95F6501A2F8B2E78C697FEC401970CE ] C:\Windows\System32\ipnathlp.dll
08:57:47.0622 3868 C:\Windows\System32\ipnathlp.dll - ok
08:57:47.0637 3868 [ 5F552F1DD619482E9F37A17914B0B5CD ] C:\Windows\System32\KMPJL64.DLL
08:57:47.0637 3868 C:\Windows\System32\KMPJL64.DLL - ok
08:57:47.0653 3868 [ 19E41CCCEE697CC9465396B370929792 ] C:\Windows\System32\FXSMON.dll
08:57:47.0653 3868 C:\Windows\System32\FXSMON.dll - ok
08:57:47.0668 3868 [ 32A3C8600AF124CBAAD845F13CFAE3CB ] C:\Windows\System32\tcpmon.dll
08:57:47.0668 3868 C:\Windows\System32\tcpmon.dll - ok
08:57:47.0684 3868 [ 2DF29664ED261F0FC448E58F338F0671 ] C:\Windows\System32\mprapi.dll
08:57:47.0684 3868 C:\Windows\System32\mprapi.dll - ok
08:57:47.0700 3868 [ 93518C6EDE0B61BCBD02BDB02BD05FEE ] C:\Windows\System32\snmpapi.dll
08:57:47.0700 3868 C:\Windows\System32\snmpapi.dll - ok
08:57:47.0715 3868 [ FFF9D00CF16397C64317F213484F94BD ] C:\Windows\System32\wsnmp32.dll
08:57:47.0715 3868 C:\Windows\System32\wsnmp32.dll - ok
08:57:47.0715 3868 [ DF72A9936D0C3F517083119648814B09 ] C:\Windows\System32\usbmon.dll
08:57:47.0715 3868 C:\Windows\System32\usbmon.dll - ok
08:57:47.0731 3868 [ A1D7E3ADCDB07DDB6F423862DCB1A52B ] C:\Windows\System32\WSDMon.dll
08:57:47.0731 3868 C:\Windows\System32\WSDMon.dll - ok
08:57:47.0746 3868 [ A42F2C1EB3B66C54FB3C7B79D30C1A6D ] C:\Windows\System32\netshell.dll
08:57:47.0746 3868 C:\Windows\System32\netshell.dll - ok
08:57:47.0762 3868 [ 4581716B4BF76ACFD8E167EB0B26D82A ] C:\Windows\System32\fdPnp.dll
08:57:47.0762 3868 C:\Windows\System32\fdPnp.dll - ok
08:57:47.0778 3868 [ 1D626FE2E13C1CE49CA0136CFF214E93 ] C:\Windows\System32\spool\prtprocs\x64\winprint.dll
08:57:47.0778 3868 C:\Windows\System32\spool\prtprocs\x64\winprint.dll - ok
08:57:47.0793 3868 [ 0353B239C28B0E9EBC7FA3D1F6181661 ] C:\Windows\System32\win32spl.dll
08:57:47.0793 3868 C:\Windows\System32\win32spl.dll - ok
08:57:47.0793 3868 [ 507D5567A0A4EE86C4B0CE2CE1777025 ] C:\Windows\System32\inetpp.dll
08:57:47.0793 3868 C:\Windows\System32\inetpp.dll - ok
08:57:47.0809 3868 [ 639774C9ACD063F028F6084ABF5593AD ] C:\Windows\System32\taskhost.exe
08:57:47.0809 3868 C:\Windows\System32\taskhost.exe - ok
08:57:47.0824 3868 [ D8DAD1E59B580BE2F5C079BCCE33EA96 ] C:\Windows\System32\KBDKOR.DLL
08:57:47.0824 3868 C:\Windows\System32\KBDKOR.DLL - ok
08:57:47.0840 3868 [ 4F5A3681A762FBCCC5A02D2DB3A04A79 ] C:\Windows\System32\kbd101a.dll
08:57:47.0840 3868 C:\Windows\System32\kbd101a.dll - ok
08:57:47.0856 3868 [ 06F85BA017A3D9B955AC7A00525ACF6B ] C:\Windows\System32\kbd103.dll
08:57:47.0856 3868 C:\Windows\System32\kbd103.dll - ok
08:57:47.0871 3868 [ 65EA57712340C09B1B0C427B4848AE05 ] C:\Windows\System32\taskeng.exe
08:57:47.0871 3868 C:\Windows\System32\taskeng.exe - ok
08:57:47.0887 3868 [ 1BF0CB861A48FEB1638228760750F3CB ] C:\Windows\System32\cscapi.dll
08:57:47.0887 3868 C:\Windows\System32\cscapi.dll - ok
08:57:47.0887 3868 [ 23566F9723771108D2E6CD768AC27407 ] C:\Windows\System32\AtBroker.exe
08:57:47.0887 3868 C:\Windows\System32\AtBroker.exe - ok
08:57:47.0902 3868 [ 94EEAC26F57811BD1AEFC164412F7FCE ] C:\Windows\System32\PlaySndSrv.dll
08:57:47.0902 3868 C:\Windows\System32\PlaySndSrv.dll - ok
08:57:47.0918 3868 [ 6CEF7856A3EFAC59470F6208F0F585CE ] C:\Windows\System32\mpr.dll
08:57:47.0918 3868 C:\Windows\System32\mpr.dll - ok
08:57:47.0934 3868 [ 805A52C5AE26C28E88FDD9BCCFE6F312 ] C:\Windows\System32\TSChannel.dll
08:57:47.0934 3868 C:\Windows\System32\TSChannel.dll - ok
08:57:47.0949 3868 [ F02A533F517EB38333CB12A9E8963773 ] C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:57:47.0949 3868 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe - ok
08:57:47.0965 3868 [ 9BB99503D6A4DD62569EDE9E5E2672A5 ] C:\Windows\System32\HotStartUserAgent.dll
08:57:47.0965 3868 C:\Windows\System32\HotStartUserAgent.dll - ok
08:57:47.0980 3868 [ 1F1CA9E99DD5BF918BE0BF30B5A42FDA ] C:\Windows\System32\MsCtfMonitor.dll
08:57:47.0980 3868 C:\Windows\System32\MsCtfMonitor.dll - ok
08:57:47.0980 3868 [ F09A9A1AD21FE618C4C8B0A0D830C886 ] C:\Windows\System32\msutb.dll
08:57:47.0980 3868 C:\Windows\System32\msutb.dll - ok
08:57:47.0996 3868 [ 162100E0BC8377710F9D170631921C03 ] C:\Windows\System32\drivers\NisDrvWFP.sys
08:57:47.0996 3868 C:\Windows\System32\drivers\NisDrvWFP.sys - ok
08:57:48.0012 3868 [ BAFE84E637BF7388C96EF48D4D3FDD53 ] C:\Windows\System32\userinit.exe
08:57:48.0012 3868 C:\Windows\System32\userinit.exe - ok
08:57:48.0027 3868 [ 58A0CDABEA255616827B1C22C9994466 ] C:\Windows\System32\NapiNSP.dll
08:57:48.0027 3868 C:\Windows\System32\NapiNSP.dll - ok
08:57:48.0043 3868 [ 2E5672EEA419A4DC9DACD714632E1DC3 ] C:\Program Files (x86)\Google\Update\1.3.21.135\goopdate.dll
08:57:48.0043 3868 C:\Program Files (x86)\Google\Update\1.3.21.135\goopdate.dll - ok
08:57:48.0058 3868 [ 613C8CE10A5FDE582BA5FA64C4D56AAA ] C:\Windows\System32\pnrpnsp.dll
08:57:48.0058 3868 C:\Windows\System32\pnrpnsp.dll - ok
08:57:48.0074 3868 [ 2FCA0D2C59A855C54BAFA22AA329DF0F ] C:\Windows\SysWOW64\netapi32.dll
08:57:48.0074 3868 C:\Windows\SysWOW64\netapi32.dll - ok
08:57:48.0074 3868 [ 20B3934DB73EABA2B49B7177873CB81F ] C:\Windows\SysWOW64\netutils.dll
08:57:48.0074 3868 C:\Windows\SysWOW64\netutils.dll - ok
08:57:48.0090 3868 [ 5CCDCD40E732D54E0F7451AC66AC1C87 ] C:\Windows\SysWOW64\srvcli.dll
08:57:48.0090 3868 C:\Windows\SysWOW64\srvcli.dll - ok
08:57:48.0105 3868 [ E5A4A1326A02F8E7B59E6C3270CE7202 ] C:\Windows\SysWOW64\wkscli.dll
08:57:48.0105 3868 C:\Windows\SysWOW64\wkscli.dll - ok
08:57:48.0121 3868 [ 352B3DC62A0D259A82A052238425C872 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
08:57:48.0121 3868 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll - ok
08:57:48.0136 3868 [ C6E15F2F95F9C0A6098D43510B604E52 ] C:\Program Files\Microsoft Security Client\NisSrv.exe
08:57:48.0136 3868 C:\Program Files\Microsoft Security Client\NisSrv.exe - ok
08:57:48.0152 3868 [ 582AC6D9873E31DFA28A4547270862DD ] C:\Windows\System32\QAGENTRT.DLL
08:57:48.0152 3868 C:\Windows\System32\QAGENTRT.DLL - ok
08:57:48.0168 3868 [ F7073C962C4FB7C415565DDE109DE49F ] C:\Windows\System32\npmproxy.dll
08:57:48.0168 3868 C:\Windows\System32\npmproxy.dll - ok
08:57:48.0183 3868 [ 506A83A3BEEE9FCA09F0170DE9FC7D1B ] C:\Windows\System32\fveui.dll
08:57:48.0183 3868 C:\Windows\System32\fveui.dll - ok
08:57:48.0183 3868 [ F162D5F5E845B9DC352DD1BAD8CEF1BC ] C:\Windows\System32\dwm.exe
08:57:48.0183 3868 C:\Windows\System32\dwm.exe - ok
08:57:48.0199 3868 [ B2DB6ABA2E292235749B80A9C3DFA867 ] C:\Windows\SysWOW64\imagehlp.dll
08:57:48.0199 3868 C:\Windows\SysWOW64\imagehlp.dll - ok
08:57:48.0214 3868 [ 577D0DC85524A16FE29D7956B22974C4 ] C:\Program Files\Microsoft Security Client\MsseWat.dll
08:57:48.0214 3868 C:\Program Files\Microsoft Security Client\MsseWat.dll - ok
08:57:48.0230 3868 [ 79AFFC7FEEA9CD2FEFEA5EF3B631A02C ] C:\Windows\System32\ndiscapCfg.dll
08:57:48.0230 3868 C:\Windows\System32\ndiscapCfg.dll - ok
08:57:48.0246 3868 [ A6C29DB53ECA94FA8591C5388D604B82 ] C:\Windows\SysWOW64\msi.dll
08:57:48.0246 3868 C:\Windows\SysWOW64\msi.dll - ok
08:57:48.0246 3868 [ FCFCD1101C5DA23B4B95F93D02B2C169 ] C:\Windows\System32\dwmredir.dll
08:57:48.0246 3868 C:\Windows\System32\dwmredir.dll - ok
08:57:48.0261 3868 [ B6D6886149573278CBA6ABD44C4317F5 ] C:\Windows\System32\slwga.dll
08:57:48.0261 3868 C:\Windows\System32\slwga.dll - ok
08:57:48.0277 3868 [ DB76DB15EFC6E4D1153A6C5BC895948D ] C:\Windows\System32\sppc.dll
08:57:48.0277 3868 C:\Windows\System32\sppc.dll - ok
08:57:48.0292 3868 [ F11A57E91FDAECFB41A5CB21EB1EBC8E ] C:\Windows\System32\dssenh.dll
08:57:48.0292 3868 C:\Windows\System32\dssenh.dll - ok
08:57:48.0308 3868 [ 3D6AF45673C4B31CDECD7F80AF09D443 ] C:\Windows\System32\rascfg.dll
08:57:48.0308 3868 C:\Windows\System32\rascfg.dll - ok
08:57:48.0324 3868 [ 4BA77A5EF71C14C764B0ED4701683E3E ] C:\Windows\System32\dwmcore.dll
08:57:48.0324 3868 C:\Windows\System32\dwmcore.dll - ok
08:57:48.0339 3868 [ 6BF27D309C6077F1E8A7747B49F7B17F ] C:\Program Files\Microsoft Security Client\NisLog.dll
08:57:48.0339 3868 C:\Program Files\Microsoft Security Client\NisLog.dll - ok
08:57:48.0355 3868 [ 332FEAB1435662FC6C672E25BEB37BE3 ] C:\Windows\explorer.exe
08:57:48.0355 3868 C:\Windows\explorer.exe - ok
08:57:48.0355 3868 [ 1CF21800E337F4039AAD4C94B4280EE4 ] C:\Windows\System32\mprmsg.dll
08:57:48.0355 3868 C:\Windows\System32\mprmsg.dll - ok
08:57:48.0370 3868 [ 55DE45B116711881C852D2841E4C84DD ] C:\Windows\System32\tcpipcfg.dll
08:57:48.0370 3868 C:\Windows\System32\tcpipcfg.dll - ok
08:57:48.0386 3868 [ 1EBE9524683C7C4EED8B8BC93FB6FBCC ] C:\Windows\SysWOW64\fltLib.dll
08:57:48.0386 3868 C:\Windows\SysWOW64\fltLib.dll - ok
08:57:48.0402 3868 [ 4AE04D9608F272F3F468B34F2F1329E5 ] C:\Program Files\AVAST Software\Avast\AhResBhv.dll
08:57:48.0402 3868 C:\Program Files\AVAST Software\Avast\AhResBhv.dll - ok
08:57:48.0417 3868 [ 9AE80F6A66B30E3ED8CDF858CF28B11B ] C:\Windows\System32\d3d10_1.dll
08:57:48.0417 3868 C:\Windows\System32\d3d10_1.dll - ok
08:57:48.0433 3868 [ 94868FC1295C8B76B8D45C1F44D9F653 ] C:\Program Files\AVAST Software\Avast\AhResJs.dll
08:57:48.0433 3868 C:\Program Files\AVAST Software\Avast\AhResJs.dll - ok
08:57:48.0448 3868 [ 63F72417CA38D8FC8F53709649B589E3 ] C:\Windows\System32\d3d10_1core.dll
08:57:48.0448 3868 C:\Windows\System32\d3d10_1core.dll - ok
08:57:48.0464 3868 [ DEA9DFD3E83F48D7005E066011D340F7 ] C:\Program Files\AVAST Software\Avast\AhResMai.dll
08:57:48.0464 3868 C:\Program Files\AVAST Software\Avast\AhResMai.dll - ok
08:57:48.0464 3868 [ 8DFB5752FCE145A6B295093C0A8BE131 ] C:\Windows\System32\dxgi.dll
08:57:48.0464 3868 C:\Windows\System32\dxgi.dll - ok
08:57:48.0480 3868 [ 465BEA35F7ED4A4A57686DEA7EA10F47 ] C:\Windows\SysWOW64\cscapi.dll
08:57:48.0480 3868 C:\Windows\SysWOW64\cscapi.dll - ok
08:57:48.0495 3868 [ C03EC02F6C9F492293D78F850E2E48FC ] C:\Program Files\AVAST Software\Avast\AhResMes.dll
08:57:48.0495 3868 C:\Program Files\AVAST Software\Avast\AhResMes.dll - ok
08:57:48.0511 3868 [ BD9EB3958F213F96B97B1D897DEE006D ] C:\Windows\System32\hidserv.dll
08:57:48.0511 3868 C:\Windows\System32\hidserv.dll - ok
08:57:48.0511 3868 [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\SysWOW64\ntmarta.dll
08:57:48.0511 3868 C:\Windows\SysWOW64\ntmarta.dll - ok
08:57:48.0526 3868 [ 15D7A4070D2B52D2EEA8D99E551E9E53 ] C:\Program Files\AVAST Software\Avast\AhResNS.dll
08:57:48.0526 3868 C:\Program Files\AVAST Software\Avast\AhResNS.dll - ok
08:57:48.0542 3868 [ 93221146D4EBBF314C29B23CD6CC391D ] C:\Windows\System32\wpdbusenum.dll
08:57:48.0542 3868 C:\Windows\System32\wpdbusenum.dll - ok
08:57:48.0558 3868 [ 0EBB390B7AEEC45EC061D9870A34FD42 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C52080FF-C318-4387-B394-CB1E50E95591}\MpKsl10b4c302.sys
08:57:48.0558 3868 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C52080FF-C318-4387-B394-CB1E50E95591}\MpKsl10b4c302.sys - ok
08:57:48.0573 3868 [ BF1FC3F79B863C914687A737C2F3D681 ] C:\Windows\System32\wdi.dll
08:57:48.0573 3868 C:\Windows\System32\wdi.dll - ok
08:57:48.0589 3868 [ BF4AC709BE5BF64F331F5D67773A0C82 ] C:\Windows\System32\perftrack.dll
08:57:48.0589 3868 C:\Windows\System32\perftrack.dll - ok
08:57:48.0604 3868 [ A8BB45F9ECAD993461E0FEF8E2A99152 ] C:\Windows\SysWOW64\Wldap32.dll
08:57:48.0604 3868 C:\Windows\SysWOW64\Wldap32.dll - ok
08:57:48.0620 3868 [ E64D9EC8018C55873B40FDEE9DBEF5B3 ] C:\Windows\System32\PortableDeviceApi.dll
08:57:48.0620 3868 C:\Windows\System32\PortableDeviceApi.dll - ok
08:57:48.0636 3868 [ BECDDA0990DEBD72A30096533521AD73 ] C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
08:57:48.0636 3868 C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe - ok
08:57:48.0651 3868 [ A46789AD5F3A85470F898B15D5C056BD ] C:\Program Files\AVAST Software\Avast\AhResP2P.dll
08:57:48.0651 3868 C:\Program Files\AVAST Software\Avast\AhResP2P.dll - ok
08:57:48.0651 3868 [ B2D91A72C78D27D9A25FFF8BAF6EB2F4 ] C:\Program Files\AVAST Software\Avast\AhResStd.dll
08:57:48.0651 3868 C:\Program Files\AVAST Software\Avast\AhResStd.dll - ok
08:57:48.0667 3868 [ 39F39B23969512842F6A6D259E68FF11 ] C:\Program Files\AVAST Software\Avast\AhResWS.dll
08:57:48.0667 3868 C:\Program Files\AVAST Software\Avast\AhResWS.dll - ok
08:57:48.0682 3868 [ EED05D42D91835064703E2318552ED25 ] C:\Windows\System32\ExplorerFrame.dll
08:57:48.0682 3868 C:\Windows\System32\ExplorerFrame.dll - ok
08:57:48.0698 3868 [ AFA79C343F9D1555F7E5D5FA70BB2A14 ] C:\Windows\System32\PortableDeviceConnectApi.dll
08:57:48.0698 3868 C:\Windows\System32\PortableDeviceConnectApi.dll - ok
08:57:48.0714 3868 [ B676429E44F2F8ACC3BAE7C89F46B212 ] C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe
08:57:48.0714 3868 C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe - ok
08:57:48.0729 3868 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] C:\Windows\System32\IPSECSVC.DLL
08:57:48.0729 3868 C:\Windows\System32\IPSECSVC.DLL - ok
08:57:48.0745 3868 [ 106B2C1DE615E08AFF9CE2A02E04F7CC ] C:\Program Files\AVAST Software\Avast\defs\13031801\ArPot.dll
08:57:48.0745 3868 C:\Program Files\AVAST Software\Avast\defs\13031801\ArPot.dll - ok
08:57:48.0760 3868 [ 2C8F7A0B6D023C6DD817E999528F2F98 ] C:\Program Files\AVAST Software\Avast\ashMaiSv.dll
08:57:48.0760 3868 C:\Program Files\AVAST Software\Avast\ashMaiSv.dll - ok
08:57:48.0776 3868 [ 9BC93C9ACFA34DB5A41B89357B31E4ED ] C:\Windows\System32\FwRemoteSvr.dll
08:57:48.0776 3868 C:\Windows\System32\FwRemoteSvr.dll - ok
08:57:48.0776 3868 [ AF718FFE60D958E590AF49C4FC3BD6A6 ] C:\Program Files\AVAST Software\Avast\ssleay32.dll
08:57:48.0776 3868 C:\Program Files\AVAST Software\Avast\ssleay32.dll - ok
08:57:48.0792 3868 [ BE54A53EC2C4C74B41909B7B9F9BF978 ] C:\Program Files\AVAST Software\Avast\ashShA64.dll
08:57:48.0792 3868 C:\Program Files\AVAST Software\Avast\ashShA64.dll - ok
08:57:48.0807 3868 [ 5EB6E9C8BE1ACC5830780E0F9A846255 ] C:\Windows\System32\msi.dll
08:57:48.0807 3868 C:\Windows\System32\msi.dll - ok
08:57:48.0823 3868 [ E1B22739C933BE33F53DB58C5393ADD3 ] C:\Windows\System32\Apphlpdm.dll
08:57:48.0823 3868 C:\Windows\System32\Apphlpdm.dll - ok
08:57:48.0838 3868 [ FF5688D309347F2720911D8796912834 ] C:\Windows\SysWOW64\clbcatq.dll
08:57:48.0838 3868 C:\Windows\SysWOW64\clbcatq.dll - ok
08:57:48.0854 3868 [ 4449D23E8F197862F1B16F1E6C89C36C ] C:\Windows\System32\diagperf.dll
08:57:48.0854 3868 C:\Windows\System32\diagperf.dll - ok
08:57:48.0870 3868 [ FEB91B4DA0D540865260A33838654FA3 ] C:\Windows\System32\nci.dll
08:57:48.0870 3868 C:\Windows\System32\nci.dll - ok
08:57:48.0870 3868 [ AC0C9CEA1218DAB1994AF8B28E680BD9 ] C:\Windows\System32\wlaninst.dll
08:57:48.0870 3868 C:\Windows\System32\wlaninst.dll - ok
08:57:48.0885 3868 [ 5A406C9C8E0880D3EABADC5DFD1ACDAE ] C:\Windows\System32\wwaninst.dll
08:57:48.0885 3868 C:\Windows\System32\wwaninst.dll - ok
08:57:48.0901 3868 [ C5A99A4C0DC9F0F5A95BA0C83D30A549 ] C:\Windows\SysWOW64\mstask.dll
08:57:48.0901 3868 C:\Windows\SysWOW64\mstask.dll - ok
08:57:48.0916 3868 [ 9C70887708A7C88D20DD215AC5AA757F ] C:\Program Files\AVAST Software\Avast\libeay32.dll
08:57:48.0916 3868 C:\Program Files\AVAST Software\Avast\libeay32.dll - ok
08:57:48.0932 3868 [ B6D90C99A72044AEF85A2B7D78FEBEF4 ] C:\Program Files\AVAST Software\Avast\defs\13031801\exts.dll
08:57:48.0932 3868 C:\Program Files\AVAST Software\Avast\defs\13031801\exts.dll - ok
08:57:48.0948 3868 [ 2E2072EB48238FCA8FBB7A9F5FABAC45 ] C:\Windows\System32\winrnr.dll
08:57:48.0948 3868 C:\Windows\System32\winrnr.dll - ok
08:57:48.0963 3868 [ 9719E3D834F5C8C43F56A93DFA497023 ] C:\Windows\System32\pnpts.dll
08:57:48.0963 3868 C:\Windows\System32\pnpts.dll - ok
08:57:48.0963 3868 [ E811F8510B133E70CF6E509FB809824F ] C:\Windows\System32\wdiasqmmodule.dll
08:57:48.0963 3868 C:\Windows\System32\wdiasqmmodule.dll - ok
08:57:48.0979 3868 [ C339473B25526F866DBB21425F3D8F3A ] C:\Program Files\AVAST Software\Avast\ashWebSv.dll
08:57:48.0979 3868 C:\Program Files\AVAST Software\Avast\ashWebSv.dll - ok
08:57:48.0994 3868 [ 0BA65122FFA7E37564EE86422DBF7AE8 ] C:\Windows\SysWOW64\nlaapi.dll
08:57:48.0994 3868 C:\Windows\SysWOW64\nlaapi.dll - ok
08:57:49.0010 3868 [ 0B7E85364CB878E2AD531DB7B601A9E5 ] C:\Windows\SysWOW64\NapiNSP.dll
08:57:49.0010 3868 C:\Windows\SysWOW64\NapiNSP.dll - ok
08:57:49.0026 3868 [ 5CF640EDDB1E40A5AB1BB743BCDEC610 ] C:\Windows\SysWOW64\pnrpnsp.dll
08:57:49.0026 3868 C:\Windows\SysWOW64\pnrpnsp.dll - ok
08:57:49.0041 3868 [ B40420876B9288E0A1C8CCA8A84E5DC9 ] C:\Windows\SysWOW64\dnsapi.dll
08:57:49.0041 3868 C:\Windows\SysWOW64\dnsapi.dll - ok
08:57:49.0041 3868 [ 640B91D321940568939DDD71C6E7B93A ] C:\Program Files\AVAST Software\Avast\snxhk64.dll
08:57:49.0041 3868 C:\Program Files\AVAST Software\Avast\snxhk64.dll - ok
08:57:49.0057 3868 [ 5DF5D8CFD9B9573FA3B2C89D9061A240 ] C:\Windows\SysWOW64\winrnr.dll
08:57:49.0057 3868 C:\Windows\SysWOW64\winrnr.dll - ok
08:57:49.0072 3868 [ 12B79422A23814429CDA9E734C58F78F ] C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
08:57:49.0072 3868 C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL - ok
08:57:49.0088 3868 [ 46863C4CC5B68EB09EA2D5EEF0F1193A ] C:\Windows\System32\radardt.dll
08:57:49.0088 3868 C:\Windows\System32\radardt.dll - ok
08:57:49.0104 3868 [ 20C7F2ADAE249D6708941BC8CDD9735F ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6671647A-D593-488C-A849-D3C86E0F9E6F}\gapaengine.dll
08:57:49.0104 3868 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6671647A-D593-488C-A849-D3C86E0F9E6F}\gapaengine.dll - ok
08:57:49.0119 3868 [ 024352FEEC9042260BB4CFB4D79A206B ] C:\Windows\System32\EhStorShell.dll
08:57:49.0119 3868 C:\Windows\System32\EhStorShell.dll - ok
08:57:49.0135 3868 [ 037A719DAD50603202C978CD802623E4 ] C:\Windows\System32\ntshrui.dll
08:57:49.0135 3868 C:\Windows\System32\ntshrui.dll - ok
08:57:49.0150 3868 [ 7B31FB7DA69A72C03637BD8A2B2111CE ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6671647A-D593-488C-A849-D3C86E0F9E6F}\nisfull.vdm
08:57:49.0150 3868 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6671647A-D593-488C-A849-D3C86E0F9E6F}\nisfull.vdm - ok
08:57:49.0166 3868 [ 1D63F4366288B8A7595397E27010FD44 ] C:\Windows\System32\IconCodecService.dll
08:57:49.0166 3868 C:\Windows\System32\IconCodecService.dll - ok
08:57:49.0166 3868 [ E629F1A051C82795DDFFD3E8D4855811 ] C:\Windows\System32\dimsjob.dll
08:57:49.0166 3868 C:\Windows\System32\dimsjob.dll - ok
08:57:49.0182 3868 [ 03A03A453F1AAAE0C73AAAF895321C7A ] C:\Windows\SysWOW64\FWPUCLNT.DLL
08:57:49.0182 3868 C:\Windows\SysWOW64\FWPUCLNT.DLL - ok
08:57:49.0197 3868 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] C:\Windows\System32\appinfo.dll
08:57:49.0197 3868 C:\Windows\System32\appinfo.dll - ok
08:57:49.0213 3868 [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\SysWOW64\rasadhlp.dll
08:57:49.0213 3868 C:\Windows\SysWOW64\rasadhlp.dll - ok
08:57:49.0228 3868 [ 448B02AD260EC3E1E892FCE6DFDDEEBD ] C:\Windows\System32\d3d11.dll
08:57:49.0228 3868 C:\Windows\System32\d3d11.dll - ok
08:57:49.0244 3868 [ 4F6E72B34ED3DC53DCC5E8708E60B61F ] C:\Windows\SysWOW64\security.dll
08:57:49.0244 3868 C:\Windows\SysWOW64\security.dll - ok
08:57:49.0260 3868 [ DF7A5058504EE982914A3C24676F4485 ] C:\Program Files\AVAST Software\Avast\ashWsFtr.dll
08:57:49.0260 3868 C:\Program Files\AVAST Software\Avast\ashWsFtr.dll - ok
08:57:49.0260 3868 [ A7A8CA53D9C9FD90C07AB0EB38E5316B ] C:\Windows\System32\dbghelp.dll
08:57:49.0260 3868 C:\Windows\System32\dbghelp.dll - ok
08:57:49.0275 3868 [ B010CF886420EE29C2C276646721D255 ] C:\Windows\SysWOW64\wlanapi.dll
08:57:49.0275 3868 C:\Windows\SysWOW64\wlanapi.dll - ok
08:57:49.0291 3868 [ 1D6A771D1D702AE07919DB52C889A249 ] C:\Windows\SysWOW64\wlanutil.dll
08:57:49.0291 3868 C:\Windows\SysWOW64\wlanutil.dll - ok
08:57:49.0306 3868 [ 9D2680936DA1CB440E34482C6CAD9098 ] C:\Program Files\AVAST Software\Avast\aswPatchMgt.dll
08:57:49.0306 3868 C:\Program Files\AVAST Software\Avast\aswPatchMgt.dll - ok
08:57:49.0322 3868 [ A7F63C1F5CE020AA24CDCEFB422CF9E3 ] C:\Program Files\AVAST Software\Avast\defs\13031801\aswAR.dll
08:57:49.0322 3868 C:\Program Files\AVAST Software\Avast\defs\13031801\aswAR.dll - ok
08:57:49.0338 3868 [ 83D722F311011FB0E521737F724DEB90 ] C:\Program Files\AVAST Software\Avast\defs\13031801\aswRawFS.dll
08:57:49.0338 3868 C:\Program Files\AVAST Software\Avast\defs\13031801\aswRawFS.dll - ok
08:57:49.0338 3868 [ B2DFFEA8FB6B8DA0501F53C9F2112612 ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C52080FF-C318-4387-B394-CB1E50E95591}\offreg.dll
08:57:49.0338 3868 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C52080FF-C318-4387-B394-CB1E50E95591}\offreg.dll - ok
08:57:49.0353 3868 [ 025C496DA7B48A82A40906D538BFC4AC ] C:\Program Files\AVAST Software\Avast\defs\13031801\swhealthex.dll
08:57:49.0353 3868 C:\Program Files\AVAST Software\Avast\defs\13031801\swhealthex.dll - ok
08:57:49.0369 3868 [ 35CB97CBC3EDC463418ED4997AAB29B6 ] C:\Windows\System32\pautoenr.dll
08:57:49.0369 3868 C:\Windows\System32\pautoenr.dll - ok
08:57:49.0384 3868 [ FBD879D17B26D49DD7A48FF58062FAE6 ] C:\Windows\System32\tdh.dll
08:57:49.0384 3868 C:\Windows\System32\tdh.dll - ok
08:57:49.0400 3868 [ 94DFBB481BF51158B216E23C5C1C9D6E ] C:\Windows\System32\certcli.dll
08:57:49.0400 3868 C:\Windows\System32\certcli.dll - ok
08:57:49.0416 3868 [ 263B26106606A010CF877472B535E4BB ] C:\Windows\System32\CertEnroll.dll
08:57:49.0416 3868 C:\Windows\System32\CertEnroll.dll - ok
08:57:49.0431 3868 [ 10F815BE90A66AAFC6C713D1BD626064 ] C:\Windows\System32\pnidui.dll
08:57:49.0431 3868 C:\Windows\System32\pnidui.dll - ok
08:57:49.0447 3868 [ 1EB82516F21F27EED1833B4F9FD9614E ] C:\Windows\System32\wmp.dll
08:57:49.0447 3868 C:\Windows\System32\wmp.dll - ok
08:57:49.0462 3868 [ 1EA7969E3271CBC59E1730697DC74682 ] C:\Windows\System32\qmgr.dll
08:57:49.0462 3868 C:\Windows\System32\qmgr.dll - ok
08:57:49.0462 3868 [ D2155709E336C3BC15729EB87FEC6064 ] C:\Windows\System32\rasdlg.dll
08:57:49.0462 3868 C:\Windows\System32\rasdlg.dll - ok
08:57:49.0478 3868 [ 29409ED7400CA5BCCC30C0EE5147A60D ] C:\Windows\System32\bitsperf.dll
08:57:49.0478 3868 C:\Windows\System32\bitsperf.dll - ok
08:57:49.0494 3868 [ D9431DCF90B0253773F51FDEFE7FD42F ] C:\Windows\System32\bitsigd.dll
08:57:49.0494 3868 C:\Windows\System32\bitsigd.dll - ok
08:57:49.0509 3868 [ 96DB78C9C50CEED9DA5050EFFEE272A2 ] C:\Windows\System32\upnp.dll
08:57:49.0509 3868 C:\Windows\System32\upnp.dll - ok
08:57:49.0525 3868 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] C:\Windows\System32\ssdpsrv.dll
08:57:49.0525 3868 C:\Windows\System32\ssdpsrv.dll - ok
08:57:49.0540 3868 [ 198803E5E93E29967DFB0BCFD0186151 ] C:\Windows\System32\spfileq.dll
08:57:49.0540 3868 C:\Windows\System32\spfileq.dll - ok
08:57:49.0556 3868 [ AC5DF873913B00E554D8F553459BC431 ] C:\Windows\System32\qmgrprxy.dll
08:57:49.0556 3868 C:\Windows\System32\qmgrprxy.dll - ok
08:57:49.0556 3868 [ 85B45B4B285B159ACDB355FC8C1E8925 ] C:\Windows\SysWOW64\qmgrprxy.dll
08:57:49.0556 3868 C:\Windows\SysWOW64\qmgrprxy.dll - ok
08:57:49.0572 3868 [ 522B0466ED967A0762E9AF5B37D8F40A ] C:\Windows\System32\esent.dll
08:57:49.0572 3868 C:\Windows\System32\esent.dll - ok
08:57:49.0587 3868 [ A20B8855DA46D7E1377A9F0B2FC3E054 ] C:\Program Files (x86)\7-Zip\7zFM.exe
08:57:49.0587 3868 C:\Program Files (x86)\7-Zip\7zFM.exe - ok
08:57:49.0603 3868 [ B95AC0CDB8F068F0C024CD344B354298 ] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
08:57:49.0603 3868 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe - ok
08:57:49.0618 3868 [ DDE5A0DFAF7C6370FB36402D7A746ED3 ] C:\Program Files (x86)\Internet Explorer\iexplore.exe
08:57:49.0618 3868 C:\Program Files (x86)\Internet Explorer\iexplore.exe - ok
08:57:49.0634 3868 [ 6E3D7F11D087FE1AC7865F702665D768 ] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
08:57:49.0634 3868 C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe - ok
08:57:49.0650 3868 [ A73BA53CF7AD1429AACB9C860D8F4B7D ] C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll
08:57:49.0650 3868 C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll - ok
08:57:49.0665 3868 [ AF20DA051DE39496C098F2F33B958E94 ] C:\Program Files (x86)\Java\jre7\bin\java.exe
08:57:49.0665 3868 C:\Program Files (x86)\Java\jre7\bin\java.exe - ok
08:57:49.0681 3868 [ 899C7993A7DE3061C74623F5523BC21D ] C:\Program Files\AVAST Software\Avast\Setup\avast.setup
08:57:49.0681 3868 C:\Program Files\AVAST Software\Avast\Setup\avast.setup - ok
08:57:49.0681 3868 [ BDAC1AA64495D0F7E1FF810EBBF1F018 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
08:57:49.0681 3868 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll - ok
08:57:49.0696 3868 [ 10FB16B50AFFDA6D44588F3C445DC273 ] C:\Windows\SysWOW64\setupapi.dll
08:57:49.0696 3868 C:\Windows\SysWOW64\setupapi.dll - ok
08:57:49.0712 3868 [ 2EEFF4502F5E13B1BED4A04CCAD64C08 ] C:\Windows\SysWOW64\devobj.dll
08:57:49.0712 3868 C:\Windows\SysWOW64\devobj.dll - ok
08:57:49.0728 3868 [ 8E01332CC4B68BC6B5B7EFFE374442AA ] C:\Windows\SysWOW64\oleacc.dll
08:57:49.0728 3868 C:\Windows\SysWOW64\oleacc.dll - ok
08:57:49.0743 3868 [ 08DFDBD2FD4EA951DC46B1C7661ED35A ] C:\Windows\SysWOW64\powrprof.dll
08:57:49.0743 3868 C:\Windows\SysWOW64\powrprof.dll - ok
08:57:49.0759 3868 [ 9E4B0E7472B4CEBA9E17F440B8CB0AB8 ] C:\Windows\SysWOW64\winspool.drv
08:57:49.0759 3868 C:\Windows\SysWOW64\winspool.drv - ok
08:57:49.0774 3868 [ D1DE1EAFDE97BE41CF6585027FF3E732 ] C:\Windows\SysWOW64\comdlg32.dll
08:57:49.0774 3868 C:\Windows\SysWOW64\comdlg32.dll - ok
08:57:49.0790 3868 [ 18AB2E5A40064ED5F7791AC5946A90F3 ] C:\Windows\SysWOW64\msimg32.dll
08:57:49.0790 3868 C:\Windows\SysWOW64\msimg32.dll - ok
08:57:49.0790 3868 [ 936F728E04ACCF3F38801CFFCF1E3F40 ] C:\Windows\SysWOW64\oledlg.dll
08:57:49.0806 3868 C:\Windows\SysWOW64\oledlg.dll - ok
08:57:49.0806 3868 [ B5B2896034D8ADEBD79E0C281B52508F ] C:\Windows\AppPatch\AcGenral.dll
08:57:49.0806 3868 C:\Windows\AppPatch\AcGenral.dll - ok
08:57:49.0821 3868 [ 43964FA89CCF97BA6BE34D69455AC65F ] C:\Windows\SysWOW64\uxtheme.dll
08:57:49.0821 3868 C:\Windows\SysWOW64\uxtheme.dll - ok
08:57:49.0837 3868 [ 85683DF1F917E4D7F6BE1A04986BF1C8 ] C:\Windows\SysWOW64\msacm32.dll
08:57:49.0837 3868 C:\Windows\SysWOW64\msacm32.dll - ok
08:57:49.0852 3868 [ 68ECCA523ED760AAFC03C5D587569859 ] C:\Windows\SysWOW64\samcli.dll
08:57:49.0852 3868 C:\Windows\SysWOW64\samcli.dll - ok
08:57:49.0852 3868 [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9 ] C:\Windows\SysWOW64\sfc.dll
08:57:49.0852 3868 C:\Windows\SysWOW64\sfc.dll - ok
08:57:49.0868 3868 [ 84799328D87B3091A3BDD251E1AD31F9 ] C:\Windows\SysWOW64\sfc_os.dll
08:57:49.0868 3868 C:\Windows\SysWOW64\sfc_os.dll - ok
08:57:49.0884 3868 [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\SysWOW64\dwmapi.dll
08:57:49.0884 3868 C:\Windows\SysWOW64\dwmapi.dll - ok
08:57:49.0899 3868 [ 5C5E3AFD499E5146FEF1DA5EF8A23205 ] C:\Program Files\AVAST Software\Avast\dbghelp.dll
08:57:49.0899 3868 C:\Program Files\AVAST Software\Avast\dbghelp.dll - ok
08:57:49.0915 3868 [ B4AC3953C16443158DCA772F187DF92C ] C:\Windows\System32\aticfx64.dll
08:57:49.0915 3868 C:\Windows\System32\aticfx64.dll - ok
08:57:49.0930 3868 [ 025E7DBDB98866ED3CB2D4DDA70B364D ] C:\Windows\System32\runonce.exe
08:57:49.0930 3868 C:\Windows\System32\runonce.exe - ok
08:57:49.0946 3868 [ 1D8FF340333F3D023668467574523FCF ] C:\Windows\System32\atiuxp64.dll
08:57:49.0946 3868 C:\Windows\System32\atiuxp64.dll - ok
08:57:49.0962 3868 [ 2CEFF13ACE25A40BD8D97654944297CD ] C:\Windows\svchost.exe
08:57:49.0962 3868 C:\Windows\svchost.exe - ok
08:57:49.0962 3868 [ 9E8CFD920F2D542FA9FE9FBD142C2B0A ] C:\Windows\System32\atidxx64.dll
08:57:49.0977 3868 C:\Windows\System32\atidxx64.dll - ok
08:57:49.0977 3868 [ 49E5753D923F1AC63B22D3DCB0B47E00 ] C:\Windows\System32\uDWM.dll
08:57:49.0977 3868 C:\Windows\System32\uDWM.dll - ok
08:57:49.0993 3868 [ 4B78B431F225FD8624C5655CB1DE7B61 ] C:\Windows\System32\aelupsvc.dll
08:57:49.0993 3868 C:\Windows\System32\aelupsvc.dll - ok
08:57:50.0008 3868 [ E03082BF43266EAC72E2CD3BC1283F24 ] C:\Program Files\Microsoft Security Client\MpCommu.dll
08:57:50.0008 3868 C:\Program Files\Microsoft Security Client\MpCommu.dll - ok
08:57:50.0024 3868 [ D44741F65A1D71F65814A12CF6E2400A ] C:\Windows\SysWOW64\runonce.exe
08:57:50.0024 3868 C:\Windows\SysWOW64\runonce.exe - ok
08:57:50.0040 3868 [ 44B1C057B30890C55FB6F4C1582E8522 ] C:\Program Files\AVAST Software\Avast\snxhk.dll
08:57:50.0040 3868 C:\Program Files\AVAST Software\Avast\snxhk.dll - ok
08:57:50.0055 3868 [ 12C45E3CB6D65F73209549E2D02ECA7A ] C:\Windows\SysWOW64\propsys.dll
08:57:50.0055 3868 C:\Windows\SysWOW64\propsys.dll - ok
08:57:50.0071 3868 [ AD7B9C14083B52BC532FBA5948342B98 ] C:\Windows\SysWOW64\cmd.exe
08:57:50.0071 3868 C:\Windows\SysWOW64\cmd.exe - ok
08:57:50.0071 3868 [ 9A85ABCE0FDD1AF8E79E731EB0B679F3 ] C:\Windows\SysWOW64\dhcpcsvc.dll
08:57:50.0086 3868 C:\Windows\SysWOW64\dhcpcsvc.dll - ok
08:57:50.0086 3868 [ 220159496484D34009DE71CA1A68E0D4 ] C:\Windows\System32\wbem\NCProv.dll
08:57:50.0086 3868 C:\Windows\System32\wbem\NCProv.dll - ok
08:57:50.0102 3868 [ 81F6C1AE23B1C493D9E996C3103915D7 ] C:\Windows\SysWOW64\dhcpcsvc6.dll
08:57:50.0102 3868 C:\Windows\SysWOW64\dhcpcsvc6.dll - ok
08:57:50.0118 3868 [ 326C7F76A29897A892AA7726E91C1C67 ] C:\Windows\SysWOW64\winbrand.dll
08:57:50.0118 3868 C:\Windows\SysWOW64\winbrand.dll - ok
08:57:50.0133 3868 [ 0E85C11F8850D524B02181C6E02BA9AE ] C:\Windows\SysWOW64\dsound.dll
08:57:50.0133 3868 C:\Windows\SysWOW64\dsound.dll - ok
08:57:50.0149 3868 [ D3EAB9BCB2B92EFCA615781C215644C0 ] C:\Windows\SysWOW64\ieframe.dll
08:57:50.0149 3868 C:\Windows\SysWOW64\ieframe.dll - ok
08:57:50.0164 3868 [ ADF3E771F429940E762AC097F5A54EAF ] C:\Program Files\Windows Defender\MpClient.dll
08:57:50.0164 3868 C:\Program Files\Windows Defender\MpClient.dll - ok
08:57:50.0164 3868 [ 20C7F2ADAE249D6708941BC8CDD9735F ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FD90A339-419E-6C1A-34D6-739ACE0E03A2}\GapaEngine.dll
08:57:50.0164 3868 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FD90A339-419E-6C1A-34D6-739ACE0E03A2}\GapaEngine.dll - ok
08:57:50.0180 3868 [ D729084195C952B7ED14AA6DA4B44DCA ] C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FD90A339-419E-6C1A-34D6-739ACE0E03A2}\NisFull.vdm
08:57:50.0180 3868 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FD90A339-419E-6C1A-34D6-739ACE0E03A2}\NisFull.vdm - ok
08:57:50.0196 3868 [ BE247AE996A9FDE007A27B51413A6C79 ] C:\Windows\SysWOW64\shdocvw.dll
08:57:50.0196 3868 C:\Windows\SysWOW64\shdocvw.dll - ok
08:57:50.0211 3868 [ 178A34E5554DCE485E1262DDF027960C ] C:\Users\Jessie\AppData\Local\Temp\39D5ECAC-BB11-4D4D-9635-F9FD929A0525.exe
08:57:50.0211 3868 C:\Users\Jessie\AppData\Local\Temp\39D5ECAC-BB11-4D4D-9635-F9FD929A0525.exe - ok
08:57:50.0227 3868 [ BF6D6ED5FADCEEE885BD0144ECF1BA27 ] C:\Windows\SysWOW64\ncrypt.dll
08:57:50.0227 3868 C:\Windows\SysWOW64\ncrypt.dll - ok
08:57:50.0242 3868 [ CE71B9119A258EDD0A05B37D7B0F92E3 ] C:\Windows\SysWOW64\bcrypt.dll
08:57:50.0242 3868 C:\Windows\SysWOW64\bcrypt.dll - ok
08:57:50.0258 3868 [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\SysWOW64\bcryptprimitives.dll
08:57:50.0258 3868 C:\Windows\SysWOW64\bcryptprimitives.dll - ok
08:57:50.0274 3868 [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\SysWOW64\gpapi.dll
08:57:50.0274 3868 C:\Windows\SysWOW64\gpapi.dll - ok
08:57:50.0274 3868 [ CA79539D3D4C0BA66F0F051A5EE5E923 ] C:\Windows\SysWOW64\cryptnet.dll
08:57:50.0274 3868 C:\Windows\SysWOW64\cryptnet.dll - ok
08:57:50.0289 3868 [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\SysWOW64\SensApi.dll
08:57:50.0289 3868 C:\Windows\SysWOW64\SensApi.dll - ok
08:57:50.0305 3868 [ 919001D2BB17DF06CA3F8AC16AD039F6 ] C:\Windows\SysWOW64\sxs.dll
08:57:50.0305 3868 C:\Windows\SysWOW64\sxs.dll - ok
08:57:50.0320 3868 [ 839F96DBAAFD3353E0B248A5E0BD2A51 ] C:\Windows\SysWOW64\rasapi32.dll
08:57:50.0320 3868 C:\Windows\SysWOW64\rasapi32.dll - ok
08:57:50.0336 3868 [ FFA7172354B9256DBB2CDD75F16F33FE ] C:\Windows\SysWOW64\rasman.dll
08:57:50.0336 3868 C:\Windows\SysWOW64\rasman.dll - ok
08:57:50.0352 3868 [ 0915C4DB6DBC3BB9E11B7ECBBE4B7159 ] C:\Windows\SysWOW64\rtutils.dll
08:57:50.0352 3868 C:\Windows\SysWOW64\rtutils.dll - ok
08:57:50.0367 3868 [ 8C338238C16777A802D6A9211EB2BA50 ] C:\Windows\SysWOW64\netprofm.dll
08:57:50.0367 3868 C:\Windows\SysWOW64\netprofm.dll - ok
08:57:50.0367 3868 [ 15E298B5EC5B89C5994A59863969D9FF ] C:\Windows\SysWOW64\npmproxy.dll
08:57:50.0367 3868 C:\Windows\SysWOW64\npmproxy.dll - ok
08:57:50.0383 3868 [ 3BCECD87AB4E6743BFB45B352AD1A529 ] C:\Windows\SysWOW64\WindowsCodecs.dll
08:57:50.0383 3868 C:\Windows\SysWOW64\WindowsCodecs.dll - ok
08:57:50.0398 3868 [ 263963D93A3CA8F685EFA5966F1E6581 ] C:\Windows\SysWOW64\mshtml.dll
08:57:50.0398 3868 C:\Windows\SysWOW64\mshtml.dll - ok
08:57:50.0414 3868 [ 846D0E4DB261CFAF363902E41498E961 ] C:\Windows\SysWOW64\EhStorShell.dll
08:57:50.0414 3868 C:\Windows\SysWOW64\EhStorShell.dll - ok
08:57:50.0430 3868 [ 03F3B770DFBED6131653CEDA8CA780F0 ] C:\Windows\SysWOW64\ntshrui.dll
08:57:50.0430 3868 C:\Windows\SysWOW64\ntshrui.dll - ok
08:57:50.0445 3868 [ 8B74CEC6980D4816B0037AE9A27E538F ] C:\Windows\SysWOW64\slc.dll
08:57:50.0445 3868 C:\Windows\SysWOW64\slc.dll - ok
08:57:50.0445 3868 [ 827CB0D6C3F8057EA037FF271F8E9795 ] C:\Windows\SysWOW64\imageres.dll
08:57:50.0445 3868 C:\Windows\SysWOW64\imageres.dll - ok
08:57:50.0461 3868 [ 523CF74A52C9A1762DA8B83AEE734498 ] C:\Windows\SysWOW64\IconCodecService.dll
08:57:50.0461 3868 C:\Windows\SysWOW64\IconCodecService.dll - ok
08:57:50.0476 3868 [ 162D247E995EAEBF3EF4289069E1111C ] C:\Windows\SysWOW64\devrtl.dll
08:57:50.0476 3868 C:\Windows\SysWOW64\devrtl.dll - ok
08:57:50.0492 3868 [ B519848DFA30AE2B306576B51321D102 ] C:\Windows\System32\ie4uinit.exe
08:57:50.0492 3868 C:\Windows\System32\ie4uinit.exe - ok
08:57:50.0508 3868 [ 2C647ABE9A424E55B5F3DAE4629B4277 ] C:\Windows\System32\themeui.dll
08:57:50.0508 3868 C:\Windows\System32\themeui.dll - ok
08:57:50.0523 3868 [ 8EE6BDE1D572677AA35707C52C585F75 ] C:\Windows\SysWOW64\mlang.dll
08:57:50.0523 3868 C:\Windows\SysWOW64\mlang.dll - ok
08:57:50.0539 3868 [ FB10715E4099AF9FA389C71873245226 ] C:\Windows\System32\timedate.cpl
08:57:50.0539 3868 C:\Windows\System32\timedate.cpl - ok
08:57:50.0539 3868 [ 1D1EAA16D193C6A2D45981ED3914D22A ] C:\Windows\SysWOW64\msimtf.dll
08:57:50.0539 3868 C:\Windows\SysWOW64\msimtf.dll - ok
08:57:50.0554 3868 [ 35AAE2E841AA1A949775168E119482C9 ] C:\Windows\SysWOW64\msls31.dll
08:57:50.0554 3868 C:\Windows\SysWOW64\msls31.dll - ok
08:57:50.0570 3868 [ 69F42E40A0C4344939437D86A8893DA6 ] C:\Windows\SysWOW64\jscript9.dll
08:57:50.0570 3868 C:\Windows\SysWOW64\jscript9.dll - ok
08:57:50.0586 3868 [ 9063208B657236EC20F10018ABB44E72 ] C:\Program Files\AVAST Software\Avast\aswJsFlt.dll
08:57:50.0586 3868 C:\Program Files\AVAST Software\Avast\aswJsFlt.dll - ok
08:57:50.0601 3868 [ E6F0F82788E8BD0F7A616350EFA0761C ] C:\Windows\System32\actxprxy.dll
08:57:50.0601 3868 C:\Windows\System32\actxprxy.dll - ok
08:57:50.0617 3868 [ 9FF8F684BACF326082E5562F7C104A79 ] C:\Windows\SysWOW64\d2d1.dll
08:57:50.0617 3868 C:\Windows\SysWOW64\d2d1.dll - ok
08:57:50.0632 3868 [ C4F40F6CACD796A8E16671D0E9A2F319 ] C:\Windows\System32\shdocvw.dll
08:57:50.0632 3868 C:\Windows\System32\shdocvw.dll - ok
08:57:50.0632 3868 [ 4277F5164DE9B7C665BB928B9145BEE0 ] C:\Windows\SysWOW64\DWrite.dll
08:57:50.0632 3868 C:\Windows\SysWOW64\DWrite.dll - ok
08:57:50.0648 3868 [ A0A65D306A5490D2EB8E7DE66898ECFD ] C:\Windows\System32\linkinfo.dll
08:57:50.0648 3868 C:\Windows\System32\linkinfo.dll - ok
08:57:50.0664 3868 [ D4F264FE23F8953D840904418220C15E ] C:\Windows\SysWOW64\dxgi.dll
08:57:50.0664 3868 C:\Windows\SysWOW64\dxgi.dll - ok
08:57:50.0679 3868 [ 3C1936A12C62254F914A01BBC6A8DC69 ] C:\Windows\SysWOW64\d3d10_1.dll
08:57:50.0679 3868 C:\Windows\SysWOW64\d3d10_1.dll - ok
08:57:50.0695 3868 [ D4212AB475A3B25EC4DF574536C3EDC5 ] C:\Windows\SysWOW64\d3d10_1core.dll
08:57:50.0695 3868 C:\Windows\SysWOW64\d3d10_1core.dll - ok
08:57:50.0710 3868 [ 1EAC1A8CA6874BF5B15E2EFB9A9A7B86 ] C:\Windows\System32\msftedit.dll
08:57:50.0710 3868 C:\Windows\System32\msftedit.dll - ok
08:57:50.0726 3868 [ 7ACDFB4CC67F4993DF0E0731576309B2 ] C:\Windows\SysWOW64\d3d11.dll
08:57:50.0726 3868 C:\Windows\SysWOW64\d3d11.dll - ok
08:57:50.0726 3868 [ 661CEEDE98A2E0E5CDD7DE239EB38353 ] C:\PROGRA~2\WIC4A1~1\MESSEN~1\msgslang.dll
08:57:50.0726 3868 C:\PROGRA~2\WIC4A1~1\MESSEN~1\msgslang.dll - ok
08:57:50.0742 3868 [ 7FCAB194F01E3403C300EB034E480B36 ] C:\Windows\System32\msls31.dll
08:57:50.0742 3868 C:\Windows\System32\msls31.dll - ok
08:57:50.0757 3868 [ F146E2BA475893DD77B2370DC1211FC6 ] C:\Windows\System32\drivers\09011163.sys
08:57:50.0757 3868 C:\Windows\System32\drivers\09011163.sys - ok
08:57:50.0773 3868 [ 7DBA84667DC18877AEF693E3543DFAD7 ] C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll
08:57:50.0773 3868 C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll - ok
08:57:50.0788 3868 [ B3170CCC779B682C3341873EA60CF084 ] C:\Windows\SysWOW64\d3d10warp.dll
08:57:50.0788 3868 C:\Windows\SysWOW64\d3d10warp.dll - ok
08:57:50.0804 3868 [ FF855B794961EC8785FD5CCB7B8285D3 ] C:\Windows\SysWOW64\aticfx32.dll
08:57:50.0804 3868 C:\Windows\SysWOW64\aticfx32.dll - ok
08:57:50.0820 3868 [ 2BCBA6052374959A30BD7948444DBB79 ] C:\Windows\System32\gameux.dll
08:57:50.0820 3868 C:\Windows\System32\gameux.dll - ok
08:57:50.0835 3868 [ 102CF6879887BBE846A00C459E6D4ABC ] C:\Windows\SysWOW64\riched20.dll
08:57:50.0835 3868 C:\Windows\SysWOW64\riched20.dll - ok
08:57:50.0835 3868 [ E2A17BCC08D92F42E08AF6BA2F93ABA7 ] C:\Windows\SysWOW64\ExplorerFrame.dll
08:57:50.0835 3868 C:\Windows\SysWOW64\ExplorerFrame.dll - ok
08:57:50.0851 3868 [ 4C2C4640BF23AAFCF90519E0F34436CE ] C:\Windows\System32\DeviceCenter.dll
08:57:50.0851 3868 C:\Windows\System32\DeviceCenter.dll - ok
08:57:50.0866 3868 [ 24F4B480F335A6C724AF352253C5D98B ] C:\Windows\System32\thumbcache.dll
08:57:50.0866 3868 C:\Windows\System32\thumbcache.dll - ok
08:57:50.0882 3868 [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\SysWOW64\duser.dll
08:57:50.0882 3868 C:\Windows\SysWOW64\duser.dll - ok
08:57:50.0898 3868 [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\SysWOW64\dui70.dll
08:57:50.0898 3868 C:\Windows\SysWOW64\dui70.dll - ok
08:57:50.0898 3868 [ BCFF8CD24809941E28C73185FC58CA39 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
08:57:50.0913 3868 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe - ok
08:57:50.0913 3868 [ 405F4D32D2185F1F1BD753D8EEAFFB3A ] C:\Windows\System32\networkexplorer.dll
08:57:50.0913 3868 C:\Windows\System32\networkexplorer.dll - ok
08:57:50.0929 3868 [ 5F639198C4137075DA50E61C23963C11 ] C:\Windows\System32\drprov.dll
08:57:50.0929 3868 C:\Windows\System32\drprov.dll - ok
08:57:50.0944 3868 [ 69754747274B76E7FAF287239333D7E6 ] C:\Windows\System32\msiltcfg.dll
08:57:50.0944 3868 C:\Windows\System32\msiltcfg.dll - ok
08:57:50.0960 3868 [ BC566D17914B07ABAAB3A5A385CC3300 ] C:\Windows\System32\ntlanman.dll
08:57:50.0960 3868 C:\Windows\System32\ntlanman.dll - ok
08:57:50.0976 3868 [ B3A33600DCDFB84D7FBE09ADEB1C9B8A ] C:\Windows\System32\davclnt.dll
08:57:50.0976 3868 C:\Windows\System32\davclnt.dll - ok
08:57:50.0991 3868 [ 45B24A357C801CE62052FE0CDC8BD4D2 ] C:\Windows\System32\davhlpr.dll
08:57:50.0991 3868 C:\Windows\System32\davhlpr.dll - ok
08:57:51.0007 3868 [ 0BE126224273ACB0925C07B30A0E4209 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
08:57:51.0007 3868 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe - ok
08:57:51.0007 3868 [ 9110FFAD124283F37D38771BB60556AF ] C:\Windows\System32\dsound.dll
08:57:51.0007 3868 C:\Windows\System32\dsound.dll - ok
08:57:51.0022 3868 [ 585FED4CDB8034B8B58AEB8008255817 ] C:\Windows\System32\opengl32.dll
08:57:51.0022 3868 C:\Windows\System32\opengl32.dll - ok
08:57:51.0038 3868 [ 439669E153EF11FA16861EC33D4AFC81 ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
08:57:51.0038 3868 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - ok
08:57:51.0054 3868 [ F2967C0A97C0EA67D79D7F557213950D ] C:\Windows\System32\glu32.dll
08:57:51.0054 3868 C:\Windows\System32\glu32.dll - ok
08:57:51.0069 3868 [ A6C09924C6730DE8DEED9890A12AA691 ] C:\Windows\System32\ddraw.dll
08:57:51.0069 3868 C:\Windows\System32\ddraw.dll - ok
08:57:51.0085 3868 [ C5BCAB2B9BD316DDFD53D4CB5E1C438D ] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
08:57:51.0085 3868 C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe - ok
08:57:51.0100 3868 [ 29C22748937F45C26590909E9F8E7137 ] C:\Windows\System32\dciman32.dll
08:57:51.0100 3868 C:\Windows\System32\dciman32.dll - ok
08:57:51.0116 3868 [ E424B3EF666B184CEE0B6871AAA8C9F6 ] C:\Windows\System32\msimg32.dll
08:57:51.0116 3868 C:\Windows\System32\msimg32.dll - ok
08:57:51.0132 3868 [ 263E9A047D17CD50BAA9D3C02910D18D ] C:\Windows\System32\oledlg.dll
08:57:51.0132 3868 C:\Windows\System32\oledlg.dll - ok
08:57:51.0147 3868 [ 565E25C82AAE17EA97884B43F05A720E ] C:\Windows\System32\SynCOM.dll
08:57:51.0147 3868 C:\Windows\System32\SynCOM.dll - ok
08:57:51.0163 3868 [ DC604BBAF9F613D150CC6060E0E47788 ] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
08:57:51.0163 3868 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe - ok
08:57:51.0163 3868 [ 4936B83586C1F81630AE9C8EED6E356A ] C:\Windows\System32\SynTPAPI.dll
08:57:51.0163 3868 C:\Windows\System32\SynTPAPI.dll - ok
08:57:51.0178 3868 [ 0805289E121F3E3C458C970B08314EB2 ] C:\Windows\System32\RtkCfg64.dll
08:57:51.0178 3868 C:\Windows\System32\RtkCfg64.dll - ok
08:57:51.0194 3868 [ 3EAC4455472CC2C97107B5291E0DCAFE ] C:\Windows\System32\pnrpsvc.dll
08:57:51.0194 3868 C:\Windows\System32\pnrpsvc.dll - ok
08:57:51.0210 3868 [ D70D6B42933C1174FE961F0BCA3573A3 ] C:\Program Files\TOSHIBA\FlashCards\TCrdEvnt.dll
08:57:51.0210 3868 C:\Program Files\TOSHIBA\FlashCards\TCrdEvnt.dll - ok
08:57:51.0225 3868 [ 6B8966ECB093271DE794286850432225 ] C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
08:57:51.0225 3868 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe - ok
08:57:51.0241 3868 [ DFD8F75F0E27D522AB8424AD71719C8B ] C:\Program Files\TOSHIBA\TBS\HSON.exe
08:57:51.0241 3868 C:\Program Files\TOSHIBA\TBS\HSON.exe - ok
08:57:51.0256 3868 [ 76849AB697E63D85CC35DD2F8AEA1C6B ] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.dll
08:57:51.0256 3868 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.dll - ok
08:57:51.0272 3868 [ 927463ECB02179F88E4B9A17568C63C3 ] C:\Windows\System32\p2psvc.dll
08:57:51.0272 3868 C:\Windows\System32\p2psvc.dll - ok
08:57:51.0288 3868 [ 04CB7C8FDC6D9640DD82A527208F72C4 ] C:\Windows\System32\UIAnimation.dll
08:57:51.0288 3868 C:\Windows\System32\UIAnimation.dll - ok
08:57:51.0288 3868 [ 0B5511674394666E9D221F8681B2C2E6 ] C:\Windows\System32\consent.exe
08:57:51.0288 3868 C:\Windows\System32\consent.exe - ok
08:57:51.0303 3868 [ C3761661C17C2248A9379A8FB89E3DE1 ] C:\Windows\System32\stobject.dll
08:57:51.0303 3868 C:\Windows\System32\stobject.dll - ok
08:57:51.0319 3868 [ F832EEEA97CDDA1AF577E721F652A0D1 ] C:\Windows\System32\batmeter.dll
08:57:51.0319 3868 C:\Windows\System32\batmeter.dll - ok
08:57:51.0334 3868 [ EFE8A50B9AE0205D399E94E89E244E65 ] C:\Program Files\TOSHIBA\Power Saver\TCooling.dll
08:57:51.0334 3868 C:\Program Files\TOSHIBA\Power Saver\TCooling.dll - ok
08:57:51.0350 3868 [ F82483A80D49ACCA81193A294FB233CD ] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
08:57:51.0350 3868 C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe - ok
08:57:51.0366 3868 [ E542A10321E884C2C50290AC67E82DAE ] C:\Program Files\TOSHIBA\Power Saver\TOddPwr.dll
08:57:51.0366 3868 C:\Program Files\TOSHIBA\Power Saver\TOddPwr.dll - ok
08:57:51.0381 3868 [ 60FB378B6D1C80DC69DD80F8E05D4346 ] C:\Program Files\TOSHIBA\Power Saver\TPwrSrv.dll
08:57:51.0381 3868 C:\Program Files\TOSHIBA\Power Saver\TPwrSrv.dll - ok
08:57:51.0397 3868 [ B3F4982BD2542AB40AFA6D6E695E5E06 ] C:\Program Files\TOSHIBA\Power Saver\TPwrBrightness.dll
08:57:51.0397 3868 C:\Program Files\TOSHIBA\Power Saver\TPwrBrightness.dll - ok
08:57:51.0397 3868 [ 2D2A6EC8EAD30EC3ACE2FD6FB1B3E122 ] C:\Windows\System32\prnfldr.dll
08:57:51.0397 3868 C:\Windows\System32\prnfldr.dll - ok
08:57:51.0412 3868 [ 426350B428CD70D037A3326EB9E5EDFD ] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
08:57:51.0412 3868 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe - ok
08:57:51.0444 3868 [ F164E175B6092D3BA0DC7056487717BC ] C:\Program Files\TOSHIBA\Power Saver\T1394Pwr.dll
08:57:51.0444 3868 C:\Program Files\TOSHIBA\Power Saver\T1394Pwr.dll - ok
08:57:51.0459 3868 [ 0F042176F243D71C552E9D07D2FCB141 ] C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
08:57:51.0459 3868 C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll - ok
08:57:51.0475 3868 [ E436C2E89416F31699F2A3CA79DDC095 ] C:\Program Files\TOSHIBA\Power Saver\TKBLEDPwr.dll
08:57:51.0475 3868 C:\Program Files\TOSHIBA\Power Saver\TKBLEDPwr.dll - ok
08:57:51.0475 3868 [ 3911917B93DD9023DAA8258147AA7BCF ] C:\Program Files\Microsoft Security Client\msseces.exe
08:57:51.0475 3868 C:\Program Files\Microsoft Security Client\msseces.exe - ok
08:57:51.0490 3868 [ 42A9CB6906D9A8BEDC83B57163E62924 ] C:\Windows\System32\DXP.dll
08:57:51.0490 3868 C:\Windows\System32\DXP.dll - ok
08:57:51.0506 3868 [ 9C96B167C21F6DCCF68E96853B0A8F93 ] C:\Program Files\TOSHIBA\FlashCards\FnPRTSC.dll
08:57:51.0506 3868 C:\Program Files\TOSHIBA\FlashCards\FnPRTSC.dll - ok
08:57:51.0522 3868 [ DDEA7F06F8A00E706C4DB75D7C6F2612 ] C:\Program Files\TOSHIBA\HDD Protection\Thp3dv.exe
08:57:51.0522 3868 C:\Program Files\TOSHIBA\HDD Protection\Thp3dv.exe - ok
08:57:51.0537 3868 [ C4CA3DBBCEC3136D37DA20B50291E63A ] C:\Program Files\TOSHIBA\Power Saver\TSDPwr.dll
08:57:51.0537 3868 C:\Program Files\TOSHIBA\Power Saver\TSDPwr.dll - ok
08:57:51.0553 3868 [ E126445756DFE53F9788911BBD7BFF16 ] C:\Program Files\TOSHIBA\FlashCards\FnSticky.dll
08:57:51.0553 3868 C:\Program Files\TOSHIBA\FlashCards\FnSticky.dll - ok
08:57:51.0568 3868 [ DF987E7AA36D53411B1087B246739326 ] C:\Program Files\TOSHIBA\Power Saver\TPCIePwr.dll
08:57:51.0568 3868 C:\Program Files\TOSHIBA\Power Saver\TPCIePwr.dll - ok
08:57:51.0584 3868 [ 2BC7C9FD0A9F2C9AFC373F3AD1EE3891 ] C:\Windows\System32\Syncreg.dll
08:57:51.0584 3868 C:\Windows\System32\Syncreg.dll - ok
08:57:51.0600 3868 [ CACB1FB9B211A8BEF470A78FC573AEBA ] C:\Program Files\TOSHIBA\FlashCards\Hotkey\Brightness.dll
08:57:51.0600 3868 C:\Program Files\TOSHIBA\FlashCards\Hotkey\Brightness.dll - ok
08:57:51.0600 3868 [ 5D61BE7DB55B026A5D61A3EED09D0EAD ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
08:57:51.0600 3868 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe - ok
08:57:51.0615 3868 [ C836175870E00ACC546066632E15BD10 ] C:\Windows\ehome\ehSSO.dll
08:57:51.0615 3868 C:\Windows\ehome\ehSSO.dll - ok
08:57:51.0631 3868 [ 76F123E491B26DAAD5DFBC20FC5996DB ] C:\Program Files\TOSHIBA\Power Saver\TScreen.dll
08:57:51.0631 3868 C:\Program Files\TOSHIBA\Power Saver\TScreen.dll - ok
08:57:51.0646 3868 [ C8FDF0FA9E97E2FAAF3F814716AAA881 ] C:\Windows\System32\WPDShServiceObj.dll
08:57:51.0646 3868 C:\Windows\System32\WPDShServiceObj.dll - ok
08:57:51.0662 3868 [ E7368F0A8D19445EAF5C5D0DBB8B8DAB ] C:\Windows\System32\AltTab.dll
08:57:51.0662 3868 C:\Windows\System32\AltTab.dll - ok
08:57:51.0678 3868 [ 241AF87821FDA0F5792037B779F49BE0 ] C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcp90.dll
08:57:51.0678 3868 C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcp90.dll - ok
08:57:51.0693 3868 [ 92DBF0A4C9239169010FC6E07859C82E ] C:\Windows\System32\ActionCenter.dll
08:57:51.0693 3868 C:\Windows\System32\ActionCenter.dll - ok
08:57:51.0709 3868 [ D233C7FEAE3FAA25F93A9E6B46815ADC ] C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcr90.dll
08:57:51.0709 3868 C:\Windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcr90.dll - ok
08:57:51.0709 3868 [ B9F0A4020AA98B7A20287BF7FE99A1FD ] C:\Windows\System32\QUTIL.DLL
08:57:51.0709 3868 C:\Windows\System32\QUTIL.DLL - ok
08:57:51.0724 3868 [ 4F3CD1C59EA71401E155C432BCECE180 ] C:\Windows\System32\PortableDeviceTypes.dll
08:57:51.0724 3868 C:\Windows\System32\PortableDeviceTypes.dll - ok
08:57:51.0740 3868 [ 1C937AA6A3E2E5F5F650686437AE2854 ] C:\Program Files\TOSHIBA\FlashCards\SmoothView.dll
08:57:51.0740 3868 C:\Program Files\TOSHIBA\FlashCards\SmoothView.dll - ok
08:57:51.0756 3868 [ 8569E35D00F45972E506502EEE622BA4 ] C:\Windows\System32\srchadmin.dll
08:57:51.0756 3868 C:\Windows\System32\srchadmin.dll - ok
08:57:51.0771 3868 [ 43AA2EFD14590DE58A545BF3B28ED09F ] C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF8Dll.dll
08:57:51.0771 3868 C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF8Dll.dll - ok
08:57:51.0787 3868 [ 357BE883C5236BFC7341CB9E82308908 ] C:\Windows\System32\wlanapi.dll
08:57:51.0787 3868 C:\Windows\System32\wlanapi.dll - ok
08:57:51.0802 3868 [ F7A256EC899C72B4ECDD2C02CB592EFD ] C:\Windows\System32\bthprops.cpl
08:57:51.0802 3868 C:\Windows\System32\bthprops.cpl - ok
08:57:51.0818 3868 [ E0B340996A41C9A75DFA3B99BBA9C500 ] C:\Windows\System32\SearchIndexer.exe
08:57:51.0818 3868 C:\Windows\System32\SearchIndexer.exe - ok
08:57:51.0818 3868 [ D66423EB59EA81B1D9C0DE0AAFE2EB25 ] C:\Program Files\TOSHIBA\TBS\TBSMain.dll
08:57:51.0818 3868 C:\Program Files\TOSHIBA\TBS\TBSMain.dll - ok
08:57:51.0834 3868 [ 76E7410B3A308F6960D3CE06DC7874AD ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\gtn.dll
08:57:51.0834 3868 C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\gtn.dll - ok
08:57:51.0849 3868 [ E829C45F0D77852C43BE99C4B1BD215D ] C:\Windows\System32\ieframe.dll
08:57:51.0849 3868 C:\Windows\System32\ieframe.dll - ok
08:57:51.0865 3868 [ 11615D80DC10ABB83D2A9002B70A4E36 ] C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
08:57:51.0865 3868 C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll - ok
08:57:51.0880 3868 [ 148C545849C1379A3D4448F5DE768E86 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
08:57:51.0880 3868 C:\Program Files\AVAST Software\Avast\AvastUI.exe - ok
08:57:51.0896 3868 [ A905E156A7D52B55892C3255670FE97B ] C:\Program Files\Microsoft Security Client\MsMpRes.dll
08:57:51.0896 3868 C:\Program Files\Microsoft Security Client\MsMpRes.dll - ok
08:57:51.0912 3868 [ 1AC9B56AC7E043AC2874D61CBCED5F49 ] C:\Program Files\TOSHIBA\FlashCards\Hotkey\Mute.dll
08:57:51.0912 3868 C:\Program Files\TOSHIBA\FlashCards\Hotkey\Mute.dll - ok
08:57:51.0927 3868 [ 917A728A12F25FCF4636858FAC9979FA ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
08:57:51.0927 3868 C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll - ok
08:57:51.0943 3868 [ 619A67C9F617B7E69315BB28ECD5E1DF ] C:\Windows\System32\wbem\WmiPrvSE.exe
08:57:51.0943 3868 C:\Windows\System32\wbem\WmiPrvSE.exe - ok
08:57:51.0958 3868 [ 93812FDC01AA864195816CD814445F95 ] C:\Program Files\Microsoft Security Client\sqmapi.dll
08:57:51.0958 3868 C:\Program Files\Microsoft Security Client\sqmapi.dll - ok
08:57:51.0958 3868 [ C746F3BF98E92FB137B5BD2B8B5925BD ] C:\Windows\System32\FXSST.dll
08:57:51.0958 3868 C:\Windows\System32\FXSST.dll - ok
08:57:51.0974 3868 [ B2D4A37B12F04736362268FFC5B6F5BF ] C:\Program Files\AVAST Software\Avast\aswUtil.dll
08:57:51.0974 3868 C:\Program Files\AVAST Software\Avast\aswUtil.dll - ok
08:57:51.0990 3868 [ 589DF683A6C81424A6CECE52ABF98A50 ] C:\Windows\System32\tquery.dll
08:57:51.0990 3868 C:\Windows\System32\tquery.dll - ok
08:57:52.0005 3868 [ 650CAEA856943E29F25A25D31E004B18 ] C:\Windows\System32\FXSAPI.dll
08:57:52.0005 3868 C:\Windows\System32\FXSAPI.dll - ok
08:57:52.0021 3868 [ 28CA821606669BB9215CE010767720FA ] C:\Windows\SysWOW64\cryptui.dll
08:57:52.0021 3868 C:\Windows\SysWOW64\cryptui.dll - ok
08:57:52.0036 3868 [ 07AD88DF9EF73215458867EFC1BFFE9E ] C:\Windows\System32\wbem\wmiprov.dll
08:57:52.0036 3868 C:\Windows\System32\wbem\wmiprov.dll - ok
08:57:52.0036 3868 [ C8E8B8239FCF17BEA10E751BE5854631 ] C:\Windows\System32\FXSRESM.dll
08:57:52.0036 3868 C:\Windows\System32\FXSRESM.dll - ok
08:57:52.0052 3868 [ CA6ADE4F7761BB15B3325356DC3B82BB ] C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll
08:57:52.0052 3868 C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll - ok
08:57:52.0068 3868 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] C:\Windows\System32\FXSSVC.exe
08:57:52.0068 3868 C:\Windows\System32\FXSSVC.exe - ok
08:57:52.0083 3868 [ 7568CC720ACE4D03B84AF97817E745EF ] C:\Windows\System32\mssrch.dll
08:57:52.0083 3868 C:\Windows\System32\mssrch.dll - ok
08:57:52.0099 3868 [ 012787CEB35505EB78DF82E0A0072888 ] C:\Windows\System32\browcli.dll
08:57:52.0099 3868 C:\Windows\System32\browcli.dll - ok
08:57:52.0114 3868 [ F9AFD12BB4B1CFA5FCC0A5B37C604FD2 ] C:\Windows\System32\dot3api.dll
08:57:52.0114 3868 C:\Windows\System32\dot3api.dll - ok
08:57:52.0130 3868 [ E4FCA0F99A41E460C84016DEFD31E6EF ] C:\Windows\System32\wlanhlp.dll
08:57:52.0130 3868 C:\Windows\System32\wlanhlp.dll - ok
08:57:52.0146 3868 [ 6699A112A3BDC9B52338512894EBA9D6 ] C:\Program Files\Windows Media Player\wmpnscfg.exe
08:57:52.0146 3868 C:\Program Files\Windows Media Player\wmpnscfg.exe - ok
08:57:52.0161 3868 [ 3121A79D13A61562BE9CC902CD46B542 ] C:\Windows\System32\msidle.dll
08:57:52.0161 3868 C:\Windows\System32\msidle.dll - ok
08:57:52.0161 3868 [ 5DA219F57A9076FB6FBD3C9C3713A672 ] C:\Windows\System32\WWanAPI.dll
08:57:52.0161 3868 C:\Windows\System32\WWanAPI.dll - ok
08:57:52.0177 3868 [ ACE1BB07E0377E37A2C514CD2EC119B1 ] C:\Windows\System32\mssprxy.dll
08:57:52.0177 3868 C:\Windows\System32\mssprxy.dll - ok
08:57:52.0192 3868 [ 62C7AACC746C9723468A8F2169ED3E85 ] C:\Windows\System32\wwapi.dll
08:57:52.0192 3868 C:\Windows\System32\wwapi.dll - ok
08:57:52.0208 3868 [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:57:52.0208 3868 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
08:57:52.0224 3868 [ 6B851E682A36453E1B1EE297FFB6E2AB ] C:\Windows\System32\QAGENT.DLL
08:57:52.0224 3868 C:\Windows\System32\QAGENT.DLL - ok
08:57:52.0239 3868 [ C7494C67A6BF6FE914808E42F8265FEF ] C:\Program Files\Windows Media Player\wmpnssci.dll
08:57:52.0239 3868 C:\Program Files\Windows Media Player\wmpnssci.dll - ok
08:57:52.0255 3868 [ C9FB9038B15036CA28CF0B4BE2BED9BD ] C:\Windows\System32\en-US\tquery.dll.mui
08:57:52.0255 3868 C:\Windows\System32\en-US\tquery.dll.mui - ok
08:57:52.0255 3868 ============================================================
08:57:52.0255 3868 Scan finished
08:57:52.0255 3868 ============================================================
08:57:52.0286 4056 Detected object count: 3
08:57:52.0286 4056 Actual detected object count: 3
08:58:42.0986 4056 Thpsrv ( UnsignedFile.Multi.Generic ) - skipped by user
08:58:42.0986 4056 Thpsrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:58:44.0453 4056 \Device\Harddisk0\DR0\# - copied to quarantine
08:58:44.0468 4056 \Device\Harddisk0\DR0 - copied to quarantine
08:58:44.0655 4056 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
08:58:44.0905 4056 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
08:58:45.0030 4056 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
08:59:00.0240 4056 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
08:59:00.0552 4056 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
08:59:00.0583 4056 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
08:59:00.0630 4056 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
08:59:01.0207 4056 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
08:59:08.0118 4056 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
08:59:08.0274 4056 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
08:59:08.0289 4056 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
08:59:08.0352 4056 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
08:59:08.0430 4056 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
08:59:08.0430 4056 \Device\Harddisk0\DR0 - ok
08:59:09.0194 4056 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
08:59:09.0194 4056 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
08:59:09.0194 4056 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
08:59:27.0930 2836 Deinitialize success
  • 0

#24
jkabat

jkabat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
09:01:49.0930 3800 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
09:01:51.0958 3800 ============================================================
09:01:51.0958 3800 Current date / time: 2013/03/19 09:01:51.0958
09:01:51.0958 3800 SystemInfo:
09:01:51.0958 3800
09:01:51.0958 3800 OS Version: 6.1.7601 ServicePack: 1.0
09:01:51.0958 3800 Product type: Workstation
09:01:51.0958 3800 ComputerName: JESSIE-PC
09:01:51.0958 3800 UserName: Jessie
09:01:51.0958 3800 Windows directory: C:\windows
09:01:51.0958 3800 System windows directory: C:\windows
09:01:51.0958 3800 Running under WOW64
09:01:51.0958 3800 Processor architecture: Intel x64
09:01:51.0958 3800 Number of processors: 2
09:01:51.0958 3800 Page size: 0x1000
09:01:51.0958 3800 Boot type: Normal boot
09:01:51.0958 3800 ============================================================
09:02:07.0984 3800 BG loaded
09:02:11.0697 3800 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:02:11.0775 3800 ============================================================
09:02:11.0775 3800 \Device\Harddisk0\DR0:
09:02:11.0947 3800 MBR partitions:
09:02:11.0947 3800 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x234C4000
09:02:11.0947 3800 ============================================================
09:02:12.0290 3800 C: <-> \Device\Harddisk0\DR0\Partition1
09:02:12.0290 3800 ============================================================
09:02:12.0290 3800 Initialize success
09:02:12.0290 3800 ============================================================
09:03:12.0865 3680 Deinitialize success
  • 0

#25
jkabat

jkabat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-03-19 09:06:47
-----------------------------
09:06:47.277 OS Version: Windows x64 6.1.7601 Service Pack 1
09:06:47.277 Number of processors: 2 586 0x200
09:06:47.277 ComputerName: JESSIE-PC UserName: Jessie
09:06:49.820 Initialize success
09:06:50.412 AVAST engine defs: 13031900
09:06:55.872 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
09:06:55.888 Disk 0 Vendor: TOSHIBA_MK3275GSX GT001M Size: 305245MB BusType: 11
09:06:56.216 Disk 0 MBR read successfully
09:06:56.231 Disk 0 MBR scan
09:06:56.247 Disk 0 Windows VISTA default MBR code
09:06:56.278 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
09:06:56.309 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 289160 MB offset 3074048
09:06:56.356 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 14584 MB offset 595273728
09:06:56.652 Disk 0 scanning C:\windows\system32\drivers
09:07:16.262 Service scanning
09:07:50.176 Modules scanning
09:07:50.207 Disk 0 trace - called modules:
09:07:50.238 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
09:07:50.270 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004160790]
09:07:50.301 3 CLASSPNP.SYS[fffff8800195d43f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa800415e060]
09:07:50.316 5 thpdrv.sys[fffff880018a66c0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003c2e290]
09:07:51.970 AVAST engine scan C:\windows
09:08:07.274 AVAST engine scan C:\windows\system32
09:13:16.092 AVAST engine scan C:\windows\system32\drivers
09:13:30.740 AVAST engine scan C:\Users\Jessie
09:19:22.880 AVAST engine scan C:\ProgramData
09:21:49.301 Scan finished successfully
09:24:13.103 Disk 0 MBR has been saved successfully to "C:\Users\Jessie\Desktop\MBR.dat"
09:24:13.134 The log file has been saved successfully to "C:\Users\Jessie\Desktop\aswMBR.txt"





  • 0

Advertisements


#26
jkabat

jkabat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
mbr.dat attached

Attached Files

  • Attached File  MBR.dat   512bytes   187 downloads

  • 0

#27
jkabat

jkabat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
OTL logfile created on: 3/19/2013 9:26:41 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jessie\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.60 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 67.28% Memory free
7.20 Gb Paging File | 5.90 Gb Available in Paging File | 81.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282.38 Gb Total Space | 232.06 Gb Free Space | 82.18% Space Free | Partition Type: NTFS

Computer Name: JESSIE-PC | User Name: Jessie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/19 09:25:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jessie\Desktop\OTL.exe
PRC - [2013/03/12 16:17:34 | 000,706,776 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe
PRC - [2013/03/06 18:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/03/06 18:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2013/03/06 18:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/06/10 01:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/06/08 01:54:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/05/17 18:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2011/04/20 19:16:04 | 000,558,592 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2010/10/20 18:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 22:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/03/12 17:03:21 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/07/11 21:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/03/06 18:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/03/06 18:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/03/06 18:33:21 | 000,178,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/03/06 18:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/03/06 18:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/03/06 18:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/03/06 18:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/03/06 18:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/14 17:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/28 18:33:50 | 000,313,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2011/06/08 02:42:26 | 009,360,896 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/08 01:16:14 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/05/17 02:55:28 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/13 13:21:56 | 001,143,912 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2011/03/24 23:50:30 | 001,423,408 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/03/23 21:10:28 | 000,036,992 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 23:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/31 00:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 19:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 13:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/29 20:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNO
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNO

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3E A7 40 99 99 24 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {70642FB4-62CF-41F8-89A6-A9393D564588}
IE - HKCU\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.co...ng}&rlz=1I7TSNO
IE - HKCU\..\SearchScopes\{70642FB4-62CF-41F8-89A6-A9393D564588}: "URL" = http://www.google.co...1I7TSNO_enUS474
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)


[2012/11/25 12:42:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Jessie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Jessie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Jessie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Jessie\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\
CHR - Extension: Gmail = C:\Users\Jessie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/03/19 07:42:33 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O13 - gopher Prefix: missing
O16 - DPF: {20BBA18F-5BC8-47B5-8FC9-5DFCA8E56A4B} https://mpi.dacom.ne...PI_20110503.cab (XacsPop Control)
O16 - DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} https://mpi.dacom.ne...MPI/XPayMPI.cab (XPayMPIOCX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {7C98E005-7DA3-4C02-8D9F-FAA9C4D1C343} http://service.ewha..../ictReportX.cab (ReportViewerForm Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {AC2CE4A7-75CE-4B11-B245-CE697861C3C1} http://ems.shinhanli...ISAFEMailv4.cab (INISafeMailContainer Class)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} https://www.vpay.co....TLD_VISTA64.cab (KvpIspCtlD Control)
O16 - DPF: {FFD77E35-1C34-4EAC-B5A7-414CC5D007DA} https://www.isaackor...sim/ilkactx.cab (AnsimPlugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7ACCB42-994F-4EAC-8BC1-7BA8188F8953}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/19 09:25:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jessie\Desktop\OTL.exe
[2013/03/19 09:04:48 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Jessie\Desktop\aswMBR.exe
[2013/03/19 09:01:52 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\windows\SysNative\drivers\81590765.sys
[2013/03/19 07:42:44 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/03/19 07:40:05 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013/03/19 07:21:54 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/03/15 23:10:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/03/15 23:10:24 | 000,377,920 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2013/03/15 23:10:24 | 000,033,400 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys
[2013/03/15 23:10:21 | 000,070,992 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2013/03/15 23:10:20 | 000,068,920 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys
[2013/03/15 23:10:18 | 001,025,808 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2013/03/15 23:10:08 | 000,287,840 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2013/03/15 23:10:08 | 000,080,816 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2013/03/15 23:09:18 | 000,041,664 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2013/03/15 23:08:47 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/03/15 23:07:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/03/14 20:45:56 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/03/14 20:45:56 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/03/14 20:45:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/03/14 20:45:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/14 20:41:56 | 005,041,561 | R--- | C] (Swearware) -- C:\Users\Jessie\Desktop\ComboFix.exe
[2013/03/14 20:28:54 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jessie\Desktop\tdsskiller.exe
[2013/03/13 08:49:04 | 000,000,000 | ---D | C] -- C:\bab0277241d68e0d82426f
[2013/03/08 10:06:58 | 000,000,000 | R--D | C] -- C:\Users\Jessie\Documents\Scanned Documents
[2013/03/08 10:06:55 | 000,000,000 | ---D | C] -- C:\Users\Jessie\Documents\Fax
[2013/02/27 09:39:52 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/02/27 09:39:31 | 000,000,000 | ---D | C] -- C:\windows\Temp82CDD929-2E6E-2530-5D64-35AA60D79BF9-Signatures
[2013/02/27 09:38:29 | 000,000,000 | ---D | C] -- C:\92727f19c0eaaa9427c34e
[2013/02/24 10:40:31 | 000,000,000 | ---D | C] -- C:\Users\Jessie\AppData\Local\Programs
[2013/02/21 21:33:05 | 000,000,000 | ---D | C] -- C:\Users\Jessie\AppData\Local\{AA2B3A6A-E6D8-4CE9-9790-0C179DA1757B}
[2013/02/21 21:33:04 | 000,000,000 | ---D | C] -- C:\Users\Jessie\AppData\Local\{C3B0E248-0F2D-4480-83D1-11CCADB95DD2}
[1 C:\Users\Jessie\Desktop\*.tmp files -> C:\Users\Jessie\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/19 09:25:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jessie\Desktop\OTL.exe
[2013/03/19 09:24:13 | 000,000,512 | ---- | M] () -- C:\Users\Jessie\Desktop\MBR.dat
[2013/03/19 09:07:56 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/19 09:07:56 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/19 09:06:09 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Jessie\Desktop\aswMBR.exe
[2013/03/19 09:01:53 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\windows\SysNative\drivers\81590765.sys
[2013/03/19 09:00:50 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/19 09:00:17 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/03/19 09:00:10 | 2899,468,288 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/19 08:50:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/03/19 08:00:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/19 07:42:33 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013/03/19 07:20:54 | 005,041,561 | R--- | M] (Swearware) -- C:\Users\Jessie\Desktop\ComboFix.exe
[2013/03/16 23:04:30 | 000,726,444 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/03/16 23:04:30 | 000,624,412 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/03/16 23:04:30 | 000,106,756 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/03/15 23:10:25 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/03/15 23:10:08 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2013/03/15 23:06:13 | 111,691,960 | ---- | M] () -- C:\Users\Jessie\Desktop\avast_free_antivirus_setup.exe
[2013/03/15 12:59:17 | 010,276,146 | ---- | M] () -- C:\Users\Jessie\Desktop\interchange2.pdf
[2013/03/14 20:53:12 | 403,856,810 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013/03/14 20:28:59 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jessie\Desktop\tdsskiller.exe
[2013/03/09 09:00:11 | 000,073,952 | ---- | M] () -- C:\Users\Jessie\Documents\cc_20130309_075859.reg
[2013/03/09 08:52:35 | 000,000,833 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/03/06 18:33:21 | 001,025,808 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2013/03/06 18:33:21 | 000,377,920 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2013/03/06 18:33:21 | 000,178,624 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2013/03/06 18:33:21 | 000,070,992 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2013/03/06 18:33:21 | 000,068,920 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys
[2013/03/06 18:33:21 | 000,065,336 | ---- | M] () -- C:\windows\SysNative\drivers\aswRvrt.sys
[2013/03/06 18:33:20 | 000,080,816 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2013/03/06 18:33:20 | 000,033,400 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys
[2013/03/06 18:32:51 | 000,041,664 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2013/03/06 18:32:22 | 000,287,840 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2013/02/27 10:58:24 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2013/02/24 10:41:17 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/22 13:29:14 | 000,450,802 | ---- | M] () -- C:\Users\Jessie\Desktop\Counter offer signed by Seller. 2.21.13.pdf
[1 C:\Users\Jessie\Desktop\*.tmp files -> C:\Users\Jessie\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/19 09:24:13 | 000,000,512 | ---- | C] () -- C:\Users\Jessie\Desktop\MBR.dat
[2013/03/15 23:10:25 | 000,001,933 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/03/15 23:10:17 | 000,178,624 | ---- | C] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2013/03/15 23:10:16 | 000,065,336 | ---- | C] () -- C:\windows\SysNative\drivers\aswRvrt.sys
[2013/03/15 23:10:08 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\config.nt
[2013/03/15 23:03:32 | 111,691,960 | ---- | C] () -- C:\Users\Jessie\Desktop\avast_free_antivirus_setup.exe
[2013/03/15 12:59:03 | 010,276,146 | ---- | C] () -- C:\Users\Jessie\Desktop\interchange2.pdf
[2013/03/14 20:45:56 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/03/14 20:45:56 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/03/14 20:45:56 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/03/14 20:45:56 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/03/14 20:45:56 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/03/09 11:26:12 | 403,856,810 | ---- | C] () -- C:\windows\MEMORY.DMP
[2013/03/09 08:59:03 | 000,073,952 | ---- | C] () -- C:\Users\Jessie\Documents\cc_20130309_075859.reg
[2013/03/09 08:52:35 | 000,000,833 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/02/24 10:41:17 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/22 13:29:13 | 000,450,802 | ---- | C] () -- C:\Users\Jessie\Desktop\Counter offer signed by Seller. 2.21.13.pdf
[2012/09/24 19:44:46 | 002,480,232 | ---- | C] () -- C:\windows\SysWow64\ISPPopUpDlg.exe
[2012/08/04 12:27:55 | 000,000,478 | ---- | C] () -- C:\windows\SysWow64\ic32.ini
[2012/08/04 10:18:30 | 000,540,672 | ---- | C] () -- C:\windows\SysWow64\Tx32.dll
[2012/07/26 13:05:40 | 000,495,616 | ---- | C] () -- C:\windows\SysWow64\KvpUpCom.dll
[2012/04/07 16:30:19 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/01/19 04:42:09 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2012/01/19 04:33:35 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012/01/19 04:30:19 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011/03/24 23:48:04 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/04/08 22:24:49 | 000,000,000 | ---D | M] -- C:\Users\Jessie\AppData\Roaming\KidZui
[2012/08/04 12:27:46 | 000,000,000 | ---D | M] -- C:\Users\Jessie\AppData\Roaming\M-HTOEFL
[2012/03/09 19:27:09 | 000,000,000 | ---D | M] -- C:\Users\Jessie\AppData\Roaming\WB Games
[2012/03/09 20:05:58 | 000,000,000 | ---D | M] -- C:\Users\Jessie\AppData\Roaming\WinBatch
[2013/02/08 12:31:00 | 000,000,000 | ---D | M] -- C:\Users\Jessie\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2013/02/28 15:36:47 | 000,000,580 | ---- | M] ()(C:\Users\Jessie\Desktop\????.lnk) -- C:\Users\Jessie\Desktop\겨울캠프.lnk
[2013/02/18 12:06:44 | 000,010,858 | ---- | M] ()(C:\Users\Jessie\Desktop\???? 12.1.2?.xlsx) -- C:\Users\Jessie\Desktop\용수선영 12.1.2월.xlsx
[2013/02/18 11:51:48 | 000,010,858 | ---- | C] ()(C:\Users\Jessie\Desktop\???? 12.1.2?.xlsx) -- C:\Users\Jessie\Desktop\용수선영 12.1.2월.xlsx
[2012/10/15 21:11:59 | 000,000,000 | ---D | M](C:\Users\Jessie\Desktop\????11) -- C:\Users\Jessie\Desktop\여름캠프11
[2012/10/15 17:20:56 | 000,017,368 | ---- | M] ()(C:\Users\Jessie\Desktop\?????? ?? ? ??.docx) -- C:\Users\Jessie\Desktop\미국학생비자 서류 및 절차.docx
[2012/10/15 17:20:55 | 000,017,368 | ---- | C] ()(C:\Users\Jessie\Desktop\?????? ?? ? ??.docx) -- C:\Users\Jessie\Desktop\미국학생비자 서류 및 절차.docx
[2012/10/13 08:57:47 | 000,000,580 | ---- | C] ()(C:\Users\Jessie\Desktop\????.lnk) -- C:\Users\Jessie\Desktop\겨울캠프.lnk
[2012/10/13 08:56:27 | 000,065,536 | ---- | C] ()(C:\Users\Jessie\Desktop\2010? ???.xls) -- C:\Users\Jessie\Desktop\2010년 주소록.xls
[2012/10/13 08:56:09 | 000,000,000 | ---D | C](C:\Users\Jessie\Desktop\????11) -- C:\Users\Jessie\Desktop\여름캠프11
[2012/05/05 14:25:38 | 000,019,358 | ---- | M] ()(C:\Users\Jessie\Desktop\????5~.docx) -- C:\Users\Jessie\Desktop\미대순위5~.docx
[2012/05/05 14:25:38 | 000,019,358 | ---- | C] ()(C:\Users\Jessie\Desktop\????5~.docx) -- C:\Users\Jessie\Desktop\미대순위5~.docx
[2012/05/05 14:21:58 | 000,016,438 | ---- | M] ()(C:\Users\Jessie\Desktop\2011 ??????.docx) -- C:\Users\Jessie\Desktop\2011 미국대학평가.docx
[2012/05/05 14:21:57 | 000,016,438 | ---- | C] ()(C:\Users\Jessie\Desktop\2011 ??????.docx) -- C:\Users\Jessie\Desktop\2011 미국대학평가.docx
[2011/05/17 20:28:26 | 000,065,536 | ---- | M] ()(C:\Users\Jessie\Desktop\2010? ???.xls) -- C:\Users\Jessie\Desktop\2010년 주소록.xls

< End of report >



  • 0

#28
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
TDSSKiller removed infection again. Looks like you got reinfected. This last OTL looks good.

Restart you system one more time then check if you get any notifications now?
  • 0

#29
jkabat

jkabat

    Member

  • Topic Starter
  • Member
  • PipPip
  • 98 posts
No notifications of any kind upon restart.

In the Security Essentials it shows that aleuron has been identified and quarantined. It asks if I would like to remove it.

Thanks for all you've done up until now. What's next?
  • 0

#30
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi jkabat,

Please update your malwarebytes and do Quick Scan. Post log here for me after the scan. I'll prepare some cleanup for your system.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP