Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

yahoo mail got hacked - computer running slow & hot [Solved]


  • This topic is locked This topic is locked

#1
gabybaby

gabybaby

    Member

  • Member
  • PipPip
  • 62 posts
Dear G2G,

My yahoo mail got hacked by some a-holes in Malaysia. All my contacts got an email sent by them disguised as me with a bad link of course. Such a drag, I wish the hackers would just go away.

Anyway the computer is running slow and it always is running hot - the cooling fan is on all the time (didn't use to be) and the temp monitor says that my CPU is always around in the 80 degree to 90 degree Celsius range.

I'm certain that there is something nasty in my computer - someone must be using it for their nefarious activities. If any of you could assist me in putting an end to it and giving these unwelcome pests their eviction notice from my computer I would be so eternally grateful to you.

Here is the OTL log:


---------------------------


OTL logfile created on: 2/4/2013 8:37:42 AM - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gabriel\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.46 Gb Total Physical Memory | 0.61 Gb Available Physical Memory | 24.92% Memory free
4.92 Gb Paging File | 2.62 Gb Available in Paging File | 53.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.15 Gb Total Space | 29.17 Gb Free Space | 10.16% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 3.04 Gb Free Space | 31.14% Space Free | Partition Type: NTFS

Computer Name: GABRIEL-W500 | User Name: Gabriel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/04 08:36:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gabriel\Desktop\OTL.exe
PRC - [2013/01/31 07:27:53 | 003,477,808 | ---- | M] (MediaMall Technologies, Inc.) -- C:\Program Files\MediaMall\MediaMallServer.exe
PRC - [2013/01/31 07:25:04 | 000,053,248 | ---- | M] (MediaMall Technologies, Inc.) -- C:\Program Files\MediaMall\PlayOn.exe
PRC - [2013/01/19 22:05:36 | 000,541,608 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2013/01/19 00:13:42 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/01/08 22:30:20 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
PRC - [2012/12/18 11:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/12/10 17:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/12/10 17:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2012/12/06 16:01:31 | 001,354,736 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2012/10/09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Gabriel\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/10/04 06:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/02/23 11:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2011/10/28 09:32:13 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/10/28 09:32:11 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/08/18 14:25:12 | 001,101,960 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
PRC - [2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/10 10:55:04 | 000,152,576 | ---- | M] (CrashPlan) -- C:\Program Files\CrashPlan\CrashPlanService.exe
PRC - [2011/02/10 10:54:34 | 000,217,088 | ---- | M] (Code 42 Software, Inc.) -- C:\Program Files\CrashPlan\CrashPlanTray.exe
PRC - [2010/11/20 04:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/19 13:25:18 | 000,866,576 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2010/10/19 13:02:42 | 000,477,456 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010/09/24 12:22:04 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/08/18 07:20:29 | 000,340,520 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
PRC - [2010/04/23 11:21:00 | 000,154,112 | ---- | M] (troubadix) -- C:\Program Files\TPFanControl\TPFanControl.exe
PRC - [2010/04/22 23:16:46 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2010/01/13 14:44:52 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2009/09/27 23:27:20 | 000,144,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2009/09/24 22:55:56 | 000,015,872 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2009/09/13 21:14:28 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2009/08/31 23:32:20 | 000,098,304 | ---- | M] () -- C:\Windows\System32\DTS.exe
PRC - [2009/08/31 23:28:04 | 001,692,920 | ---- | M] (AuthenTec, Inc.) -- C:\Windows\System32\AtService.exe
PRC - [2009/08/28 14:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2009/08/23 20:00:30 | 000,352,256 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/23 20:00:02 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/08/19 16:38:30 | 000,062,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
PRC - [2009/08/06 12:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/08/06 12:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/08/03 19:00:14 | 002,058,776 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2009/07/14 17:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009/07/13 01:07:48 | 000,021,096 | ---- | M] (The Within Network, LLC) -- C:\Windows\UnsignedThemesSvc.exe
PRC - [2009/07/01 18:03:12 | 002,352,416 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
PRC - [2009/07/01 18:03:12 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2009/07/01 18:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
PRC - [2009/05/27 22:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2009/03/13 00:32:48 | 000,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009/02/02 01:04:10 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2008/10/30 15:23:52 | 000,031,744 | ---- | M] (Ricoh co.,Ltd.) -- C:\Program Files\RotateImage\RCIMGDIR.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/01/04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/19 22:08:21 | 000,647,168 | ---- | M] () -- C:\Program Files\Steam\sdl.dll
MOD - [2013/01/19 22:05:32 | 020,320,240 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll
MOD - [2013/01/19 22:05:26 | 000,969,640 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll
MOD - [2013/01/19 22:05:25 | 001,100,800 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-53.dll
MOD - [2013/01/19 22:05:25 | 000,192,000 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-53.dll
MOD - [2013/01/19 22:05:25 | 000,124,416 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-51.dll
MOD - [2013/01/19 00:13:37 | 003,022,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/01/08 22:30:20 | 014,586,888 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2012/11/15 03:44:06 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\17796f2951c17ebf92dd4b7c9b3ce556\System.ServiceProcess.ni.dll
MOD - [2012/11/15 03:43:07 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012/11/15 03:43:00 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/11/15 03:42:36 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/15 03:42:19 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/03/15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/09/04 07:19:30 | 000,644,096 | ---- | M] () -- C:\Program Files\IZArc\IZArcCM.dll
MOD - [2009/08/23 10:04:00 | 000,030,720 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL
MOD - [2009/05/27 22:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe


========== Services (SafeList) ==========

SRV - [2013/01/31 07:27:53 | 003,477,808 | ---- | M] (MediaMall Technologies, Inc.) [Auto | Running] -- C:\Program Files\MediaMall\MediaMallServer.exe -- (MediaMall Server)
SRV - [2013/01/19 22:05:36 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/01/19 00:13:39 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/08 22:30:21 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 11:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/12/10 17:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/28 09:32:11 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/07/29 16:40:40 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/02/10 10:55:04 | 000,152,576 | ---- | M] (CrashPlan) [Auto | Running] -- C:\Program Files\CrashPlan\CrashPlanService.exe -- (CrashPlanService)
SRV - [2010/10/19 13:25:18 | 000,866,576 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2010/10/19 13:02:42 | 000,477,456 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2010/08/18 07:20:29 | 000,340,520 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
SRV - [2010/03/03 03:00:27 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/01/29 12:52:07 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/09/24 22:55:56 | 000,015,872 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009/09/13 21:14:28 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS)
SRV - [2009/08/31 23:32:20 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Windows\System32\DTS.exe -- (dtsvc)
SRV - [2009/08/31 23:32:16 | 000,106,496 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\ADMonitor.exe -- (ADMonitor)
SRV - [2009/08/31 23:28:04 | 001,692,920 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Windows\System32\AtService.exe -- (ATService)
SRV - [2009/08/28 14:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009/08/23 20:00:02 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/08/23 10:04:00 | 000,075,040 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2009/08/06 12:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/08/04 21:32:42 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/08/03 19:00:14 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS)
SRV - [2009/07/14 17:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009/07/13 17:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 01:07:48 | 000,021,096 | ---- | M] (The Within Network, LLC) [Auto | Running] -- C:\Windows\UnsignedThemesSvc.exe -- (UnsignedThemes)
SRV - [2009/07/03 01:47:10 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009/07/01 18:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/04/28 18:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2008/06/05 22:41:12 | 001,322,648 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe -- (Autodesk Network Licensing Service)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/01/04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Gabriel\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2011/08/18 14:25:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2011/08/18 14:25:12 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/12/13 13:55:54 | 000,021,744 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc.pkms -- (PCDSRVC{3037D694-FD904ACA-06020101}_0)
DRV - [2010/11/20 04:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 04:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 04:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 02:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 01:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 01:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 01:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/18 01:20:48 | 007,122,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32)
DRV - [2010/04/14 01:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2010/04/07 22:04:04 | 000,223,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6232.sys -- (e1yexpress)
DRV - [2010/01/29 12:23:32 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2010/01/27 19:01:19 | 000,033,088 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2009/10/14 21:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\klbg.sys -- (klbg)
DRV - [2009/10/14 09:59:38 | 000,022,696 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\povrtdev.sys -- (msvad_simple)
DRV - [2009/10/02 19:39:36 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/23 09:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/09/21 18:47:10 | 005,946,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdpmd32.sys -- (intelkmd)
DRV - [2009/09/15 12:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32)
DRV - [2009/09/14 20:30:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/09/14 19:36:00 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/09/14 14:46:36 | 000,021,520 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009/09/07 01:00:00 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/09/01 15:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2009/09/01 01:44:16 | 000,485,376 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/08/23 20:32:48 | 005,073,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/08/23 20:32:48 | 005,073,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
DRV - [2009/08/23 19:09:56 | 000,106,496 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2009/08/23 10:04:00 | 000,011,552 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2009/07/21 21:56:22 | 000,459,264 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009/07/13 15:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 15:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 14:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/07/13 01:07:46 | 000,025,448 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\uxpatch.sys -- (uxpatch)
DRV - [2009/07/07 22:12:52 | 000,072,320 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\5U875.sys -- (5U875UVC)
DRV - [2009/07/02 10:16:22 | 000,038,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2009/07/01 01:05:10 | 000,232,472 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\iaNvStor.sys -- (iaNvStor)
DRV - [2009/06/29 13:51:04 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2009/06/29 13:51:02 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009/06/22 19:49:58 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/04/28 18:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2008/12/26 11:56:04 | 000,017,792 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vcsvad.sys -- (VCSVADHWSer)
DRV - [2008/05/12 01:04:04 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2008/01/15 09:17:12 | 000,458,496 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2007/04/17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006/10/13 02:21:00 | 000,020,512 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (TVicPort)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {2E91A6D6-253A-4FE1-84E7-F8ABD8E50297}
IE - HKLM\..\SearchScopes\{2E91A6D6-253A-4FE1-84E7-F8ABD8E50297}: "URL" = http://www.bing.com/...c=IE-SearchBox;

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {2E91A6D6-253A-4FE1-84E7-F8ABD8E50297}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://m.www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: %7B77b819fa-95ad-4f2c-ac7c-486b356188a9%7D:2.0.20120203
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0034-ABCDEFFEDCBA%7D:6.0.34
FF - prefs.js..extensions.enabledAddons: %7B82AF8DCA-6DE9-405D-BD5E-43525BDAD38A%7D:6.5.0.11422
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:9.0.0.736
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.30
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.1
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/19 00:13:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/19 00:13:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{CFB336FE-D07D-11E1-8270-B8AC6F996F26}: C:\Users\Gabriel\AppData\Local\{CFB336FE-D07D-11E1-8270-B8AC6F996F26}\ [2012/07/17 18:11:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/19 00:13:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/19 00:13:18 | 000,000,000 | ---D | M]

[2010/02/04 15:39:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gabriel\AppData\Roaming\Mozilla\Extensions
[2012/11/06 16:56:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\61ra9znk.default\extensions
[2012/11/06 16:56:13 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\61ra9znk.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2012/06/28 00:12:51 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\61ra9znk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/11/16 10:41:58 | 000,000,000 | ---D | M] (Disconnect) -- C:\Users\Gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\61ra9znk.default\extensions\[email protected]
[2013/01/19 00:13:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/01/19 00:13:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/01/19 00:13:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2013/01/19 00:13:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/01/19 00:13:12 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2013/01/19 00:13:43 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/13 14:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/08/30 22:02:07 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/19 15:46:37 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com

O1 HOSTS File: ([2010/08/28 08:07:22 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation)
O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\Pac7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPFanControl] C:\Program Files\TPFanControl\TPFanControl.exe (troubadix)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Gabriel\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [PlayOn] C:\Program Files\MediaMall\PlayOn.exe (MediaMall Technologies, Inc.)
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [Windows Live Sync] "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" /background File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {12193C65-F0E1-4DD1-AD4E-DB73C6911011} file:///E:/activeX/DCP.cab (DCPForm Control 1.0.1.1)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://navigatela.la...ad/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)
O16 - DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} https://www.mydlink....aplugLiteDL.cab (Gif89 Lite +Audio Class)
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} http://www-307.ibm.c...rt/IbmEgath.cab (IBM Access Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.10.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72C32C4B-597A-4FC1-8E49-96AA5E393656}: DhcpNameServer = 66.51.205.100 156.154.71.16 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{739DBB35-D90A-4942-9415-A42119EFECEC}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/03/15 15:54:58 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/04 08:36:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gabriel\Desktop\OTL.exe
[2013/02/03 22:35:47 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{03018DB0-4EEA-4591-B5E2-3DE845226A06}
[2013/02/01 22:33:19 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{036BAB42-64AF-4843-B799-5C7740408956}
[2013/01/31 22:31:58 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{91CBE68D-DDCE-4CFA-B1E7-BA7D8B6A1EE9}
[2013/01/29 10:29:18 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{B5CAADDF-0C72-4772-9FC2-B8C5AB7C82DF}
[2013/01/28 22:28:45 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{4D231521-4CD7-4FB0-890F-405BEA6B84C3}
[2013/01/27 22:27:45 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{5D6E27AA-2620-4CF7-A0A2-2CCB9CD2FE5C}
[2013/01/23 10:10:13 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{3A1D30F0-74F8-4B19-ABA7-FCFCD9244BBF}
[2013/01/21 10:07:42 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{549D46DE-7175-4B5B-96CC-CE8CC3E1BFE8}
[2013/01/19 22:06:07 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{BDE96F3A-1BF4-4312-B143-1D25AA049F9E}
[2013/01/19 00:13:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/01/17 20:23:27 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{3C28421D-C6F0-4A0A-9E27-FB1A7B19A82F}
[2013/01/16 20:22:06 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{A3C7CC7E-3223-4034-97D2-D68FC736E5D9}
[2013/01/15 08:20:49 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{2E218584-B0EA-4E74-BE96-7A6FC98BA3DE}
[2013/01/14 01:24:02 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{2698549A-8F17-4312-95C3-489C45EAFCFB}
[2013/01/12 01:21:33 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{B7AEA682-D931-4EA9-BA2F-CFC48FCE7D18}
[2013/01/11 13:20:53 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{7B6A4CF6-51BF-442A-9F54-2419160A1B5D}
[2013/01/11 01:20:06 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{C893A486-EF60-42CE-8AB4-61936CAC7685}
[2013/01/10 14:15:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox.bak
[2013/01/10 13:19:26 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{DBEC1F98-3050-427D-87AA-C9A4B26B781D}
[2013/01/10 01:18:00 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{648543AD-3B7B-40F3-91F7-5FAEEDE6B891}
[2013/01/08 07:28:47 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{BEFB80C5-5510-4DD8-BFE8-5A82954D01FE}
[2013/01/07 07:27:17 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{F581CDCB-2626-40BE-8DA4-4D78464DD7D7}
[2013/01/06 19:26:44 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{50E536C9-B83D-4044-A86B-4B58719D98CD}
[2013/01/05 16:22:40 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{534C4CC5-B22C-49F6-B739-B7F6095F9D3B}
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Windows\System32\
[2013/02/04 08:36:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gabriel\Desktop\OTL.exe
[2013/02/04 08:30:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/04 08:12:36 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/04 08:12:36 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/04 08:01:38 | 000,531,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/02/04 08:01:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/04 08:01:13 | 1981,816,832 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/03 14:04:41 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013/02/01 14:23:48 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2013/02/01 14:23:48 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2013/01/28 22:13:35 | 000,015,578 | ---- | M] () -- C:\Users\Gabriel\Documents\PrintPayBill__adf.dialog=true&_adf 01-28-13.pdf
[2013/01/23 22:32:56 | 000,017,519 | ---- | M] () -- C:\Users\Gabriel\Documents\One Time Payment Confirmation Printer Friendly 01-23-13.pdf
[2013/01/19 22:08:36 | 000,002,001 | ---- | M] () -- C:\Users\Gabriel\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

File not found -- C:\Windows\System32\
[2013/01/28 22:13:59 | 000,015,578 | ---- | C] () -- C:\Users\Gabriel\Documents\PrintPayBill__adf.dialog=true&_adf 01-28-13.pdf
[2013/01/23 22:33:13 | 000,017,519 | ---- | C] () -- C:\Users\Gabriel\Documents\One Time Payment Confirmation Printer Friendly 01-23-13.pdf
[2012/07/17 18:09:50 | 000,137,216 | ---- | C] () -- C:\Users\Gabriel\AppData\Roaming\buoxs.dll
[2012/02/19 01:18:45 | 000,000,283 | ---- | C] () -- C:\Windows\Lightspeed!.ini
[2012/01/25 12:32:23 | 000,000,000 | ---- | C] () -- C:\Users\Gabriel\AppData\Local\{B9C9D6B5-DC34-47F5-B143-B45E82285672}
[2012/01/03 12:30:14 | 000,000,000 | ---- | C] () -- C:\Users\Gabriel\AppData\Local\{0F7BA92B-4675-4A90-A7AA-F345ECF06E14}
[2011/10/21 08:18:00 | 000,000,000 | ---- | C] () -- C:\Users\Gabriel\AppData\Local\{C706DC2B-B225-4C64-AC80-432662E0D68A}
[2011/10/14 13:34:16 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011/09/18 12:03:17 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/09/18 12:03:17 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/09/15 15:59:52 | 000,007,609 | ---- | C] () -- C:\Users\Gabriel\AppData\Local\Temp7.html
[2011/09/15 15:59:19 | 000,001,892 | ---- | C] () -- C:\Users\Gabriel\AppData\Local\Temp1.html
[2011/06/03 17:04:16 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/03/30 11:25:55 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/02/22 20:47:12 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2010/09/24 15:13:17 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/08/20 11:44:43 | 000,007,619 | ---- | C] () -- C:\Users\Gabriel\AppData\Local\Resmon.ResmonCfg
[2010/04/18 12:11:31 | 000,870,128 | ---- | C] () -- C:\Users\Gabriel\AppData\Roaming\mcs.rma
[2010/04/18 12:11:31 | 000,000,004 | ---- | C] () -- C:\Users\Gabriel\AppData\Roaming\1A511F
[2010/03/14 08:49:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2011/11/16 21:38:39 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{81304e1f-4597-e6ae-6928-92a6cb72393f}\@
[2011/11/16 21:38:39 | 000,057,344 | -HS- | M] () -- C:\Windows\Installer\{81304e1f-4597-e6ae-6928-92a6cb72393f}\n
[2011/11/16 21:38:39 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{81304e1f-4597-e6ae-6928-92a6cb72393f}\L
[2012/07/18 12:38:16 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{81304e1f-4597-e6ae-6928-92a6cb72393f}\U
[2012/07/18 11:51:54 | 000,002,048 | -HS- | M] () -- C:\Users\Gabriel\AppData\Local\{81304e1f-4597-e6ae-6928-92a6cb72393f}\@
[2012/07/24 18:38:21 | 000,000,000 | -HSD | M] -- C:\Users\Gabriel\AppData\Local\{81304e1f-4597-e6ae-6928-92a6cb72393f}\L
[2012/07/27 16:24:03 | 000,000,000 | -HSD | M] -- C:\Users\Gabriel\AppData\Local\{81304e1f-4597-e6ae-6928-92a6cb72393f}\U
[2012/07/24 18:38:21 | 000,000,804 | ---- | M] () -- C:\Users\Gabriel\AppData\Local\{81304e1f-4597-e6ae-6928-92a6cb72393f}\L\[email protected]
[2012/07/27 16:23:55 | 000,013,312 | ---- | M] () -- C:\Users\Gabriel\AppData\Local\{81304e1f-4597-e6ae-6928-92a6cb72393f}\U\[email protected]
[2009/07/13 20:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[2012/07/17 18:55:57 | 000,005,120 | -HS- | M] () -- C:\Windows\assembly\GAC\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"ThreadingModel" = Both
"" = C:\Users\Gabriel\AppData\Local\{81304e1f-4597-e6ae-6928-92a6cb72393f}\n.

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 17:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/03/15 16:05:06 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\Autodesk
[2010/04/07 14:12:51 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\Avnex
[2011/04/22 14:38:04 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\CrashPlan
[2010/05/11 12:31:18 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\EPSON
[2010/06/20 16:26:04 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\ooVoo Details
[2010/08/19 15:55:13 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\QuickScan
[2011/05/20 13:14:13 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\Update
[2012/08/02 19:43:11 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\uTorrent
[2010/05/19 18:55:08 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\ZumoDrive

========== Purity Check ==========



< End of report >


-----------------------------

Thank you again and looking forward to your response.
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello gabybaby and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Please login to your mail account from another, clean, system and change your email password.

Step 2

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside:

    • Loaded modules

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Make sure to check:

    • Services and drivers
    • Boot sectors
    • Loaded modules
    • Verify Driver Digital Signature
    • Detect TDLFS file system

  • then click OK.
  • Click the Start Scan button to start the scan.
  • If a suspicious object is detected, the default action will be Skip
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected for malicious objects

    Posted Image
  • Click Continue then Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\\ folder) in the form of \"TDSSKiller.[Version]_[Date]_[Time]_log.txt\". Please copy and paste its contents on your next reply.

Step 3

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion just reboot your system once, that will cure it.


Please make sure you include the combo fix log in your next reply

Step 4

Please don't forget to include these items in your reply:

  • TDSSKiller log
  • Combofix log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
gabybaby

gabybaby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Dear Maliprog,

Thank you so much for your response. The logs you requested follow.

Best regards! :)
  • 0

#4
gabybaby

gabybaby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
09:30:19.0303 17148 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
09:30:19.0979 17148 ============================================================
09:30:19.0979 17148 Current date / time: 2013/02/05 09:30:19.0979
09:30:19.0979 17148 SystemInfo:
09:30:19.0979 17148
09:30:19.0979 17148 OS Version: 6.1.7601 ServicePack: 1.0
09:30:19.0979 17148 Product type: Workstation
09:30:19.0980 17148 ComputerName: GABRIEL-W500
09:30:19.0980 17148 UserName: Gabriel
09:30:19.0980 17148 Windows directory: C:\Windows
09:30:19.0980 17148 System windows directory: C:\Windows
09:30:19.0980 17148 Processor architecture: Intel x86
09:30:19.0980 17148 Number of processors: 2
09:30:19.0980 17148 Page size: 0x1000
09:30:19.0980 17148 Boot type: Normal boot
09:30:19.0980 17148 ============================================================
09:30:20.0924 17148 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
09:30:20.0927 17148 ============================================================
09:30:20.0927 17148 \Device\Harddisk0\DR0:
09:30:20.0927 17148 MBR partitions:
09:30:20.0927 17148 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000
09:30:20.0927 17148 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x23E4D7F8
09:30:20.0927 17148 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x240A6000, BlocksNum 0x1388000
09:30:20.0927 17148 ============================================================
09:30:20.0928 17148 C: <-> \Device\Harddisk0\DR0\Partition2
09:30:20.0956 17148 Q: <-> \Device\Harddisk0\DR0\Partition3
09:30:20.0956 17148 ============================================================
09:30:20.0956 17148 Initialize success
09:30:20.0956 17148 ============================================================
09:31:31.0302 16548 Deinitialize success



09:36:52.0450 4616 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
09:36:53.0132 4616 ============================================================
09:36:53.0132 4616 Current date / time: 2013/02/05 09:36:53.0132
09:36:53.0132 4616 SystemInfo:
09:36:53.0133 4616
09:36:53.0133 4616 OS Version: 6.1.7601 ServicePack: 1.0
09:36:53.0133 4616 Product type: Workstation
09:36:53.0133 4616 ComputerName: GABRIEL-W500
09:36:53.0133 4616 UserName: Gabriel
09:36:53.0133 4616 Windows directory: C:\Windows
09:36:53.0133 4616 System windows directory: C:\Windows
09:36:53.0133 4616 Processor architecture: Intel x86
09:36:53.0133 4616 Number of processors: 2
09:36:53.0133 4616 Page size: 0x1000
09:36:53.0133 4616 Boot type: Normal boot
09:36:53.0133 4616 ============================================================
09:36:53.0790 4616 BG loaded
09:36:54.0208 4616 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0xA181, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
09:36:54.0273 4616 ============================================================
09:36:54.0273 4616 \Device\Harddisk0\DR0:
09:36:54.0274 4616 MBR partitions:
09:36:54.0274 4616 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x258000
09:36:54.0274 4616 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x258800, BlocksNum 0x23E4D7F8
09:36:54.0274 4616 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x240A6000, BlocksNum 0x1388000
09:36:54.0274 4616 ============================================================
09:36:54.0276 4616 C: <-> \Device\Harddisk0\DR0\Partition2
09:36:54.0415 4616 Q: <-> \Device\Harddisk0\DR0\Partition3
09:36:54.0415 4616 ============================================================
09:36:54.0415 4616 Initialize success
09:36:54.0415 4616 ============================================================
09:43:35.0887 6564 ============================================================
09:43:35.0910 6564 Scan started
09:43:35.0910 6564 Mode: Manual; SigCheck; TDLFS;
09:43:35.0910 6564 ============================================================
09:43:44.0716 6564 ================ Scan system memory ========================
09:43:44.0716 6564 System memory - ok
09:43:44.0718 6564 ================ Scan services =============================
09:43:44.0952 6564 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
09:43:45.0223 6564 1394ohci - ok
09:43:45.0262 6564 [ AB3006F949FD4DED75F8665D9EB24181 ] 5U875UVC C:\Windows\system32\DRIVERS\5U875.sys
09:43:45.0426 6564 5U875UVC - ok
09:43:45.0556 6564 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
09:43:45.0598 6564 ACPI - ok
09:43:45.0748 6564 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
09:43:55.0853 6564 AcpiPmi - ok
09:43:55.0932 6564 [ 865A379602936DA6153EA2D1A7349DF1 ] ADMonitor C:\Windows\system32\ADMonitor.exe
09:43:55.0980 6564 ADMonitor ( UnsignedFile.Multi.Generic ) - warning
09:43:55.0980 6564 ADMonitor - detected UnsignedFile.Multi.Generic (1)
09:43:56.0247 6564 [ 5DDC0A8D2CD60BDA593DDAF45821CE08 ] Adobe LM Service C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
09:43:56.0342 6564 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
09:43:56.0342 6564 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
09:43:56.0377 6564 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
09:43:56.0410 6564 AdobeARMservice - ok
09:43:56.0510 6564 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:43:56.0566 6564 AdobeFlashPlayerUpdateSvc - ok
09:43:56.0611 6564 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
09:43:56.0660 6564 adp94xx - ok
09:43:56.0747 6564 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
09:43:56.0801 6564 adpahci - ok
09:43:56.0832 6564 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
09:43:56.0883 6564 adpu320 - ok
09:43:56.0893 6564 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
09:43:57.0013 6564 AeLookupSvc - ok
09:43:57.0039 6564 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
09:43:57.0118 6564 AFD - ok
09:43:57.0156 6564 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
09:43:57.0182 6564 agp440 - ok
09:43:57.0240 6564 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
09:43:57.0283 6564 aic78xx - ok
09:43:57.0297 6564 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
09:43:57.0418 6564 ALG - ok
09:43:57.0477 6564 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
09:43:57.0527 6564 aliide - ok
09:43:57.0545 6564 [ D4713285C6F84272635DFE73BD9ED389 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
09:43:57.0705 6564 AMD External Events Utility - ok
09:43:57.0754 6564 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
09:43:57.0779 6564 amdagp - ok
09:43:57.0808 6564 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
09:43:57.0833 6564 amdide - ok
09:43:57.0878 6564 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
09:43:57.0975 6564 AmdK8 - ok
09:43:58.0143 6564 [ 3A894B97304C06FF46B5E7B6D1936BC3 ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys
09:43:58.0373 6564 amdkmdag - ok
09:43:58.0392 6564 [ 8E1023B042F6502CC83308FB1EBF5AA2 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
09:43:58.0462 6564 amdkmdap - ok
09:43:58.0521 6564 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
09:43:58.0588 6564 AmdPPM - ok
09:43:58.0657 6564 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
09:43:58.0683 6564 amdsata - ok
09:43:58.0729 6564 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
09:43:58.0787 6564 amdsbs - ok
09:43:58.0793 6564 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
09:43:58.0820 6564 amdxata - ok
09:43:58.0877 6564 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
09:43:59.0032 6564 AppID - ok
09:43:59.0049 6564 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
09:43:59.0110 6564 AppIDSvc - ok
09:43:59.0134 6564 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
09:43:59.0179 6564 Appinfo - ok
09:43:59.0207 6564 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:43:59.0221 6564 Apple Mobile Device - ok
09:43:59.0250 6564 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
09:43:59.0351 6564 AppMgmt - ok
09:43:59.0404 6564 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
09:43:59.0453 6564 arc - ok
09:43:59.0479 6564 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
09:43:59.0531 6564 arcsas - ok
09:43:59.0653 6564 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
09:43:59.0742 6564 aspnet_state - ok
09:43:59.0779 6564 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
09:43:59.0929 6564 AsyncMac - ok
09:44:00.0033 6564 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
09:44:00.0059 6564 atapi - ok
09:44:00.0758 6564 [ 3A894B97304C06FF46B5E7B6D1936BC3 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
09:44:00.0992 6564 atikmdag - ok
09:44:01.0049 6564 [ B5648B8C0FFB5552535695B66B87086E ] ATService C:\Windows\system32\AtService.exe
09:44:01.0118 6564 ATService - ok
09:44:01.0136 6564 [ F77A156735688536145F200F803E752A ] ATSwpWDF C:\Windows\system32\Drivers\ATSwpWDF.sys
09:44:01.0209 6564 ATSwpWDF - ok
09:44:01.0242 6564 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:44:01.0293 6564 AudioEndpointBuilder - ok
09:44:01.0306 6564 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
09:44:01.0335 6564 Audiosrv - ok
09:44:01.0369 6564 [ 8DCE8988E2FBCBB731D5769A247DFEC0 ] Autodesk Licensing Service C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
09:44:01.0389 6564 Autodesk Licensing Service - ok
09:44:01.0566 6564 [ F393A805A1BA93E0C3E21ABFBEF8B708 ] Autodesk Network Licensing Service C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
09:44:01.0670 6564 Autodesk Network Licensing Service ( UnsignedFile.Multi.Generic ) - warning
09:44:01.0670 6564 Autodesk Network Licensing Service - detected UnsignedFile.Multi.Generic (1)
09:44:01.0714 6564 [ DF9586377384DF3808D42090242CC23B ] AVP C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
09:44:01.0739 6564 AVP - ok
09:44:01.0751 6564 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
09:44:01.0867 6564 AxInstSV - ok
09:44:01.0901 6564 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
09:44:02.0000 6564 b06bdrv - ok
09:44:02.0027 6564 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
09:44:02.0081 6564 b57nd60x - ok
09:44:02.0149 6564 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
09:44:02.0164 6564 BcmSqlStartupSvc - ok
09:44:02.0188 6564 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
09:44:02.0308 6564 BDESVC - ok
09:44:02.0317 6564 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
09:44:02.0373 6564 Beep - ok
09:44:02.0404 6564 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
09:44:02.0490 6564 BITS - ok
09:44:02.0497 6564 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
09:44:02.0603 6564 blbdrive - ok
09:44:02.0664 6564 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:44:02.0691 6564 Bonjour Service - ok
09:44:02.0706 6564 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
09:44:02.0800 6564 bowser - ok
09:44:02.0817 6564 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
09:44:03.0015 6564 BrFiltLo - ok
09:44:03.0051 6564 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
09:44:03.0144 6564 BrFiltUp - ok
09:44:03.0154 6564 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
09:44:03.0281 6564 Browser - ok
09:44:03.0311 6564 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
09:44:03.0449 6564 Brserid - ok
09:44:03.0470 6564 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
09:44:03.0534 6564 BrSerWdm - ok
09:44:03.0557 6564 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
09:44:03.0626 6564 BrUsbMdm - ok
09:44:03.0650 6564 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
09:44:03.0719 6564 BrUsbSer - ok
09:44:03.0754 6564 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
09:44:03.0956 6564 BthEnum - ok
09:44:04.0003 6564 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
09:44:04.0112 6564 BTHMODEM - ok
09:44:04.0122 6564 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
09:44:04.0157 6564 BthPan - ok
09:44:04.0175 6564 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
09:44:04.0258 6564 BTHPORT - ok
09:44:04.0267 6564 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
09:44:04.0320 6564 bthserv - ok
09:44:04.0327 6564 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
09:44:04.0416 6564 BTHUSB - ok
09:44:04.0459 6564 [ F549C3FB145A4928E40BB1518B2034DC ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
09:44:04.0490 6564 btusbflt - ok
09:44:04.0507 6564 [ D57D29132EFE13A83133D9BD449E0CF1 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
09:44:04.0554 6564 btwaudio - ok
09:44:04.0564 6564 [ D282C14A69357D0E1BAFAECC2CA98C3A ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
09:44:04.0613 6564 btwavdt - ok
09:44:04.0657 6564 [ F7434401AE320BB97903A3C1865242FB ] btwdins C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
09:44:04.0699 6564 btwdins - ok
09:44:04.0707 6564 [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
09:44:04.0768 6564 btwl2cap - ok
09:44:04.0775 6564 [ 02EB4D2B05967DF2D32F29C84AB1FB17 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
09:44:04.0832 6564 btwrchid - ok
09:44:04.0975 6564 catchme - ok
09:44:05.0008 6564 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
09:44:05.0057 6564 cdfs - ok
09:44:05.0093 6564 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
09:44:05.0152 6564 cdrom - ok
09:44:05.0194 6564 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
09:44:05.0258 6564 CertPropSvc - ok
09:44:05.0276 6564 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
09:44:05.0328 6564 circlass - ok
09:44:05.0346 6564 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
09:44:05.0381 6564 CLFS - ok
09:44:05.0422 6564 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:44:05.0471 6564 clr_optimization_v2.0.50727_32 - ok
09:44:05.0565 6564 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:44:05.0662 6564 clr_optimization_v4.0.30319_32 - ok
09:44:05.0668 6564 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
09:44:05.0760 6564 CmBatt - ok
09:44:05.0794 6564 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
09:44:05.0830 6564 cmdide - ok
09:44:05.0855 6564 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
09:44:05.0905 6564 CNG - ok
09:44:05.0941 6564 [ 225E3E97021D72067AB359A295BF8C6F ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
09:44:06.0055 6564 CnxtHdAudService - ok
09:44:06.0082 6564 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
09:44:06.0098 6564 Compbatt - ok
09:44:06.0121 6564 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
09:44:06.0172 6564 CompositeBus - ok
09:44:06.0202 6564 COMSysApp - ok
09:44:06.0231 6564 [ 3BA18AFDA6A73B86DB50E9874FE28826 ] CrashPlanService C:\Program Files\CrashPlan\CrashPlanService.exe
09:44:06.0239 6564 CrashPlanService ( UnsignedFile.Multi.Generic ) - warning
09:44:06.0239 6564 CrashPlanService - detected UnsignedFile.Multi.Generic (1)
09:44:06.0254 6564 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
09:44:06.0304 6564 crcdisk - ok
09:44:06.0317 6564 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
09:44:06.0405 6564 CryptSvc - ok
09:44:06.0423 6564 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
09:44:06.0505 6564 CSC - ok
09:44:06.0534 6564 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
09:44:06.0558 6564 CscService - ok
09:44:06.0588 6564 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
09:44:06.0643 6564 DcomLaunch - ok
09:44:06.0672 6564 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
09:44:06.0733 6564 defragsvc - ok
09:44:06.0742 6564 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
09:44:06.0789 6564 DfsC - ok
09:44:06.0803 6564 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
09:44:06.0946 6564 Dhcp - ok
09:44:06.0953 6564 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
09:44:07.0001 6564 discache - ok
09:44:07.0037 6564 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
09:44:07.0055 6564 Disk - ok
09:44:07.0066 6564 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
09:44:07.0176 6564 Dnscache - ok
09:44:07.0195 6564 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
09:44:07.0275 6564 dot3svc - ok
09:44:07.0285 6564 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
09:44:07.0356 6564 DPS - ok
09:44:07.0400 6564 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
09:44:07.0492 6564 drmkaud - ok
09:44:07.0501 6564 [ A3492AFD0653C7F06F9D8F11CE702E0B ] dtsvc C:\Windows\system32\DTS.exe
09:44:07.0511 6564 dtsvc ( UnsignedFile.Multi.Generic ) - warning
09:44:07.0511 6564 dtsvc - detected UnsignedFile.Multi.Generic (1)
09:44:07.0537 6564 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
09:44:07.0628 6564 DXGKrnl - ok
09:44:07.0659 6564 [ F8261752AB473E3B24376AAB280AD15A ] e1yexpress C:\Windows\system32\DRIVERS\e1y6232.sys
09:44:07.0698 6564 e1yexpress - ok
09:44:07.0707 6564 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
09:44:07.0757 6564 EapHost - ok
09:44:07.0853 6564 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
09:44:07.0968 6564 ebdrv - ok
09:44:07.0975 6564 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
09:44:08.0073 6564 EFS - ok
09:44:08.0106 6564 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
09:44:08.0185 6564 ehRecvr - ok
09:44:08.0212 6564 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
09:44:08.0275 6564 ehSched - ok
09:44:08.0317 6564 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
09:44:08.0359 6564 elxstor - ok
09:44:08.0415 6564 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
09:44:08.0461 6564 ErrDev - ok
09:44:08.0493 6564 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
09:44:08.0547 6564 EventSystem - ok
09:44:08.0599 6564 [ 33ABDDB21DE2F4BB1B05A5A3A671BD64 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
09:44:08.0659 6564 EvtEng - ok
09:44:08.0698 6564 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
09:44:08.0743 6564 exfat - ok
09:44:08.0760 6564 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
09:44:08.0811 6564 fastfat - ok
09:44:08.0869 6564 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
09:44:08.0976 6564 Fax - ok
09:44:08.0995 6564 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
09:44:09.0117 6564 fdc - ok
09:44:09.0121 6564 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
09:44:09.0148 6564 fdPHost - ok
09:44:09.0153 6564 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
09:44:09.0202 6564 FDResPub - ok
09:44:09.0208 6564 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
09:44:09.0226 6564 FileInfo - ok
09:44:09.0247 6564 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
09:44:09.0311 6564 Filetrace - ok
09:44:09.0410 6564 [ D60EF46DC0E757FE5EB579DB95B88954 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
09:44:09.0471 6564 FLEXnet Licensing Service - ok
09:44:09.0489 6564 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
09:44:09.0544 6564 flpydisk - ok
09:44:09.0576 6564 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
09:44:09.0602 6564 FltMgr - ok
09:44:09.0631 6564 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
09:44:09.0701 6564 FontCache - ok
09:44:09.0706 6564 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:44:09.0719 6564 FontCache3.0.0.0 - ok
09:44:09.0736 6564 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
09:44:09.0769 6564 FsDepends - ok
09:44:09.0829 6564 [ B0082808A6856A252F7CDD939892CE50 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
09:44:09.0848 6564 fssfltr - ok
09:44:10.0036 6564 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
09:44:10.0116 6564 fsssvc - ok
09:44:10.0123 6564 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
09:44:10.0143 6564 Fs_Rec - ok
09:44:10.0208 6564 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
09:44:10.0237 6564 fvevol - ok
09:44:10.0272 6564 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
09:44:10.0314 6564 gagp30kx - ok
09:44:10.0355 6564 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:44:10.0379 6564 GEARAspiWDM - ok
09:44:10.0427 6564 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
09:44:10.0497 6564 gpsvc - ok
09:44:10.0525 6564 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
09:44:10.0548 6564 hamachi - ok
09:44:10.0667 6564 [ 616399E27A55C97AE859230EB13984D8 ] Hamachi2Svc C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
09:44:10.0731 6564 Hamachi2Svc - ok
09:44:10.0760 6564 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
09:44:10.0878 6564 hcw85cir - ok
09:44:10.0958 6564 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:44:11.0088 6564 HdAudAddService - ok
09:44:11.0118 6564 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
09:44:11.0169 6564 HDAudBus - ok
09:44:11.0189 6564 [ 30D57EE84E1E169D41A6E873B549A096 ] HECI C:\Windows\system32\DRIVERS\HECI.sys
09:44:11.0418 6564 HECI - ok
09:44:11.0442 6564 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
09:44:11.0532 6564 HidBatt - ok
09:44:11.0562 6564 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
09:44:11.0678 6564 HidBth - ok
09:44:11.0719 6564 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
09:44:11.0788 6564 HidIr - ok
09:44:11.0797 6564 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
09:44:11.0855 6564 hidserv - ok
09:44:11.0881 6564 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
09:44:11.0933 6564 HidUsb - ok
09:44:11.0961 6564 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
09:44:11.0996 6564 hkmsvc - ok
09:44:12.0011 6564 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
09:44:12.0065 6564 HomeGroupListener - ok
09:44:12.0082 6564 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
09:44:12.0133 6564 HomeGroupProvider - ok
09:44:12.0152 6564 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
09:44:12.0180 6564 HpSAMD - ok
09:44:12.0235 6564 [ 210388FD8225B02BD83D77628AAE64A9 ] HsfXAudioService C:\Windows\system32\XAudio32.dll
09:44:12.0307 6564 HsfXAudioService - ok
09:44:12.0339 6564 [ C761B4A8391F5E47F7C51A691CE773F4 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
09:44:12.0429 6564 HSF_DPV - ok
09:44:12.0462 6564 [ 50B42EF358A2E5363BE6B77138A22391 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
09:44:12.0510 6564 HSXHWAZL - ok
09:44:12.0552 6564 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
09:44:12.0598 6564 HTTP - ok
09:44:12.0605 6564 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
09:44:12.0627 6564 hwpolicy - ok
09:44:12.0661 6564 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
09:44:12.0684 6564 i8042prt - ok
09:44:12.0712 6564 [ 0E899D0DB39617AA0B2F992E7E95B5EB ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
09:44:12.0736 6564 IAANTMON - ok
09:44:12.0762 6564 [ 3DB9F6F69B8BB99D241B15C7B52E3A3D ] iaNvStor C:\Windows\system32\DRIVERS\iaNvStor.sys
09:44:12.0797 6564 iaNvStor - ok
09:44:12.0810 6564 [ 01446278D4563B3013C92830AE6CBB26 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
09:44:12.0835 6564 iaStor - ok
09:44:12.0867 6564 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
09:44:12.0906 6564 iaStorV - ok
09:44:12.0923 6564 [ 4DCFC1792BE8FC092AB41EAFA9D0FDE5 ] IBMPMDRV C:\Windows\system32\DRIVERS\ibmpmdrv.sys
09:44:12.0949 6564 IBMPMDRV - ok
09:44:12.0955 6564 [ EC25C26C4733CA16ADBBBEC53B991976 ] IBMPMSVC C:\Windows\system32\ibmpmsvc.exe
09:44:12.0968 6564 IBMPMSVC - ok
09:44:13.0107 6564 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:44:13.0158 6564 idsvc - ok
09:44:13.0365 6564 [ 36CC40B02AE593D6152AC8BD657720AF ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
09:44:13.0553 6564 igfx - ok
09:44:13.0612 6564 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
09:44:13.0645 6564 iirsp - ok
09:44:13.0708 6564 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
09:44:13.0774 6564 IKEEXT - ok
09:44:13.0796 6564 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
09:44:13.0815 6564 intelide - ok
09:44:13.0998 6564 [ 36CC40B02AE593D6152AC8BD657720AF ] intelkmd C:\Windows\system32\DRIVERS\igdpmd32.sys
09:44:14.0251 6564 intelkmd - ok
09:44:14.0280 6564 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
09:44:14.0323 6564 intelppm - ok
09:44:14.0362 6564 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
09:44:14.0409 6564 IPBusEnum - ok
09:44:14.0423 6564 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:44:14.0509 6564 IpFilterDriver - ok
09:44:14.0567 6564 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
09:44:14.0610 6564 IPMIDRV - ok
09:44:14.0630 6564 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
09:44:14.0704 6564 IPNAT - ok
09:44:14.0801 6564 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
09:44:24.0946 6564 iPod Service - ok
09:44:24.0972 6564 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
09:44:25.0133 6564 IRENUM - ok
09:44:25.0155 6564 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
09:44:25.0209 6564 isapnp - ok
09:44:25.0293 6564 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
09:44:25.0344 6564 iScsiPrt - ok
09:44:25.0372 6564 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
09:44:25.0447 6564 IviRegMgr - ok
09:44:25.0472 6564 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
09:44:25.0499 6564 kbdclass - ok
09:44:25.0505 6564 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
09:44:25.0574 6564 kbdhid - ok
09:44:25.0579 6564 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
09:44:25.0718 6564 KeyIso - ok
09:44:25.0738 6564 [ CE3958F58547454884E97BDA78CD7040 ] kl1 C:\Windows\system32\DRIVERS\kl1.sys
09:44:25.0792 6564 kl1 - ok
09:44:25.0813 6564 [ 53EEDAB3F0511321AC3AE8BC968B158C ] klbg C:\Windows\system32\drivers\klbg.sys
09:44:25.0895 6564 klbg - ok
09:44:25.0994 6564 [ DE6C14FB8438EF932D9F58F269A19B85 ] KLIF C:\Windows\system32\DRIVERS\klif.sys
09:44:26.0062 6564 KLIF - ok
09:44:26.0068 6564 [ 892CC162DC88AB084C86485879526C59 ] KLIM6 C:\Windows\system32\DRIVERS\klim6.sys
09:44:26.0121 6564 KLIM6 - ok
09:44:26.0144 6564 [ AA63A815876A76987B5DBCE6AF7478E9 ] klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys
09:44:26.0200 6564 klmouflt - ok
09:44:26.0208 6564 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
09:44:26.0280 6564 KSecDD - ok
09:44:26.0307 6564 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
09:44:26.0365 6564 KSecPkg - ok
09:44:26.0402 6564 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
09:44:26.0533 6564 KtmRm - ok
09:44:26.0542 6564 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
09:44:26.0613 6564 LanmanServer - ok
09:44:26.0626 6564 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:44:26.0681 6564 LanmanWorkstation - ok
09:44:26.0785 6564 [ 4D99FCA201B72E0F2CA996E357BAA170 ] Lavasoft Ad-Aware Service C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
09:44:26.0839 6564 Lavasoft Ad-Aware Service - ok
09:44:26.0884 6564 [ 6C4A3804510AD8E0F0C07B5BE3D44DDB ] Lavasoft Kernexplorer C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
09:44:26.0897 6564 Lavasoft Kernexplorer - ok
09:44:26.0926 6564 [ 336ABE8721CBC3110F1C6426DA633417 ] Lbd C:\Windows\system32\DRIVERS\Lbd.sys
09:44:26.0975 6564 Lbd - ok
09:44:26.0988 6564 [ D584216C7767DCFB4B812B9B60A4A4E7 ] LENOVO.MICMUTE C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
09:44:27.0029 6564 LENOVO.MICMUTE - ok
09:44:27.0034 6564 [ 3C3F7F424E324C6971632C5DE5FF458F ] lenovo.smi C:\Windows\system32\DRIVERS\smiif32.sys
09:44:27.0064 6564 lenovo.smi - ok
09:44:27.0078 6564 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
09:44:27.0161 6564 lltdio - ok
09:44:27.0215 6564 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
09:44:27.0272 6564 lltdsvc - ok
09:44:27.0277 6564 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
09:44:27.0316 6564 lmhosts - ok
09:44:27.0344 6564 [ BDCECF4CAF708110A2AEA0E63A2AD45B ] LMS C:\Program Files\Intel\AMT\LMS.exe
09:44:27.0388 6564 LMS - ok
09:44:27.0423 6564 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
09:44:27.0471 6564 LSI_FC - ok
09:44:27.0489 6564 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
09:44:27.0557 6564 LSI_SAS - ok
09:44:27.0586 6564 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
09:44:27.0650 6564 LSI_SAS2 - ok
09:44:27.0681 6564 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
09:44:27.0737 6564 LSI_SCSI - ok
09:44:27.0747 6564 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
09:44:27.0794 6564 luafv - ok
09:44:27.0837 6564 MCSTRM - ok
09:44:27.0904 6564 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
09:44:27.0949 6564 Mcx2Svc - ok
09:44:27.0956 6564 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
09:44:28.0036 6564 mdmxsdk - ok
09:44:28.0174 6564 [ AFB4D484BBEBA2548ADEC93F1C025E78 ] MediaMall Server C:\Program Files\MediaMall\MediaMallServer.exe
09:44:28.0325 6564 MediaMall Server - ok
09:44:28.0348 6564 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
09:44:28.0397 6564 megasas - ok
09:44:28.0462 6564 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
09:44:28.0517 6564 MegaSR - ok
09:44:28.0525 6564 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
09:44:28.0571 6564 MMCSS - ok
09:44:28.0578 6564 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
09:44:28.0607 6564 Modem - ok
09:44:28.0633 6564 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
09:44:28.0714 6564 monitor - ok
09:44:28.0746 6564 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
09:44:28.0772 6564 mouclass - ok
09:44:28.0780 6564 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
09:44:28.0892 6564 mouhid - ok
09:44:28.0923 6564 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
09:44:28.0961 6564 mountmgr - ok
09:44:29.0055 6564 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:44:29.0080 6564 MozillaMaintenance - ok
09:44:29.0100 6564 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
09:44:29.0125 6564 mpio - ok
09:44:29.0158 6564 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
09:44:29.0242 6564 mpsdrv - ok
09:44:29.0280 6564 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
09:44:29.0352 6564 MRxDAV - ok
09:44:29.0362 6564 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
09:44:29.0480 6564 mrxsmb - ok
09:44:29.0493 6564 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:44:29.0533 6564 mrxsmb10 - ok
09:44:29.0542 6564 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:44:29.0581 6564 mrxsmb20 - ok
09:44:29.0622 6564 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
09:44:29.0662 6564 msahci - ok
09:44:29.0693 6564 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
09:44:29.0728 6564 msdsm - ok
09:44:29.0760 6564 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
09:44:29.0926 6564 MSDTC - ok
09:44:29.0939 6564 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
09:44:29.0970 6564 Msfs - ok
09:44:30.0000 6564 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
09:44:30.0100 6564 mshidkmdf - ok
09:44:30.0107 6564 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
09:44:30.0138 6564 msisadrv - ok
09:44:30.0185 6564 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
09:44:30.0292 6564 MSiSCSI - ok
09:44:30.0299 6564 msiserver - ok
09:44:30.0345 6564 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
09:44:30.0448 6564 MSKSSRV - ok
09:44:30.0475 6564 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
09:44:30.0580 6564 MSPCLOCK - ok
09:44:30.0605 6564 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
09:44:30.0664 6564 MSPQM - ok
09:44:30.0692 6564 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
09:44:30.0712 6564 MsRPC - ok
09:44:30.0722 6564 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
09:44:30.0750 6564 mssmbios - ok
09:44:30.0821 6564 MSSQL$MSSMLBIZ - ok
09:44:30.0848 6564 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
09:44:30.0886 6564 MSSQLServerADHelper - ok
09:44:30.0908 6564 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
09:44:30.0981 6564 MSTEE - ok
09:44:31.0001 6564 [ BA03A176197D06ECAF0DA86942375156 ] msvad_simple C:\Windows\system32\drivers\povrtdev.sys
09:44:31.0085 6564 msvad_simple - ok
09:44:31.0120 6564 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
09:44:31.0184 6564 MTConfig - ok
09:44:31.0193 6564 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
09:44:31.0210 6564 Mup - ok
09:44:31.0242 6564 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
09:44:31.0304 6564 napagent - ok
09:44:31.0349 6564 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
09:44:31.0433 6564 NativeWifiP - ok
09:44:31.0485 6564 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
09:44:31.0649 6564 NDIS - ok
09:44:31.0680 6564 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
09:44:31.0764 6564 NdisCap - ok
09:44:31.0772 6564 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
09:44:31.0845 6564 NdisTapi - ok
09:44:31.0854 6564 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
09:44:31.0901 6564 Ndisuio - ok
09:44:31.0914 6564 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
09:44:31.0955 6564 NdisWan - ok
09:44:31.0960 6564 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
09:44:31.0996 6564 NDProxy - ok
09:44:32.0026 6564 [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
09:44:32.0033 6564 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
09:44:32.0033 6564 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
09:44:32.0044 6564 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
09:44:32.0093 6564 NetBIOS - ok
09:44:32.0105 6564 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
09:44:32.0153 6564 NetBT - ok
09:44:32.0161 6564 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
09:44:32.0179 6564 Netlogon - ok
09:44:32.0255 6564 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
09:44:32.0318 6564 Netman - ok
09:44:32.0397 6564 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:44:32.0455 6564 NetMsmqActivator - ok
09:44:32.0486 6564 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:44:32.0499 6564 NetPipeActivator - ok
09:44:32.0519 6564 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
09:44:32.0570 6564 netprofm - ok
09:44:32.0595 6564 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:44:32.0609 6564 NetTcpActivator - ok
09:44:32.0617 6564 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
09:44:32.0631 6564 NetTcpPortSharing - ok
09:44:33.0917 6564 [ EF51B405AD8ACAAE6F0231290D20F516 ] NETw5s32 C:\Windows\system32\DRIVERS\NETw5s32.sys
09:44:34.0236 6564 NETw5s32 - ok
09:44:34.0544 6564 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
09:44:34.0751 6564 netw5v32 - ok
09:44:34.0984 6564 [ 83553135AD346D247C482F1B8ACA921F ] NETwNs32 C:\Windows\system32\DRIVERS\NETwNs32.sys
09:44:35.0343 6564 NETwNs32 - ok
09:44:35.0370 6564 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
09:44:35.0413 6564 nfrd960 - ok
09:44:35.0426 6564 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
09:44:35.0522 6564 NlaSvc - ok
09:44:35.0530 6564 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
09:44:35.0560 6564 Npfs - ok
09:44:35.0568 6564 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
09:44:35.0595 6564 nsi - ok
09:44:35.0603 6564 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
09:44:35.0648 6564 nsiproxy - ok
09:44:35.0954 6564 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
09:44:36.0087 6564 Ntfs - ok
09:44:36.0095 6564 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
09:44:36.0168 6564 Null - ok
09:44:36.0213 6564 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
09:44:36.0240 6564 nvraid - ok
09:44:36.0279 6564 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
09:44:36.0305 6564 nvstor - ok
09:44:36.0347 6564 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
09:44:36.0383 6564 nv_agp - ok
09:44:36.0461 6564 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:44:36.0512 6564 odserv - ok
09:44:36.0543 6564 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
09:44:36.0589 6564 ohci1394 - ok
09:44:36.0622 6564 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:44:36.0644 6564 ose - ok
09:44:36.0693 6564 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
09:44:36.0746 6564 p2pimsvc - ok
09:44:36.0775 6564 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
09:44:36.0816 6564 p2psvc - ok
09:44:36.0874 6564 [ CD9D72285B93234A332B62B90247CEF5 ] PAC7302 C:\Windows\system32\DRIVERS\PAC7302.SYS
09:44:36.0926 6564 PAC7302 - ok
09:44:36.0949 6564 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
09:44:36.0980 6564 Parport - ok
09:44:36.0986 6564 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
09:44:37.0016 6564 partmgr - ok
09:44:37.0023 6564 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
09:44:37.0059 6564 Parvdm - ok
09:44:37.0070 6564 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
09:44:37.0090 6564 PcaSvc - ok
09:44:37.0172 6564 [ 92FDDBED716BF5C3CB766101563CFCE5 ] PCDSRVC{3037D694-FD904ACA-06020101}_0 c:\program files\pc-doctor\pcdsrvc.pkms
09:44:37.0228 6564 PCDSRVC{3037D694-FD904ACA-06020101}_0 - ok
09:44:37.0245 6564 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
09:44:37.0267 6564 pci - ok
09:44:37.0315 6564 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
09:44:37.0341 6564 pciide - ok
09:44:37.0357 6564 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
09:44:37.0376 6564 pcmcia - ok
09:44:37.0384 6564 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
09:44:37.0400 6564 pcw - ok
09:44:37.0436 6564 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
09:44:37.0518 6564 PEAUTH - ok
09:44:37.0658 6564 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
09:44:37.0766 6564 PeerDistSvc - ok
09:44:37.0811 6564 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
09:44:37.0899 6564 pla - ok
09:44:37.0915 6564 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
09:44:37.0986 6564 PlugPlay - ok
09:44:38.0044 6564 [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
09:44:38.0049 6564 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
09:44:38.0049 6564 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
09:44:38.0075 6564 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
09:44:38.0112 6564 PNRPAutoReg - ok
09:44:38.0186 6564 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
09:44:38.0204 6564 PNRPsvc - ok
09:44:38.0255 6564 [ 896D916DE06F5502D301E8C4DC442AE8 ] Point32 C:\Windows\system32\DRIVERS\point32.sys
09:44:38.0277 6564 Point32 - ok
09:44:38.0313 6564 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
09:44:38.0368 6564 PolicyAgent - ok
09:44:38.0381 6564 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
09:44:38.0431 6564 Power - ok
09:44:38.0503 6564 [ BF179CFCFDB28B9E28397835BEAFE332 ] Power Manager DBC Service C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
09:44:38.0537 6564 Power Manager DBC Service - ok
09:44:38.0546 6564 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
09:44:38.0666 6564 PptpMiniport - ok
09:44:38.0685 6564 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
09:44:38.0746 6564 Processor - ok
09:44:38.0758 6564 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
09:44:38.0860 6564 ProfSvc - ok
09:44:38.0868 6564 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:44:38.0893 6564 ProtectedStorage - ok
09:44:38.0906 6564 [ 72DE205CD4006DC45B1401859C506679 ] psadd C:\Windows\system32\DRIVERS\psadd.sys
09:44:38.0938 6564 psadd - ok
09:44:38.0994 6564 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
09:44:39.0051 6564 Psched - ok
09:44:39.0060 6564 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
09:44:39.0154 6564 PxHelp20 - ok
09:44:39.0259 6564 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
09:44:39.0338 6564 ql2300 - ok
09:44:39.0355 6564 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
09:44:39.0409 6564 ql40xx - ok
09:44:39.0423 6564 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
09:44:39.0475 6564 QWAVE - ok
09:44:39.0499 6564 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
09:44:39.0519 6564 QWAVEdrv - ok
09:44:39.0534 6564 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
09:44:39.0595 6564 RasAcd - ok
09:44:39.0603 6564 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
09:44:39.0647 6564 RasAgileVpn - ok
09:44:39.0687 6564 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
09:44:39.0717 6564 RasAuto - ok
09:44:39.0738 6564 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
09:44:39.0790 6564 Rasl2tp - ok
09:44:39.0836 6564 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
09:44:39.0901 6564 RasMan - ok
09:44:39.0913 6564 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
09:44:39.0959 6564 RasPppoe - ok
09:44:39.0969 6564 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
09:44:40.0029 6564 RasSstp - ok
09:44:40.0043 6564 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
09:44:40.0085 6564 rdbss - ok
09:44:40.0093 6564 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
09:44:40.0129 6564 rdpbus - ok
09:44:40.0137 6564 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
09:44:40.0181 6564 RDPCDD - ok
09:44:40.0257 6564 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
09:44:40.0299 6564 RDPDR - ok
09:44:40.0328 6564 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
09:44:40.0374 6564 RDPENCDD - ok
09:44:40.0384 6564 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
09:44:40.0425 6564 RDPREFMP - ok
09:44:40.0473 6564 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
09:44:40.0533 6564 RDPWD - ok
09:44:40.0574 6564 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
09:44:40.0597 6564 rdyboost - ok
09:44:40.0605 6564 [ 001B4278407F4303EFC902A2B16F2453 ] regi C:\Windows\system32\drivers\regi.sys
09:44:40.0630 6564 regi - ok
09:44:40.0663 6564 [ 03D281098CE722210C48E1E8CAFEA260 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
09:44:40.0688 6564 RegSrvc - ok
09:44:40.0703 6564 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
09:44:40.0767 6564 RemoteAccess - ok
09:44:40.0797 6564 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
09:44:40.0845 6564 RemoteRegistry - ok
09:44:40.0878 6564 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
09:44:40.0900 6564 RFCOMM - ok
09:44:40.0915 6564 [ D65AC8797F0286ED269500747D6290A4 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
09:44:40.0981 6564 rimmptsk - ok
09:44:40.0990 6564 [ 49EC82B44EB93374ED9988DA7E0E0151 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
09:44:41.0040 6564 rimsptsk - ok
09:44:41.0049 6564 [ 3F400C3CCD0818858602DDB37B5DE719 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
09:44:41.0118 6564 rismxdp - ok
09:44:41.0601 6564 [ D8C44229EB2495E774350529ED9BE08D ] RoxMediaDB10 C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
09:44:41.0682 6564 RoxMediaDB10 - ok
09:44:41.0691 6564 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
09:44:41.0721 6564 RpcEptMapper - ok
09:44:41.0748 6564 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
09:44:41.0798 6564 RpcLocator - ok
09:44:41.0879 6564 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\System32\rpcss.dll
09:44:41.0908 6564 RpcSs - ok
09:44:41.0938 6564 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
09:44:41.0984 6564 rspndr - ok
09:44:42.0041 6564 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
09:44:42.0095 6564 s3cap - ok
09:44:42.0102 6564 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
09:44:42.0120 6564 SamSs - ok
09:44:42.0156 6564 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
09:44:42.0179 6564 sbp2port - ok
09:44:42.0204 6564 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
09:44:42.0258 6564 SCardSvr - ok
09:44:42.0287 6564 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
09:44:42.0366 6564 scfilter - ok
09:44:42.0446 6564 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
09:44:42.0568 6564 Schedule - ok
09:44:42.0594 6564 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
09:44:42.0718 6564 SCPolicySvc - ok
09:44:42.0727 6564 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\drivers\sdbus.sys
09:44:42.0917 6564 sdbus - ok
09:44:42.0951 6564 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
09:44:43.0180 6564 SDRSVC - ok
09:44:43.0213 6564 [ 16A252022535B680046F6E34E136D378 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
09:44:43.0233 6564 SeaPort - ok
09:44:43.0244 6564 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
09:44:43.0350 6564 secdrv - ok
09:44:43.0358 6564 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
09:44:43.0413 6564 seclogon - ok
09:44:43.0427 6564 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
09:44:43.0518 6564 SENS - ok
09:44:43.0531 6564 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
09:44:43.0666 6564 SensrSvc - ok
09:44:43.0689 6564 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
09:44:43.0761 6564 Serenum - ok
09:44:43.0769 6564 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
09:44:43.0833 6564 Serial - ok
09:44:43.0869 6564 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
09:44:43.0921 6564 sermouse - ok
09:44:43.0959 6564 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
09:44:44.0023 6564 SessionEnv - ok
09:44:44.0068 6564 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
09:44:44.0173 6564 sffdisk - ok
09:44:44.0199 6564 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
09:44:44.0236 6564 sffp_mmc - ok
09:44:44.0252 6564 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
09:44:44.0303 6564 sffp_sd - ok
09:44:44.0333 6564 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
09:44:44.0461 6564 sfloppy - ok
09:44:44.0492 6564 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:44:44.0568 6564 ShellHWDetection - ok
09:44:44.0591 6564 [ FC0127343BD1CE1986BA12F8937F1057 ] Shockprf C:\Windows\system32\DRIVERS\Apsx86.sys
09:44:44.0630 6564 Shockprf - ok
09:44:44.0688 6564 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
09:44:44.0715 6564 sisagp - ok
09:44:44.0762 6564 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
09:44:44.0796 6564 SiSRaid2 - ok
09:44:44.0813 6564 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
09:44:44.0859 6564 SiSRaid4 - ok
09:44:45.0065 6564 [ 183F04C6742902F33039913A96F5B574 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
09:44:45.0226 6564 Skype C2C Service - ok
09:44:45.0293 6564 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
09:44:55.0395 6564 SkypeUpdate - ok
09:44:55.0426 6564 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
09:44:55.0571 6564 Smb - ok
09:44:55.0612 6564 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
09:44:55.0730 6564 SNMPTRAP - ok
09:44:55.0737 6564 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
09:44:55.0780 6564 spldr - ok
09:44:55.0797 6564 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
09:44:55.0880 6564 Spooler - ok
09:44:55.0956 6564 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
09:44:56.0104 6564 sppsvc - ok
09:44:56.0124 6564 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
09:44:56.0162 6564 sppuinotify - ok
09:44:56.0171 6564 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
09:44:56.0200 6564 SQLBrowser - ok
09:44:56.0235 6564 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
09:44:56.0269 6564 SQLWriter - ok
09:44:56.0283 6564 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
09:44:56.0343 6564 srv - ok
09:44:56.0359 6564 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
09:44:56.0419 6564 srv2 - ok
09:44:56.0522 6564 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
09:44:56.0644 6564 SrvHsfHDA - ok
09:44:56.0825 6564 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
09:44:56.0892 6564 SrvHsfV92 - ok
09:44:56.0928 6564 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
09:44:57.0005 6564 SrvHsfWinac - ok
09:44:57.0015 6564 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
09:44:57.0081 6564 srvnet - ok
09:44:57.0090 6564 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
09:44:57.0123 6564 SSDPSRV - ok
09:44:57.0157 6564 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
09:44:57.0220 6564 SstpSvc - ok
09:44:57.0253 6564 Steam Client Service - ok
09:44:57.0281 6564 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
09:44:57.0331 6564 stexstor - ok
09:44:57.0360 6564 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
09:44:57.0428 6564 StiSvc - ok
09:44:57.0482 6564 [ FF5EB78AF7DFB68C2FB363537AAF753E ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
09:44:57.0521 6564 stllssvr - ok
09:44:57.0528 6564 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
09:44:57.0553 6564 storflt - ok
09:44:57.0573 6564 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
09:44:57.0651 6564 StorSvc - ok
09:44:57.0725 6564 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
09:44:57.0748 6564 storvsc - ok
09:44:57.0789 6564 [ 3119E9BC5FAD5EA1CD31AE200A1DA591 ] SUService c:\Program Files\Lenovo\System Update\SUService.exe
09:44:57.0847 6564 SUService ( UnsignedFile.Multi.Generic ) - warning
09:44:57.0847 6564 SUService - detected UnsignedFile.Multi.Generic (1)
09:44:57.0852 6564 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
09:44:57.0871 6564 swenum - ok
09:44:57.0888 6564 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
09:44:57.0930 6564 swprv - ok
09:44:57.0979 6564 [ D7DC30B8B41E7A913C3FCCC0631E72EC ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
09:44:58.0011 6564 SynTP - ok
09:44:58.0131 6564 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
09:44:58.0187 6564 SysMain - ok
09:44:58.0210 6564 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:44:58.0258 6564 TabletInputService - ok
09:44:58.0334 6564 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
09:44:58.0389 6564 TapiSrv - ok
09:44:58.0420 6564 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
09:44:58.0476 6564 TBS - ok
09:44:58.0859 6564 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
09:44:58.0940 6564 Tcpip - ok
09:44:58.0985 6564 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
09:44:59.0013 6564 TCPIP6 - ok
09:44:59.0024 6564 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
09:44:59.0232 6564 tcpipreg - ok
09:44:59.0274 6564 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
09:44:59.0400 6564 TDPIPE - ok
09:44:59.0445 6564 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
09:44:59.0504 6564 TDTCP - ok
09:44:59.0513 6564 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
09:44:59.0558 6564 tdx - ok
09:44:59.0567 6564 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
09:44:59.0601 6564 TermDD - ok
09:44:59.0763 6564 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
09:44:59.0828 6564 TermService - ok
09:44:59.0836 6564 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
09:44:59.0857 6564 Themes - ok
09:44:59.0936 6564 [ 39AC444E07FDBD8C2E8E291A65D515D3 ] ThinkVantage Registry Monitor Service C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
09:45:00.0049 6564 ThinkVantage Registry Monitor Service ( UnsignedFile.Multi.Generic ) - warning
09:45:00.0049 6564 ThinkVantage Registry Monitor Service - detected UnsignedFile.Multi.Generic (1)
09:45:00.0059 6564 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
09:45:00.0090 6564 THREADORDER - ok
09:45:00.0098 6564 [ 521866A3CE5A1A69B4B4A87BDB52BE26 ] TPDIGIMN C:\Windows\system32\DRIVERS\ApsHM86.sys
09:45:00.0176 6564 TPDIGIMN - ok
09:45:00.0193 6564 [ 199D786169749B1A5473B7799C1E6A89 ] TPHDEXLGSVC C:\Windows\system32\TPHDEXLG.exe
09:45:00.0231 6564 TPHDEXLGSVC - ok
09:45:00.0256 6564 [ 3C6A42A8494D74F44F048BB7F9F2DB44 ] TPHKSVC C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
09:45:00.0268 6564 TPHKSVC - ok
09:45:00.0286 6564 [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM C:\Windows\system32\drivers\tpm.sys
09:45:00.0431 6564 TPM - ok
09:45:00.0440 6564 [ 6412DA2B8D079D821B99B3A99943284E ] TPPWRIF C:\Windows\system32\drivers\Tppwr32v.sys
09:45:00.0465 6564 TPPWRIF - ok
09:45:00.0475 6564 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
09:45:00.0506 6564 TrkWks - ok
09:45:00.0537 6564 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:45:00.0597 6564 TrustedInstaller - ok
09:45:00.0630 6564 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
09:45:00.0694 6564 tssecsrv - ok
09:45:00.0738 6564 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
09:45:00.0808 6564 TsUsbFlt - ok
09:45:00.0824 6564 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
09:45:00.0916 6564 tunnel - ok
09:45:00.0940 6564 [ 3147063508EAE931BECC01573C204FAC ] TVicPort C:\Windows\system32\drivers\TVicPort.sys
09:45:00.0962 6564 TVicPort - ok
09:45:01.0040 6564 [ B56DA1AA776C15043D10F82B32AA000D ] TVT Backup Service C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
09:45:01.0230 6564 TVT Backup Service ( UnsignedFile.Multi.Generic ) - warning
09:45:01.0230 6564 TVT Backup Service - detected UnsignedFile.Multi.Generic (1)
09:45:01.0248 6564 [ CAC5D5979850C9AD41A88033013BC806 ] TVTI2C C:\Windows\system32\DRIVERS\Tvti2c.sys
09:45:01.0269 6564 TVTI2C - ok
09:45:01.0300 6564 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
09:45:01.0368 6564 uagp35 - ok
09:45:01.0433 6564 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
09:45:01.0489 6564 udfs - ok
09:45:01.0523 6564 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
09:45:01.0573 6564 UI0Detect - ok
09:45:01.0605 6564 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
09:45:01.0638 6564 uliagpkx - ok
09:45:01.0671 6564 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
09:45:01.0718 6564 umbus - ok
09:45:01.0741 6564 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
09:45:01.0816 6564 UmPass - ok
09:45:01.0845 6564 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
09:45:01.0907 6564 UmRdpService - ok
09:45:02.0181 6564 [ D7E5796A9783968F8EA968E83F196645 ] UNS C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
09:45:02.0263 6564 UNS - ok
09:45:02.0316 6564 [ 3D571A3CBF127E9555EAD2F8598F425F ] UnsignedThemes C:\Windows\UnsignedThemesSvc.exe
09:45:02.0330 6564 UnsignedThemes - ok
09:45:02.0348 6564 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
09:45:02.0408 6564 upnphost - ok
09:45:02.0438 6564 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
09:45:02.0507 6564 usbaudio - ok
09:45:02.0515 6564 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
09:45:02.0568 6564 usbccgp - ok
09:45:02.0607 6564 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
09:45:02.0678 6564 usbcir - ok
09:45:02.0684 6564 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
09:45:02.0714 6564 usbehci - ok
09:45:02.0747 6564 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
09:45:02.0809 6564 usbhub - ok
09:45:02.0837 6564 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
09:45:02.0885 6564 usbohci - ok
09:45:02.0916 6564 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
09:45:02.0967 6564 usbprint - ok
09:45:02.0976 6564 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
09:45:03.0041 6564 usbscan - ok
09:45:03.0050 6564 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:45:03.0113 6564 USBSTOR - ok
09:45:03.0120 6564 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
09:45:03.0160 6564 usbuhci - ok
09:45:03.0240 6564 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
09:45:03.0280 6564 usbvideo - ok
09:45:03.0303 6564 [ 628C632710AB55747CB5BCC68716BE21 ] uxpatch C:\Windows\system32\drivers\uxpatch.sys
09:45:03.0336 6564 uxpatch - ok
09:45:03.0345 6564 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
09:45:03.0379 6564 UxSms - ok
09:45:03.0386 6564 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
09:45:03.0508 6564 VaultSvc - ok
09:45:03.0528 6564 [ B2ABAB4CA46BAD182E27763DC19C780F ] VCSVADHWSer C:\Windows\system32\DRIVERS\vcsvad.sys
09:45:03.0639 6564 VCSVADHWSer - ok
09:45:03.0655 6564 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
09:45:03.0687 6564 vdrvroot - ok
09:45:03.0709 6564 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
09:45:03.0768 6564 vds - ok
09:45:03.0811 6564 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
09:45:03.0920 6564 vga - ok
09:45:03.0928 6564 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
09:45:04.0035 6564 VgaSave - ok
09:45:04.0076 6564 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
09:45:04.0111 6564 vhdmp - ok
09:45:04.0147 6564 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
09:45:04.0198 6564 viaagp - ok
09:45:04.0223 6564 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
09:45:04.0319 6564 ViaC7 - ok
09:45:04.0360 6564 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
09:45:04.0406 6564 viaide - ok
09:45:04.0441 6564 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
09:45:04.0477 6564 vmbus - ok
09:45:04.0547 6564 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
09:45:04.0614 6564 VMBusHID - ok
09:45:04.0623 6564 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
09:45:04.0648 6564 volmgr - ok
09:45:04.0678 6564 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
09:45:04.0700 6564 volmgrx - ok
09:45:04.0722 6564 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
09:45:04.0753 6564 volsnap - ok
09:45:04.0792 6564 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
09:45:04.0841 6564 vsmraid - ok
09:45:04.0884 6564 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
09:45:04.0974 6564 VSS - ok
09:45:04.0982 6564 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
09:45:05.0046 6564 vwifibus - ok
09:45:05.0055 6564 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
09:45:05.0095 6564 vwififlt - ok
09:45:05.0123 6564 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
09:45:05.0166 6564 vwifimp - ok
09:45:05.0189 6564 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
09:45:05.0223 6564 W32Time - ok
09:45:05.0244 6564 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
09:45:05.0294 6564 WacomPen - ok
09:45:05.0308 6564 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
09:45:05.0345 6564 WANARP - ok
09:45:05.0353 6564 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
09:45:05.0377 6564 Wanarpv6 - ok
09:45:05.0458 6564 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
09:45:05.0553 6564 WatAdminSvc - ok
09:45:05.0671 6564 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
09:45:05.0765 6564 wbengine - ok
09:45:05.0808 6564 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
09:45:05.0859 6564 WbioSrvc - ok
09:45:05.0888 6564 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
09:45:05.0920 6564 wcncsvc - ok
09:45:05.0938 6564 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:45:06.0020 6564 WcsPlugInService - ok
09:45:06.0044 6564 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
09:45:06.0096 6564 Wd - ok
09:45:06.0122 6564 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
09:45:06.0161 6564 Wdf01000 - ok
09:45:06.0202 6564 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
09:45:06.0292 6564 WdiServiceHost - ok
09:45:06.0301 6564 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
09:45:06.0320 6564 WdiSystemHost - ok
09:45:06.0346 6564 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
09:45:06.0411 6564 WebClient - ok
09:45:06.0451 6564 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
09:45:06.0483 6564 Wecsvc - ok
09:45:06.0500 6564 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
09:45:06.0531 6564 wercplsupport - ok
09:45:06.0554 6564 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
09:45:06.0608 6564 WerSvc - ok
09:45:06.0641 6564 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
09:45:06.0726 6564 WfpLwf - ok
09:45:06.0745 6564 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
09:45:06.0780 6564 WIMMount - ok
09:45:06.0815 6564 [ 253A9C2DF9A2A7B3B23146014959F2CD ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
09:45:06.0872 6564 winachsf - ok
09:45:06.0886 6564 WinHttpAutoProxySvc - ok
09:45:06.0901 6564 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
09:45:06.0937 6564 Winmgmt - ok
09:45:07.0109 6564 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
09:45:07.0180 6564 WinRM - ok
09:45:07.0266 6564 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
09:45:07.0311 6564 WinUsb - ok
09:45:07.0342 6564 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
09:45:07.0385 6564 Wlansvc - ok
09:45:07.0446 6564 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
09:45:07.0472 6564 wlcrasvc - ok
09:45:07.0547 6564 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:45:07.0616 6564 wlidsvc - ok
09:45:07.0632 6564 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
09:45:07.0814 6564 WmiAcpi - ok
09:45:07.0846 6564 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
09:45:07.0987 6564 wmiApSrv - ok
09:45:08.0028 6564 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
09:45:08.0269 6564 WMPNetworkSvc - ok
09:45:08.0285 6564 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
09:45:08.0477 6564 WPCSvc - ok
09:45:08.0487 6564 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
09:45:08.0643 6564 WPDBusEnum - ok
09:45:08.0673 6564 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
09:45:08.0738 6564 ws2ifsl - ok
09:45:08.0742 6564 WSearch - ok
09:45:08.0842 6564 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
09:45:08.0896 6564 wuauserv - ok
09:45:08.0906 6564 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
09:45:09.0006 6564 WudfPf - ok
09:45:09.0068 6564 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
09:45:09.0133 6564 WUDFRd - ok
09:45:09.0143 6564 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
09:45:09.0161 6564 wudfsvc - ok
09:45:09.0196 6564 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
09:45:09.0251 6564 WwanSvc - ok
09:45:09.0277 6564 [ 894F963BE999BA9DB5AAC3AED55B115D ] XAudio C:\Windows\system32\DRIVERS\XAudio32.sys
09:45:09.0309 6564 XAudio - ok
09:45:09.0347 6564 ================ Scan global ===============================
09:45:09.0353 6564 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
09:45:09.0364 6564 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
09:45:09.0380 6564 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
09:45:09.0388 6564 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
09:45:09.0402 6564 [ 21835BD18857B8BADD3858DE3B74F76C ] C:\Windows\system32\services.exe
09:45:09.0412 6564 [Global] - ok
09:45:09.0417 6564 ================ Scan MBR ==================================
09:45:09.0429 6564 [ 3EBD5AB895DD82C362AC8BCC13C28297 ] \Device\Harddisk0\DR0
09:45:09.0621 6564 \Device\Harddisk0\DR0 - ok
09:45:09.0624 6564 ================ Scan VBR ==================================
09:45:09.0626 6564 [ 8B353D0507381C4A295ED267D523C159 ] \Device\Harddisk0\DR0\Partition1
09:45:09.0627 6564 \Device\Harddisk0\DR0\Partition1 - ok
09:45:09.0632 6564 [ 4829F37AA4B6BA5C5214E79CA29937BC ] \Device\Harddisk0\DR0\Partition2
09:45:09.0633 6564 \Device\Harddisk0\DR0\Partition2 - ok
09:45:09.0638 6564 [ 82E178B2EB2EF2A6E35B5CD84B0C9103 ] \Device\Harddisk0\DR0\Partition3
09:45:09.0640 6564 \Device\Harddisk0\DR0\Partition3 - ok
09:45:09.0643 6564 ================ Scan active images ========================
09:45:09.0645 6564 [ B7EFEF22FF426EC4158A177CB3B558D3 ] C:\Windows\System32\drivers\crashdmp.sys
09:45:09.0645 6564 C:\Windows\System32\drivers\crashdmp.sys - ok
09:45:09.0649 6564 [ 01446278D4563B3013C92830AE6CBB26 ] C:\Windows\System32\drivers\iaStor.sys
09:45:09.0649 6564 C:\Windows\System32\drivers\iaStor.sys - ok
09:45:09.0654 6564 [ 62A63EF2F3053B461CB327E4D69AAA74 ] C:\Windows\System32\drivers\dumpfve.sys
09:45:09.0654 6564 C:\Windows\System32\drivers\dumpfve.sys - ok
09:45:09.0658 6564 [ 505506526A9D467307B3C393DEDAF858 ] C:\Windows\System32\drivers\beep.sys
09:45:09.0658 6564 C:\Windows\System32\drivers\beep.sys - ok
09:45:09.0663 6564 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] C:\Windows\System32\drivers\cdrom.sys
09:45:09.0663 6564 C:\Windows\System32\drivers\cdrom.sys - ok
09:45:09.0669 6564 [ DE6C14FB8438EF932D9F58F269A19B85 ] C:\Windows\System32\drivers\klif.sys
09:45:09.0669 6564 C:\Windows\System32\drivers\klif.sys - ok
09:45:09.0674 6564 [ F9756A98D69098DCA8945D62858A812C ] C:\Windows\System32\drivers\null.sys
09:45:09.0674 6564 C:\Windows\System32\drivers\null.sys - ok
09:45:09.0678 6564 [ 23DAE03F29D253AE74C44F99E515F9A1 ] C:\Windows\System32\drivers\RDPCDD.sys
09:45:09.0678 6564 C:\Windows\System32\drivers\RDPCDD.sys - ok
09:45:09.0682 6564 [ 8E38096AD5C8570A6F1570A61E251561 ] C:\Windows\System32\drivers\vga.sys
09:45:09.0682 6564 C:\Windows\System32\drivers\vga.sys - ok
09:45:09.0687 6564 [ 15C126D1B55814B9E5CAB10A9C1F4C67 ] C:\Windows\System32\drivers\videoprt.sys
09:45:09.0687 6564 C:\Windows\System32\drivers\videoprt.sys - ok
09:45:09.0691 6564 [ CB45A417C8EF7BA6BAC67EDCDDED8700 ] C:\Windows\System32\drivers\watchdog.sys
09:45:09.0691 6564 C:\Windows\System32\drivers\watchdog.sys - ok
09:45:09.0696 6564 [ 5A53CA1598DD4156D44196D200C94B8A ] C:\Windows\System32\drivers\RDPENCDD.sys
09:45:09.0696 6564 C:\Windows\System32\drivers\RDPENCDD.sys - ok
09:45:09.0700 6564 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] C:\Windows\System32\drivers\RDPREFMP.sys
09:45:09.0700 6564 C:\Windows\System32\drivers\RDPREFMP.sys - ok
09:45:09.0705 6564 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] C:\Windows\System32\drivers\msfs.sys
09:45:09.0705 6564 C:\Windows\System32\drivers\msfs.sys - ok
09:45:09.0709 6564 [ 1DB262A9F8C087E8153D89BEF3D2235F ] C:\Windows\System32\drivers\npfs.sys
09:45:09.0709 6564 C:\Windows\System32\drivers\npfs.sys - ok
09:45:09.0713 6564 [ 2F885864D5BC8A16C86BEE595969A48A ] C:\Windows\System32\drivers\tdi.sys
09:45:09.0713 6564 C:\Windows\System32\drivers\tdi.sys - ok
09:45:09.0717 6564 [ B459575348C20E8121D6039DA063C704 ] C:\Windows\System32\drivers\tdx.sys
09:45:09.0717 6564 C:\Windows\System32\drivers\tdx.sys - ok
09:45:09.0722 6564 [ CE3958F58547454884E97BDA78CD7040 ] C:\Windows\System32\drivers\kl1.sys
09:45:09.0722 6564 C:\Windows\System32\drivers\kl1.sys - ok
09:45:09.0727 6564 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] C:\Windows\System32\drivers\afd.sys
09:45:09.0727 6564 C:\Windows\System32\drivers\afd.sys - ok
09:45:09.0731 6564 [ 280122DDCF04B378EDD1AD54D71C1E54 ] C:\Windows\System32\drivers\netbt.sys
09:45:09.0731 6564 C:\Windows\System32\drivers\netbt.sys - ok
09:45:09.0736 6564 [ 892CC162DC88AB084C86485879526C59 ] C:\Windows\System32\drivers\klim6.sys
09:45:09.0736 6564 C:\Windows\System32\drivers\klim6.sys - ok
09:45:09.0740 6564 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] C:\Windows\System32\drivers\netbios.sys
09:45:09.0740 6564 C:\Windows\System32\drivers\netbios.sys - ok
09:45:09.0744 6564 [ 6270CCAE2A86DE6D146529FE55B3246A ] C:\Windows\System32\drivers\pacer.sys
09:45:09.0744 6564 C:\Windows\System32\drivers\pacer.sys - ok
09:45:09.0749 6564 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] C:\Windows\System32\drivers\serial.sys
09:45:09.0749 6564 C:\Windows\System32\drivers\serial.sys - ok
09:45:09.0754 6564 [ 7090D3436EEB4E7DA3373090A23448F7 ] C:\Windows\System32\drivers\vwififlt.sys
09:45:09.0754 6564 C:\Windows\System32\drivers\vwififlt.sys - ok
09:45:09.0758 6564 [ 8B9A943F3B53861F2BFAF6C186168F79 ] C:\Windows\System32\drivers\wfplwf.sys
09:45:09.0758 6564 C:\Windows\System32\drivers\wfplwf.sys - ok
09:45:09.0762 6564 [ FC6B9FF600CC585EA38B12589BD4E246 ] C:\Windows\System32\drivers\mssmbios.sys
09:45:09.0762 6564 C:\Windows\System32\drivers\mssmbios.sys - ok
09:45:09.0767 6564 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] C:\Windows\System32\drivers\nsiproxy.sys
09:45:09.0767 6564 C:\Windows\System32\drivers\nsiproxy.sys - ok
09:45:09.0772 6564 [ D528BC58A489409BA40334EBF96A311B ] C:\Windows\System32\drivers\rdbss.sys
09:45:09.0772 6564 C:\Windows\System32\drivers\rdbss.sys - ok
09:45:09.0776 6564 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] C:\Windows\System32\drivers\termdd.sys
09:45:09.0776 6564 C:\Windows\System32\drivers\termdd.sys - ok
09:45:09.0780 6564 [ 6412DA2B8D079D821B99B3A99943284E ] C:\Windows\System32\drivers\TPPWR32V.SYS
09:45:09.0780 6564 C:\Windows\System32\drivers\TPPWR32V.SYS - ok
09:45:09.0785 6564 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] C:\Windows\System32\drivers\wanarp.sys
09:45:09.0785 6564 C:\Windows\System32\drivers\wanarp.sys - ok
09:45:09.0789 6564 [ 2287078ED48FCFC477B05B20CF38F36F ] C:\Windows\System32\drivers\blbdrive.sys
09:45:09.0789 6564 C:\Windows\System32\drivers\blbdrive.sys - ok
09:45:09.0794 6564 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] C:\Windows\System32\drivers\csc.sys
09:45:09.0794 6564 C:\Windows\System32\drivers\csc.sys - ok
09:45:09.0798 6564 [ F024449C97EC1E464AAFFDA18593DB88 ] C:\Windows\System32\drivers\dfsc.sys
09:45:09.0798 6564 C:\Windows\System32\drivers\dfsc.sys - ok
09:45:09.0803 6564 [ 1A050B0274BFB3890703D490F330C0DA ] C:\Windows\System32\drivers\discache.sys
09:45:09.0803 6564 C:\Windows\System32\drivers\discache.sys - ok
09:45:09.0807 6564 [ 3C3F7F424E324C6971632C5DE5FF458F ] C:\Windows\System32\drivers\smiif32.sys
09:45:09.0807 6564 C:\Windows\System32\drivers\smiif32.sys - ok
09:45:09.0811 6564 [ B2FA25D9B17A68BB93D58B0556E8C90D ] C:\Windows\System32\drivers\tunnel.sys
09:45:09.0811 6564 C:\Windows\System32\drivers\tunnel.sys - ok
09:45:09.0816 6564 [ 8E1023B042F6502CC83308FB1EBF5AA2 ] C:\Windows\System32\drivers\atikmpag.sys
09:45:09.0816 6564 C:\Windows\System32\drivers\atikmpag.sys - ok
09:45:09.0820 6564 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] C:\Windows\System32\drivers\intelppm.sys
09:45:09.0820 6564 C:\Windows\System32\drivers\intelppm.sys - ok
09:45:09.0825 6564 [ C30A91ADE8C9CB91E4281EC83C4500C6 ] C:\Windows\System32\ntdll.dll
09:45:09.0825 6564 C:\Windows\System32\ntdll.dll - ok
09:45:09.0829 6564 [ 16742790895960690237A5143CEDEC8B ] C:\Windows\System32\smss.exe
09:45:09.0829 6564 C:\Windows\System32\smss.exe - ok
09:45:09.0833 6564 [ 3A894B97304C06FF46B5E7B6D1936BC3 ] C:\Windows\System32\drivers\atipmdag.sys
09:45:09.0833 6564 C:\Windows\System32\drivers\atipmdag.sys - ok
09:45:09.0838 6564 [ 36CC40B02AE593D6152AC8BD657720AF ] C:\Windows\System32\drivers\igdpmd32.sys
09:45:09.0838 6564 C:\Windows\System32\drivers\igdpmd32.sys - ok
09:45:09.0842 6564 [ 23F5D28378A160352BA8F817BD8C71CB ] C:\Windows\System32\drivers\dxgkrnl.sys
09:45:09.0842 6564 C:\Windows\System32\drivers\dxgkrnl.sys - ok
09:45:09.0846 6564 [ D458D1C7F1D49869000668E3C3BB0D4D ] C:\Windows\System32\drivers\dxgmms1.sys
09:45:09.0846 6564 C:\Windows\System32\drivers\dxgmms1.sys - ok
09:45:09.0850 6564 [ 30D57EE84E1E169D41A6E873B549A096 ] C:\Windows\System32\drivers\HECI.sys
09:45:09.0850 6564 C:\Windows\System32\drivers\HECI.sys - ok
09:45:09.0855 6564 [ F8261752AB473E3B24376AAB280AD15A ] C:\Windows\System32\drivers\e1y6232.sys
09:45:09.0855 6564 C:\Windows\System32\drivers\e1y6232.sys - ok
09:45:09.0860 6564 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] C:\Windows\System32\drivers\serenum.sys
09:45:09.0860 6564 C:\Windows\System32\drivers\serenum.sys - ok
09:45:09.0864 6564 [ 3AA940AA9AC3055FE32FF2D3D20CCD28 ] C:\Windows\System32\drivers\usbport.sys
09:45:09.0864 6564 C:\Windows\System32\drivers\usbport.sys - ok
09:45:09.0868 6564 [ 9036377B8A6C15DC2EEC53E489D159B5 ] C:\Windows\System32\drivers\hdaudbus.sys
09:45:09.0868 6564 C:\Windows\System32\drivers\hdaudbus.sys - ok
09:45:09.0873 6564 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] C:\Windows\System32\drivers\usbehci.sys
09:45:09.0873 6564 C:\Windows\System32\drivers\usbehci.sys - ok
09:45:09.0877 6564 [ 68DF884CF41CDADA664BEB01DAF67E3D ] C:\Windows\System32\drivers\usbuhci.sys
09:45:09.0877 6564 C:\Windows\System32\drivers\usbuhci.sys - ok
09:45:09.0882 6564 [ 83553135AD346D247C482F1B8ACA921F ] C:\Windows\System32\drivers\NETwNs32.sys
09:45:09.0882 6564 C:\Windows\System32\drivers\NETwNs32.sys - ok
09:45:09.0887 6564 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] C:\Windows\System32\drivers\vwifibus.sys
09:45:09.0887 6564 C:\Windows\System32\drivers\vwifibus.sys - ok
09:45:09.0891 6564 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] C:\Windows\System32\drivers\1394ohci.sys
09:45:09.0891 6564 C:\Windows\System32\drivers\1394ohci.sys - ok
09:45:09.0895 6564 [ D65AC8797F0286ED269500747D6290A4 ] C:\Windows\System32\drivers\rimmptsk.sys
09:45:09.0895 6564 C:\Windows\System32\drivers\rimmptsk.sys - ok
09:45:09.0900 6564 [ 49EC82B44EB93374ED9988DA7E0E0151 ] C:\Windows\System32\drivers\rimsptsk.sys
09:45:09.0900 6564 C:\Windows\System32\drivers\rimsptsk.sys - ok
09:45:09.0904 6564 [ 3F400C3CCD0818858602DDB37B5DE719 ] C:\Windows\System32\drivers\rixdptsk.sys
09:45:09.0904 6564 C:\Windows\System32\drivers\rixdptsk.sys - ok
09:45:09.0907 6564 [ 0328BE1C7F1CBA23848179F8762E391C ] C:\Windows\System32\drivers\sdbus.sys
09:45:09.0907 6564 C:\Windows\System32\drivers\sdbus.sys - ok
09:45:09.0911 6564 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] C:\Windows\System32\drivers\i8042prt.sys
09:45:09.0911 6564 C:\Windows\System32\drivers\i8042prt.sys - ok
09:45:09.0917 6564 [ ADEF52CA1AEAE82B50DF86B56413107E ] C:\Windows\System32\drivers\kbdclass.sys
09:45:09.0917 6564 C:\Windows\System32\drivers\kbdclass.sys - ok
09:45:09.0921 6564 [ D7DC30B8B41E7A913C3FCCC0631E72EC ] C:\Windows\System32\drivers\SynTP.sys
09:45:09.0921 6564 C:\Windows\System32\drivers\SynTP.sys - ok
09:45:09.0925 6564 [ 5787196F32D043572EC6565C0EF1B8E0 ] C:\Windows\System32\drivers\usbd.sys
09:45:09.0925 6564 C:\Windows\System32\drivers\usbd.sys - ok
09:45:09.0929 6564 [ AA63A815876A76987B5DBCE6AF7478E9 ] C:\Windows\System32\drivers\klmouflt.sys
09:45:09.0929 6564 C:\Windows\System32\drivers\klmouflt.sys - ok
09:45:09.0933 6564 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] C:\Windows\System32\drivers\mouclass.sys
09:45:09.0933 6564 C:\Windows\System32\drivers\mouclass.sys - ok
09:45:09.0937 6564 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] C:\Windows\System32\drivers\parport.sys
09:45:09.0937 6564 C:\Windows\System32\drivers\parport.sys - ok
09:45:09.0940 6564 [ 5AD05191DC8B444A7BA4D79B76C42A30 ] C:\Windows\System32\drivers\tpm.sys
09:45:09.0940 6564 C:\Windows\System32\drivers\tpm.sys - ok
09:45:09.0944 6564 [ DEA805815E587DAD1DD2C502220B5616 ] C:\Windows\System32\drivers\CmBatt.sys
09:45:09.0944 6564 C:\Windows\System32\drivers\CmBatt.sys - ok
09:45:09.0947 6564 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] C:\Windows\System32\drivers\GEARAspiWDM.sys
09:45:09.0948 6564 C:\Windows\System32\drivers\GEARAspiWDM.sys - ok
09:45:09.0951 6564 [ 4DCFC1792BE8FC092AB41EAFA9D0FDE5 ] C:\Windows\System32\drivers\ibmpmdrv.sys
09:45:09.0951 6564 C:\Windows\System32\drivers\ibmpmdrv.sys - ok
09:45:09.0958 6564 [ 0217679B8FCA58714C3BF2726D2CA84E ] C:\Windows\System32\drivers\wmiacpi.sys
09:45:09.0958 6564 C:\Windows\System32\drivers\wmiacpi.sys - ok
09:45:09.0962 6564 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] C:\Windows\System32\drivers\CompositeBus.sys
09:45:09.0962 6564 C:\Windows\System32\drivers\CompositeBus.sys - ok
09:45:09.0966 6564 [ 27F9288AF019E6DACA281EDE51FF5928 ] C:\Windows\System32\drivers\drmk.sys
09:45:09.0966 6564 C:\Windows\System32\drivers\drmk.sys - ok
09:45:09.0969 6564 [ 5DCEF0C32BE0F33277326586FA503689 ] C:\Windows\System32\drivers\ks.sys
09:45:09.0969 6564 C:\Windows\System32\drivers\ks.sys - ok
09:45:09.0972 6564 [ D72708C9F49500C13D7D067E169B7715 ] C:\Windows\System32\drivers\portcls.sys
09:45:09.0973 6564 C:\Windows\System32\drivers\portcls.sys - ok
09:45:09.0978 6564 [ BA03A176197D06ECAF0DA86942375156 ] C:\Windows\System32\drivers\povrtdev.sys
09:45:09.0978 6564 C:\Windows\System32\drivers\povrtdev.sys - ok
09:45:09.0983 6564 [ B2ABAB4CA46BAD182E27763DC19C780F ] C:\Windows\System32\drivers\vcsvad.sys
09:45:09.0983 6564 C:\Windows\System32\drivers\vcsvad.sys - ok
09:45:09.0988 6564 [ 57EC4AEF73660166074D8F7F31C0D4FD ] C:\Windows\System32\drivers\agilevpn.sys
09:45:09.0988 6564 C:\Windows\System32\drivers\agilevpn.sys - ok
09:45:09.0993 6564 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] C:\Windows\System32\drivers\ndistapi.sys
09:45:09.0993 6564 C:\Windows\System32\drivers\ndistapi.sys - ok
09:45:09.0997 6564 [ 38FBE267E7E6983311179230FACB1017 ] C:\Windows\System32\drivers\ndiswan.sys
09:45:09.0997 6564 C:\Windows\System32\drivers\ndiswan.sys - ok
09:45:10.0001 6564 [ D9F91EAFEC2815365CBE6D167E4E332A ] C:\Windows\System32\drivers\rasl2tp.sys
09:45:10.0001 6564 C:\Windows\System32\drivers\rasl2tp.sys - ok
09:45:10.0006 6564 [ 833051C6C6C42117191935F734CFBD97 ] C:\Windows\System32\drivers\hamachi.sys
09:45:10.0006 6564 C:\Windows\System32\drivers\hamachi.sys - ok
09:45:10.0009 6564 [ 0FE8B15916307A6AC12BFB6A63E45507 ] C:\Windows\System32\drivers\raspppoe.sys
09:45:10.0009 6564 C:\Windows\System32\drivers\raspppoe.sys - ok
09:45:10.0012 6564 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] C:\Windows\System32\drivers\raspptp.sys
09:45:10.0012 6564 C:\Windows\System32\drivers\raspptp.sys - ok
09:45:10.0016 6564 [ 44101F495A83EA6401D886E7FD70096B ] C:\Windows\System32\drivers\rassstp.sys
09:45:10.0016 6564 C:\Windows\System32\drivers\rassstp.sys - ok
09:45:10.0020 6564 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] C:\Windows\System32\drivers\rdpbus.sys
09:45:10.0020 6564 C:\Windows\System32\drivers\rdpbus.sys - ok
09:45:10.0026 6564 [ 72DE205CD4006DC45B1401859C506679 ] C:\Windows\System32\drivers\psadd.sys
09:45:10.0026 6564 C:\Windows\System32\drivers\psadd.sys - ok
09:45:10.0028 6564 [ E58C78A848ADD9610A4DB6D214AF5224 ] C:\Windows\System32\drivers\swenum.sys
09:45:10.0028 6564 C:\Windows\System32\drivers\swenum.sys - ok
09:45:10.0032 6564 [ CAC5D5979850C9AD41A88033013BC806 ] C:\Windows\System32\drivers\tvti2c.sys
09:45:10.0032 6564 C:\Windows\System32\drivers\tvti2c.sys - ok
09:45:10.0039 6564 [ D295BED4B898F0FD999FCFA9B32B071B ] C:\Windows\System32\drivers\umbus.sys
09:45:10.0039 6564 C:\Windows\System32\drivers\umbus.sys - ok
09:45:10.0042 6564 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] C:\Windows\System32\drivers\usbhub.sys
09:45:10.0042 6564 C:\Windows\System32\drivers\usbhub.sys - ok
09:45:10.0047 6564 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] C:\Windows\System32\drivers\ndproxy.sys
09:45:10.0047 6564 C:\Windows\System32\drivers\ndproxy.sys - ok
09:45:10.0051 6564 [ 225E3E97021D72067AB359A295BF8C6F ] C:\Windows\System32\drivers\CHDRT32.sys
09:45:10.0051 6564 C:\Windows\System32\drivers\CHDRT32.sys - ok
09:45:10.0053 6564 [ 50B42EF358A2E5363BE6B77138A22391 ] C:\Windows\System32\drivers\HSXHWAZL.sys
09:45:10.0053 6564 C:\Windows\System32\drivers\HSXHWAZL.sys - ok
09:45:10.0057 6564 [ C761B4A8391F5E47F7C51A691CE773F4 ] C:\Windows\System32\drivers\HSX_DPV.sys
09:45:10.0057 6564 C:\Windows\System32\drivers\HSX_DPV.sys - ok
09:45:10.0062 6564 [ 253A9C2DF9A2A7B3B23146014959F2CD ] C:\Windows\System32\drivers\HSX_CNXT.sys
09:45:10.0063 6564 C:\Windows\System32\drivers\HSX_CNXT.sys - ok
09:45:10.0067 6564 [ F001861E5700EE84E2D4E52C712F4964 ] C:\Windows\System32\drivers\modem.sys
09:45:10.0067 6564 C:\Windows\System32\drivers\modem.sys - ok
09:45:10.0070 6564 [ F88A52EB62019D6A62FDD9E08034DBD8 ] C:\Windows\System32\autochk.exe
09:45:10.0070 6564 C:\Windows\System32\autochk.exe - ok
09:45:10.0074 6564 [ F77A156735688536145F200F803E752A ] C:\Windows\System32\drivers\ATSwpWDF.sys
09:45:10.0074 6564 C:\Windows\System32\drivers\ATSwpWDF.sys - ok
09:45:10.0080 6564 [ C324F24924675A18B4876A7346FEE23A ] C:\Windows\System32\lsdelete.exe
09:45:10.0080 6564 C:\Windows\System32\lsdelete.exe - ok
09:45:10.0084 6564 [ BD9C55D7023C5DE374507ACC7A14E2AC ] C:\Windows\System32\drivers\usbccgp.sys
09:45:10.0084 6564 C:\Windows\System32\drivers\usbccgp.sys - ok
09:45:10.0089 6564 [ 45B44FC9E5AC0DB02B19D515EE809DE5 ] C:\Windows\System32\drivers\stream.sys
09:45:10.0089 6564 C:\Windows\System32\drivers\stream.sys - ok
09:45:10.0093 6564 [ AB3006F949FD4DED75F8665D9EB24181 ] C:\Windows\System32\drivers\5U875.sys
09:45:10.0093 6564 C:\Windows\System32\drivers\5U875.sys - ok
09:45:10.0097 6564 [ 1153DE2E4F5941E10C399CB5592F78A1 ] C:\Windows\System32\drivers\bthport.sys
09:45:10.0097 6564 C:\Windows\System32\drivers\bthport.sys - ok
09:45:10.0102 6564 [ F549C3FB145A4928E40BB1518B2034DC ] C:\Windows\System32\drivers\btusbflt.sys
09:45:10.0102 6564 C:\Windows\System32\drivers\btusbflt.sys - ok
09:45:10.0106 6564 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] C:\Windows\System32\drivers\BTHUSB.SYS
09:45:10.0106 6564 C:\Windows\System32\drivers\BTHUSB.SYS - ok
09:45:10.0111 6564 [ 557A086A4659799D63A9CE474ADFEBE8 ] C:\Windows\System32\urlmon.dll
09:45:10.0111 6564 C:\Windows\System32\urlmon.dll - ok
09:45:10.0114 6564 [ C5D48985BADF6CFEDCBCCDD5D92F526D ] C:\Windows\System32\iertutil.dll
09:45:10.0114 6564 C:\Windows\System32\iertutil.dll - ok
09:45:10.0119 6564 [ 4F154D2C9C6DF951FD6E5AABBAE6B5EE ] C:\Windows\System32\lpk.dll
09:45:10.0119 6564 C:\Windows\System32\lpk.dll - ok
09:45:10.0124 6564 [ F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 ] C:\Windows\System32\user32.dll
09:45:10.0124 6564 C:\Windows\System32\user32.dll - ok
09:45:10.0128 6564 [ 42C671E0525618E23371D0E68282F37C ] C:\Windows\System32\wininet.dll
09:45:10.0128 6564 C:\Windows\System32\wininet.dll - ok
09:45:10.0132 6564 [ 6400774E903729ADD0A62A24A334EE56 ] C:\Windows\System32\rpcrt4.dll
09:45:10.0132 6564 C:\Windows\System32\rpcrt4.dll - ok
09:45:10.0137 6564 [ A8BB45F9ECAD993461E0FEF8E2A99152 ] C:\Windows\System32\Wldap32.dll
09:45:10.0137 6564 C:\Windows\System32\Wldap32.dll - ok
09:45:10.0141 6564 [ 29E9794708DF51DB5DC89FB2E903A0F6 ] C:\Windows\System32\shell32.dll
09:45:10.0141 6564 C:\Windows\System32\shell32.dll - ok
09:45:10.0146 6564 [ B2DB6ABA2E292235749B80A9C3DFA867 ] C:\Windows\System32\imagehlp.dll
09:45:10.0146 6564 C:\Windows\System32\imagehlp.dll - ok
09:45:10.0150 6564 [ 4A8E2F20809CC161107FAA94F6CF2685 ] C:\Windows\System32\imm32.dll
09:45:10.0150 6564 C:\Windows\System32\imm32.dll - ok
09:45:10.0154 6564 [ D1DE1EAFDE97BE41CF6585027FF3E732 ] C:\Windows\System32\comdlg32.dll
09:45:10.0154 6564 C:\Windows\System32\comdlg32.dll - ok
09:45:10.0159 6564 [ 6C765E82B57F2E66CE9C54AC238471D9 ] C:\Windows\System32\oleaut32.dll
09:45:10.0159 6564 C:\Windows\System32\oleaut32.dll - ok
09:45:10.0163 6564 [ FF5688D309347F2720911D8796912834 ] C:\Windows\System32\clbcatq.dll
09:45:10.0163 6564 C:\Windows\System32\clbcatq.dll - ok
09:45:10.0169 6564 [ 9C278785347BCC991F8EA2999D90F58D ] C:\Windows\System32\normaliz.dll
09:45:10.0169 6564 C:\Windows\System32\normaliz.dll - ok
09:45:10.0172 6564 [ A543AC1F7138376D778D630A35FCBC4C ] C:\Windows\System32\psapi.dll
09:45:10.0172 6564 C:\Windows\System32\psapi.dll - ok
09:45:10.0178 6564 [ C9618BC9B2B0FD7C1138D8774795A79B ] C:\Windows\System32\msctf.dll
09:45:10.0178 6564 C:\Windows\System32\msctf.dll - ok
09:45:10.0182 6564 [ E87F5393F7D8CE2FACC4DFF703531392 ] C:\Windows\System32\gdi32.dll
09:45:10.0182 6564 C:\Windows\System32\gdi32.dll - ok
09:45:10.0185 6564 [ 3ED262888758E350C29E02207AF9AC59 ] C:\Windows\System32\kernel32.dll
09:45:10.0185 6564 C:\Windows\System32\kernel32.dll - ok
09:45:10.0192 6564 [ 928CF7268086631F54C3D8E17238C6DD ] C:\Windows\System32\ole32.dll
09:45:10.0192 6564 C:\Windows\System32\ole32.dll - ok
09:45:10.0196 6564 [ CFC97F07904067A1E5FAE195D534DA3A ] C:\Windows\System32\sechost.dll
09:45:10.0196 6564 C:\Windows\System32\sechost.dll - ok
09:45:10.0199 6564 [ 8CC3C111D653E96F3EA1590891491D71 ] C:\Windows\System32\shlwapi.dll
09:45:10.0199 6564 C:\Windows\System32\shlwapi.dll - ok
09:45:10.0204 6564 [ 576096CCBC07E7C4EA4F5E6686D6888F ] C:\Windows\System32\drivers\usbscan.sys
09:45:10.0204 6564 C:\Windows\System32\drivers\usbscan.sys - ok
09:45:10.0209 6564 [ F991AB9CC6B908DB552166768176896A ] C:\Windows\System32\drivers\USBSTOR.SYS
09:45:10.0209 6564 C:\Windows\System32\drivers\USBSTOR.SYS - ok
09:45:10.0213 6564 [ 070C5B9D3006602A07757179D9B56F5D ] C:\Windows\System32\difxapi.dll
09:45:10.0213 6564 C:\Windows\System32\difxapi.dll - ok
09:45:10.0218 6564 [ 931A1DF1520ABC6E84BA4A75E6957025 ] C:\Windows\System32\drivers\hidclass.sys
09:45:10.0218 6564 C:\Windows\System32\drivers\hidclass.sys - ok
09:45:10.0223 6564 [ 6C26122F1931D4D7810240F32DDCE890 ] C:\Windows\System32\drivers\hidparse.sys
09:45:10.0223 6564 C:\Windows\System32\drivers\hidparse.sys - ok
09:45:10.0225 6564 [ 10C19F8290891AF023EAEC0832E1EB4D ] C:\Windows\System32\drivers\hidusb.sys
09:45:10.0225 6564 C:\Windows\System32\drivers\hidusb.sys - ok
09:45:10.0230 6564 [ 6377051C63D5552A311935C67E9FDFDC ] C:\Windows\System32\nsi.dll
09:45:10.0230 6564 C:\Windows\System32\nsi.dll - ok
09:45:10.0233 6564 [ 9DC80A8AAAAAC397BDAB3C67165A824E ] C:\Windows\System32\msvcrt.dll
09:45:10.0233 6564 C:\Windows\System32\msvcrt.dll - ok
09:45:10.0236 6564 [ 7FF15A4F092CD4A96055BA69F903E3E9 ] C:\Windows\System32\ws2_32.dll
09:45:10.0236 6564 C:\Windows\System32\ws2_32.dll - ok
09:45:10.0240 6564 [ 10FB16B50AFFDA6D44588F3C445DC273 ] C:\Windows\System32\setupapi.dll
09:45:10.0240 6564 C:\Windows\System32\setupapi.dll - ok
09:45:10.0243 6564 [ 95E2376B3323F062EB562B8586D0F14A ] C:\Windows\System32\advapi32.dll
09:45:10.0243 6564 C:\Windows\System32\advapi32.dll - ok
09:45:10.0247 6564 [ BDAC1AA64495D0F7E1FF810EBBF1F018 ] C:\Windows\System32\comctl32.dll
09:45:10.0247 6564 C:\Windows\System32\comctl32.dll - ok
09:45:10.0251 6564 [ 804AAAFEBB3AD5F49334DD906BCB1DE5 ] C:\Windows\System32\usp10.dll
09:45:10.0251 6564 C:\Windows\System32\usp10.dll - ok
09:45:10.0255 6564 [ 60D21799A4AF4EDCE65FB98830E4B0C8 ] C:\Windows\System32\crypt32.dll
09:45:10.0255 6564 C:\Windows\System32\crypt32.dll - ok
09:45:10.0259 6564 [ CC4ED8BEA78B0DCA6F217E014C3291A7 ] C:\Windows\System32\devobj.dll
09:45:10.0259 6564 C:\Windows\System32\devobj.dll - ok
09:45:10.0262 6564 [ E40ADC3B848650F1D5A932FD7DE0D018 ] C:\Windows\System32\KernelBase.dll
09:45:10.0262 6564 C:\Windows\System32\KernelBase.dll - ok
09:45:10.0266 6564 [ 3FFAEA12666E565FF51BF2FCA674F543 ] C:\Windows\System32\cfgmgr32.dll
09:45:10.0266 6564 C:\Windows\System32\cfgmgr32.dll - ok
09:45:10.0269 6564 [ 938F39B50BAFE13D6F58C7790682C010 ] C:\Windows\System32\msasn1.dll
09:45:10.0269 6564 C:\Windows\System32\msasn1.dll - ok
09:45:10.0273 6564 [ 17448AF0BBA9E7AB5EC955AF93F271BD ] C:\Windows\System32\wintrust.dll
09:45:10.0273 6564 C:\Windows\System32\wintrust.dll - ok
09:45:10.0277 6564 [ 5FCD3320AAE71506B43F9E12E4E72172 ] C:\Windows\System32\drivers\dxapi.sys
09:45:10.0277 6564 C:\Windows\System32\drivers\dxapi.sys - ok
09:45:10.0283 6564 [ 46538741E0230731D3635D12DF85A7B5 ] C:\Windows\System32\win32k.sys
09:45:10.0283 6564 C:\Windows\System32\win32k.sys - ok
09:45:10.0286 6564 [ 6C062EA09313872D2235027EF7A4554E ] C:\Windows\System32\csrsrv.dll
09:45:10.0286 6564 C:\Windows\System32\csrsrv.dll - ok
09:45:10.0289 6564 [ 342271F6142E7C70805B8A81E1BA5F5C ] C:\Windows\System32\csrss.exe
09:45:10.0289 6564 C:\Windows\System32\csrss.exe - ok
09:45:10.0292 6564 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\System32\basesrv.dll
09:45:10.0292 6564 C:\Windows\System32\basesrv.dll - ok
09:45:10.0296 6564 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\System32\winsrv.dll
09:45:10.0296 6564 C:\Windows\System32\winsrv.dll - ok
09:45:10.0300 6564 [ 79D10964DE86B292320E9DFE02282A23 ] C:\Windows\System32\drivers\monitor.sys
09:45:10.0300 6564 C:\Windows\System32\drivers\monitor.sys - ok
09:45:10.0303 6564 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] C:\Windows\System32\drivers\mouhid.sys
09:45:10.0303 6564 C:\Windows\System32\drivers\mouhid.sys - ok
09:45:10.0307 6564 [ CD9D72285B93234A332B62B90247CEF5 ] C:\Windows\System32\drivers\PAC7302.SYS
09:45:10.0307 6564 C:\Windows\System32\drivers\PAC7302.SYS - ok
09:45:10.0311 6564 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] C:\Windows\System32\drivers\USBAUDIO.sys
09:45:10.0311 6564 C:\Windows\System32\drivers\USBAUDIO.sys - ok
09:45:10.0314 6564 [ 9E3CED91863E6EE98C24794D05E27A71 ] C:\Windows\System32\drivers\kbdhid.sys
09:45:10.0314 6564 C:\Windows\System32\drivers\kbdhid.sys - ok
09:45:10.0318 6564 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\System32\sxssrv.dll
09:45:10.0318 6564 C:\Windows\System32\sxssrv.dll - ok
09:45:10.0321 6564 [ 7C76B61A5E1EF5D1FA554CF134100F18 ] C:\Windows\System32\tsddd.dll
09:45:10.0321 6564 C:\Windows\System32\tsddd.dll - ok
09:45:10.0325 6564 [ 357B990A4249D7F7485B230C0CC8825A ] C:\Windows\System32\KBDUS.DLL
09:45:10.0325 6564 C:\Windows\System32\KBDUS.DLL - ok
09:45:10.0328 6564 [ C733D233B623B7FFCE5031E4B756EE26 ] C:\Windows\System32\profapi.dll
09:45:10.0328 6564 C:\Windows\System32\profapi.dll - ok
09:45:10.0331 6564 [ 5997D769CDB108390DCFAEBF442BF816 ] C:\Windows\System32\RpcRtRemote.dll
09:45:10.0331 6564 C:\Windows\System32\RpcRtRemote.dll - ok
09:45:10.0335 6564 [ B5C5DCAD3899512020D135600129D665 ] C:\Windows\System32\wininit.exe
09:45:10.0335 6564 C:\Windows\System32\wininit.exe - ok
09:45:10.0340 6564 [ CAEF9CD6C10B1017E2C298D849CD31DB ] C:\Windows\System32\cdd.dll
09:45:10.0340 6564 C:\Windows\System32\cdd.dll - ok
09:45:10.0343 6564 [ 919001D2BB17DF06CA3F8AC16AD039F6 ] C:\Windows\System32\sxs.dll
09:45:10.0343 6564 C:\Windows\System32\sxs.dll - ok
09:45:10.0347 6564 [ 633C2C060CF857099F6C4F8D75C952B1 ] C:\Windows\System32\WlS0WndH.dll
09:45:10.0347 6564 C:\Windows\System32\WlS0WndH.dll - ok
09:45:10.0351 6564 [ F08F6FCD09F9BE94C37ACC1B344685FF ] C:\Windows\System32\cryptbase.dll
09:45:10.0351 6564 C:\Windows\System32\cryptbase.dll - ok
09:45:10.0356 6564 [ 863F793D15B4026B1A5FDECA873D4D84 ] C:\Windows\System32\apphelp.dll
09:45:10.0356 6564 C:\Windows\System32\apphelp.dll - ok
09:45:10.0359 6564 [ 81951F51E318AECC2D68559E47485CC4 ] C:\Windows\System32\lsass.exe
09:45:10.0359 6564 C:\Windows\System32\lsass.exe - ok
09:45:10.0363 6564 [ 8AEA9A37C1A3565A204D37C5E72AB791 ] C:\Windows\System32\lsm.exe
09:45:10.0363 6564 C:\Windows\System32\lsm.exe - ok
09:45:10.0366 6564 [ 21835BD18857B8BADD3858DE3B74F76C ] C:\Windows\System32\services.exe
09:45:10.0366 6564 C:\Windows\System32\services.exe - ok
09:45:10.0369 6564 [ E361AE3010EA4B3123DAB5BDAE21798F ] C:\Windows\System32\sspisrv.dll
09:45:10.0369 6564 C:\Windows\System32\sspisrv.dll - ok
09:45:10.0373 6564 [ C95CA687D32DDAB1C91E1122E80D5E16 ] C:\Windows\System32\lsasrv.dll
09:45:10.0373 6564 C:\Windows\System32\lsasrv.dll - ok
09:45:10.0377 6564 [ 250AA41DE690561AF1282D598914564C ] C:\Windows\System32\scesrv.dll
09:45:10.0377 6564 C:\Windows\System32\scesrv.dll - ok
09:45:10.0381 6564 [ 3369D021265E369D57317D61FA86DD79 ] C:\Windows\System32\scext.dll
09:45:10.0381 6564 C:\Windows\System32\scext.dll - ok
09:45:10.0384 6564 [ 69678722290C78D5D7198C60B5A4E3E8 ] C:\Windows\System32\secur32.dll
09:45:10.0384 6564 C:\Windows\System32\secur32.dll - ok
09:45:10.0388 6564 [ 5CCDCD40E732D54E0F7451AC66AC1C87 ] C:\Windows\System32\srvcli.dll
09:45:10.0388 6564 C:\Windows\System32\srvcli.dll - ok
09:45:10.0392 6564 [ 4A054C853031616D161A84BECF281F47 ] C:\Windows\System32\sspicli.dll
09:45:10.0392 6564 C:\Windows\System32\sspicli.dll - ok
09:45:10.0396 6564 [ BA51FFE170C5B3AE8EC4F5BD2581A29E ] C:\Windows\System32\sysntfy.dll
09:45:10.0396 6564 C:\Windows\System32\sysntfy.dll - ok
09:45:10.0399 6564 [ D412B1B72C5AB020218E9A047D90CA05 ] C:\Windows\System32\wmsgapi.dll
09:45:10.0399 6564 C:\Windows\System32\wmsgapi.dll - ok
09:45:10.0403 6564 [ 245F4691314F42D4D1BC06442F0B2086 ] C:\Windows\System32\samsrv.dll
09:45:10.0403 6564 C:\Windows\System32\samsrv.dll - ok
09:45:10.0408 6564 [ 1128637CAD49A8E3C8B5FA5D0A061525 ] C:\Windows\System32\cryptdll.dll
09:45:10.0408 6564 C:\Windows\System32\cryptdll.dll - ok
09:45:10.0411 6564 [ 82C089EA2A3EEFADF3588EA71E8BDADA ] C:\Windows\System32\wevtapi.dll
09:45:10.0411 6564 C:\Windows\System32\wevtapi.dll - ok
09:45:10.0415 6564 [ FB4EB9352B7D698E6B3C2AA2ED724DAD ] C:\Windows\System32\authz.dll
09:45:10.0415 6564 C:\Windows\System32\authz.dll - ok
09:45:10.0417 6564 [ 50BA656134F78AF64E4DD3C8B6FEFD7E ] C:\Windows\System32\cngaudit.dll
09:45:10.0417 6564 C:\Windows\System32\cngaudit.dll - ok
09:45:10.0421 6564 [ 591FE0A6CEB19BF886CEB1331F591940 ] C:\Windows\System32\ncrypt.dll
09:45:10.0421 6564 C:\Windows\System32\ncrypt.dll - ok
09:45:10.0425 6564 [ FC7650224790CAE75A5E9231961FDEC5 ] C:\Windows\System32\bcrypt.dll
09:45:10.0425 6564 C:\Windows\System32\bcrypt.dll - ok
09:45:10.0429 6564 [ FD1D6C73E6333BE727CBCC6054247654 ] C:\Windows\System32\drivers\TsUsbFlt.sys
09:45:10.0429 6564 C:\Windows\System32\drivers\TsUsbFlt.sys - ok
09:45:10.0432 6564 [ A927E51E6C39DDE8BB4A488A22DDAAAB ] C:\Windows\System32\atmfd.dll
09:45:10.0432 6564 C:\Windows\System32\atmfd.dll - ok
09:45:10.0436 6564 [ C90878913DF3DC504790282043DB5F4C ] C:\Windows\System32\msprivs.dll
09:45:10.0436 6564 C:\Windows\System32\msprivs.dll - ok
09:45:10.0440 6564 [ E343CABBD8D600ABAF3F11625D33B3D0 ] C:\Windows\System32\netjoin.dll
09:45:10.0440 6564 C:\Windows\System32\netjoin.dll - ok
09:45:10.0444 6564 [ BDA0B954A30498B5A7EDC6204CBA07ED ] C:\Windows\System32\kerberos.dll
09:45:10.0444 6564 C:\Windows\System32\kerberos.dll - ok
09:45:10.0448 6564 [ 6DCFAEC6D1334AA6CDF8961DB4633CBF ] C:\Windows\System32\negoexts.dll
09:45:10.0448 6564 C:\Windows\System32\negoexts.dll - ok
09:45:10.0452 6564 [ 7321F18D1F820612ED0E9F2D4B578A7E ] C:\Windows\System32\cryptsp.dll
09:45:10.0452 6564 C:\Windows\System32\cryptsp.dll - ok
09:45:10.0456 6564 [ 4C1E16B9A53102C8D6FBA587CBCB95DE ] C:\Windows\System32\msv1_0.dll
09:45:10.0456 6564 C:\Windows\System32\msv1_0.dll - ok
09:45:10.0460 6564 [ 8999B8631C7FD9F7F9EC3CAFD953BA24 ] C:\Windows\System32\mswsock.dll
09:45:10.0460 6564 C:\Windows\System32\mswsock.dll - ok
09:45:10.0463 6564 [ C1809B9907ADEDAF16F50C894100883B ] C:\Windows\System32\netlogon.dll
09:45:10.0463 6564 C:\Windows\System32\netlogon.dll - ok
09:45:10.0467 6564 [ 73E8667A19FEEDD856DF2695E9E511D4 ] C:\Windows\System32\wship6.dll
09:45:10.0467 6564 C:\Windows\System32\wship6.dll - ok
09:45:10.0471 6564 [ B40420876B9288E0A1C8CCA8A84E5DC9 ] C:\Windows\System32\dnsapi.dll
09:45:10.0471 6564 C:\Windows\System32\dnsapi.dll - ok
09:45:10.0474 6564 [ 8EA53101FF2B15BDFF934B62A8FB326D ] C:\Windows\System32\logoncli.dll
09:45:10.0474 6564 C:\Windows\System32\logoncli.dll - ok
09:45:10.0478 6564 [ 3D3CBD1847F980FB03343A63671E7886 ] C:\Windows\System32\schannel.dll
09:45:10.0478 6564 C:\Windows\System32\schannel.dll - ok
09:45:10.0481 6564 [ 0450CF487ECD8A67B56F59F9A96D024D ] C:\Windows\System32\wdigest.dll
09:45:10.0481 6564 C:\Windows\System32\wdigest.dll - ok
09:45:10.0485 6564 [ 37CC990D4E2CDFAE12AC47F6B620FC13 ] C:\Windows\System32\pku2u.dll
09:45:10.0485 6564 C:\Windows\System32\pku2u.dll - ok
09:45:10.0488 6564 [ ED8EC63F7522DF4852147C84EC62C36A ] C:\Windows\System32\rsaenh.dll
09:45:10.0488 6564 C:\Windows\System32\rsaenh.dll - ok
09:45:10.0492 6564 [ D29E45078CF4020CE0AAC82EC652D1EA ] C:\Windows\System32\TSpkg.dll
09:45:10.0492 6564 C:\Windows\System32\TSpkg.dll - ok
09:45:10.0495 6564 [ E8449FE262D7406BCB2AC2A45C53EC5F ] C:\Windows\System32\bcryptprimitives.dll
09:45:10.0495 6564 C:\Windows\System32\bcryptprimitives.dll - ok
09:45:10.0499 6564 [ 9EDE13F62E7BE92DBA561218EDDC4E21 ] C:\Windows\System32\LIVESSP.DLL
09:45:10.0499 6564 C:\Windows\System32\LIVESSP.DLL - ok
09:45:10.0502 6564 [ 4E5FE39C1076D115EC8BFCFE14D75B80 ] C:\Windows\System32\credssp.dll
09:45:10.0502 6564 C:\Windows\System32\credssp.dll - ok
09:45:10.0506 6564 [ 91F434FF6606ED9BDC6A05D651B69553 ] C:\Windows\System32\efslsaext.dll
09:45:10.0506 6564 C:\Windows\System32\efslsaext.dll - ok
09:45:10.0510 6564 [ 8124944EC89D6A1815E4E53F5B96AAF4 ] C:\Windows\System32\scecli.dll
09:45:10.0510 6564 C:\Windows\System32\scecli.dll - ok
09:45:10.0513 6564 [ 7222995615BF93B628DCEA4BD6CCACF7 ] C:\Windows\System32\ubpm.dll
09:45:10.0513 6564 C:\Windows\System32\ubpm.dll - ok
09:45:10.0517 6564 [ 54A47F6B5E09A77E61649109C6A08866 ] C:\Windows\System32\svchost.exe
09:45:10.0517 6564 C:\Windows\System32\svchost.exe - ok
09:45:10.0520 6564 [ 418E881201583A3039D81F43E39E6C78 ] C:\Windows\System32\winsta.dll
09:45:10.0520 6564 C:\Windows\System32\winsta.dll - ok
09:45:10.0524 6564 [ FD07F21E0A19C27ED4E1EEC2B07452B3 ] C:\Windows\System32\devrtl.dll
09:45:10.0524 6564 C:\Windows\System32\devrtl.dll - ok
09:45:10.0527 6564 [ 4BDBBE5E4208022DD794F7EEEB0F7366 ] C:\Windows\System32\SPInf.dll
09:45:10.0527 6564 C:\Windows\System32\SPInf.dll - ok
09:45:10.0531 6564 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] C:\Windows\System32\umpnpmgr.dll
09:45:10.0531 6564 C:\Windows\System32\umpnpmgr.dll - ok
09:45:10.0535 6564 [ D15618A0FF8DBC2C5BF3726BACC75A0B ] C:\Windows\System32\userenv.dll
09:45:10.0535 6564 C:\Windows\System32\userenv.dll - ok
09:45:10.0538 6564 [ 1097F3035BAF46CED8B332B3564C5108 ] C:\Windows\System32\gpapi.dll
09:45:10.0538 6564 C:\Windows\System32\gpapi.dll - ok
09:45:10.0542 6564 [ 5893EBDCE371174AC89ECD7731DD6D77 ] C:\Windows\System32\pcwum.dll
09:45:10.0542 6564 C:\Windows\System32\pcwum.dll - ok
09:45:10.0545 6564 [ F87D30E72E03D579A5199CCB3831D6EA ] C:\Windows\System32\umpo.dll
09:45:10.0546 6564 C:\Windows\System32\umpo.dll - ok
09:45:10.0549 6564 [ 08DFDBD2FD4EA951DC46B1C7661ED35A ] C:\Windows\System32\powrprof.dll
09:45:10.0549 6564 C:\Windows\System32\powrprof.dll - ok
09:45:10.0553 6564 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] C:\Windows\System32\drivers\luafv.sys
09:45:10.0553 6564 C:\Windows\System32\drivers\luafv.sys - ok
09:45:10.0556 6564 [ A3492AFD0653C7F06F9D8F11CE702E0B ] C:\Windows\System32\DTS.exe
09:45:10.0556 6564 C:\Windows\System32\DTS.exe - ok
09:45:10.0560 6564 [ 3FD15B4611D9BDA3F8013548C0ECAECA ] C:\Windows\System32\ntmarta.dll
09:45:10.0560 6564 C:\Windows\System32\ntmarta.dll - ok
09:45:10.0563 6564 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] C:\Windows\System32\drivers\WUDFPf.sys
09:45:10.0563 6564 C:\Windows\System32\drivers\WUDFPf.sys - ok
09:45:10.0567 6564 [ EC25C26C4733CA16ADBBBEC53B991976 ] C:\Windows\System32\ibmpmsvc.exe
09:45:10.0567 6564 C:\Windows\System32\ibmpmsvc.exe - ok
09:45:10.0571 6564 [ B5648B8C0FFB5552535695B66B87086E ] C:\Windows\System32\AtService.exe
09:45:10.0571 6564 C:\Windows\System32\AtService.exe - ok
09:45:10.0574 6564 [ 702254574E7E52052DE39408457B7149 ] C:\Windows\System32\version.dll
09:45:10.0574 6564 C:\Windows\System32\version.dll - ok
09:45:10.0578 6564 [ DF13A51A5C591887D2EC6AE64CEED0FA ] C:\Windows\System32\wsock32.dll
09:45:10.0578 6564 C:\Windows\System32\wsock32.dll - ok
09:45:10.0581 6564 [ 6A6B2EE4565A178035BE2A4FF6F2C968 ] C:\Windows\System32\wtsapi32.dll
09:45:10.0581 6564 C:\Windows\System32\wtsapi32.dll - ok
09:45:10.0585 6564 [ 628C632710AB55747CB5BCC68716BE21 ] C:\Windows\System32\drivers\uxpatch.sys
09:45:10.0585 6564 C:\Windows\System32\drivers\uxpatch.sys - ok
09:45:10.0589 6564 [ 78D072F35BC45D9E4E1B61895C152234 ] C:\Windows\System32\RpcEpMap.dll
09:45:10.0589 6564 C:\Windows\System32\RpcEpMap.dll - ok
09:45:10.0592 6564 [ 7660F01D3B38ACA1747E397D21D790AF ] C:\Windows\System32\rpcss.dll
09:45:10.0592 6564 C:\Windows\System32\rpcss.dll - ok
09:45:10.0596 6564 [ 2FCA0D2C59A855C54BAFA22AA329DF0F ] C:\Windows\System32\netapi32.dll
09:45:10.0596 6564 C:\Windows\System32\netapi32.dll - ok
09:45:10.0600 6564 [ 20B3934DB73EABA2B49B7177873CB81F ] C:\Windows\System32\netutils.dll
09:45:10.0600 6564 C:\Windows\System32\netutils.dll - ok
09:45:10.0603 6564 [ E5A4A1326A02F8E7B59E6C3270CE7202 ] C:\Windows\System32\wkscli.dll
09:45:10.0603 6564 C:\Windows\System32\wkscli.dll - ok
09:45:10.0607 6564 [ 6D13E1406F50C66E2A95D97F22C47560 ] C:\Windows\System32\winlogon.exe
09:45:10.0607 6564 C:\Windows\System32\winlogon.exe - ok
09:45:10.0610 6564 [ EE5C8E27C37B79CB54A2FCEEED2DC262 ] C:\Windows\System32\WSHTCPIP.DLL
09:45:10.0610 6564 C:\Windows\System32\WSHTCPIP.DLL - ok
09:45:10.0613 6564 [ D4713285C6F84272635DFE73BD9ED389 ] C:\Windows\System32\atiesrxx.exe
09:45:10.0613 6564 C:\Windows\System32\atiesrxx.exe - ok
09:45:10.0617 6564 [ 3F50200237961034FACE602373838980 ] C:\Windows\System32\FirewallAPI.dll
09:45:10.0617 6564 C:\Windows\System32\FirewallAPI.dll - ok
09:45:10.0621 6564 [ 3EF0D8AB08385AAB5802E773511A2E6A ] C:\Windows\System32\LogonUI.exe
09:45:10.0621 6564 C:\Windows\System32\LogonUI.exe - ok
09:45:10.0625 6564 [ CDD35C1CE1EBFE80C055691CDC8DF443 ] C:\Windows\System32\authui.dll
09:45:10.0625 6564 C:\Windows\System32\authui.dll - ok
09:45:10.0628 6564 [ 241E015DD809CFB23242F890B1FC575B ] C:\Windows\System32\wevtsvc.dll
09:45:10.0628 6564 C:\Windows\System32\wevtsvc.dll - ok
09:45:10.0632 6564 [ 28CA821606669BB9215CE010767720FA ] C:\Windows\System32\cryptui.dll
09:45:10.0632 6564 C:\Windows\System32\cryptui.dll - ok
09:45:10.0636 6564 [ 352B3DC62A0D259A82A052238425C872 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
09:45:10.0636 6564 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll - ok
09:45:10.0640 6564 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] C:\Windows\System32\audiosrv.dll
09:45:10.0640 6564 C:\Windows\System32\audiosrv.dll - ok
09:45:10.0644 6564 [ 8C338238C16777A802D6A9211EB2BA50 ] C:\Windows\System32\netprofm.dll
09:45:10.0644 6564 C:\Windows\System32\netprofm.dll - ok
09:45:10.0648 6564 [ 139D3AB6AA920C34C50CBFFB9EB7D222 ] C:\Windows\System32\avrt.dll
09:45:10.0648 6564 C:\Windows\System32\avrt.dll - ok
09:45:10.0652 6564 [ 53223B673A3FA2F9A4D1C31C8D3F6CD8 ] C:\Windows\System32\dbghelp.dll
09:45:10.0652 6564 C:\Windows\System32\dbghelp.dll - ok
09:45:10.0655 6564 [ 146B6F43A673379A3C670E86D89BE5EA ] C:\Windows\System32\mmcss.dll
09:45:10.0656 6564 C:\Windows\System32\mmcss.dll - ok
09:45:10.0659 6564 [ 243974EC02F7AE49E4179C54624143AB ] C:\Windows\System32\MMDevAPI.dll
09:45:10.0659 6564 C:\Windows\System32\MMDevAPI.dll - ok
09:45:10.0663 6564 [ 12C45E3CB6D65F73209549E2D02ECA7A ] C:\Windows\System32\propsys.dll
09:45:10.0663 6564 C:\Windows\System32\propsys.dll - ok
09:45:10.0666 6564 [ 3D571A3CBF127E9555EAD2F8598F425F ] C:\Windows\UnsignedThemesSvc.exe
09:45:10.0666 6564 C:\Windows\UnsignedThemesSvc.exe - ok
09:45:10.0668 6564 [ AC8C80DC4F1A6E60C9A762C1799F0B39 ] C:\Windows\System32\adtschema.dll
09:45:10.0668 6564 C:\Windows\System32\adtschema.dll - ok
09:45:10.0672 6564 [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
09:45:10.0672 6564 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll - ok
09:45:10.0676 6564 [ 8B0B4C5927A333A05513791758350DC4 ] C:\Windows\System32\microsoft-windows-kernel-power-events.dll
09:45:10.0676 6564 C:\Windows\System32\microsoft-windows-kernel-power-events.dll - ok
09:45:10.0680 6564 [ CADEFAC453040E370A1BDFF3973BE00D ] C:\Windows\System32\profsvc.dll
09:45:10.0680 6564 C:\Windows\System32\profsvc.dll - ok
09:45:10.0685 6564 [ 16935C98FF639D185086A3529B1F2067 ] C:\Windows\System32\wlansvc.dll
09:45:10.0685 6564 C:\Windows\System32\wlansvc.dll - ok
09:45:10.0691 6564 [ 7520EC808E0C35E0EE6F841294316653 ] C:\Windows\System32\drivers\fltMgr.sys
09:45:10.0691 6564 C:\Windows\System32\drivers\fltMgr.sys - ok
09:45:10.0694 6564 [ D93A937A2A9D2CBC06B3A615A197011F ] C:\Windows\System32\PSHED.DLL
09:45:10.0694 6564 C:\Windows\System32\PSHED.DLL - ok
09:45:10.0698 6564 [ 1F5497D7D3D79C7BF0AB0C8B4C5BFE6E ] C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
09:45:10.0698 6564 C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll - ok
09:45:10.0705 6564 [ C30A3E5DEEEBA22E782AC54C5AF5F352 ] C:\Windows\System32\samlib.dll
09:45:10.0705 6564 C:\Windows\System32\samlib.dll - ok
09:45:10.0708 6564 [ F14A9B1778376D0B1788E402AC1F831A ] C:\Windows\System32\shacct.dll
09:45:10.0708 6564 C:\Windows\System32\shacct.dll - ok
09:45:10.0713 6564 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] C:\Windows\System32\themeservice.dll
09:45:10.0713 6564 C:\Windows\System32\themeservice.dll - ok
09:45:10.0717 6564 [ 5992A9DF57FD5E6960FDCC2DB69867F7 ] C:\Windows\System32\themeui.dll
09:45:10.0717 6564 C:\Windows\System32\themeui.dll - ok
09:45:10.0721 6564 [ 63BFDF555DA2075A77D677829C3CCCD0 ] C:\Windows\System32\uxtheme.dll
09:45:10.0721 6564 C:\Windows\System32\uxtheme.dll - ok
09:45:10.0726 6564 [ 7717F84F483002815490033BF069DABD ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll
09:45:10.0726 6564 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\GdiPlus.dll - ok
09:45:10.0729 6564 [ EE06B85BC69F18826302348A2AD089E0 ] C:\Windows\System32\dui70.dll
09:45:10.0729 6564 C:\Windows\System32\dui70.dll - ok
09:45:10.0733 6564 [ 6E1F8165C365D35C8E3C045AF0CDD481 ] C:\Windows\System32\duser.dll
09:45:10.0733 6564 C:\Windows\System32\duser.dll - ok
09:45:10.0736 6564 [ 2CFA4569350B7F84F815E9EC34E85766 ] C:\Windows\System32\SndVolSSO.dll
09:45:10.0736 6564 C:\Windows\System32\SndVolSSO.dll - ok
09:45:10.0740 6564 [ 39C5F32747B3414D1BB216FDB1DEFC58 ] C:\Windows\System32\dwmapi.dll
09:45:10.0740 6564 C:\Windows\System32\dwmapi.dll - ok
09:45:10.0744 6564 [ 63DF770DF74ACB370EF5A16727069AAF ] C:\Windows\System32\hid.dll
09:45:10.0744 6564 C:\Windows\System32\hid.dll - ok
09:45:10.0747 6564 [ EDF2A5E96BEC469DA3F64E9BDD386111 ] C:\Windows\System32\xmllite.dll
09:45:10.0747 6564 C:\Windows\System32\xmllite.dll - ok
09:45:10.0751 6564 [ 8B74CEC6980D4816B0037AE9A27E538F ] C:\Windows\System32\slc.dll
09:45:10.0751 6564 C:\Windows\System32\slc.dll - ok
09:45:10.0754 6564 [ 1DB71A41DAEE6B3F8CD0DDA8209FA2D5 ] C:\Windows\System32\WindowsCodecs.dll
09:45:10.0754 6564 C:\Windows\System32\WindowsCodecs.dll - ok
09:45:10.0759 6564 [ 6777B42D52F2303BF0B107FF44A60FF2 ] C:\Windows\System32\FpCredProv.dll
09:45:10.0759 6564 C:\Windows\System32\FpCredProv.dll - ok
09:45:10.0762 6564 [ 326C7F76A29897A892AA7726E91C1C67 ] C:\Windows\System32\winbrand.dll
09:45:10.0762 6564 C:\Windows\System32\winbrand.dll - ok
09:45:10.0766 6564 [ 2DAE86D453525BECEFBC298A66E4D2FC ] C:\Program Files\ThinkPad\Bluetooth Software\BtwCP.dll
09:45:10.0766 6564 C:\Program Files\ThinkPad\Bluetooth Software\BtwCP.dll - ok
09:45:10.0770 6564 [ 68ECCA523ED760AAFC03C5D587569859 ] C:\Windows\System32\samcli.dll
09:45:10.0770 6564 C:\Windows\System32\samcli.dll - ok
09:45:10.0774 6564 [ 65BF13016A3C22775F3E17591AE5268A ] C:\Windows\System32\VaultCredProvider.dll
09:45:10.0774 6564 C:\Windows\System32\VaultCredProvider.dll - ok
09:45:10.0778 6564 [ 9E4B0E7472B4CEBA9E17F440B8CB0AB8 ] C:\Windows\System32\winspool.drv
09:45:10.0778 6564 C:\Windows\System32\winspool.drv - ok
09:45:10.0782 6564 [ E3D5E244807AD655787FCD25477CC1BC ] C:\Windows\System32\bthprops.cpl
09:45:10.0782 6564 C:\Windows\System32\bthprops.cpl - ok
09:45:10.0786 6564 [ 05BF975CA428E04B462FB90841B37C95 ] C:\Windows\System32\SmartcardCredentialProvider.dll
09:45:10.0786 6564 C:\Windows\System32\SmartcardCredentialProvider.dll - ok
09:45:10.0791 6564 [ E59F08ED9D2A128CE436BBFC232247F6 ] C:\Windows\System32\BioCredProv.dll
09:45:10.0791 6564 C:\Windows\System32\BioCredProv.dll - ok
09:45:10.0797 6564 [ 108C2CFA5527458C096A699929ECBD80 ] C:\Windows\System32\credui.dll
09:45:10.0797 6564 C:\Windows\System32\credui.dll - ok
09:45:10.0799 6564 [ 3FAD263CE1E2A6FFF40D00043B2275E3 ] C:\Windows\System32\winbio.dll
09:45:10.0799 6564 C:\Windows\System32\winbio.dll - ok
09:45:10.0803 6564 [ 6D8CACF3B1B54943EFCF420C2D667B37 ] C:\Windows\System32\certCredProvider.dll
09:45:10.0803 6564 C:\Windows\System32\certCredProvider.dll - ok
09:45:10.0807 6564 [ 36B8D5903CEEF0AA42A1EE002BD27FF1 ] C:\Windows\System32\vaultcli.dll
09:45:10.0807 6564 C:\Windows\System32\vaultcli.dll - ok
09:45:10.0810 6564 [ F68194F74350D4A2ADE98961E33F884C ] C:\Windows\System32\audiodg.exe
09:45:10.0811 6564 C:\Windows\System32\audiodg.exe - ok
09:45:10.0814 6564 [ B230D1B54017C2B56DAFE311DFEB0102 ] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDCREDPROV.DLL
09:45:10.0814 6564 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDCREDPROV.DLL - ok
09:45:10.0818 6564 [ FFE4BEC5C187C426A17AE76A773063A6 ] C:\Windows\System32\rasplap.dll
09:45:10.0818 6564 C:\Windows\System32\rasplap.dll - ok
09:45:10.0822 6564 [ 839F96DBAAFD3353E0B248A5E0BD2A51 ] C:\Windows\System32\rasapi32.dll
09:45:10.0822 6564 C:\Windows\System32\rasapi32.dll - ok
09:45:10.0826 6564 [ FFA7172354B9256DBB2CDD75F16F33FE ] C:\Windows\System32\rasman.dll
09:45:10.0826 6564 C:\Windows\System32\rasman.dll - ok
09:45:10.0830 6564 [ 0915C4DB6DBC3BB9E11B7ECBBE4B7159 ] C:\Windows\System32\rtutils.dll
09:45:10.0830 6564 C:\Windows\System32\rtutils.dll - ok
09:45:10.0834 6564 [ 15F93B37F6801943360D9EB42485D5D3 ] C:\Windows\System32\cscsvc.dll
09:45:10.0834 6564 C:\Windows\System32\cscsvc.dll - ok
09:45:10.0837 6564 [ E897EAF5ED6BA41E081060C9B447A673 ] C:\Windows\System32\gpsvc.dll
09:45:10.0837 6564 C:\Windows\System32\gpsvc.dll - ok
09:45:10.0842 6564 [ 9C67F6BBDA3881CFD02095160CF91576 ] C:\Windows\System32\ksuser.dll
09:45:10.0842 6564 C:\Windows\System32\ksuser.dll - ok
09:45:10.0846 6564 [ D205C24A9D069049FE2DF2A1B38726A7 ] C:\Windows\System32\wdmaud.drv
09:45:10.0846 6564 C:\Windows\System32\wdmaud.drv - ok
09:45:10.0850 6564 [ D5AEFAD57C08349A4393D987DF7C715D ] C:\Windows\System32\winmm.dll
09:45:10.0850 6564 C:\Windows\System32\winmm.dll - ok
09:45:10.0853 6564 [ C940F2F5C60B3727C5F18840735B229C ] C:\Windows\System32\AudioSes.dll
09:45:10.0853 6564 C:\Windows\System32\AudioSes.dll - ok
09:45:10.0858 6564 [ F10E5311E5093FA3C00FF88C54C32FCA ] C:\Windows\System32\atl.dll
09:45:10.0858 6564 C:\Windows\System32\atl.dll - ok
09:45:10.0861 6564 [ 50E0DD0A5B8D8BC353578F2F73926697 ] C:\Windows\System32\nlaapi.dll
09:45:10.0861 6564 C:\Windows\System32\nlaapi.dll - ok
09:45:10.0864 6564 [ 772F44012DBE49DE894976AE2259A659 ] C:\Windows\System32\PeerDist.dll
09:45:10.0865 6564 C:\Windows\System32\PeerDist.dll - ok
09:45:10.0868 6564 [ 2F040CF0613A6D64DCBBA9EE81F5A5AE ] C:\Windows\System32\dsrole.dll
09:45:10.0868 6564 C:\Windows\System32\dsrole.dll - ok
09:45:10.0871 6564 [ 544EFF88AC6C85DF5A4D6F18DFE08CFC ] C:\Windows\System32\taskschd.dll
09:45:10.0871 6564 C:\Windows\System32\taskschd.dll - ok
09:45:10.0875 6564 [ F6916EFC29D9953D5D0DF06882AE8E16 ] C:\Windows\System32\es.dll
09:45:10.0875 6564 C:\Windows\System32\es.dll - ok
09:45:10.0879 6564 [ 85683DF1F917E4D7F6BE1A04986BF1C8 ] C:\Windows\System32\msacm32.dll
09:45:10.0879 6564 C:\Windows\System32\msacm32.dll - ok
09:45:10.0882 6564 [ 07393A09C46083588E751B63B03C8301 ] C:\Windows\System32\msacm32.drv
09:45:10.0882 6564 C:\Windows\System32\msacm32.drv - ok
09:45:10.0886 6564 [ 5A12C364AD1D4FCC0AD0E56DBBC34462 ] C:\Windows\System32\midimap.dll
09:45:10.0886 6564 C:\Windows\System32\midimap.dll - ok
09:45:10.0890 6564 [ BBA9D5A730D5E304117AD26923EBD8AA ] C:\Windows\System32\AudioEng.dll
09:45:10.0890 6564 C:\Windows\System32\AudioEng.dll - ok
09:45:10.0894 6564 [ C5A99A4C0DC9F0F5A95BA0C83D30A549 ] C:\Windows\System32\mstask.dll
09:45:10.0894 6564 C:\Windows\System32\mstask.dll - ok
09:45:10.0899 6564 [ 808D8A8B2A3074002852BC856D419576 ] C:\Windows\System32\comres.dll
09:45:10.0899 6564 C:\Windows\System32\comres.dll - ok
09:45:10.0905 6564 [ DCB7FCDCC97F87360F75D77425B81737 ] C:\Windows\System32\Sens.dll
09:45:10.0905 6564 C:\Windows\System32\Sens.dll - ok
09:45:10.0910 6564 [ A12829E9974F57E9B5DBFEA7C93190F6 ] C:\Windows\System32\UXInit.dll
09:45:10.0910 6564 C:\Windows\System32\UXInit.dll - ok
09:45:10.0914 6564 [ 2E62962D58C99CA08D0FE97BCFBECD74 ] C:\Windows\System32\atieclxx.exe
09:45:10.0914 6564 C:\Windows\System32\atieclxx.exe - ok
09:45:10.0916 6564 [ DB5AAAC7130110610056F5F0DF65D803 ] C:\Windows\System32\atiadlxx.dll
09:45:10.0916 6564 C:\Windows\System32\atiadlxx.dll - ok
09:45:10.0920 6564 [ 96F0F8F4DEE598C8D12AD9633E0CFE2A ] C:\Windows\System32\AUDIOKSE.dll
09:45:10.0920 6564 C:\Windows\System32\AUDIOKSE.dll - ok
09:45:10.0925 6564 [ 081E6E1C91AEC36758902A9F727CD23C ] C:\Windows\System32\uxsms.dll
09:45:10.0925 6564 C:\Windows\System32\uxsms.dll - ok
09:45:10.0929 6564 [ D5CF1536137026ACDED95BF6CBF849F6 ] C:\Windows\System32\WUDFPlatform.dll
09:45:10.0929 6564 C:\Windows\System32\WUDFPlatform.dll - ok
09:45:10.0936 6564 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] C:\Windows\System32\WUDFSvc.dll
09:45:10.0936 6564 C:\Windows\System32\WUDFSvc.dll - ok
09:45:10.0938 6564 [ ECE8D3D5C2FDB9A929014350A17EC8E6 ] C:\Windows\System32\CX32QP17.dll
09:45:10.0938 6564 C:\Windows\System32\CX32QP17.dll - ok
09:45:10.0942 6564 [ 41BE0C6C8DE7D2541B2BB491F1DCDD41 ] C:\Program Files\Lenovo Fingerprint Software\ATCSSINT.dll
09:45:10.0942 6564 C:\Program Files\Lenovo Fingerprint Software\ATCSSINT.dll - ok
09:45:10.0946 6564 [ 9428E81130DA902EE89226D11ACC02D4 ] C:\Windows\System32\atimuixx.dll
09:45:10.0946 6564 C:\Windows\System32\atimuixx.dll - ok
09:45:10.0949 6564 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] C:\Windows\System32\drivers\lltdio.sys
09:45:10.0949 6564 C:\Windows\System32\drivers\lltdio.sys - ok
09:45:10.0953 6564 [ D8A65DAFB3EB41CBB622745676FCD072 ] C:\Windows\System32\drivers\ndisuio.sys
09:45:10.0953 6564 C:\Windows\System32\drivers\ndisuio.sys - ok
09:45:10.0958 6564 [ 26384429FCD85D83746F63E798AB1480 ] C:\Windows\System32\drivers\nwifi.sys
09:45:10.0958 6564 C:\Windows\System32\drivers\nwifi.sys - ok
09:45:10.0962 6564 [ 032B0D36AD92B582D869879F5AF5B928 ] C:\Windows\System32\drivers\rspndr.sys
09:45:10.0962 6564 C:\Windows\System32\drivers\rspndr.sys - ok
09:45:10.0966 6564 [ A90DC9ABD65DB1A8902F361103029952 ] C:\Windows\System32\IPHLPAPI.DLL
09:45:10.0966 6564 C:\Windows\System32\IPHLPAPI.DLL - ok
09:45:10.0970 6564 [ AF75DBA674E55221B7A055B0A4345F16 ] C:\Windows\System32\keyiso.dll
09:45:10.0970 6564 C:\Windows\System32\keyiso.dll - ok
09:45:10.0973 6564 [ 55CA01BA19D0006C8F2639B6C045E08B ] C:\Windows\System32\lmhsvc.dll
09:45:10.0973 6564 C:\Windows\System32\lmhsvc.dll - ok
09:45:10.0977 6564 [ D2A937964199F647B1C3BC435712E5D9 ] C:\Windows\System32\nrpsrv.dll
09:45:10.0977 6564 C:\Windows\System32\nrpsrv.dll - ok
09:45:10.0980 6564 [ BA387E955E890C8A88306D9B8D06BF17 ] C:\Windows\System32\nsisvc.dll
09:45:10.0980 6564 C:\Windows\System32\nsisvc.dll - ok
09:45:10.0984 6564 [ CFF35B879D1618D42C86644C717BA947 ] C:\Windows\System32\winnsi.dll
09:45:10.0984 6564 C:\Windows\System32\winnsi.dll - ok
09:45:10.0987 6564 [ E9E01EB683C132F7FA27CD607B8A2B63 ] C:\Windows\System32\dhcpcore.dll
09:45:10.0987 6564 C:\Windows\System32\dhcpcore.dll - ok
09:45:10.0991 6564 [ EF71BA5DF59034962B0C62314A71351A ] C:\Windows\System32\dhcpcore6.dll
09:45:10.0991 6564 C:\Windows\System32\dhcpcore6.dll - ok
09:45:10.0994 6564 [ 4E30ED3E551E867ADD1C8D58F5EDD9DF ] C:\Windows\System32\WMALFXGFXDSP.dll
09:45:10.0994 6564 C:\Windows\System32\WMALFXGFXDSP.dll - ok
09:45:10.0998 6564 [ 81F6C1AE23B1C493D9E996C3103915D7 ] C:\Windows\System32\dhcpcsvc6.dll
09:45:10.0998 6564 C:\Windows\System32\dhcpcsvc6.dll - ok
09:45:11.0002 6564 [ 9A85ABCE0FDD1AF8E79E731EB0B679F3 ] C:\Windows\System32\dhcpcsvc.dll
09:45:11.0002 6564 C:\Windows\System32\dhcpcsvc.dll - ok
09:45:11.0005 6564 [ 40B82688907A7DBA4DB3B5ADDE3EAB3B ] C:\Windows\System32\mfplat.dll
09:45:11.0005 6564 C:\Windows\System32\mfplat.dll - ok
09:45:11.0008 6564 [ 33EF4861F19A0736B11314AAD9AE28D0 ] C:\Windows\System32\dnsrslvr.dll
09:45:11.0009 6564 C:\Windows\System32\dnsrslvr.dll - ok
09:45:11.0012 6564 [ 9A892B3439884C62B04718F0303A49E9 ] C:\Windows\System32\eapphost.dll
09:45:11.0012 6564 C:\Windows\System32\eapphost.dll - ok
09:45:11.0016 6564 [ 8600142FA91C1B96367D3300AD0F3F3A ] C:\Windows\System32\eapsvc.dll
09:45:11.0016 6564 C:\Windows\System32\eapsvc.dll - ok
09:45:11.0019 6564 [ 03A03A453F1AAAE0C73AAAF895321C7A ] C:\Windows\System32\FWPUCLNT.DLL
09:45:11.0019 6564 C:\Windows\System32\FWPUCLNT.DLL - ok
09:45:11.0023 6564 [ 100103C6535C66265267F5EEA5F5846E ] C:\Windows\System32\dnsext.dll
09:45:11.0023 6564 C:\Windows\System32\dnsext.dll - ok
09:45:11.0026 6564 [ D33E95C0A2754061233B58DC41F8094C ] C:\Windows\System32\umb.dll
09:45:11.0026 6564 C:\Windows\System32\umb.dll - ok
09:45:11.0030 6564 [ 3C9035085141162416A0DD34DBF3F3C1 ] C:\Windows\System32\wlanmsm.dll
09:45:11.0030 6564 C:\Windows\System32\wlanmsm.dll - ok
09:45:11.0033 6564 [ 5A5FEDDF02588B8F9FE4A95E5E7EAE97 ] C:\Windows\System32\eappcfg.dll
09:45:11.0033 6564 C:\Windows\System32\eappcfg.dll - ok
09:45:11.0037 6564 [ 666E57B6B51824D1D235F80A3DD70A13 ] C:\Windows\System32\eappprxy.dll
09:45:11.0037 6564 C:\Windows\System32\eappprxy.dll - ok
09:45:11.0041 6564 [ F748F53FE09D21D8ECBB6421E6792024 ] C:\Windows\System32\onex.dll
09:45:11.0041 6564 C:\Windows\System32\onex.dll - ok
09:45:11.0044 6564 [ 20C06A50DFC097E134BC6FA8444CA9BC ] C:\Windows\System32\wlansec.dll
09:45:11.0044 6564 C:\Windows\System32\wlansec.dll - ok
09:45:11.0048 6564 [ 749F9795F01C35EEBE100A87D82B9681 ] C:\Windows\System32\wlgpclnt.dll
09:45:11.0048 6564 C:\Windows\System32\wlgpclnt.dll - ok
09:45:11.0052 6564 [ C1585EAA67C37A05BF6F93726FAFC069 ] C:\Windows\System32\l2gpstore.dll
09:45:11.0052 6564 C:\Windows\System32\l2gpstore.dll - ok
09:45:11.0055 6564 [ 1D6A771D1D702AE07919DB52C889A249 ] C:\Windows\System32\wlanutil.dll
09:45:11.0055 6564 C:\Windows\System32\wlanutil.dll - ok
09:45:11.0059 6564 [ 9419ABF3163B6F0E3AD3DD2B381C879F ] C:\Windows\System32\WinSCard.dll
09:45:11.0059 6564 C:\Windows\System32\WinSCard.dll - ok
09:45:11.0062 6564 [ D9A9702E43A5859896F34898D5FD3FEC ] C:\Windows\System32\msxml6.dll
09:45:11.0062 6564 C:\Windows\System32\msxml6.dll - ok
09:45:11.0066 6564 [ 9ED8D223DDBB82C799ABA78FA6F75C79 ] C:\Program Files\Lenovo Fingerprint Software\SharedResources.dll
09:45:11.0066 6564 C:\Program Files\Lenovo Fingerprint Software\SharedResources.dll - ok
09:45:11.0070 6564 [ 51E00CB7256160F10FBB92E11D35AA9B ] C:\Program Files\Lenovo Fingerprint Software\FPResource.dll
09:45:11.0070 6564 C:\Program Files\Lenovo Fingerprint Software\FPResource.dll - ok
09:45:11.0074 6564 [ 4D99FCA201B72E0F2CA996E357BAA170 ] C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
09:45:11.0074 6564 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe - ok
09:45:11.0077 6564 [ 6F44F5C0BC6B210FE5F5A1C8D899AD0A ] C:\Windows\System32\wlanext.exe
09:45:11.0077 6564 C:\Windows\System32\wlanext.exe - ok
09:45:11.0081 6564 [ 310E9119D0A1CFDF1DA897089B533D81 ] C:\Windows\System32\conhost.exe
09:45:11.0081 6564 C:\Windows\System32\conhost.exe - ok
09:45:11.0085 6564 [ 8F12EA9218EE07FEB36B11850305EEAB ] C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
09:45:11.0085 6564 C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll - ok
09:45:11.0088 6564 [ 5F288B805041D4A6F168707E52DE2BFE ] C:\Windows\System32\iwmssvc.dll
09:45:11.0088 6564 C:\Windows\System32\iwmssvc.dll - ok
09:45:11.0092 6564 [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
09:45:11.0092 6564 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll - ok
09:45:11.0096 6564 [ 1EBE9524683C7C4EED8B8BC93FB6FBCC ] C:\Windows\System32\fltLib.dll
09:45:11.0096 6564 C:\Windows\System32\fltLib.dll - ok
09:45:11.0099 6564 [ 2A66BB1F9D9ED7A8BCD58E505BB3ED3C ] C:\Program Files\Lavasoft\Ad-Aware\Resources.dll
09:45:11.0099 6564 C:\Program Files\Lavasoft\Ad-Aware\Resources.dll - ok
09:45:11.0103 6564 [ BDAC1AA64495D0F7E1FF810EBBF1F018 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
09:45:11.0103 6564 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll - ok
09:45:11.0107 6564 [ C56EE8C650CBB70A20A3B2E3DF3FE996 ] C:\Program Files\Common Files\Intel\WirelessCommon\libeay32.dll
09:45:11.0107 6564 C:\Program Files\Common Files\Intel\WirelessCommon\libeay32.dll - ok
09:45:11.0111 6564 [ B010CF886420EE29C2C276646721D255 ] C:\Windows\System32\wlanapi.dll
09:45:11.0111 6564 C:\Windows\System32\wlanapi.dll - ok
09:45:11.0115 6564 [ 987B96D76AFE301A73EAC65BECA5A62E ] C:\Program Files\Common Files\Intel\WirelessCommon\PsRegApi.dll
09:45:11.0115 6564 C:\Program Files\Common Files\Intel\WirelessCommon\PsRegApi.dll - ok
09:45:11.0119 6564 [ F3FD633CAD0DAD82E5F30A0BF8876B06 ] C:\Program Files\Common Files\Intel\WirelessCommon\TraceAPI.dll
09:45:11.0119 6564 C:\Program Files\Common Files\Intel\WirelessCommon\TraceAPI.dll - ok
09:45:11.0122 6564 [ 8E01332CC4B68BC6B5B7EFFE374442AA ] C:\Windows\System32\oleacc.dll
09:45:11.0122 6564 C:\Windows\System32\oleacc.dll - ok
09:45:11.0126 6564 [ 430785D3ECBDCB4DCCB74DDD027C3B39 ] C:\Program Files\Intel\WiFi\bin\KmmdlPlugins\ccxplugin.dll
09:45:11.0126 6564 C:\Program Files\Intel\WiFi\bin\KmmdlPlugins\ccxplugin.dll - ok
09:45:11.0129 6564 [ DEC1426BF15A07E4B26DC7F479EDAA60 ] C:\Program Files\Common Files\System\ado\msado15.dll
09:45:11.0129 6564 C:\Program Files\Common Files\System\ado\msado15.dll - ok
09:45:11.0133 6564 [ 329474C0AB680B425DFB467B910371A1 ] C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll
09:45:11.0133 6564 C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll - ok
09:45:11.0137 6564 [ 414DA952A35BF5D50192E28263B40577 ] C:\Windows\System32\shsvcs.dll
09:45:11.0137 6564 C:\Windows\System32\shsvcs.dll - ok
09:45:11.0141 6564 [ A04BB13F8A72F8B6E8B4071723E4E336 ] C:\Windows\System32\schedsvc.dll
09:45:11.0141 6564 C:\Windows\System32\schedsvc.dll - ok
09:45:11.0144 6564 [ A99C4D1B5E7E794EC5779CF14F431932 ] C:\Windows\System32\msdart.dll
09:45:11.0144 6564 C:\Windows\System32\msdart.dll - ok
09:45:11.0148 6564 [ E2095C5CBE19CB17F8C6B07A5805B784 ] C:\Program Files\Common Files\System\Ole DB\oledb32.dll
09:45:11.0148 6564 C:\Program Files\Common Files\System\Ole DB\oledb32.dll - ok
09:45:11.0152 6564 [ F88C94D2469C34B98DDD639F37588F90 ] C:\Program Files\Lavasoft\Ad-Aware\lavalicense.dll
09:45:11.0152 6564 C:\Program Files\Lavasoft\Ad-Aware\lavalicense.dll - ok
09:45:11.0155 6564 [ 38B13C0DF479DBA23ECFA815159BA86E ] C:\Windows\System32\ktmw32.dll
09:45:11.0155 6564 C:\Windows\System32\ktmw32.dll - ok
09:45:11.0159 6564 [ 8859C0357D3C1499BEF65C7D5BBF7A40 ] C:\Program Files\Common Files\System\Ole DB\oledb32r.dll
09:45:11.0159 6564 C:\Program Files\Common Files\System\Ole DB\oledb32r.dll - ok
09:45:11.0163 6564 [ ED12110CD5BFE686F645E145A7DD28C5 ] C:\Windows\System32\comsvcs.dll
09:45:11.0163 6564 C:\Windows\System32\comsvcs.dll - ok
09:45:11.0166 6564 [ E6D90DC604F407B3B5E0FD285E46B2A0 ] C:\Windows\System32\fveapi.dll
09:45:11.0166 6564 C:\Windows\System32\fveapi.dll - ok
09:45:11.0169 6564 [ C87F28A34B3840F4B40011D170B1A159 ] C:\Windows\System32\fvecerts.dll
09:45:11.0169 6564 C:\Windows\System32\fvecerts.dll - ok
09:45:11.0172 6564 [ EAFC149CD3BD78C443E31BB157841197 ] C:\Windows\System32\tbs.dll
09:45:11.0172 6564 C:\Windows\System32\tbs.dll - ok
09:45:11.0176 6564 [ 1C3E8371377E988B683797A132EFFE1B ] C:\Windows\System32\taskcomp.dll
09:45:11.0176 6564 C:\Windows\System32\taskcomp.dll - ok
09:45:11.0180 6564 [ 736B8109F2E8A4FC1D7E2AEA9F48065E ] C:\Program Files\Common Files\System\Ole DB\msdasql.dll
09:45:11.0180 6564 C:\Program Files\Common Files\System\Ole DB\msdasql.dll - ok
09:45:11.0183 6564 [ E2D56AE1D40E3725084054CD8E9CFBB1 ] C:\Windows\System32\wiarpc.dll
09:45:11.0183 6564 C:\Windows\System32\wiarpc.dll - ok
09:45:11.0187 6564 [ 500D9F5057091945F1EA242C5EAEB7FD ] C:\Program Files\Common Files\System\Ole DB\msdatl3.dll
09:45:11.0187 6564 C:\Program Files\Common Files\System\Ole DB\msdatl3.dll - ok
09:45:11.0191 6564 [ 7D34AF98A706230CC2DEDFE0CABF87AB ] C:\Windows\System32\odbc32.dll
09:45:11.0191 6564 C:\Windows\System32\odbc32.dll - ok
09:45:11.0194 6564 [ 871917B07A141BFF43D76D8844D48106 ] C:\Windows\System32\drivers\http.sys
09:45:11.0194 6564 C:\Windows\System32\drivers\http.sys - ok
09:45:11.0198 6564 [ ABA457BFC7EC0B5E130B2F1E0F549DFF ] C:\Windows\System32\odbcint.dll
09:45:11.0198 6564 C:\Windows\System32\odbcint.dll - ok
09:45:11.0202 6564 [ 3EE82641D51AC10B4120ACBC515F6928 ] C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll
09:45:11.0202 6564 C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll - ok
09:45:11.0206 6564 [ 9AEA093B8F9C37CF45538382CABA2475 ] C:\Windows\System32\spoolsv.exe
09:45:11.0206 6564 C:\Windows\System32\spoolsv.exe - ok
09:45:11.0210 6564 [ 3FDB77D0BBEEB36AE35077ABC0BF80EC ] C:\Windows\System32\odbcjt32.dll
09:45:11.0210 6564 C:\Windows\System32\odbcjt32.dll - ok
09:45:11.0213 6564 [ C9380B96A0D51B8109D19D13467ADA0B ] C:\Windows\System32\msjet40.dll
09:45:11.0213 6564 C:\Windows\System32\msjet40.dll - ok
09:45:11.0217 6564 [ 1F55C7C1E338047DC5E329011A781FB3 ] C:\Windows\System32\mswstr10.dll
09:45:11.0217 6564 C:\Windows\System32\mswstr10.dll - ok
09:45:11.0220 6564 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] C:\Windows\System32\drivers\srvnet.sys
09:45:11.0220 6564 C:\Windows\System32\drivers\srvnet.sys - ok
09:45:11.0224 6564 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] C:\Windows\System32\drivers\bowser.sys
09:45:11.0224 6564 C:\Windows\System32\drivers\bowser.sys - ok
09:45:11.0228 6564 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] C:\Windows\System32\drivers\mrxsmb.sys
09:45:11.0228 6564 C:\Windows\System32\drivers\mrxsmb.sys - ok
09:45:11.0232 6564 [ 6D17A4791ACA19328C685D256349FEFC ] C:\Windows\System32\drivers\mrxsmb10.sys
09:45:11.0232 6564 C:\Windows\System32\drivers\mrxsmb10.sys - ok
09:45:11.0235 6564 [ B81F204D146000BE76651A50670A5E9E ] C:\Windows\System32\drivers\mrxsmb20.sys
09:45:11.0235 6564 C:\Windows\System32\drivers\mrxsmb20.sys - ok
09:45:11.0239 6564 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] C:\Windows\System32\drivers\srv2.sys
09:45:11.0239 6564 C:\Windows\System32\drivers\srv2.sys - ok
09:45:11.0243 6564 [ 58405E4F68BA8E4057C6E914F326ABA2 ] C:\Windows\System32\wkssvc.dll
09:45:11.0243 6564 C:\Windows\System32\wkssvc.dll - ok
09:45:11.0247 6564 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] C:\Windows\System32\drivers\srv.sys
09:45:11.0247 6564 C:\Windows\System32\drivers\srv.sys - ok
09:45:11.0250 6564 [ 03F86B6A95728E83364B67FCA192DFE9 ] C:\Windows\System32\odbcji32.dll
09:45:11.0250 6564 C:\Windows\System32\odbcji32.dll - ok
09:45:11.0254 6564 [ 870285A6C2429CFC47FF95DA49313664 ] C:\Windows\System32\msjter40.dll
09:45:11.0254 6564 C:\Windows\System32\msjter40.dll - ok
09:45:11.0257 6564 [ 0219B6F2329F4C1BC24580C83D0F3645 ] C:\Windows\System32\msjint40.dll
09:45:11.0257 6564 C:\Windows\System32\msjint40.dll - ok
09:45:11.0261 6564 [ 66ABBF38123D3113BB55EBAFCF37AB92 ] C:\Windows\System32\odbccp32.dll
09:45:11.0261 6564 C:\Windows\System32\odbccp32.dll - ok
09:45:11.0265 6564 [ D64AF876D53ECA3668BB97B51B4E70AB ] C:\Windows\System32\srvsvc.dll
09:45:11.0265 6564 C:\Windows\System32\srvsvc.dll - ok
09:45:11.0268 6564 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] C:\Windows\System32\browser.dll
09:45:11.0269 6564 C:\Windows\System32\browser.dll - ok
09:45:11.0275 6564 [ E4B72E71EC37A59FE574A998A0C0EB9B ] C:\Windows\System32\netmsg.dll
09:45:11.0275 6564 C:\Windows\System32\netmsg.dll - ok
09:45:11.0279 6564 [ 89E783711AF91AF09E1EF30EF3107446 ] C:\Windows\System32\sscore.dll
09:45:11.0279 6564 C:\Windows\System32\sscore.dll - ok
09:45:11.0284 6564 [ AE9898D5600A232CD8AE3298692162E5 ] C:\Windows\System32\clusapi.dll
09:45:11.0284 6564 C:\Windows\System32\clusapi.dll - ok
09:45:11.0288 6564 [ 0DB403942733E08D2670D742A77BC79C ] C:\Program Files\Common Files\System\msadc\msadce.dll
09:45:11.0288 6564 C:\Program Files\Common Files\System\msadc\msadce.dll - ok
09:45:11.0294 6564 [ 5E5676658AB2A0B3DF9FFA792EB9F4D9 ] C:\Program Files\Common Files\System\msadc\msadcer.dll
09:45:11.0294 6564 C:\Program Files\Common Files\System\msadc\msadcer.dll - ok
09:45:11.0296 6564 [ 2AF094C822BD6094F14A8E85FB51D52A ] C:\Windows\System32\resutils.dll
09:45:11.0296 6564 C:\Windows\System32\resutils.dll - ok
09:45:11.0301 6564 [ 704314FD398C81D5F342CAA5DF7B7F21 ] C:\Windows\System32\wbemcomn.dll
09:45:11.0301 6564 C:\Windows\System32\wbemcomn.dll - ok
09:45:11.0306 6564 [ C5B0324DB461559ADD070E632A6919FA ] C:\Windows\System32\wbem\wbemprox.dll
09:45:11.0306 6564 C:\Windows\System32\wbem\wbemprox.dll - ok
09:45:11.0310 6564 [ EB0A59F29C19B86479D36B35983DAADC ] C:\Windows\System32\drivers\parvdm.sys
09:45:11.0310 6564 C:\Windows\System32\drivers\parvdm.sys - ok
09:45:11.0314 6564 [ 12B79422A23814429CDA9E734C58F78F ] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
09:45:11.0314 6564 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL - ok
09:45:11.0318 6564 [ 3C6A42A8494D74F44F048BB7F9F2DB44 ] C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
09:45:11.0318 6564 C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe - ok
09:45:11.0323 6564 [ 3147063508EAE931BECC01573C204FAC ] C:\Windows\System32\drivers\TVicPort.sys
09:45:11.0323 6564 C:\Windows\System32\drivers\TVicPort.sys - ok
09:45:11.0328 6564 [ 40947436A70E0034E41123DF5A0A7702 ] C:\Program Files\Bonjour\mdnsNSP.dll
09:45:11.0329 6564 C:\Program Files\Bonjour\mdnsNSP.dll - ok
09:45:11.0333 6564 [ ED6EE83D61EBC683C2CD8E899EA6FEBE ] C:\Windows\System32\rasadhlp.dll
09:45:11.0333 6564 C:\Windows\System32\rasadhlp.dll - ok
09:45:11.0338 6564 [ 0857479F1C91117C7E53227193FADC4C ] C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
09:45:11.0338 6564 C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe - ok
09:45:11.0343 6564 [ 3927397AC60D943DAF8808AFFED582B7 ] C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
09:45:11.0343 6564 C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe - ok
09:45:11.0347 6564 [ 7EF47644B74EBE721CC32211D3C35E76 ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:45:11.0347 6564 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe - ok
09:45:11.0351 6564 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
09:45:11.0351 6564 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll - ok
09:45:11.0355 6564 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
09:45:11.0355 6564 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - ok
09:45:11.0360 6564 [ 605C6370240FC79CADBCD34960A741D2 ] C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll
09:45:11.0360 6564 C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll - ok
09:45:11.0364 6564 [ 67B539D844F804EBAC7A1E3828FDE709 ] C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
09:45:11.0364 6564 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll - ok
09:45:11.0369 6564 [ 2DEDC3AFE3C49B5DAE717D0A9BEBF298 ] C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll
09:45:11.0369 6564 C:\Program Files\Common Files\Apple\Apple Application Support\YSCrashDump.dll - ok
09:45:11.0373 6564 [ 3BDE52411DF2FE4252C9289F51CB0F7E ] C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
09:45:11.0373 6564 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll - ok
09:45:11.0378 6564 [ 9ABB7CDAC0914579C86990048771B1B4 ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll
09:45:11.0378 6564 C:\Program Files\Common Files\Apple\Apple Application Support\libicuin.dll - ok
09:45:11.0382 6564 [ 32D78DCABFB942275E01363D5232C77D ] C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
09:45:11.0382 6564 C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll - ok
09:45:11.0386 6564 [ 0EEE814627F4384291687671F76419F6 ] C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
09:45:11.0386 6564 C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll - ok
09:45:11.0390 6564 [ D47913F993A0E3A0C9F1E88FD02E98C6 ] C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll
09:45:11.0390 6564 C:\Program Files\Common Files\Apple\Apple Application Support\libicuuc.dll - ok
09:45:11.0394 6564 [ 43A0A24CD12B110DC93462D6B035C961 ] C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll
09:45:11.0394 6564 C:\Program Files\Common Files\Apple\Apple Application Support\icudt46.dll - ok
09:45:11.0398 6564 [ 1F5AFD468EB5E09E9ED75A087529EAB5 ] C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80.dll
09:45:11.0398 6564 C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80.dll - ok
09:45:11.0402 6564 [ 28A09777D2D952122567A8A82F1A2C7B ] C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll
09:45:11.0402 6564 C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll - ok
09:45:11.0406 6564 [ 60903524FCC449152224D03D6030CAEB ] C:\Windows\System32\AFSSClientLib.dll
09:45:11.0406 6564 C:\Windows\System32\AFSSClientLib.dll - ok
09:45:11.0410 6564 [ 1319CD4619E96B156911CA3897563EBC ] C:\Windows\System32\ci.dll
09:45:11.0410 6564 C:\Windows\System32\ci.dll - ok
09:45:11.0414 6564 [ 827CB0D6C3F8057EA037FF271F8E9795 ] C:\Windows\System32\imageres.dll
09:45:11.0414 6564 C:\Windows\System32\imageres.dll - ok
09:45:11.0416 6564 [ BA02F01BE7ED88E8974C798ACB3075F5 ] C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
09:45:11.0416 6564 C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll - ok
09:45:11.0421 6564 [ F8ECB748B53A010464F7A63154D75F56 ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
09:45:11.0421 6564 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll - ok
09:45:11.0424 6564 [ 062373995EAE5F0EAC9EAA9192136BFB ] C:\Windows\System32\dnssd.dll
09:45:11.0425 6564 C:\Windows\System32\dnssd.dll - ok
09:45:11.0428 6564 [ 2C478E667CE27B2B7142F756CF569A9A ] C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll
09:45:11.0428 6564 C:\Program Files\Common Files\Apple\Mobile Device Support\MobileDevice.dll - ok
09:45:11.0432 6564 [ DF9586377384DF3808D42090242CC23B ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
09:45:11.0432 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe - ok
09:45:11.0436 6564 [ 66512CA4F626DF413B6D7E4639D3C77E ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\memmng.dll
09:45:11.0436 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\memmng.dll - ok
09:45:11.0440 6564 [ CCC0C157AB7D1E729A6D6511934ADE4A ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\prremote.dll
09:45:11.0440 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\prremote.dll - ok
09:45:11.0444 6564 [ 57E8C7791AB2596AFB8EE1273C2DF1F8 ] C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll
09:45:11.0444 6564 C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll - ok
09:45:11.0448 6564 [ 58B61578D5704E9FC8B8A9861A85069D ] C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
09:45:11.0448 6564 C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll - ok
09:45:11.0452 6564 [ 7143F7D81BCABC23A7E9B59D397E2615 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\fssync.dll
09:45:11.0452 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\fssync.dll - ok
09:45:11.0456 6564 [ 64E7E5A93DBA2A9263ABBE993307209C ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\clldr.dll
09:45:11.0456 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\clldr.dll - ok
09:45:11.0460 6564 [ 24E213261E7979D6FA98A08B84EF38D1 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\prloader.dll
09:45:11.0460 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\prloader.dll - ok
09:45:11.0464 6564 [ F5DF4081F94F0DD1179D625099A3B1D8 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ushata.dll
09:45:11.0464 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ushata.dll - ok
09:45:11.0468 6564 [ 6163664C7E9CD110AF70180C126C3FDC ] C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
09:45:11.0468 6564 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe - ok
09:45:11.0472 6564 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] C:\Program Files\Bonjour\mDNSResponder.exe
09:45:11.0472 6564 C:\Program Files\Bonjour\mDNSResponder.exe - ok
09:45:11.0476 6564 [ 3BA18AFDA6A73B86DB50E9874FE28826 ] C:\Program Files\CrashPlan\CrashPlanService.exe
09:45:11.0476 6564 C:\Program Files\CrashPlan\CrashPlanService.exe - ok
09:45:11.0480 6564 [ 9F0FC6BA5BFB728A6C23BA0A213028A1 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\params.ppl
09:45:11.0480 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\params.ppl - ok
09:45:11.0484 6564 [ 79A5BAE607BB579C354E185360274EFF ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\pxstub.ppl
09:45:11.0484 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\pxstub.ppl - ok
09:45:11.0488 6564 [ 8A1CBAE63FC06EDAEDCCE1B23E9C9267 ] C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll
09:45:11.0488 6564 C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll - ok
09:45:11.0491 6564 [ F81886488D509B9EF4DDD4264B4F2A9D ] C:\Program Files\CrashPlan\jre\bin\client\jvm.dll
09:45:11.0491 6564 C:\Program Files\CrashPlan\jre\bin\client\jvm.dll - ok
09:45:11.0495 6564 [ 96C0E38905CFD788313BE8E11DAE3F2F ] C:\Windows\System32\cryptsvc.dll
09:45:11.0495 6564 C:\Windows\System32\cryptsvc.dll - ok
09:45:11.0499 6564 [ CA79539D3D4C0BA66F0F051A5EE5E923 ] C:\Windows\System32\cryptnet.dll
09:45:11.0499 6564 C:\Windows\System32\cryptnet.dll - ok
09:45:11.0502 6564 [ 53A88BDF3A1977A1F45C718D39BA64AC ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\WinReg.ppl
09:45:11.0503 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\WinReg.ppl - ok
09:45:11.0506 6564 [ 13337A3FB17F2242487FD45488ED0485 ] C:\Windows\System32\vssapi.dll
09:45:11.0506 6564 C:\Windows\System32\vssapi.dll - ok
09:45:11.0510 6564 [ C3C8D359D1FCB72941F75F8A302BFBDE ] C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
09:45:11.0510 6564 C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll - ok
09:45:11.0514 6564 [ FAE6DD6F04A38CB02BE1FB7D622BEE81 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\HASHMD5.PPL
09:45:11.0514 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\HASHMD5.PPL - ok
09:45:11.0517 6564 [ AA4FB5F0FCE18E9BD1C5CE03CD053C18 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mkavio.ppl
09:45:11.0517 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mkavio.ppl - ok
09:45:11.0521 6564 [ DEC77EB352E7D60970079593E8B88B6B ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\nfio.ppl
09:45:11.0521 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\nfio.ppl - ok
09:45:11.0524 6564 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] C:\Windows\System32\dps.dll
09:45:11.0524 6564 C:\Windows\System32\dps.dll - ok
09:45:11.0528 6564 [ 3F6D9269E7B3A754B1C2F8533DC7F318 ] C:\Windows\System32\efscore.dll
09:45:11.0528 6564 C:\Windows\System32\efscore.dll - ok
09:45:11.0531 6564 [ 00A99DA54C14969A899ED316D16E9A9E ] C:\Windows\System32\efssvc.dll
09:45:11.0532 6564 C:\Windows\System32\efssvc.dll - ok
09:45:11.0535 6564 [ F3222C893BD2F5821A0179E5C71E88FB ] C:\Windows\System32\fdPHost.dll
09:45:11.0536 6564 C:\Windows\System32\fdPHost.dll - ok
09:45:11.0539 6564 [ DE6F4B7E62FDE776F3DE8E5FB5A05C48 ] C:\Windows\System32\fdWSD.dll
09:45:11.0539 6564 C:\Windows\System32\fdWSD.dll - ok
09:45:11.0543 6564 [ 8EE6BDE1D572677AA35707C52C585F75 ] C:\Windows\System32\mlang.dll
09:45:11.0543 6564 C:\Windows\System32\mlang.dll - ok
09:45:11.0546 6564 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] C:\Windows\System32\FDResPub.dll
09:45:11.0546 6564 C:\Windows\System32\FDResPub.dll - ok
09:45:11.0550 6564 [ EDDDD0420ADDDDEE99EE2E5D1CBC3899 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\FsDrvPlg.ppl
09:45:11.0550 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\FsDrvPlg.ppl - ok
09:45:11.0554 6564 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:45:11.0554 6564 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe - ok
09:45:11.0558 6564 [ 359C3AC547AA1D24EED35BE3AB3759DC ] C:\Windows\System32\efsutil.dll
09:45:11.0558 6564 C:\Windows\System32\efsutil.dll - ok
09:45:11.0561 6564 [ B9A8CBCFCD3EC9D2EA4740AF347BF108 ] C:\Windows\System32\mpr.dll
09:45:11.0562 6564 C:\Windows\System32\mpr.dll - ok
09:45:11.0565 6564 [ 83759ABBE7004A9E0848D344CCFBE7E5 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\tm.ppl
09:45:11.0565 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\tm.ppl - ok
09:45:11.0569 6564 [ D83947A58613E9091B4C9CC0F1546A8D ] C:\Windows\System32\mscoree.dll
09:45:11.0569 6564 C:\Windows\System32\mscoree.dll - ok
09:45:11.0573 6564 [ F5DF6846F30E9F54EA60CCAEB3FB2055 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
09:45:11.0573 6564 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok
09:45:11.0577 6564 [ 73F6C5223F7E9B5780DD4A6C30FCF569 ] C:\Windows\System32\WSDApi.dll
09:45:11.0577 6564 C:\Windows\System32\WSDApi.dll - ok
09:45:11.0580 6564 [ 15089A34FD1D165EB67D4F5C341B9193 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\bl.ppl
09:45:11.0581 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\bl.ppl - ok
09:45:11.0584 6564 [ DB846EECA70EE9D2E2FF31147C57B0F4 ] C:\Windows\System32\webservices.dll
09:45:11.0584 6564 C:\Windows\System32\webservices.dll - ok
09:45:11.0588 6564 [ 8B92BED5B8D4A8480E7AA631F35A6F35 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
09:45:11.0588 6564 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - ok
09:45:11.0591 6564 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Windows\System32\msvcr71.dll
09:45:11.0591 6564 C:\Windows\System32\msvcr71.dll - ok
09:45:11.0595 6564 [ EF67BE653B43CD876D8E0A6C88CE3AE9 ] C:\Program Files\CrashPlan\jre\bin\java.dll
09:45:11.0595 6564 C:\Program Files\CrashPlan\jre\bin\java.dll - ok
09:45:11.0599 6564 [ 158EADC71F1A1162EAF96443EA11AF02 ] C:\Program Files\CrashPlan\jre\bin\verify.dll
09:45:11.0599 6564 C:\Program Files\CrashPlan\jre\bin\verify.dll - ok
09:45:11.0602 6564 [ 48987141FE624F761447F1FB88C68121 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\regmap.ppl
09:45:11.0602 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\regmap.ppl - ok
09:45:11.0606 6564 [ 3C9284B2002A9AB3F1B7A4E7DB1DA05D ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\wmihlpr.ppl
09:45:11.0606 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\wmihlpr.ppl - ok
09:45:11.0610 6564 [ 24C1AFA9AA844A37B8C6C81709AF63FC ] C:\Program Files\CrashPlan\jre\bin\hpi.dll
09:45:11.0610 6564 C:\Program Files\CrashPlan\jre\bin\hpi.dll - ok
09:45:11.0614 6564 [ D05D4C6317CC8C12965256FFDC2390AB ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\thpimpl.ppl
09:45:11.0614 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\thpimpl.ppl - ok
09:45:11.0618 6564 [ 7312CE909D47B8C97949E3DBDFE84F2C ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\crpthlpr.ppl
09:45:11.0618 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\crpthlpr.ppl - ok
09:45:11.0621 6564 [ 98B071BC0E00451C4F5379D6BA32A4CE ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ndetect.ppl
09:45:11.0621 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ndetect.ppl - ok
09:45:11.0625 6564 [ 5BF37B38DF409640857163BE9EAC399D ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\dtreg.ppl
09:45:11.0625 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\dtreg.ppl - ok
09:45:11.0629 6564 [ EC501B84121AA094589BB2FD5D45BC16 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\SFDB.PPL
09:45:11.0629 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\SFDB.PPL - ok
09:45:11.0633 6564 [ 623896DA3669923E63D3F268535A7DB7 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\schedule.ppl
09:45:11.0633 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\schedule.ppl - ok
09:45:11.0637 6564 [ AAA6C998225B9399EBF85E1C4791162A ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\timer.ppl
09:45:11.0637 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\timer.ppl - ok
09:45:11.0641 6564 [ 24DE3F8DE8EEB93C3E7F0E56AF419F05 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\report.ppl
09:45:11.0641 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\report.ppl - ok
09:45:11.0645 6564 [ 89D90579E5FB1469CB0464F6512E42B7 ] C:\Windows\System32\fundisc.dll
09:45:11.0645 6564 C:\Windows\System32\fundisc.dll - ok
09:45:11.0649 6564 [ CA9F7888B524D8100B977C81F44C3234 ] C:\Windows\System32\winhttp.dll
09:45:11.0649 6564 C:\Windows\System32\winhttp.dll - ok
09:45:11.0652 6564 [ FB19FC5951A88F3C523E35C2C98D23C0 ] C:\Windows\System32\webio.dll
09:45:11.0652 6564 C:\Windows\System32\webio.dll - ok
09:45:11.0656 6564 [ 81F08948A0F1475894C99D4D19A158A8 ] C:\Windows\System32\wshqos.dll
09:45:11.0656 6564 C:\Windows\System32\wshqos.dll - ok
09:45:11.0659 6564 [ 674611721264013DB169EC12AFC9C3B6 ] C:\Windows\System32\fdSSDP.dll
09:45:11.0659 6564 C:\Windows\System32\fdSSDP.dll - ok
09:45:11.0663 6564 [ 28E2231BD34A39C854BDF3923AB2FF86 ] C:\Windows\System32\ssdpapi.dll
09:45:11.0663 6564 C:\Windows\System32\ssdpapi.dll - ok
09:45:11.0666 6564 [ B940289C83121046BD6A60ACC6028593 ] C:\Windows\System32\vsstrace.dll
09:45:11.0666 6564 C:\Windows\System32\vsstrace.dll - ok
09:45:11.0668 6564 [ E83AA2D473F96F9F1692F2663F488AC2 ] C:\Program Files\CrashPlan\jre\bin\zip.dll
09:45:11.0668 6564 C:\Program Files\CrashPlan\jre\bin\zip.dll - ok
09:45:11.0672 6564 [ 31D59387099070963EAD4CE14C5B5F04 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
09:45:11.0672 6564 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll - ok
09:45:11.0676 6564 [ 6D6596E046CA6A61DE250AD3A281A1AF ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
09:45:11.0676 6564 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll - ok
09:45:11.0680 6564 [ 909F7E4E596E3AECF98FD8F8F3D938F9 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\4170589952ce47191488bce500678b00\PresentationFontCache.ni.exe
09:45:11.0680 6564 C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\4170589952ce47191488bce500678b00\PresentationFontCache.ni.exe - ok
09:45:11.0684 6564 [ 30B94A855F4C86212F98BB184A30CA96 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\17796f2951c17ebf92dd4b7c9b3ce556\System.ServiceProcess.ni.dll
09:45:11.0684 6564 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\17796f2951c17ebf92dd4b7c9b3ce556\System.ServiceProcess.ni.dll - ok
09:45:11.0688 6564 [ 858716CED10DBBF0BC5748F71ED2F59D ] C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
09:45:11.0688 6564 C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll - ok
09:45:11.0692 6564 [ 9170C065FC76758E5D317B8FBA884F0C ] C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll
09:45:11.0692 6564 C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll - ok
09:45:11.0700 6564 [ AEDDFD540E3E6BECDB14C30D1F12B78A ] C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
09:45:11.0700 6564 C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll - ok
09:45:11.0703 6564 [ 0B7E85364CB878E2AD531DB7B601A9E5 ] C:\Windows\System32\NapiNSP.dll
09:45:11.0704 6564 C:\Windows\System32\NapiNSP.dll - ok
09:45:11.0708 6564 [ 5CF640EDDB1E40A5AB1BB743BCDEC610 ] C:\Windows\System32\pnrpnsp.dll
09:45:11.0708 6564 C:\Windows\System32\pnrpnsp.dll - ok
09:45:11.0710 6564 [ AC122407B29378FF9646F03404AC7C54 ] C:\Windows\System32\wshbth.dll
09:45:11.0710 6564 C:\Windows\System32\wshbth.dll - ok
09:45:11.0713 6564 [ 5DF5D8CFD9B9573FA3B2C89D9061A240 ] C:\Windows\System32\winrnr.dll
09:45:11.0713 6564 C:\Windows\System32\winrnr.dll - ok
09:45:11.0717 6564 [ DDFBFD8959F32AC0CF3947F36BAC3081 ] C:\Windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
09:45:11.0717 6564 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll - ok
09:45:11.0721 6564 [ 616399E27A55C97AE859230EB13984D8 ] C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
09:45:11.0721 6564 C:\Program Files\LogMeIn Hamachi\hamachi-2.exe - ok
09:45:11.0724 6564 [ 539C49CEBB3C50957AC8A09D95ECD880 ] C:\Windows\System32\shfolder.dll
09:45:11.0724 6564 C:\Windows\System32\shfolder.dll - ok
09:45:11.0728 6564 [ 1FF7E4F548C7C372C804938F0D5B36AE ] C:\Windows\System32\netcfgx.dll
09:45:11.0728 6564 C:\Windows\System32\netcfgx.dll - ok
09:45:11.0731 6564 [ 761EAF24075F33DC039FF0D6E45C7B85 ] C:\Program Files\CrashPlan\jre\bin\net.dll
09:45:11.0732 6564 C:\Program Files\CrashPlan\jre\bin\net.dll - ok
09:45:11.0735 6564 [ D584216C7767DCFB4B812B9B60A4A4E7 ] C:\Program Files\Lenovo\HOTKEY\micmute.exe
09:45:11.0735 6564 C:\Program Files\Lenovo\HOTKEY\micmute.exe - ok
09:45:11.0739 6564 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] C:\Windows\System32\drivers\mdmxsdk.sys
09:45:11.0739 6564 C:\Windows\System32\drivers\mdmxsdk.sys - ok
09:45:11.0742 6564 [ B458C7EEF67258198A4B92ADE3974A65 ] C:\Program Files\CrashPlan\jniwrap.dll
09:45:11.0742 6564 C:\Program Files\CrashPlan\jniwrap.dll - ok
09:45:11.0746 6564 [ 46A6BA9274D075A2C30025C4E96D875A ] C:\Windows\System32\msvcp60.dll
09:45:11.0746 6564 C:\Windows\System32\msvcp60.dll - ok
09:45:11.0750 6564 [ AFB4D484BBEBA2548ADEC93F1C025E78 ] C:\Program Files\MediaMall\MediaMallServer.exe
09:45:11.0750 6564 C:\Program Files\MediaMall\MediaMallServer.exe - ok
09:45:11.0754 6564 [ 6E9E439517D89EDC9A6CB1E94489620A ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
09:45:11.0754 6564 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll - ok
09:45:11.0757 6564 [ 102CF6879887BBE846A00C459E6D4ABC ] C:\Windows\System32\riched20.dll
09:45:11.0757 6564 C:\Windows\System32\riched20.dll - ok
09:45:11.0761 6564 [ 487C45DBC72C220FF8CE7E5E5B3CB30D ] C:\Program Files\CrashPlan\md5.dll
09:45:11.0761 6564 C:\Program Files\CrashPlan\md5.dll - ok
09:45:11.0765 6564 [ 6F8E3B7B70E1BBA871212940C1FBDF60 ] C:\Windows\System32\SensApi.dll
09:45:11.0765 6564 C:\Windows\System32\SensApi.dll - ok
09:45:11.0768 6564 [ 73EFD5BAB63549A1BFC7E13E64350711 ] C:\Program Files\CrashPlan\jre\bin\nio.dll
09:45:11.0768 6564 C:\Program Files\CrashPlan\jre\bin\nio.dll - ok
09:45:11.0772 6564 [ 75BCC4043512E41D83C8F224B168039C ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
09:45:11.0772 6564 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll - ok
09:45:11.0775 6564 [ D4EC3753292C2130AD9D88E07BFE2EE3 ] C:\Program Files\CrashPlan\jre\bin\management.dll
09:45:11.0775 6564 C:\Program Files\CrashPlan\jre\bin\management.dll - ok
09:45:11.0779 6564 [ 2A72853494912BB034AF7AC1C86EC04E ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
09:45:11.0779 6564 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll - ok
09:45:11.0783 6564 [ EA4F9E90075F5CE11967D266242123B9 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\reportdb.ppl
09:45:11.0783 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\reportdb.ppl - ok
09:45:11.0787 6564 [ AC6A3801F3CDE7EB41B3F52E9B0A1C2B ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
09:45:11.0787 6564 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll - ok
09:45:11.0791 6564 [ 5ABDD82165358DC595E22C193F295556 ] C:\Program Files\CrashPlan\jre\bin\sunmscapi.dll
09:45:11.0791 6564 C:\Program Files\CrashPlan\jre\bin\sunmscapi.dll - ok
09:45:11.0795 6564 [ 53CC178C1BD9B97B9B44134DD5FF93FB ] C:\Program Files\Intel\WiFi\bin\IntStngs.dll
09:45:11.0795 6564 C:\Program Files\Intel\WiFi\bin\IntStngs.dll - ok
09:45:11.0798 6564 [ ABDAC81B2BA3B9669C7A813FF6DE6C3C ] C:\Program Files\Intel\WiFi\bin\iWMSProv.dll
09:45:11.0798 6564 C:\Program Files\Intel\WiFi\bin\iWMSProv.dll - ok
09:45:11.0802 6564 [ F1E24C079381FCDAD10503DE327411CE ] C:\Program Files\Common Files\ffdshowEx\CX.dll
09:45:11.0802 6564 C:\Program Files\Common Files\ffdshowEx\CX.dll - ok
09:45:11.0805 6564 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] C:\Windows\System32\drivers\vwifimp.sys
09:45:11.0805 6564 C:\Windows\System32\drivers\vwifimp.sys - ok
09:45:11.0809 6564 [ 69C503C004F49AEE8B8E3067CC047BA7 ] C:\Windows\System32\HPZinw12.dll
09:45:11.0809 6564 C:\Windows\System32\HPZinw12.dll - ok
09:45:11.0813 6564 [ 25E67A7BBABA4719ACCC295318A1A973 ] C:\Program Files\MediaMall\Util.dll
09:45:11.0813 6564 C:\Program Files\MediaMall\Util.dll - ok
09:45:11.0817 6564 [ 9E0104BA49F4E6973749A02BF41344ED ] C:\Windows\System32\drivers\PEAuth.sys
09:45:11.0817 6564 C:\Windows\System32\drivers\PEAuth.sys - ok
09:45:11.0820 6564 [ 374071043F9E4231EE43BE2BB48DD36D ] C:\Windows\System32\nlasvc.dll
09:45:11.0820 6564 C:\Windows\System32\nlasvc.dll - ok
09:45:11.0824 6564 [ EDC4236565C03FAFC49E99866890E1D8 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\propmap.ppl
09:45:11.0824 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\propmap.ppl - ok
09:45:11.0828 6564 [ 9293997A915120DB068C3F68AB0A17D6 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\lic.ppl
09:45:11.0828 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\lic.ppl - ok
09:45:11.0832 6564 [ 140D9F911182357626165EA0BEB98C4F ] C:\Windows\System32\ncsi.dll
09:45:11.0832 6564 C:\Windows\System32\ncsi.dll - ok
09:45:11.0835 6564 [ 25C46842A5B496FEA0C20DB784FFB0FE ] C:\Program Files\MediaMall\Common.dll
09:45:11.0835 6564 C:\Program Files\MediaMall\Common.dll - ok
09:45:11.0839 6564 [ 001B4278407F4303EFC902A2B16F2453 ] C:\Windows\System32\drivers\regi.sys
09:45:11.0839 6564 C:\Windows\System32\drivers\regi.sys - ok
09:45:11.0842 6564 [ 12B4549D515CB26BB8D375038017CA65 ] C:\Windows\System32\HPZipm12.dll
09:45:11.0842 6564 C:\Windows\System32\HPZipm12.dll - ok
09:45:11.0846 6564 [ 03D281098CE722210C48E1E8CAFEA260 ] C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
09:45:11.0846 6564 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe - ok
09:45:11.0850 6564 [ 16A252022535B680046F6E34E136D378 ] C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
09:45:11.0850 6564 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe - ok
09:45:11.0854 6564 [ 7221E380FB8BFCF0160B9D4E704E7E77 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
09:45:11.0854 6564 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll - ok
09:45:11.0857 6564 [ 90A3935D05B494A5A39D37E71F09A677 ] C:\Windows\System32\drivers\secdrv.sys
09:45:11.0857 6564 C:\Windows\System32\drivers\secdrv.sys - ok
09:45:11.0861 6564 [ 28E4D67DB8F5A83A47CA92F931D7D5EB ] C:\Windows\Temp\jna3631678122431405073.dll
09:45:11.0861 6564 C:\Windows\Temp\jna3631678122431405073.dll - ok
09:45:11.0865 6564 [ 41E4E09550D7CBD33128277CF6B526EB ] C:\Program Files\CrashPlan\cpnative.dll
09:45:11.0865 6564 C:\Program Files\CrashPlan\cpnative.dll - ok
09:45:11.0869 6564 [ 43104328E99680FCF282E71CC45CB5D2 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
09:45:11.0869 6564 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll - ok
09:45:11.0872 6564 [ A59B3A4442C52060CC7A85293AA3546F ] C:\Windows\System32\seclogon.dll
09:45:11.0872 6564 C:\Windows\System32\seclogon.dll - ok
09:45:11.0876 6564 [ 1B78C5A09085BA354A8F86931C3F5EC9 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ckahum.dll
09:45:11.0876 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ckahum.dll - ok
09:45:11.0880 6564 [ 183F04C6742902F33039913A96F5B574 ] C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
09:45:11.0880 6564 C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe - ok
09:45:11.0884 6564 [ F5A3624012D6F2BF1B6D9D0F04625CD1 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ckahcomm.dll
09:45:11.0884 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ckahcomm.dll - ok
09:45:11.0887 6564 [ D1B613FC2D43668F807B76F517A6AF32 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ckahrule.dll
09:45:11.0887 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ckahrule.dll - ok
09:45:11.0893 6564 [ A6C29DB53ECA94FA8591C5388D604B82 ] C:\Windows\System32\msi.dll
09:45:11.0893 6564 C:\Windows\System32\msi.dll - ok
09:45:11.0895 6564 [ 784A50A6A09C25F011C3143DDD68E729 ] C:\Windows\System32\netsh.exe
09:45:11.0895 6564 C:\Windows\System32\netsh.exe - ok
09:45:11.0899 6564 [ CC849575E5CCF775DF2E8A262FCF3496 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\icheck3.ppl
09:45:11.0899 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\icheck3.ppl - ok
09:45:11.0905 6564 [ 6347FC2EAE09B1F8685A3470E641F681 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\stat.ppl
09:45:11.0905 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\stat.ppl - ok
09:45:11.0910 6564 [ 789D1B4212E5EAD64967F7C617D1E65C ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avs.ppl
09:45:11.0910 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avs.ppl - ok
09:45:11.0915 6564 [ 67E2F3EB49A696AFA289398CAE8E805E ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avlib.ppl
09:45:11.0915 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avlib.ppl - ok
09:45:11.0919 6564 [ 156537B623F9D9569658F96E53F35513 ] C:\Windows\System32\rasmontr.dll
09:45:11.0919 6564 C:\Windows\System32\rasmontr.dll - ok
09:45:11.0924 6564 [ 0778AAE3537DFBD9B6D14DCBF4CEC9F3 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avspm.ppl
09:45:11.0924 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avspm.ppl - ok
09:45:11.0927 6564 [ D4191EFAB91E00FC09257AA5EBAF503B ] C:\Windows\System32\mprapi.dll
09:45:11.0927 6564 C:\Windows\System32\mprapi.dll - ok
09:45:11.0931 6564 [ 3D5C8AE75CE8DC8AF02F0EA249777F7C ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\DMAP.ppl
09:45:11.0931 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\DMAP.ppl - ok
09:45:11.0935 6564 [ 5E27E54F3B4175E0E6DFEE726B87A311 ] C:\ProgramData\Kaspersky Lab\AVP9\Bases\kavbase.kdl
09:45:11.0935 6564 C:\ProgramData\Kaspersky Lab\AVP9\Bases\kavbase.kdl - ok
09:45:11.0938 6564 [ 40B28FBD1E4DEF0910E2AC3EAE4D43CF ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll
09:45:11.0938 6564 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll - ok
09:45:11.0942 6564 [ A8CDF3768604FF95B54669E20053D569 ] C:\Windows\System32\wscapi.dll
09:45:11.0942 6564 C:\Windows\System32\wscapi.dll - ok
09:45:11.0946 6564 [ 8258362DDB18B644A82D8B5061AD9426 ] C:\Windows\System32\wscisvif.dll
09:45:11.0946 6564 C:\Windows\System32\wscisvif.dll - ok
09:45:11.0949 6564 [ 6ED8AB0FF8EADABE7061E5D931BF3B75 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\qb.ppl
09:45:11.0949 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\qb.ppl - ok
09:45:11.0953 6564 [ F9A5FCD69B2BA25BDF87BB38BB2C4BA8 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\procmon.ppl
09:45:11.0953 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\procmon.ppl - ok
09:45:11.0957 6564 [ F07AF60B152221472FBDB2FECEC4896D ] C:\Program Files\Skype\Updater\Updater.exe
09:45:11.0957 6564 C:\Program Files\Skype\Updater\Updater.exe - ok
09:45:11.0960 6564 [ 24CAEDCD73B5B0E22226283B7B2468C7 ] C:\Windows\System32\mfc42u.dll
09:45:11.0960 6564 C:\Windows\System32\mfc42u.dll - ok
09:45:11.0964 6564 [ 972DCC74D4CDCB64086E7CFACBDB74CB ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
09:45:11.0964 6564 C:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll - ok
09:45:11.0968 6564 [ 5610B0425518D185331CB8E968D060E6 ] C:\Windows\System32\wbem\wmiutils.dll
09:45:11.0968 6564 C:\Windows\System32\wbem\wmiutils.dll - ok
09:45:11.0971 6564 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
09:45:11.0971 6564 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe - ok
09:45:11.0975 6564 [ 0B09C2A5AE40C10FF8C2CA80143B8AC2 ] C:\Windows\System32\nshwfp.dll
09:45:11.0975 6564 C:\Windows\System32\nshwfp.dll - ok
09:45:11.0979 6564 [ 394ADE82B91F6458C060C522D7C3520C ] C:\Windows\System32\dhcpcmonitor.dll
09:45:11.0979 6564 C:\Windows\System32\dhcpcmonitor.dll - ok
09:45:11.0982 6564 [ 2765B91A9EE086C20B451E80D2709CC9 ] C:\Windows\System32\DHCPQEC.DLL
09:45:11.0982 6564 C:\Windows\System32\DHCPQEC.DLL - ok
09:45:11.0986 6564 [ E30C5F23B28D8BFD02E0E6AE79AC83A4 ] C:\Windows\System32\fwcfg.dll
09:45:11.0986 6564 C:\Windows\System32\fwcfg.dll - ok
09:45:11.0989 6564 [ 8CD1DEE212E52B9C22E66DBA44991D32 ] C:\Windows\System32\httpapi.dll
09:45:11.0989 6564 C:\Windows\System32\httpapi.dll - ok
09:45:11.0993 6564 [ 7EBC7D72BDD0A0A847E00F43F350EF22 ] C:\Windows\System32\nshhttp.dll
09:45:11.0993 6564 C:\Windows\System32\nshhttp.dll - ok
09:45:11.0999 6564 [ BD626EF05967D14C772B8096292731A3 ] C:\Windows\System32\QUTIL.DLL
09:45:11.0999 6564 C:\Windows\System32\QUTIL.DLL - ok
09:45:12.0002 6564 [ 808AABDF9337312195CAFF76D1804786 ] C:\Windows\System32\ws2help.dll
09:45:12.0002 6564 C:\Windows\System32\ws2help.dll - ok
09:45:12.0005 6564 [ 5B90BB3171504C9DAF3C5CB44B203CA7 ] C:\Windows\System32\wshelper.dll
09:45:12.0005 6564 C:\Windows\System32\wshelper.dll - ok
09:45:12.0009 6564 [ 987FB16F4B51F66BF7D89D0628E4F474 ] C:\ProgramData\Kaspersky Lab\AVP9\Bases\webav.kdl
09:45:12.0009 6564 C:\ProgramData\Kaspersky Lab\AVP9\Bases\webav.kdl - ok
09:45:12.0013 6564 [ 7B3A07BB31AD831C4F66B08ECEAD2209 ] C:\Windows\System32\authfwcfg.dll
09:45:12.0013 6564 C:\Windows\System32\authfwcfg.dll - ok
09:45:12.0017 6564 [ 5FEF5CE6B298E54D5949E5C77D38BED7 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klsrlsvc.ppl
09:45:12.0017 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klsrlsvc.ppl - ok
09:45:12.0021 6564 [ 7B193BA3F0245D5867B71AD1CF631474 ] C:\Program Files\Microsoft SQL Server\90\Shared\instapi.dll
09:45:12.0021 6564 C:\Program Files\Microsoft SQL Server\90\Shared\instapi.dll - ok
09:45:12.0025 6564 [ 019C500DBD380CBAFE5417DE8CD267F2 ] C:\Windows\System32\ifmon.dll
09:45:12.0025 6564 C:\Windows\System32\ifmon.dll - ok
09:45:12.0029 6564 [ 1392FC9D1961FBC67F7D0A9B18DF85A4 ] C:\Windows\System32\winipsec.dll
09:45:12.0029 6564 C:\Windows\System32\winipsec.dll - ok
09:45:12.0032 6564 [ EE2F810C0F79A81BC73507EB392B10AE ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\filemap.ppl
09:45:12.0032 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\filemap.ppl - ok
09:45:12.0036 6564 [ 45D9F6CD2469CDB6A640DD4BD2B01471 ] C:\Windows\System32\nci.dll
09:45:12.0036 6564 C:\Windows\System32\nci.dll - ok
09:45:12.0039 6564 [ 38CACBEB75E3F85CBF7E65522DFDA1B0 ] C:\Windows\System32\netiohlp.dll
09:45:12.0039 6564 C:\Windows\System32\netiohlp.dll - ok
09:45:12.0043 6564 [ DAECDFA364992F1D26705887E1A3C93F ] C:\Windows\System32\whhelper.dll
09:45:12.0043 6564 C:\Windows\System32\whhelper.dll - ok
09:45:12.0047 6564 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] C:\Windows\System32\drivers\tcpipreg.sys
09:45:12.0047 6564 C:\Windows\System32\drivers\tcpipreg.sys - ok
09:45:12.0050 6564 [ 1AB8579D3CBCCCC1612D9B8615C68AB9 ] C:\Windows\System32\hnetmon.dll
09:45:12.0050 6564 C:\Windows\System32\hnetmon.dll - ok
09:45:12.0054 6564 [ EAB975DB4C2805927FE5BD047D05C9AA ] C:\Windows\System32\netshell.dll
09:45:12.0054 6564 C:\Windows\System32\netshell.dll - ok
09:45:12.0057 6564 [ 36650D618CA34C9D357DFD3D89B2C56F ] C:\Windows\System32\sysmain.dll
09:45:12.0057 6564 C:\Windows\System32\sysmain.dll - ok
09:45:12.0061 6564 [ E1FB3706030FB4578A0D72C2FC3689E4 ] C:\Windows\System32\wiaservc.dll
09:45:12.0061 6564 C:\Windows\System32\wiaservc.dll - ok
09:45:12.0064 6564 [ B087F2B901570F6EF62F6C2E01A480F3 ] C:\Windows\System32\wiatrace.dll
09:45:12.0064 6564 C:\Windows\System32\wiatrace.dll - ok
09:45:12.0068 6564 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] C:\Windows\System32\trkwks.dll
09:45:12.0068 6564 C:\Windows\System32\trkwks.dll - ok
09:45:12.0071 6564 [ F62E510B6AD4C21EB9FE8668ED251826 ] C:\Windows\System32\wbem\WMIsvc.dll
09:45:12.0071 6564 C:\Windows\System32\wbem\WMIsvc.dll - ok
09:45:12.0075 6564 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
09:45:12.0075 6564 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE - ok
09:45:12.0079 6564 [ D475BBD6FEF8DB2DDE0DA7CCFD2C9042 ] C:\Program Files\Common Files\microsoft shared\Windows Live\SQMAPI.DLL
09:45:12.0079 6564 C:\Program Files\Common Files\microsoft shared\Windows Live\SQMAPI.DLL - ok
09:45:12.0083 6564 [ CFC7D8289D2B5F3CF8D16E2DB7F93D4A ] C:\Windows\System32\wbem\fastprox.dll
09:45:12.0083 6564 C:\Windows\System32\wbem\fastprox.dll - ok
09:45:12.0086 6564 [ 701C9EB15E1E23D22F7C7184C0506673 ] C:\Windows\System32\wbem\WmiDcPrv.dll
09:45:12.0086 6564 C:\Windows\System32\wbem\WmiDcPrv.dll - ok
09:45:12.0090 6564 [ 590D5C506044FE02FF7643E32FF9BDAC ] C:\Windows\System32\wer.dll
09:45:12.0090 6564 C:\Windows\System32\wer.dll - ok
09:45:12.0093 6564 [ 585EB475E7AF55C9065256E8FFB751A1 ] C:\Windows\System32\wbem\wbemcore.dll
09:45:12.0093 6564 C:\Windows\System32\wbem\wbemcore.dll - ok
09:45:12.0097 6564 [ E3E811471DE781900FF21C1FD84E941E ] C:\Windows\System32\ntdsapi.dll
09:45:12.0097 6564 C:\Windows\System32\ntdsapi.dll - ok
09:45:12.0103 6564 [ 5AE88135C6A86FCD67BA16AFBB1C8389 ] C:\Windows\System32\wbem\esscli.dll
09:45:12.0103 6564 C:\Windows\System32\wbem\esscli.dll - ok
09:45:12.0107 6564 [ 776AE0564F8B1C282E331FD95A1BDC5F ] C:\Windows\System32\wbem\wbemsvc.dll
09:45:12.0107 6564 C:\Windows\System32\wbem\wbemsvc.dll - ok
09:45:12.0109 6564 [ F34CFADA6C48DAA41B996D24C7D8D3CA ] C:\Windows\System32\fdPnp.dll
09:45:12.0109 6564 C:\Windows\System32\fdPnp.dll - ok
09:45:12.0114 6564 [ AAF7BEB63E2CC499834B608A85A55E4E ] C:\Windows\System32\wsdchngr.dll
09:45:12.0114 6564 C:\Windows\System32\wsdchngr.dll - ok
09:45:12.0117 6564 [ B06B2FEC249F48C4E7F628B689859AC7 ] C:\Windows\System32\dot3cfg.dll
09:45:12.0118 6564 C:\Windows\System32\dot3cfg.dll - ok
09:45:12.0121 6564 [ 17F6993D2DD8B1196DB25FDC2ECB87E2 ] C:\Windows\System32\rpcnsh.dll
09:45:12.0121 6564 C:\Windows\System32\rpcnsh.dll - ok
09:45:12.0125 6564 [ 881D9F2D6E04E1C323050CF1574870F7 ] C:\Windows\System32\wbem\WinMgmtR.dll
09:45:12.0125 6564 C:\Windows\System32\wbem\WinMgmtR.dll - ok
09:45:12.0128 6564 [ 61B1ED5F429EFAC7E2036769870AB93E ] C:\Windows\System32\certcli.dll
09:45:12.0128 6564 C:\Windows\System32\certcli.dll - ok
09:45:12.0132 6564 [ 04B88428A872390D235BE52D38A9D4EF ] C:\Windows\System32\dot3api.dll
09:45:12.0132 6564 C:\Windows\System32\dot3api.dll - ok
09:45:12.0135 6564 [ B074D5CB2ED9BA71D54B754D89655FA8 ] C:\Windows\System32\NAPMONTR.DLL
09:45:12.0135 6564 C:\Windows\System32\NAPMONTR.DLL - ok
09:45:12.0139 6564 [ 371E3B05894549113D07CD3081ED55EF ] C:\Windows\System32\wbem\repdrvfs.dll
09:45:12.0139 6564 C:\Windows\System32\wbem\repdrvfs.dll - ok
09:45:12.0143 6564 [ 4D77876C02F7667C5681301CC6CA5C05 ] C:\Windows\System32\escwiab.dll
09:45:12.0143 6564 C:\Windows\System32\escwiab.dll - ok
09:45:12.0146 6564 [ 404B123E9460395E3A7338B12C681B92 ] C:\Windows\System32\nshipsec.dll
09:45:12.0147 6564 C:\Windows\System32\nshipsec.dll - ok
09:45:12.0150 6564 [ 521B748A7F9923302CA18B7E6AA2EEAE ] C:\Windows\System32\activeds.dll
09:45:12.0150 6564 C:\Windows\System32\activeds.dll - ok
09:45:12.0154 6564 [ 51F5CC1E7DA3D9C664C2D0D61F315E06 ] C:\Windows\System32\adsldpc.dll
09:45:12.0154 6564 C:\Windows\System32\adsldpc.dll - ok
09:45:12.0157 6564 [ 3CDE2911462FEC80064A409C07710C06 ] C:\Windows\System32\wbem\WmiPrvSD.dll
09:45:12.0157 6564 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
09:45:12.0161 6564 [ 894F963BE999BA9DB5AAC3AED55B115D ] C:\Windows\System32\drivers\XAudio32.sys
09:45:12.0161 6564 C:\Windows\System32\drivers\XAudio32.sys - ok
09:45:12.0165 6564 [ 33ABDDB21DE2F4BB1B05A5A3A671BD64 ] C:\Program Files\Intel\WiFi\bin\EvtEng.exe
09:45:12.0165 6564 C:\Program Files\Intel\WiFi\bin\EvtEng.exe - ok
09:45:12.0168 6564 [ A4CC7227A452C4909F9499D91B184364 ] C:\Windows\System32\ncobjapi.dll
09:45:12.0168 6564 C:\Windows\System32\ncobjapi.dll - ok
09:45:12.0172 6564 [ B350509B6C9296529BC464C60FEEAEF1 ] C:\Windows\System32\wbem\wbemess.dll
09:45:12.0172 6564 C:\Windows\System32\wbem\wbemess.dll - ok
09:45:12.0176 6564 [ 3A2690C4E9B4EFB46C0C004A4CCDB5F6 ] C:\Program Files\Intel\WiFi\bin\PfMgrApi.dll
09:45:12.0176 6564 C:\Program Files\Intel\WiFi\bin\PfMgrApi.dll - ok
09:45:12.0182 6564 [ 0E6DCD164732580CC1E57276252F49CF ] C:\Windows\System32\polstore.dll
09:45:12.0182 6564 C:\Windows\System32\polstore.dll - ok
09:45:12.0185 6564 [ B042D6B383FEC85D73D09DB92F807713 ] C:\Windows\System32\wbem\unsecapp.exe
09:45:12.0185 6564 C:\Windows\System32\wbem\unsecapp.exe - ok
09:45:12.0189 6564 [ 7EFDA98AC1A9C8F5875246BA0B7C4144 ] C:\Windows\System32\nettrace.dll
09:45:12.0189 6564 C:\Windows\System32\nettrace.dll - ok
09:45:12.0192 6564 [ 0193747950BC271F701F0C39C0EFA77B ] C:\Program Files\Intel\WiFi\bin\MurocApi.dll
09:45:12.0192 6564 C:\Program Files\Intel\WiFi\bin\MurocApi.dll - ok
09:45:12.0196 6564 [ CC6301055E753EB22AA77A1C00FCDD39 ] C:\Windows\System32\ndfapi.dll
09:45:12.0196 6564 C:\Windows\System32\ndfapi.dll - ok
09:45:12.0199 6564 [ 1CB64B7F117A001A73C74FE8ECA8D246 ] C:\Program Files\Intel\WiFi\bin\AmtWsMan.dll
09:45:12.0199 6564 C:\Program Files\Intel\WiFi\bin\AmtWsMan.dll - ok
09:45:12.0203 6564 [ 533631FE7DB9FF2A1D456A3D15A2DD46 ] C:\Windows\System32\icmp.dll
09:45:12.0203 6564 C:\Windows\System32\icmp.dll - ok
09:45:12.0207 6564 [ 8D47D01378347889A662D54037A988CC ] C:\Windows\System32\tdh.dll
09:45:12.0207 6564 C:\Windows\System32\tdh.dll - ok
09:45:12.0213 6564 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] C:\Windows\System32\wdi.dll
09:45:12.0213 6564 C:\Windows\System32\wdi.dll - ok
09:45:12.0218 6564 [ F0CC6D2A5354B78BABE21A43C50F683C ] C:\Windows\System32\WcnNetsh.dll
09:45:12.0218 6564 C:\Windows\System32\WcnNetsh.dll - ok
09:45:12.0222 6564 [ 1F3282E77966F8C0FCD4402AF5DA0FDD ] C:\Program Files\Intel\WiFi\bin\pfQOSMgr.dll
09:45:12.0222 6564 C:\Program Files\Intel\WiFi\bin\pfQOSMgr.dll - ok
09:45:12.0226 6564 [ 08DF1B8C9C0754A7069E80A986373F52 ] C:\Windows\System32\P2P.dll
09:45:12.0226 6564 C:\Windows\System32\P2P.dll - ok
09:45:12.0230 6564 [ 0AA8C5587D3487146051CECEF87EB522 ] C:\Windows\System32\p2pnetsh.dll
09:45:12.0230 6564 C:\Windows\System32\p2pnetsh.dll - ok
09:45:12.0234 6564 [ 1B0EC94520CAB89A9CE1B2DA405166AF ] C:\Windows\System32\p2pcollab.dll
09:45:12.0234 6564 C:\Windows\System32\p2pcollab.dll - ok
09:45:12.0238 6564 [ 1CDEA9188899E76D4FFD54C9D512CCDB ] C:\Windows\System32\msxml3.dll
09:45:12.0238 6564 C:\Windows\System32\msxml3.dll - ok
09:45:12.0244 6564 [ 79DDDDE43595F9D2B65E37C8B3316955 ] C:\Windows\System32\wlancfg.dll
09:45:12.0244 6564 C:\Windows\System32\wlancfg.dll - ok
09:45:12.0246 6564 [ 4FB491AC8D46AAF22BA8BC5C73DABEF7 ] C:\Windows\System32\wbem\WmiPrvSE.exe
09:45:12.0246 6564 C:\Windows\System32\wbem\WmiPrvSE.exe - ok
09:45:12.0250 6564 [ A2F17346CC5C502D4E29EF986BD17D34 ] C:\Windows\System32\PeerDistSh.dll
09:45:12.0250 6564 C:\Windows\System32\PeerDistSh.dll - ok
09:45:12.0254 6564 [ 8063046AA70B97CA9985672B8848FB2E ] C:\Windows\System32\wlanhlp.dll
09:45:12.0254 6564 C:\Windows\System32\wlanhlp.dll - ok
09:45:12.0258 6564 [ 7C78056A767E0D59E8298A42E0B8D111 ] C:\Windows\System32\wwancfg.dll
09:45:12.0258 6564 C:\Windows\System32\wwancfg.dll - ok
09:45:12.0261 6564 [ F2ED6D00921CA138289E5E0CCB9ABF87 ] C:\Windows\System32\wwapi.dll
09:45:12.0261 6564 C:\Windows\System32\wwapi.dll - ok
09:45:12.0265 6564 [ 0E899D0DB39617AA0B2F992E7E95B5EB ] C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
09:45:12.0265 6564 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe - ok
09:45:12.0269 6564 [ 5621D03ADC16EADE46D2242C39E1A99C ] C:\Program Files\Intel\Intel Matrix Storage Manager\ISDI.dll
09:45:12.0269 6564 C:\Program Files\Intel\Intel Matrix Storage Manager\ISDI.dll - ok
09:45:12.0273 6564 [ F148865E4AC4F715E322EA06E6E21D84 ] C:\Windows\System32\wbem\NCProv.dll
09:45:12.0273 6564 C:\Windows\System32\wbem\NCProv.dll - ok
09:45:12.0276 6564 [ 02530B0B7E048DD5AC8D52DAEACAEB2B ] C:\Windows\System32\QAGENT.DLL
09:45:12.0276 6564 C:\Windows\System32\QAGENT.DLL - ok
09:45:12.0280 6564 [ C6E1152DC27B6101C8D587806A77D889 ] C:\Program Files\Intel\Intel Matrix Storage Manager\ARA\Shell_ARA.dll
09:45:12.0280 6564 C:\Program Files\Intel\Intel Matrix Storage Manager\ARA\Shell_ARA.dll - ok
09:45:12.0284 6564 [ 244C6722289F4869068992FD7D8A8832 ] C:\Windows\System32\wbem\wbemdisp.dll
09:45:12.0284 6564 C:\Windows\System32\wbem\wbemdisp.dll - ok
09:45:12.0287 6564 [ C649F293B8B047A2694F3C615D09BF17 ] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
09:45:12.0287 6564 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE - ok
09:45:12.0291 6564 [ 15E298B5EC5B89C5994A59863969D9FF ] C:\Windows\System32\npmproxy.dll
09:45:12.0291 6564 C:\Windows\System32\npmproxy.dll - ok
09:45:12.0295 6564 [ CB67C2B94302DC94BC15ED6553A5C1C7 ] C:\Windows\System32\wbem\cimwin32.dll
09:45:12.0295 6564 C:\Windows\System32\wbem\cimwin32.dll - ok
09:45:12.0299 6564 [ D0481FB85BEEDD30A0884BE327880F80 ] C:\Windows\System32\framedynos.dll
09:45:12.0299 6564 C:\Windows\System32\framedynos.dll - ok
09:45:12.0302 6564 [ 98DB86E42FCC424B7E310ECDDA748423 ] C:\Program Files\Intel\Intel Matrix Storage Manager\CHS\Shell_CHS.dll
09:45:12.0302 6564 C:\Program Files\Intel\Intel Matrix Storage Manager\CHS\Shell_CHS.dll - ok
09:45:12.0306 6564 [ 8E8293947069A156A157D7BFC05CCC7C ] C:\Windows\System32\wbem\vsswmi.dll
09:45:12.0306 6564 C:\Windows\System32\wbem\vsswmi.dll - ok
09:45:12.0310 6564 [ 9D47DCEA181D036E6718487BDEAE3516 ] C:\Program Files\Intel\Intel Matrix Storage Manager\CHT\Shell_CHT.dll
09:45:12.0310 6564 C:\Program Files\Intel\Intel Matrix Storage Manager\CHT\Shell_CHT.dll - ok
09:45:12.0314 6564 [ 4F6E72B34ED3DC53DCC5E8708E60B61F ] C:\Windows\System32\security.dll
09:45:12.0314 6564 C:\Windows\System32\security.dll - ok
09:45:12.0317 6564 [ 99B9343280AF6A4C0F27CF2E28E94BBF ] C:\Windows\System32\dssenh.dll
09:45:12.0317 6564 C:\Windows\System32\dssenh.dll - ok
09:45:12.0321 6564 [ 93A8B8561FA7DC2E94CF57AD8B90304C ] C:\Program Files\Intel\Intel Matrix Storage Manager\CSY\Shell_CSY.dll
09:45:12.0321 6564 C:\Program Files\Intel\Intel Matrix Storage Manager\CSY\Shell_CSY.dll - ok
09:45:12.0325 6564 [ 944CD511BE9B0E55B8458842D60C738C ] C:\Program Files\Lavasoft\Ad-Aware\CEAPI.dll
09:45:12.0325 6564 C:\Program Files\Lavasoft\Ad-Aware\CEAPI.dll - ok
09:45:12.0329 6564 [ 72910F1DEB838E6E08A9017BFB7D4F0B ] C:\Windows\System32\browcli.dll
09:45:12.0329 6564 C:\Windows\System32\browcli.dll - ok
09:45:12.0332 6564 [ 465BEA35F7ED4A4A57686DEA7EA10F47 ] C:\Windows\System32\cscapi.dll
09:45:12.0332 6564 C:\Windows\System32\cscapi.dll - ok
09:45:12.0336 6564 [ A42E7748BE906434C5FD17161D168C20 ] C:\Windows\System32\schedcli.dll
09:45:12.0336 6564 C:\Windows\System32\schedcli.dll - ok
09:45:12.0340 6564 [ 0CEAF035F44CA5D34AD23BBF9FAAA294 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\syswatch.ppl
09:45:12.0340 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\syswatch.ppl - ok
09:45:12.0344 6564 [ 0411B7958C524BB2E91EE1B3035FE321 ] C:\Windows\System32\dxgi.dll
09:45:12.0344 6564 C:\Windows\System32\dxgi.dll - ok
09:45:12.0348 6564 [ 657CB2EE817F3F8A07E591ED947428CD ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\updater.dll
09:45:12.0348 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\updater.dll - ok
09:45:12.0352 6564 [ 76970D792DA385DCC0476687466687F5 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\diffs.dll
09:45:12.0352 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\diffs.dll - ok
09:45:12.0355 6564 [ A78BEB06BCA7FD37034FC910A55231A0 ] C:\Program Files\Lavasoft\Ad-Aware\VipreBridge.dll
09:45:12.0355 6564 C:\Program Files\Lavasoft\Ad-Aware\VipreBridge.dll - ok
09:45:12.0359 6564 [ B7AA3E629C831F51F567081577F17A65 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\imc.ppl
09:45:12.0359 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\imc.ppl - ok
09:45:12.0364 6564 [ AA9FEAAB810129F6EE5C7933B7505C80 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\oas.ppl
09:45:12.0364 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\oas.ppl - ok
09:45:12.0368 6564 [ 63685FD2584742F05C36BEE668278CFE ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\volenum.ppl
09:45:12.0368 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\volenum.ppl - ok
09:45:12.0373 6564 [ 4ABE5F329053F16A4BC2191E2F59DF9E ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mc.ppl
09:45:12.0373 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mc.ppl - ok
09:45:12.0379 6564 [ E6D663A55F691CAAC9A41AE4019C0536 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\pdm2rt.ppl
09:45:12.0379 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\pdm2rt.ppl - ok
09:45:12.0384 6564 [ 86BF40F2AB08BE8B358738A04715B55A ] C:\Program Files\Lavasoft\Ad-Aware\SBTE.dll
09:45:12.0384 6564 C:\Program Files\Lavasoft\Ad-Aware\SBTE.dll - ok
09:45:12.0389 6564 [ 36F89B9897CD6625260696F2184570DA ] C:\Program Files\Intel\Intel Matrix Storage Manager\DAN\Shell_DAN.dll
09:45:12.0389 6564 C:\Program Files\Intel\Intel Matrix Storage Manager\DAN\Shell_DAN.dll - ok
09:45:12.0393 6564 [ 52DC915E22D5FB59AACE1D2FB6B7A0A3 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbffr.dll
09:45:12.0393 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbffr.dll - ok
09:45:12.0398 6564 [ 46B4D5FB715021575EBC365425C7A33A ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\httpscan.ppl
09:45:12.0398 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\httpscan.ppl - ok
09:45:12.0402 6564 [ F65FFA4B4030CD6C6B98919F5F859CD8 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\sc.ppl
09:45:12.0402 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\sc.ppl - ok
09:45:12.0406 6564 [ A1155047AFA986EED03D1D87CF56A08F ] C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
09:45:12.0406 6564 C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll - ok
09:45:12.0409 6564 [ 40CAEEE0EAF1B8569F7C8DF6420F2CB9 ] C:\Windows\System32\sfc.dll
09:45:12.0409 6564 C:\Windows\System32\sfc.dll - ok
09:45:12.0414 6564 [ 84799328D87B3091A3BDD251E1AD31F9 ] C:\Windows\System32\sfc_os.dll
09:45:12.0414 6564 C:\Windows\System32\sfc_os.dll - ok
09:45:12.0418 6564 [ C37C42753C7F6863073B64F82245AC57 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avpgs.ppl
09:45:12.0418 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avpgs.ppl - ok
09:45:12.0420 6564 [ 9D3D007C2540A69812D798A36F3279B7 ] C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\vcore.dll
09:45:12.0420 6564 C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\vcore.dll - ok
09:45:12.0424 6564 [ 8633AB4B8B35E22D6268ED2381F99F5F ] C:\ProgramData\Kaspersky Lab\AVP9\Bases\klavemu.kdl
09:45:12.0424 6564 C:\ProgramData\Kaspersky Lab\AVP9\Bases\klavemu.kdl - ok
09:45:12.0428 6564 [ 7E5EEECD068A1508C3CE5D83BF5C50E0 ] C:\Windows\System32\dskquota.dll
09:45:12.0428 6564 C:\Windows\System32\dskquota.dll - ok
09:45:12.0432 6564 [ 0784EF853BF5DEBC09A9E8198552FDD9 ] C:\Program Files\Intel\Intel Matrix Storage Manager\DEU\Shell_DEU.dll
09:45:12.0432 6564 C:\Program Files\Intel\Intel Matrix Storage Manager\DEU\Shell_DEU.dll - ok
09:45:12.0437 6564 [ 33E152EE8FCAE5D24522BF9D583DFFA6 ] C:\Program Files\Intel\Intel Matrix Storage Manager\ELL\Shell_ELL.dll
09:45:12.0437 6564 C:\Program Files\Intel\Intel Matrix Storage Manager\ELL\Shell_ELL.dll - ok
09:45:12.0442 6564 [ A918B448BE75F1E6825549DDB6692D7A ] C:\ProgramData\Kaspersky Lab\AVP9\Bases\kjim.kdl
09:45:12.0442 6564 C:\ProgramData\Kaspersky Lab\AVP9\Bases\kjim.kdl - ok
09:45:12.0446 6564 [ 6B4C6ECEE30E9F6D4DB704D6CF13A8C0 ] C:\ProgramData\Kaspersky Lab\AVP9\Bases\mark.kdl
09:45:12.0446 6564 C:\ProgramData\Kaspersky Lab\AVP9\Bases\mark.kdl - ok
09:45:12.0450 6564 [ 317DF7C0EFF0939E6289F5C72F65BA51 ] C:\ProgramData\Kaspersky Lab\AVP9\Bases\vlns.kdl
09:45:12.0450 6564 C:\ProgramData\Kaspersky Lab\AVP9\Bases\vlns.kdl - ok
09:45:12.0455 6564 [ 7E57B6D3D74CB9EF3055BA4E89F038D4 ] C:\Windows\System32\Macromed\Flash\Flash32_11_5_502_146.ocx
09:45:12.0455 6564 C:\Windows\System32\Macromed\Flash\Flash32_11_5_502_146.ocx - ok
09:45:12.0460 6564 [ D8FB3E87A423BA9A64303A8AB742D96C ] C:\ProgramData\Kaspersky Lab\AVP9\Bases\qscan.kdl
09:45:12.0460 6564 C:\ProgramData\Kaspersky Lab\AVP9\Bases\qscan.kdl - ok
09:45:12.0463 6564 [ A74A5322ABE5AC634A9CAEFBFC1B3AE3 ] C:\Program Files\Intel\Intel Matrix Storage Manager\ENU\Shell_ENU.dll
09:45:12.0463 6564 C:\Program Files\Intel\Intel Matrix Storage Manager\ENU\Shell_ENU.dll - ok
09:45:12.0468 6564 [ C731FC78CB6546C7FE189C9A40D7EED0 ] C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\remediation.dll
09:45:12.0468 6564 C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\remediation.dll - ok
09:45:12.0472 6564 [ D1B01B7933F26211E80EAC667A909E1B ] C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\patchw32.dll
09:45:12.0472 6564 C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\patchw32.dll - ok
09:45:12.0476 6564 [ 4EE5C246E105B1D12DA6199CDFFF1088 ] C:\Program Files\Intel\WiFi\bin\S24MUDLL.dll
09:45:12.0476 6564 C:\Program Files\Intel\WiFi\bin\S24MUDLL.dll - ok
09:45:12.0480 6564 [ 7B33E611511197DFD27B37A444FB4014 ] C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\lgpl.dll
09:45:12.0480 6564 C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\lgpl.dll - ok
09:45:12.0486 6564 [ BC6882DA4E6D6E1507A919BBDE17E1BF ] C:\Program Files\Intel\Intel Matrix Storage Manager\ESP\Shell_ESP.dll
09:45:12.0486 6564 C:\Program Files\Intel\Intel Matrix Storage Manager\ESP\Shell_ESP.dll - ok
09:45:12.0488 6564 [ 7DC7D177B59D55B1A09F3A8E14FDFB58 ] C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\lib7zip.dll
09:45:12.0488 6564 C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\lib7zip.dll - ok
09:45:12.0492 6564 [ 50BC994B5BD8A2F905A69F601FC3DC1D ] C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
09:45:12.0492 6564 C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll - ok
09:45:12.0495 6564 [ 0EFC248A61B604DC84C89F400CA1C1F0 ] C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libCHM.dll
09:45:12.0495 6564 C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libCHM.dll - ok
09:45:12.0499 6564 [ C8EA2E332EC6884D08CE2D5EEFCB8440 ] C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libEmail.dll
09:45:12.0500 6564 C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libEmail.dll - ok
09:45:12.0503 6564 [ BF47C9A5372E4DF8F435AB2F03BE3C32 ] C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
09:45:12.0503 6564 C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll - ok
09:45:12.0507 6564 [ 28188263A5D451261ECBFA6303D4D702 ] C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libMsCab.dll
09:45:12.0507 6564 C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libMsCab.dll - ok
09:45:12.0511 6564 [ 3225B53B1C53672E97295861947ED3DE ] C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libMsi.dll
09:45:12.0511 6564 C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libMsi.dll - ok
09:45:12.0515 6564 [ 5798D98B64240F18A012AA76F632734A ] C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libNSIS.dll
09:45:12.0515 6564 C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libNSIS.dll - ok
09:45:12.0519 6564 [ 1F8A4BE6C00F689A6FE3A678B5C2B603 ] C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libOleA.dll
09:45:12.0519 6564 C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libOleA.dll - ok
09:45:12.0522 6564 [ C5783AB6D8B1B77F58B7F5CC6FCE2064 ] C:\Program Files\Intel\Intel Matrix Storage Manager\FIN\Shell_FIN.dll
09:45:12.0522 6564 C:\Program Files\Intel\Intel Matrix Storage Manager\FIN\Shell_FIN.dll - ok
09:45:12.0526 6564 [ FB5C1ED6BBA79291FDA664CF142EEA4D ] C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libRar.dll
09:45:12.0526 6564 C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libRar.dll - ok
09:45:12.0530 6564 [ 56DD7D9679A86EFC4C31A03A92C3237D ] C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libRTF.dll
09:45:12.0530 6564 C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libRTF.dll - ok
09:45:12.0534 6564 [ 5D2638498DEA94F0D65136D49625A8DC ] C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libtd.dll
09:45:12.0534 6564 C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libtd.dll - ok
09:45:12.0538 6564 [ C6B0509AA89F656247694E2D6ABF7255 ] C:\Windows\System32\wbem\wmiprov.dll
09:45:12.0538 6564 C:\Windows\System32\wbem\wmiprov.dll - ok
09:45:12.0541 6564 [ 477E3D0DF9DC60957CB9E0C0D8B47019 ] C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libVvs.dll
09:45:12.0541 6564 C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libVvs.dll - ok
09:45:12.0545 6564 [ 0E47902C881A09DC64D5DEBA611B370A ] C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libZip.dll
09:45:12.0545 6564 C:\ProgramData\Lavasoft\Ad-Aware\Defs\Extended\libZip.dll - ok
09:45:12.0549 6564 [ EE41AC148D669592B0B8E5C28340395B ] C:\Program Files\Intel\Intel Matrix Storage Manager\FRA\Shell_FRA.dll
09:45:12.0549 6564 C:\Program Files\Intel\Intel Matrix Storage Manager\FRA\Shell_FRA.dll - ok
09:45:12.0553 6564 [ 2DC014947C56B34D57F9DFC3B19B14E8 ] C:\Program Files\Intel\Intel Matrix Storage Manager\HEB\Shell_HEB.dll
09:45:12.0553 6564 C:\Program Files\Intel\Intel Matrix Storage Manager\HEB\Shell_HEB.dll - ok
09:45:12.0557 6564 [ 114FE97883B62DAA40CB4E42D840ABA8 ] C:\Program Files\Intel\Intel Matrix Storage Manager\HUN\Shell_HUN.dll
09:45:12.0557 6564 C:\Program Files\Intel\Intel Matrix Storage Manager\HUN\Shell_HUN.dll - ok
09:45:12.0561 6564 [ 759221939DDDD0AA3D92D78E0AB5A81C ] C:\Program Files\Intel\WiFi\bin\iWrap.exe
09:45:12.0561 6564 C:\Program Files\Intel\WiFi\bin\iWrap.exe - ok
09:45:12.0564 6564 [ 936F728E04ACCF3F38801CFFCF1E3F40 ] C:\Windows\System32\oledlg.dll
09:45:12.0564 6564 C:\Windows\System32\oledlg.dll - ok
09:45:12.0568 6564 [ EA85A754721A6406D19309893D8BE55C ] C:\Program Files\Intel\Intel Matrix Storage Manager\ITA\Shell_ITA.dll
09:45:12.0568 6564 C:\Program Files\Intel\Intel Matrix Storage Manager\ITA\Shell_ITA.dll - ok
09:45:12.0572 6564 [ 6466F63B0537BD3DF7BDB4A46E82D1BF ] C:\Program Files\Intel\Intel Matrix Storage Manager\JPN\Shell_JPN.dll
09:45:12.0572 6564 C:\Program Files\Intel\Intel Matrix Storage Manager\JPN\Shell_JPN.dll - ok
09:45:12.0576 6564 [ 0E85C11F8850D524B02181C6E02BA9AE ] C:\Windows\System32\dsound.dll
09:45:12.0576 6564 C:\Windows\System32\dsound.dll - ok
09:45:12.0579 6564 [ 7F8678C59F188528D60104E697C2361E ] C:\Windows\System32\mscms.dll
09:45:12.0579 6564 C:\Windows\System32\mscms.dll - ok
09:45:12.0583 6564 [ 18AB2E5A40064ED5F7791AC5946A90F3 ] C:\Windows\System32\msimg32.dll
09:45:12.0583 6564 C:\Windows\System32\msimg32.dll - ok
09:45:12.0587 6564 [ 37F358CBD2A1D82C56A542325DA6D368 ] C:\Windows\System32\ieframe.dll
09:45:12.0587 6564 C:\Windows\System32\ieframe.dll - ok
09:45:12.0591 6564 [ 3AD85074B225CB2E25D4707EAD1E5C93 ] C:\Program Files\Intel\Intel Matrix Storage Manager\KOR\Shell_KOR.dll
09:45:12.0591 6564 C:\Program Files\Intel\Intel Matrix Storage Manager\KOR\Shell_KOR.dll - ok
09:45:12.0594 6564 [ D20E872E6811ABFDF3A9A32E03E14968 ] C:\Program Files\Intel\Intel Matrix Storage Manager\NLD\Shell_NLD.dll
09:45:12.0595 6564 C:\Program Files\Intel\Intel Matrix Storage Manager\NLD\Shell_NLD.dll - ok
09:45:12.0599 6564 [ D2227BED108DC8AB658AA0E6A06CD9E4 ] C:\Program Files\Intel\Intel Matrix Storage Manager\NOR\Shell_NOR.dll
09:45:12.0599 6564 C:\Program Files\Intel\Intel Matrix Storage Manager\NOR\Shell_NOR.dll - ok
09:45:12.0602 6564 [ AC9A7B6B2CD43C8B157B305425901D40 ] C:\Program Files\Intel\Intel Matrix Storage Manager\PLK\Shell_PLK.dll
09:45:12.0602 6564 C:\Program Files\Intel\Intel Matrix Storage Manager\PLK\Shell_PLK.dll - ok
09:45:12.0606 6564 [ B02F2758364DA1E24A0CA45D5A5827A5 ] C:\Program Files\Intel\Intel Matrix Storage Manager\PTB\Shell_PTB.dll
09:45:12.0606 6564 C:\Program Files\Intel\Intel Matrix Storage Manager\PTB\Shell_PTB.dll - ok
09:45:12.0610 6564 [ 9E1B6FB5FC5F57D27CA7BDBB715C07D3 ] C:\Program Files\Intel\Intel Matrix Storage Manager\PTG\Shell_PTG.dll
09:45:12.0610 6564 C:\Program Files\Intel\Intel Matrix Storage Manager\PTG\Shell_PTG.dll - ok
09:45:12.0614 6564 [ 81A85CECAA1FA6A6C6DE357B644218ED ] C:\Program Files\Intel\Intel Matrix Storage Manager\RUS\Shell_RUS.dll
09:45:12.0614 6564 C:\Program Files\Intel\Intel Matrix Storage Manager\RUS\Shell_RUS.dll - ok
09:45:12.0618 6564 [ BE57788FA26D7BA92DF7AB62E35E6655 ] C:\Program Files\Intel\Intel Matrix Storage Manager\SVE\Shell_SVE.dll
09:45:12.0618 6564 C:\Program Files\Intel\Intel Matrix Storage Manager\SVE\Shell_SVE.dll - ok
09:45:12.0622 6564 [ CF9A645210D85743B9A30812C6170E36 ] C:\Program Files\Intel\Intel Matrix Storage Manager\THA\Shell_THA.dll
09:45:12.0622 6564 C:\Program Files\Intel\Intel Matrix Storage Manager\THA\Shell_THA.dll - ok
09:45:12.0626 6564 [ 85D370418F5AB3E7BBF28F86E9556106 ] C:\Program Files\Intel\Intel Matrix Storage Manager\TRK\Shell_TRK.dll
09:45:12.0626 6564 C:\Program Files\Intel\Intel Matrix Storage Manager\TRK\Shell_TRK.dll - ok
09:45:12.0630 6564 [ F8BA8A317B5675629854FC9700F8AF6D ] C:\Program Files\Intel\Intel Matrix Storage Manager\ENU\PlugInRAID_ENU.dll
09:45:12.0630 6564 C:\Program Files\Intel\Intel Matrix Storage Manager\ENU\PlugInRAID_ENU.dll - ok
09:45:12.0634 6564 [ 249C440D8F4CC4FF27D3B137637C1590 ] C:\Program Files\MediaMall\CR.dll
09:45:12.0634 6564 C:\Program Files\MediaMall\CR.dll - ok
09:45:12.0637 6564 [ 1377FCC06799900F94F81BE7507884A5 ] C:\Program Files\Common Files\ffdshowEx\uilib.dll
09:45:12.0637 6564 C:\Program Files\Common Files\ffdshowEx\uilib.dll - ok
09:45:12.0640 6564 [ EBBC60B027F427D6C0F20EF611040208 ] C:\Program Files\Common Files\ffdshowEx\MediaInfo.dll
09:45:12.0640 6564 C:\Program Files\Common Files\ffdshowEx\MediaInfo.dll - ok
09:45:12.0644 6564 [ 769761CC9DA26098D7C03B722D3740DF ] C:\Program Files\Common Files\ffdshowEx\erdmpg-5.3a.dll
09:45:12.0644 6564 C:\Program Files\Common Files\ffdshowEx\erdmpg-5.3a.dll - ok
09:45:12.0648 6564 [ 3BF7373DB95194AC3CED9AEC253A33CE ] C:\Program Files\Common Files\ffdshowEx\FFMpegPlugIn.dll
09:45:12.0648 6564 C:\Program Files\Common Files\ffdshowEx\FFMpegPlugIn.dll - ok
09:45:12.0652 6564 [ 00D1B00BED72EF0002C4C0C877B9D392 ] C:\Program Files\MediaMall\SettingsManager.exe
09:45:12.0652 6564 C:\Program Files\MediaMall\SettingsManager.exe - ok
09:45:12.0656 6564 [ E62361D6D7EB8488ED0B0B0C19DF5718 ] C:\Windows\System32\cfgbkend.dll
09:45:12.0656 6564 C:\Windows\System32\cfgbkend.dll - ok
09:45:12.0659 6564 [ 2607A85B6466C0110EA8ABB9D8CC83FC ] C:\Windows\System32\regapi.dll
09:45:12.0659 6564 C:\Windows\System32\regapi.dll - ok
09:45:12.0663 6564 [ 86472B217C2E96640297B3F719BD7CBF ] C:\Windows\System32\tscfgwmi.dll
09:45:12.0663 6564 C:\Windows\System32\tscfgwmi.dll - ok
09:45:12.0667 6564 [ 03A88560EF6B5F746A9AC5BA1C0A36C7 ] C:\Windows\System32\rdpcfgex.dll
09:45:12.0667 6564 C:\Windows\System32\rdpcfgex.dll - ok
09:45:12.0669 6564 [ D25958B2A71EF488959272878EF934BE ] C:\Windows\System32\utildll.dll
09:45:12.0669 6564 C:\Windows\System32\utildll.dll - ok
09:45:12.0673 6564 [ 5D5F5D4F9ABF02AEB268EBCE8BD44FE8 ] C:\Program Files\Intel\Intel Matrix Storage Manager\PlugInRAID.pin
09:45:12.0673 6564 C:\Program Files\Intel\Intel Matrix Storage Manager\PlugInRAID.pin - ok
09:45:12.0677 6564 [ B6CAC0C662A334C19BF0DF479F675F08 ] C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizM.dll
09:45:12.0677 6564 C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizM.dll - ok
09:45:12.0680 6564 [ 038ABFA9B8FFC5985F7F739670968A99 ] C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll
09:45:12.0680 6564 C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll - ok
09:45:12.0684 6564 [ 653DD317EFBE8E6D1EA44FC807D26552 ] C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizD.dll
09:45:12.0684 6564 C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizD.dll - ok
09:45:12.0688 6564 [ C2C4849161C778641E3A73106AC115F4 ] C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizR.dll
09:45:12.0688 6564 C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizR.dll - ok
09:45:12.0692 6564 [ EBC36161D7BF42E6BDCD719BB3A7E701 ] C:\Program Files\Intel\Intel Matrix Storage Manager\RaidWizCnG.dll
09:45:12.0692 6564 C:\Program Files\Intel\Intel Matrix Storage Manager\RaidWizCnG.dll - ok
09:45:12.0696 6564 [ DEE23F98A46BC6500E64A647B6CE4E83 ] C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizC.dll
09:45:12.0696 6564 C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizC.dll - ok
09:45:12.0700 6564 [ 58A14C45A5CD2528F10A889E7B0C3FC2 ] C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.dll
09:45:12.0700 6564 C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.dll - ok
09:45:12.0704 6564 [ 10C2C77EC8A9B81B4E95CAF8F7D84234 ] C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizCFE.dll
09:45:12.0704 6564 C:\Program Files\Intel\Intel Matrix Storage Manager\RAIDWizCFE.dll - ok
09:45:12.0708 6564 [ BC404941D7CE1F816825BFDB33BFD77D ] C:\Program Files\Lavasoft\Ad-Aware\lavamessage.dll
09:45:12.0708 6564 C:\Program Files\Lavasoft\Ad-Aware\lavamessage.dll - ok
09:45:12.0714 6564 [ 209A3B1901B83AEB8527ED211CCE9E4C ] C:\Windows\System32\VSSVC.exe
09:45:12.0714 6564 C:\Windows\System32\VSSVC.exe - ok
09:45:12.0717 6564 [ 7E82616BEE76BF5EAA5B30F681414E21 ] C:\Windows\System32\perftrack.dll
09:45:12.0717 6564 C:\Windows\System32\perftrack.dll - ok
09:45:12.0720 6564 [ 9D6AA2ADD3F704134EE89C1E58BDFD1B ] C:\Windows\System32\xolehlp.dll
09:45:12.0720 6564 C:\Windows\System32\xolehlp.dll - ok
09:45:12.0724 6564 [ 88C170086371CC5716010AF223F6F780 ] C:\Windows\System32\virtdisk.dll
09:45:12.0724 6564 C:\Windows\System32\virtdisk.dll - ok
09:45:12.0728 6564 [ 8B794AE6D5C7D42092804BC39A2EB8F6 ] C:\Windows\System32\aepic.dll
09:45:12.0728 6564 C:\Windows\System32\aepic.dll - ok
09:45:12.0733 6564 [ A63DC5C2EA944E6657203E0C8EDEAF61 ] C:\Windows\System32\dllhost.exe
09:45:12.0733 6564 C:\Windows\System32\dllhost.exe - ok
09:45:12.0737 6564 [ 0B31464B7B2D616BD5F7036673588EC1 ] C:\Windows\System32\IDStore.dll
09:45:12.0737 6564 C:\Windows\System32\IDStore.dll - ok
09:45:12.0744 6564 [ 6A1DA04970A13BF54E5110CE6F0E9561 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avzkrnl.dll
09:45:12.0744 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avzkrnl.dll - ok
09:45:12.0750 6564 [ 7B53984BB934E599A4E3668B2F678D48 ] C:\ProgramData\Kaspersky Lab\AVP9\Bases\kavsys.kdl
09:45:12.0750 6564 C:\ProgramData\Kaspersky Lab\AVP9\Bases\kavsys.kdl - ok
09:45:12.0753 6564 [ 92BAA7DEBEDC6EBE803BC14BC5180AB3 ] C:\ProgramData\Kaspersky Lab\AVP9\Bases\arkmon.kdl
09:45:12.0753 6564 C:\ProgramData\Kaspersky Lab\AVP9\Bases\arkmon.kdl - ok
09:45:12.0756 6564 [ E9DDD8FB36C3B430DC7596D25A9E487F ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\httpanlz.ppl
09:45:12.0756 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\httpanlz.ppl - ok
09:45:12.0760 6564 [ 5E493255F469687C86F0FB6587CD5A5D ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\extlprtc.ppl
09:45:12.0760 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\extlprtc.ppl - ok
09:45:12.0767 6564 [ FF55D918F4E9F700D6257192622FB3D9 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ICQprtc.dll
09:45:12.0767 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ICQprtc.dll - ok
09:45:12.0773 6564 [ 5412E7546A289ACF8656BEC4CAB20229 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\SMTPprtc.ppl
09:45:12.0773 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\SMTPprtc.ppl - ok
09:45:12.0779 6564 [ 76808731021F60C2D7BDC01111D7B078 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\trafmon2.ppl
09:45:12.0779 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\trafmon2.ppl - ok
09:45:12.0783 6564 [ 3AE69B3DED772E3114D7B27A7E271225 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\JBRprtc.dll
09:45:12.0783 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\JBRprtc.dll - ok
09:45:12.0788 6564 [ D76AA577721A244CA5BBFF0EDF7DC3E4 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\MSNprtc.dll
09:45:12.0788 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\MSNprtc.dll - ok
09:45:12.0792 6564 [ ACC4010EFF2A1E1677FF17446E0D9A41 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\POP3prtc.ppl
09:45:12.0792 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\POP3prtc.ppl - ok
09:45:12.0797 6564 [ 9016715C2627531A052B7D8888D38EF8 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\UniArc.ppl
09:45:12.0798 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\UniArc.ppl - ok
09:45:12.0802 6564 [ F97881A1D029213DF06F30C5496C9939 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\Arj.ppl
09:45:12.0802 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\Arj.ppl - ok
09:45:12.0805 6564 [ 21E15F1E8D18B0A51F0377D91A29B075 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\CAB.ppl
09:45:12.0806 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\CAB.ppl - ok
09:45:12.0809 6564 [ 79EF874CBC5E0566370D033D525064D6 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\lha.ppl
09:45:12.0809 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\lha.ppl - ok
09:45:12.0814 6564 [ 879ECDBEF71F90003BF8894377CC51E1 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\minizip.ppl
09:45:12.0814 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\minizip.ppl - ok
09:45:12.0818 6564 [ 1D1A8BAC51FAFA0B0412853A198B6B7F ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\rar.ppl
09:45:12.0818 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\rar.ppl - ok
09:45:12.0823 6564 [ 05CB653F821B7FB567F1D4BD30614CD7 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\MailMsg.ppl
09:45:12.0823 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\MailMsg.ppl - ok
09:45:12.0827 6564 [ F6FE9E0A03C724C6DED034F9624CE78D ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mdb.ppl
09:45:12.0827 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mdb.ppl - ok
09:45:12.0830 6564 [ 8F47093E58EDB2FAE6FC5E7841BA011D ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\msoe.ppl
09:45:12.0830 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\msoe.ppl - ok
09:45:12.0834 6564 [ 8BC9DB92C4B2F3BE89185BEAB2AFC1F6 ] C:\Windows\System32\mapi32.dll
09:45:12.0834 6564 C:\Windows\System32\mapi32.dll - ok
09:45:12.0838 6564 [ 266FCC5A79309B5387ABBD2E96031504 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\IMAPprtc.ppl
09:45:12.0838 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\IMAPprtc.ppl - ok
09:45:12.0842 6564 [ DECDEE11C5CB0A0C37E510B5073108BB ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\IRCprtc.dll
09:45:12.0842 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\IRCprtc.dll - ok
09:45:12.0846 6564 [ FE7424D53C5DF04C25244B69338968BB ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\Yhoprtc.dll
09:45:12.0846 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\Yhoprtc.dll - ok
09:45:12.0850 6564 [ AC7ED655B2529C4294DD9DC13833C83D ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\NNTPprtc.ppl
09:45:12.0850 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\NNTPprtc.ppl - ok
09:45:12.0854 6564 [ 0B1B7568CED61ABF5FD717F28175C96A ] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
09:45:12.0854 6564 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe - ok
09:45:12.0858 6564 [ 6E899A836A083354BF9B19428DEAC258 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\urlflt.ppl
09:45:12.0858 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\urlflt.ppl - ok
09:45:12.0862 6564 [ 82C8C24D52242990E3A59836AEBCB02F ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\webnetstat.ppl
09:45:12.0862 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\webnetstat.ppl - ok
09:45:12.0866 6564 [ 193A3325FB26FA391D80DA83FB0B40B8 ] C:\ProgramData\Lavasoft\Ad-Aware\Defs\thorax.aaw
09:45:12.0866 6564 C:\ProgramData\Lavasoft\Ad-Aware\Defs\thorax.aaw - ok
09:45:12.0870 6564 [ E585445D5021971FAE10393F0F1C3961 ] C:\Windows\System32\qmgr.dll
09:45:12.0870 6564 C:\Windows\System32\qmgr.dll - ok
09:45:12.0873 6564 [ AA53356D60AF47EACC85BC617A4F3F66 ] C:\Windows\System32\wpdbusenum.dll
09:45:12.0873 6564 C:\Windows\System32\wpdbusenum.dll - ok
09:45:12.0877 6564 [ 0552A8684BF7566F744D5B19FF6AEC6B ] C:\Windows\System32\bitsperf.dll
09:45:12.0877 6564 C:\Windows\System32\bitsperf.dll - ok
09:45:12.0881 6564 [ E98278865E8DABA21CFE5FE4BE34210A ] C:\Windows\System32\PortableDeviceApi.dll
09:45:12.0881 6564 C:\Windows\System32\PortableDeviceApi.dll - ok
09:45:12.0885 6564 [ BC9833BDE3648D092E9D13724FFB4F04 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mmpprtc.dll
09:45:12.0885 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mmpprtc.dll - ok
09:45:12.0888 6564 [ BCB88EED0CD8632A6167427D8032C39C ] C:\Windows\System32\efsui.exe
09:45:12.0888 6564 C:\Windows\System32\efsui.exe - ok
09:45:12.0892 6564 [ 4F2659160AFCCA990305816946F69407 ] C:\Windows\System32\taskeng.exe
09:45:12.0892 6564 C:\Windows\System32\taskeng.exe - ok
09:45:12.0897 6564 [ D6692338B985D4A0CA52B828314D897D ] C:\Windows\System32\drprov.dll
09:45:12.0897 6564 C:\Windows\System32\drprov.dll - ok
09:45:12.0902 6564 [ D7B7159BC8374E87D8C45A30377A3440 ] C:\Windows\System32\ntlanman.dll
09:45:12.0902 6564 C:\Windows\System32\ntlanman.dll - ok
09:45:12.0906 6564 [ 284B59D7B56FC76C80E622AB856B1FAB ] C:\Windows\System32\davclnt.dll
09:45:12.0906 6564 C:\Windows\System32\davclnt.dll - ok
09:45:12.0912 6564 [ 179BECE8D1A4C488DDB7191FF9BE3FB0 ] C:\Windows\System32\davhlpr.dll
09:45:12.0912 6564 C:\Windows\System32\davhlpr.dll - ok
09:45:12.0914 6564 [ 52A58DC1BFAF31BB2022F0DE2E656D41 ] C:\Windows\System32\efsadu.dll
09:45:12.0914 6564 C:\Windows\System32\efsadu.dll - ok
09:45:12.0918 6564 [ 17DD73B0BBBB722B9BCBDD5F15223BB1 ] C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
09:45:12.0918 6564 C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe - ok
09:45:12.0920 6564 [ 74AF6AA2E8B3180AADAE5FE8813CB1CD ] C:\Windows\System32\localspl.dll
09:45:12.0920 6564 C:\Windows\System32\localspl.dll - ok
09:45:12.0924 6564 [ 629181C26A78EB66B0B4E774E5AC2882 ] C:\Windows\System32\spoolss.dll
09:45:12.0924 6564 C:\Windows\System32\spoolss.dll - ok
09:45:12.0928 6564 [ 03CF941D031F30272D3063E5A4D686F5 ] C:\Windows\System32\PrintIsolationProxy.dll
09:45:12.0928 6564 C:\Windows\System32\PrintIsolationProxy.dll - ok
09:45:12.0933 6564 [ 659E04E74135927CA6D7BC5E75C84417 ] C:\Windows\System32\TSChannel.dll
09:45:12.0933 6564 C:\Windows\System32\TSChannel.dll - ok
09:45:12.0936 6564 [ 58C8D45C571AA9235FB296B383B89887 ] C:\Windows\System32\cpwmon2k.dll
09:45:12.0936 6564 C:\Windows\System32\cpwmon2k.dll - ok
09:45:12.0940 6564 [ 36750ACD24802FDC5CD369542C86FD80 ] C:\Windows\System32\EBPMON2.DLL
09:45:12.0940 6564 C:\Windows\System32\EBPMON2.DLL - ok
09:45:12.0944 6564 [ B0E1C340AD6D5ED40426F25508A6BB2F ] C:\Windows\System32\hpmpw081.DLL
09:45:12.0944 6564 C:\Windows\System32\hpmpw081.DLL - ok
09:45:12.0949 6564 [ 62AFDBF5CE79CB5F563369FD3AF6A729 ] C:\Windows\System32\hpmpm081.DLL
09:45:12.0949 6564 C:\Windows\System32\hpmpm081.DLL - ok
09:45:12.0952 6564 [ AA30EDE7CF7B394E4C60A8FC20DCD84C ] C:\Windows\System32\hppmopjl.dll
09:45:12.0952 6564 C:\Windows\System32\hppmopjl.dll - ok
09:45:12.0956 6564 [ 126F8331BD023178C7F0EF2F5EDE16B3 ] C:\Windows\System32\FXSMON.dll
09:45:12.0956 6564 C:\Windows\System32\FXSMON.dll - ok
09:45:12.0960 6564 [ 28DB6DD0816B33D8FEDCD2ACA1A2042D ] C:\Windows\System32\hpz3lw71.dll
09:45:12.0960 6564 C:\Windows\System32\hpz3lw71.dll - ok
09:45:12.0963 6564 [ 1220595CABA75AB91A6B3FA3B89483CC ] C:\Windows\System32\snmpapi.dll
09:45:12.0963 6564 C:\Windows\System32\snmpapi.dll - ok
09:45:12.0968 6564 [ B390C1D825C7687493BEDE237C6C2F25 ] C:\Windows\System32\tcpmon.dll
09:45:12.0968 6564 C:\Windows\System32\tcpmon.dll - ok
09:45:12.0971 6564 [ 6357E2B68753A1F5CF4A68A25C4FD14A ] C:\Windows\System32\wsnmp32.dll
09:45:12.0971 6564 C:\Windows\System32\wsnmp32.dll - ok
09:45:12.0975 6564 [ 2C1A1F91D3288E7C02B584C2553967B6 ] C:\Program Files\Real\RealUpgrade\realupgrade.exe
09:45:12.0976 6564 C:\Program Files\Real\RealUpgrade\realupgrade.exe - ok
09:45:12.0979 6564 [ 923CDD30092DB73EC4A0EBCDDD16C686 ] C:\Windows\System32\usbmon.dll
09:45:12.0979 6564 C:\Windows\System32\usbmon.dll - ok
09:45:12.0983 6564 [ A8EB761DE499242BECF153B2B34F020E ] C:\Windows\System32\WSDMon.dll
09:45:12.0983 6564 C:\Windows\System32\WSDMon.dll - ok
09:45:12.0987 6564 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files\Real\RealUpgrade\msvcr71.dll
09:45:12.0987 6564 C:\Program Files\Real\RealUpgrade\msvcr71.dll - ok
09:45:12.0991 6564 [ CD72C6406BA561BED6D42CB145E55307 ] C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll
09:45:12.0991 6564 C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll - ok
09:45:12.0995 6564 [ 90CCBABE283166BA4C8402C440CE3C91 ] C:\Program Files\Real\RealUpgrade\Common\hxmedpltfm.dll
09:45:12.0995 6564 C:\Program Files\Real\RealUpgrade\Common\hxmedpltfm.dll - ok
09:45:13.0002 6564 [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\Program Files\Real\RealUpgrade\msvcp71.dll
09:45:13.0002 6564 C:\Program Files\Real\RealUpgrade\msvcp71.dll - ok
09:45:13.0006 6564 [ 2930FA4368C7BCBA3CA59395ACF7F905 ] C:\Program Files\Real\RealUpgrade\Plugins\upgrade.dll
09:45:13.0006 6564 C:\Program Files\Real\RealUpgrade\Plugins\upgrade.dll - ok
09:45:13.0010 6564 [ 7E0AB74553476622FB6AE36F73D97D35 ] C:\Windows\System32\drivers\fastfat.sys
09:45:13.0010 6564 C:\Windows\System32\drivers\fastfat.sys - ok
09:45:13.0013 6564 [ 7422E2DE715DA67BA8FEA980A69C48B6 ] C:\Windows\System32\spool\prtprocs\w32x86\hpcpp094.dll
09:45:13.0013 6564 C:\Windows\System32\spool\prtprocs\w32x86\hpcpp094.dll - ok
09:45:13.0017 6564 [ 0A404EE18BD87D39B850892A479DF55C ] C:\Windows\System32\spool\prtprocs\w32x86\hpzppw71.dll
09:45:13.0017 6564 C:\Windows\System32\spool\prtprocs\w32x86\hpzppw71.dll - ok
09:45:13.0020 6564 [ 5A8BF4E8810541C23F4067536FB48CA3 ] C:\Windows\System32\vss_ps.dll
09:45:13.0020 6564 C:\Windows\System32\vss_ps.dll - ok
09:45:13.0024 6564 [ 5C3F9DBA818CD93379D1A0F215270374 ] C:\Windows\System32\esent.dll
09:45:13.0024 6564 C:\Windows\System32\esent.dll - ok
09:45:13.0027 6564 [ 61AC3EFDFACFDD3F0F11DD4FD4044223 ] C:\Windows\System32\userinit.exe
09:45:13.0027 6564 C:\Windows\System32\userinit.exe - ok
09:45:13.0031 6564 [ C2A44C942EC023CF2D5CF144B0F5D146 ] C:\Windows\System32\spool\prtprocs\w32x86\HPZPPWN7.DLL
09:45:13.0031 6564 C:\Windows\System32\spool\prtprocs\w32x86\HPZPPWN7.DLL - ok
09:45:13.0035 6564 [ 505BF4D1CADEB8D4F8BCD08D944DE25D ] C:\Windows\System32\dwm.exe
09:45:13.0035 6564 C:\Windows\System32\dwm.exe - ok
09:45:13.0039 6564 [ 754AFC50022C95DA7C86B7020DB78136 ] C:\Windows\System32\dwmredir.dll
09:45:13.0039 6564 C:\Windows\System32\dwmredir.dll - ok
09:45:13.0043 6564 [ 497E59D9F01C6F247E72222A61835119 ] C:\Windows\System32\dwmcore.dll
09:45:13.0043 6564 C:\Windows\System32\dwmcore.dll - ok
09:45:13.0046 6564 [ BE3953C7DAE4ECC89134CF64A903F8ED ] C:\Windows\System32\win32spl.dll
09:45:13.0046 6564 C:\Windows\System32\win32spl.dll - ok
09:45:13.0050 6564 [ D27DDE7E0444C7F1819F958469EB7D93 ] C:\Windows\System32\inetpp.dll
09:45:13.0051 6564 C:\Windows\System32\inetpp.dll - ok
09:45:13.0054 6564 [ 2DE90400A63818FA38C4C5C9ADB166BF ] C:\Windows\System32\d3d10_1.dll
09:45:13.0054 6564 C:\Windows\System32\d3d10_1.dll - ok
09:45:13.0058 6564 [ 9C36A3CA80F9B204C670336D344F5DF8 ] C:\Windows\System32\d3d10_1core.dll
09:45:13.0058 6564 C:\Windows\System32\d3d10_1core.dll - ok
09:45:13.0061 6564 [ 8B88EBBB05A0E56B7DCC708498C02B3E ] C:\Windows\explorer.exe
09:45:13.0061 6564 C:\Windows\explorer.exe - ok
09:45:13.0065 6564 [ 79B7009F779DF283E5F7576E08CE2B6A ] C:\Windows\System32\atiuxpag.dll
09:45:13.0065 6564 C:\Windows\System32\atiuxpag.dll - ok
09:45:13.0069 6564 [ 71AE4FEAA2CF949BC2EDC3E69BBD73B9 ] C:\Windows\System32\atidxx32.dll
09:45:13.0069 6564 C:\Windows\System32\atidxx32.dll - ok
09:45:13.0072 6564 [ E2A17BCC08D92F42E08AF6BA2F93ABA7 ] C:\Windows\System32\ExplorerFrame.dll
09:45:13.0072 6564 C:\Windows\System32\ExplorerFrame.dll - ok
09:45:13.0076 6564 [ 2100560AF3F7F2948F2676E44DFB4ECF ] C:\Windows\System32\uDWM.dll
09:45:13.0076 6564 C:\Windows\System32\uDWM.dll - ok
09:45:13.0080 6564 [ B02A99F527ACA02B3F2711FC29A95935 ] C:\Windows\System32\AcSignIcon.dll
09:45:13.0080 6564 C:\Windows\System32\AcSignIcon.dll - ok
09:45:13.0084 6564 [ CA6ADE4F7761BB15B3325356DC3B82BB ] C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll
09:45:13.0084 6564 C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll - ok
09:45:13.0087 6564 [ C693E642ACFBDD76433AF6BE3C3EEE6F ] C:\Windows\System32\PortableDeviceConnectApi.dll
09:45:13.0087 6564 C:\Windows\System32\PortableDeviceConnectApi.dll - ok
09:45:13.0091 6564 [ F45ED8C4F9AF862CD9992849B5203C11 ] C:\Windows\System32\bitsigd.dll
09:45:13.0091 6564 C:\Windows\System32\bitsigd.dll - ok
09:45:13.0095 6564 [ 954EA9B34F155C844B11F4047A8F6F89 ] C:\Windows\System32\upnp.dll
09:45:13.0095 6564 C:\Windows\System32\upnp.dll - ok
09:45:13.0098 6564 [ 0615B72D5E241103769003452B4AFB1C ] C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe
09:45:13.0098 6564 C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe - ok
09:45:13.0102 6564 [ FBFCA1A574D47EE575448B719CBBF2E4 ] C:\Windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ENU.DLL
09:45:13.0103 6564 C:\Windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ENU.DLL - ok
09:45:13.0106 6564 [ 846D0E4DB261CFAF363902E41498E961 ] C:\Windows\System32\EhStorShell.dll
09:45:13.0106 6564 C:\Windows\System32\EhStorShell.dll - ok
09:45:13.0110 6564 [ 3EC541C196DE18ED9A0D0AC82A694D4C ] C:\Windows\System32\cscui.dll
09:45:13.0110 6564 C:\Windows\System32\cscui.dll - ok
09:45:13.0113 6564 [ 57A51217581614DE07F30E34D6BB4993 ] C:\Windows\System32\cscdll.dll
09:45:13.0113 6564 C:\Windows\System32\cscdll.dll - ok
09:45:13.0117 6564 [ 4566BBE928EF23E1C5A55D02D64C2872 ] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
09:45:13.0117 6564 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe - ok
09:45:13.0121 6564 [ E25640558E3EE4FE6201A9928990BA2A ] C:\Windows\System32\catsrvut.dll
09:45:13.0121 6564 C:\Windows\System32\catsrvut.dll - ok
09:45:13.0124 6564 [ 8C80EA0385219822BCE27485F4108444 ] C:\Windows\System32\mfcsubs.dll
09:45:13.0124 6564 C:\Windows\System32\mfcsubs.dll - ok
09:45:13.0128 6564 [ D5B1ED9A781170CCD88C733B09FD3775 ] C:\Program Files\Lavasoft\Ad-Aware\threatwork.exe
09:45:13.0128 6564 C:\Program Files\Lavasoft\Ad-Aware\threatwork.exe - ok
09:45:13.0132 6564 [ A63A9ED78460A4DE1816232B11277887 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\WDiskIO.ppl
09:45:13.0132 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\WDiskIO.ppl - ok
09:45:13.0136 6564 [ 89F5770AD1E9D9CEF93D00303135EC33 ] C:\Windows\System32\ntprint.dll
09:45:13.0136 6564 C:\Windows\System32\ntprint.dll - ok
09:45:13.0142 6564 [ 32F4D839CA942236F933A78C3DC404F9 ] C:\Windows\System32\spool\drivers\w32x86\3\unidrvui.dll
09:45:13.0142 6564 C:\Windows\System32\spool\drivers\w32x86\3\unidrvui.dll - ok
09:45:13.0145 6564 [ 03F3B770DFBED6131653CEDA8CA780F0 ] C:\Windows\System32\ntshrui.dll
09:45:13.0145 6564 C:\Windows\System32\ntshrui.dll - ok
09:45:13.0149 6564 [ 640A476C8867AEAAD8FF9F59A61AFE2F ] C:\Windows\System32\PrintIsolationHost.exe
09:45:13.0149 6564 C:\Windows\System32\PrintIsolationHost.exe - ok
09:45:13.0153 6564 [ DA8F825476D49AAC447BBC8D29911028 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\btimages.ppl
09:45:13.0153 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\btimages.ppl - ok
09:45:13.0157 6564 [ 03F364F70669D6CCDFBB648C735A1CC1 ] C:\Windows\System32\tcpmib.dll
09:45:13.0157 6564 C:\Windows\System32\tcpmib.dll - ok
09:45:13.0160 6564 [ 523CF74A52C9A1762DA8B83AEE734498 ] C:\Windows\System32\IconCodecService.dll
09:45:13.0160 6564 C:\Windows\System32\IconCodecService.dll - ok
09:45:13.0164 6564 [ BA54A966F873B043FDFCDA0B77937855 ] C:\Windows\System32\mgmtapi.dll
09:45:13.0164 6564 C:\Windows\System32\mgmtapi.dll - ok
09:45:13.0168 6564 [ 29743BC9A50899BEECC60C045631BD77 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ComStmIO.ppl
09:45:13.0168 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ComStmIO.ppl - ok
09:45:13.0171 6564 [ FC70115B86B7BC41467BE7A5696C44C5 ] C:\Windows\System32\spool\drivers\w32x86\3\UNIDRV.DLL
09:45:13.0171 6564 C:\Windows\System32\spool\drivers\w32x86\3\UNIDRV.DLL - ok
09:45:13.0175 6564 [ 4C8159CADD20E79A95A6E9F5996E6E6C ] C:\Windows\System32\spool\drivers\w32x86\3\hpmdp094.dll
09:45:13.0175 6564 C:\Windows\System32\spool\drivers\w32x86\3\hpmdp094.dll - ok
09:45:13.0178 6564 [ 6073852E5D291900E2EF56D16C0BFADE ] C:\Program Files\Lavasoft\Ad-Aware\AWSCUpdate.dll
09:45:13.0178 6564 C:\Program Files\Lavasoft\Ad-Aware\AWSCUpdate.dll - ok
09:45:13.0182 6564 [ A9DB8829D9FC1D2B5281E614ABCCFB78 ] C:\Windows\System32\spool\drivers\w32x86\3\hpcui094.dll
09:45:13.0182 6564 C:\Windows\System32\spool\drivers\w32x86\3\hpcui094.dll - ok
09:45:13.0186 6564 [ 765A886E3E0557E5A66D95BCFBD0F3AC ] C:\Windows\System32\compstui.dll
09:45:13.0186 6564 C:\Windows\System32\compstui.dll - ok
09:45:13.0190 6564 [ 5608E451B9D69B548103BA9CF39A3527 ] C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
09:45:13.0190 6564 C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe - ok
09:45:13.0194 6564 [ 23C3C398E352D5DB6AEFE65736DFD0B5 ] C:\Windows\System32\spool\drivers\w32x86\3\HPZUIWN7.DLL
09:45:13.0194 6564 C:\Windows\System32\spool\drivers\w32x86\3\HPZUIWN7.DLL - ok
09:45:13.0197 6564 [ 88D312B5462C8F7D1CD85B0B31ECA143 ] C:\Windows\System32\spool\drivers\w32x86\3\HPZUIW71.DLL
09:45:13.0197 6564 C:\Windows\System32\spool\drivers\w32x86\3\HPZUIW71.DLL - ok
09:45:13.0201 6564 [ 7FA8BA5A780E4757964AC9D4238302B9 ] C:\Windows\System32\taskhost.exe
09:45:13.0201 6564 C:\Windows\System32\taskhost.exe - ok
09:45:13.0205 6564 [ B4AE7B6EF60787BDED54FA7E6E3D3AD6 ] C:\ProgramData\Kaspersky Lab\AVP9\Bases\pdm.kdl
09:45:13.0205 6564 C:\ProgramData\Kaspersky Lab\AVP9\Bases\pdm.kdl - ok
09:45:13.0209 6564 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] C:\Windows\System32\hidserv.dll
09:45:13.0209 6564 C:\Windows\System32\hidserv.dll - ok
09:45:13.0213 6564 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] C:\Windows\System32\bthserv.dll
09:45:13.0213 6564 C:\Windows\System32\bthserv.dll - ok
09:45:13.0217 6564 [ F7434401AE320BB97903A3C1865242FB ] C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
09:45:13.0217 6564 C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe - ok
09:45:13.0221 6564 [ CE5214D1F3343C7937C4300F33B67A53 ] C:\Program Files\ThinkPad\Bluetooth Software\btins.dll
09:45:13.0221 6564 C:\Program Files\ThinkPad\Bluetooth Software\btins.dll - ok
09:45:13.0224 6564 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] C:\Windows\System32\aelupsvc.dll
09:45:13.0224 6564 C:\Windows\System32\aelupsvc.dll - ok
09:45:13.0228 6564 [ D887C9FD02AC9FA880F6E5027A43E118 ] C:\Windows\System32\ssdpsrv.dll
09:45:13.0228 6564 C:\Windows\System32\ssdpsrv.dll - ok
09:45:13.0231 6564 [ ECF036299AA554B5E0455262857B39D0 ] C:\Windows\System32\diagperf.dll
09:45:13.0232 6564 C:\Windows\System32\diagperf.dll - ok
09:45:13.0236 6564 [ FB1959012294D6AD43E5304DF65E3C26 ] C:\Windows\System32\appinfo.dll
09:45:13.0236 6564 C:\Windows\System32\appinfo.dll - ok
09:45:13.0240 6564 [ D99621C0735B21DCC8BC4FEF02F379EF ] C:\Windows\System32\Apphlpdm.dll
09:45:13.0240 6564 C:\Windows\System32\Apphlpdm.dll - ok
09:45:13.0243 6564 [ F8E882C10AF4C29E378D1E28D4817CB1 ] C:\Windows\System32\pnpts.dll
09:45:13.0243 6564 C:\Windows\System32\pnpts.dll - ok
09:45:13.0247 6564 [ 85B45B4B285B159ACDB355FC8C1E8925 ] C:\Windows\System32\qmgrprxy.dll
09:45:13.0247 6564 C:\Windows\System32\qmgrprxy.dll - ok
09:45:13.0251 6564 [ BA32509D9B340162327B341013DE6522 ] C:\Windows\System32\tapi32.dll
09:45:13.0251 6564 C:\Windows\System32\tapi32.dll - ok
09:45:13.0255 6564 [ F0016853FA3F38F55FD868FF74C0359B ] C:\Windows\System32\wdiasqmmodule.dll
09:45:13.0255 6564 C:\Windows\System32\wdiasqmmodule.dll - ok
09:45:13.0258 6564 [ 7FFD52D73352806969D424EF327D10A7 ] C:\Windows\System32\radardt.dll
09:45:13.0258 6564 C:\Windows\System32\radardt.dll - ok
09:45:13.0262 6564 [ A28BD92DF340E57B024BA433165D34D7 ] C:\Windows\System32\swprv.dll
09:45:13.0262 6564 C:\Windows\System32\swprv.dll - ok
09:45:13.0265 6564 [ 7319102526BD11B45FD66335CF90CA12 ] C:\Windows\System32\HotStartUserAgent.dll
09:45:13.0265 6564 C:\Windows\System32\HotStartUserAgent.dll - ok
09:45:13.0270 6564 [ C5C867CD7EFAC60D5021223E374DEEC5 ] C:\Windows\System32\dimsjob.dll
09:45:13.0270 6564 C:\Windows\System32\dimsjob.dll - ok
09:45:13.0273 6564 [ 7B46A076184B73AEDC1A66A71D9131E8 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
09:45:13.0273 6564 C:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll - ok
09:45:13.0277 6564 [ 14486EB6AF542F2BD3239F7FC3E713F7 ] C:\Windows\System32\pautoenr.dll
09:45:13.0277 6564 C:\Windows\System32\pautoenr.dll - ok
09:45:13.0282 6564 [ 29BC473072568C072EC8B176498DE996 ] C:\Windows\System32\CertEnroll.dll
09:45:13.0282 6564 C:\Windows\System32\CertEnroll.dll - ok
09:45:13.0287 6564 [ 70CD0920DBC82305EE1A8276F29DD653 ] C:\Program Files\ThinkPad\Bluetooth Software\btwprofpack.dll
09:45:13.0287 6564 C:\Program Files\ThinkPad\Bluetooth Software\btwprofpack.dll - ok
09:45:13.0292 6564 [ B43687C534A49700BF4B3C9898763752 ] C:\Windows\System32\MsCtfMonitor.dll
09:45:13.0292 6564 C:\Windows\System32\MsCtfMonitor.dll - ok
09:45:13.0296 6564 [ 56CEED370508F69A1BA04939BD1BADDA ] C:\Windows\System32\msutb.dll
09:45:13.0296 6564 C:\Windows\System32\msutb.dll - ok
09:45:13.0301 6564 [ 1F27643C4C626457FCE8F047AE1CD7E1 ] C:\Windows\System32\dxva2.dll
09:45:13.0301 6564 C:\Windows\System32\dxva2.dll - ok
09:45:13.0305 6564 [ F58516E2DC0D963EF70D6BFC21FD82C4 ] C:\Windows\System32\PlaySndSrv.dll
09:45:13.0305 6564 C:\Windows\System32\PlaySndSrv.dll - ok
09:45:13.0307 6564 [ D44741F65A1D71F65814A12CF6E2400A ] C:\Windows\System32\runonce.exe
09:45:13.0307 6564 C:\Windows\System32\runonce.exe - ok
09:45:13.0310 6564 [ 907281ED4AD35D41B29FFDC211EBAD80 ] C:\Windows\System32\wmi.dll
09:45:13.0310 6564 C:\Windows\System32\wmi.dll - ok
09:45:13.0314 6564 [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:45:13.0314 6564 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
09:45:13.0318 6564 [ E5F7C30EDF0892667933BE879F067D67 ] C:\Windows\System32\msvcr100_clr0400.dll
09:45:13.0318 6564 C:\Windows\System32\msvcr100_clr0400.dll - ok
09:45:13.0322 6564 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] C:\Windows\System32\FntCache.dll
09:45:13.0322 6564 C:\Windows\System32\FntCache.dll - ok
09:45:13.0325 6564 [ AD7B9C14083B52BC532FBA5948342B98 ] C:\Windows\System32\cmd.exe
09:45:13.0325 6564 C:\Windows\System32\cmd.exe - ok
09:45:13.0329 6564 [ 210388FD8225B02BD83D77628AAE64A9 ] C:\Windows\System32\XAudio32.dll
09:45:13.0329 6564 C:\Windows\System32\XAudio32.dll - ok
09:45:13.0332 6564 [ BE247AE996A9FDE007A27B51413A6C79 ] C:\Windows\System32\shdocvw.dll
09:45:13.0332 6564 C:\Windows\System32\shdocvw.dll - ok
09:45:13.0336 6564 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\Users\Gabriel\AppData\Local\temp\16FD10D5-FA34-432F-B781-EAEB16AFF0B1.exe
09:45:13.0336 6564 C:\Users\Gabriel\AppData\Local\temp\16FD10D5-FA34-432F-B781-EAEB16AFF0B1.exe - ok
09:45:13.0340 6564 [ 213822072085B5BBAD9AF30AB577D817 ] C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
09:45:13.0340 6564 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe - ok
09:45:13.0344 6564 [ F1278B3514EA6FA9BC39B20D26139AAC ] C:\Windows\System32\msiltcfg.dll
09:45:13.0344 6564 C:\Windows\System32\msiltcfg.dll - ok
09:45:13.0347 6564 [ BDCECF4CAF708110A2AEA0E63A2AD45B ] C:\Program Files\Intel\AMT\LMS.exe
09:45:13.0348 6564 C:\Program Files\Intel\AMT\LMS.exe - ok
09:45:13.0352 6564 [ CF87A1DE791347E75B98885214CED2B8 ] C:\Windows\System32\sppsvc.exe
09:45:13.0352 6564 C:\Windows\System32\sppsvc.exe - ok
09:45:13.0355 6564 [ D16D818E9930A6E5B4F6476DD0998D1A ] C:\Windows\System32\drivers\spsys.sys
09:45:13.0355 6564 C:\Windows\System32\drivers\spsys.sys - ok
09:45:13.0359 6564 [ D89083C4EB02DACA8F944B0E05E57F9D ] C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
09:45:13.0359 6564 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe - ok
09:45:13.0363 6564 [ 0D77436DA61BE7338BC600F0D8773331 ] C:\Program Files\Microsoft SQL Server\90\Shared\sqlwvss.dll
09:45:13.0363 6564 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwvss.dll - ok
09:45:13.0367 6564 [ CABB20E171770FF64614A54C1F31C033 ] C:\Windows\System32\ipconfig.exe
09:45:13.0367 6564 C:\Windows\System32\ipconfig.exe - ok
09:45:13.0371 6564 [ 3A11396EAC2414012155AB14E5C1E332 ] C:\Windows\System32\sppwinob.dll
09:45:13.0371 6564 C:\Windows\System32\sppwinob.dll - ok
09:45:13.0374 6564 [ 421D9645B72CD341ECDBB0FCE06C97DE ] C:\Windows\System32\sppobjs.dll
09:45:13.0374 6564 C:\Windows\System32\sppobjs.dll - ok
09:45:13.0378 6564 [ 3119E9BC5FAD5EA1CD31AE200A1DA591 ] C:\Program Files\Lenovo\System Update\SUService.exe
09:45:13.0378 6564 C:\Program Files\Lenovo\System Update\SUService.exe - ok
09:45:13.0382 6564 [ 9C17DCD6DDFEB1A012544FAF4F2789F6 ] C:\Windows\AppPatch\AcGenral.dll
09:45:13.0382 6564 C:\Windows\AppPatch\AcGenral.dll - ok
09:45:13.0386 6564 [ DC009248061257852AD6C8970F6460EA ] C:\Program Files\Lenovo\System Update\TvsuServiceCommon.dll
09:45:13.0386 6564 C:\Program Files\Lenovo\System Update\TvsuServiceCommon.dll - ok
09:45:13.0390 6564 [ 358AB7956D3160000726574083DFC8A6 ] C:\Windows\System32\pcasvc.dll
09:45:13.0390 6564 C:\Windows\System32\pcasvc.dll - ok
09:45:13.0393 6564 [ 0E4A28030C7C6B8A57A60BAF494B114D ] C:\Windows\System32\iedkcs32.dll
09:45:13.0393 6564 C:\Windows\System32\iedkcs32.dll - ok
09:45:13.0397 6564 [ 0EE3BD34729C40BD0853825753ACB319 ] C:\Windows\System32\ie4uinit.exe
09:45:13.0397 6564 C:\Windows\System32\ie4uinit.exe - ok
09:45:13.0403 6564 [ 7E9917D5309A90E7576653BFE39F80D8 ] C:\Windows\System32\timedate.cpl
09:45:13.0403 6564 C:\Windows\System32\timedate.cpl - ok
09:45:13.0405 6564 [ D2958325C1AE1AE37A83334C6229E3BC ] C:\Windows\System32\actxprxy.dll
09:45:13.0405 6564 C:\Windows\System32\actxprxy.dll - ok
09:45:13.0408 6564 [ 7E22D4B878BBCC73151FAA67965F8A78 ] C:\Program Files\PC-Doctor\ATLPcdToolbar571733.dll
09:45:13.0408 6564 C:\Program Files\PC-Doctor\ATLPcdToolbar571733.dll - ok
09:45:13.0412 6564 [ 3A16EA01FCFAAB40882DB5BFEE632322 ] C:\Windows\System32\msftedit.dll
09:45:13.0412 6564 C:\Windows\System32\msftedit.dll - ok
09:45:13.0416 6564 [ E6DD15E668DAF0A02470CF551B0A0105 ] C:\PROGRA~1\WIC4A1~1\MESSEN~1\msgslang.dll
09:45:13.0416 6564 C:\PROGRA~1\WIC4A1~1\MESSEN~1\msgslang.dll - ok
09:45:13.0419 6564 [ A6154A954F08E99D27CEA4D3B9563172 ] C:\Windows\System32\newdev.dll
09:45:13.0419 6564 C:\Windows\System32\newdev.dll - ok
09:45:13.0421 6564 [ 26025A46FB3FDB40FF06BBF1834093B5 ] C:\Windows\System32\msls31.dll
09:45:13.0421 6564 C:\Windows\System32\msls31.dll - ok
09:45:13.0425 6564 [ 7896EFFDEE215C172BE724A64931EF1C ] C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
09:45:13.0425 6564 C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll - ok
09:45:13.0429 6564 [ 175383778EB24D98C84E624021E3AA0B ] C:\Windows\System32\aeevts.dll
09:45:13.0429 6564 C:\Windows\System32\aeevts.dll - ok
09:45:13.0432 6564 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\Windows\System32\drivers\40729411.sys
09:45:13.0432 6564 C:\Windows\System32\drivers\40729411.sys - ok
09:45:13.0438 6564 [ 2A39F32E0067CBF221611FE1FA8C6D8F ] C:\Windows\System32\DeviceCenter.dll
09:45:13.0439 6564 C:\Windows\System32\DeviceCenter.dll - ok
09:45:13.0441 6564 [ 39AC444E07FDBD8C2E8E291A65D515D3 ] C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
09:45:13.0441 6564 C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe - ok
09:45:13.0445 6564 [ 5987EA8A82C53359BCD2C29D6588583E ] C:\Windows\System32\linkinfo.dll
09:45:13.0445 6564 C:\Windows\System32\linkinfo.dll - ok
09:45:13.0449 6564 [ 3D57FFBAD3ED16B63DE3879BAB0FB56F ] C:\Windows\System32\networkexplorer.dll
09:45:13.0449 6564 C:\Windows\System32\networkexplorer.dll - ok
09:45:13.0453 6564 [ 66A3CF1B8A895FCB2A62599D2EAE3066 ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
09:45:13.0453 6564 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - ok
09:45:13.0457 6564 [ 3FC594F71C2DCDAA9E0F5F2F583CF795 ] C:\Windows\System32\SynCOM.dll
09:45:13.0457 6564 C:\Windows\System32\SynCOM.dll - ok
09:45:13.0461 6564 [ 0BF10B23779565BC472BEEBE3B9A20D9 ] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
09:45:13.0461 6564 C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe - ok
09:45:13.0464 6564 [ 254A8D98E103E06CF86CB2DA8708620F ] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.dll
09:45:13.0464 6564 C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.dll - ok
09:45:13.0468 6564 [ 672D7C5080ACB003343006405DA2E621 ] C:\Windows\System32\thumbcache.dll
09:45:13.0468 6564 C:\Windows\System32\thumbcache.dll - ok
09:45:13.0472 6564 [ 889DCA119B467434D9AE727D9E8D9C01 ] C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
09:45:13.0472 6564 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe - ok
09:45:13.0477 6564 [ D7E5796A9783968F8EA968E83F196645 ] C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
09:45:13.0477 6564 C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe - ok
09:45:13.0481 6564 [ 2B083A7AD8DF8698159480A3D53E8B84 ] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
09:45:13.0481 6564 C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe - ok
09:45:13.0485 6564 [ 19BC13711AC403FEB830522E4831701B ] C:\Windows\System32\gameux.dll
09:45:13.0485 6564 C:\Windows\System32\gameux.dll - ok
09:45:13.0489 6564 [ 54ABE0C0AA4609AC068CF818E5A12A51 ] C:\Windows\System32\SynTPAPI.dll
09:45:13.0489 6564 C:\Windows\System32\SynTPAPI.dll - ok
09:45:13.0492 6564 [ 804D1B3F83682288619DF795543BF382 ] C:\Windows\System32\consent.exe
09:45:13.0492 6564 C:\Windows\System32\consent.exe - ok
09:45:13.0496 6564 [ D480C9220BFE667DE65A46CDE80EA7E9 ] C:\Program Files\Common Files\Intel\Privacy Icon\UNS\StatusStrings.dll
09:45:13.0496 6564 C:\Program Files\Common Files\Intel\Privacy Icon\UNS\StatusStrings.dll - ok
09:45:13.0500 6564 [ 72D9419E4AA1C40C9E34821722D335C8 ] C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
09:45:13.0500 6564 C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe - ok
09:45:13.0504 6564 [ F22C0A640EB4D2CDB0FAD5EA07372FFB ] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
09:45:13.0504 6564 C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe - ok
09:45:13.0508 6564 [ 122F89E0905FC656D56F65CD7A2E9B4D ] C:\Program Files\Common Files\Intel\Privacy Icon\UNS\xerces-c_2_7.dll
09:45:13.0508 6564 C:\Program Files\Common Files\Intel\Privacy Icon\UNS\xerces-c_2_7.dll - ok
09:45:13.0511 6564 [ 0DCA6A11D09D4C2CBE6B898B897EA915 ] C:\Windows\System32\UIAnimation.dll
09:45:13.0512 6564 C:\Windows\System32\UIAnimation.dll - ok
09:45:13.0515 6564 [ F10454A577C8FB6CC529FDFFB7B04E9F ] C:\Program Files\Lenovo\HOTKEY\HKVOLKEY.dll
09:45:13.0515 6564 C:\Program Files\Lenovo\HOTKEY\HKVOLKEY.dll - ok
09:45:13.0519 6564 [ 2B365FF1A4CC06813B892F92AAE4C0B7 ] C:\Program Files\Lenovo\ZOOM\TpScrex.exe
09:45:13.0519 6564 C:\Program Files\Lenovo\ZOOM\TpScrex.exe - ok
09:45:13.0523 6564 [ 2F85284F427FDB1BA582C4F1F035D0E1 ] C:\Program Files\Lenovo\HOTKEY\TPLHMM.dll
09:45:13.0523 6564 C:\Program Files\Lenovo\HOTKEY\TPLHMM.dll - ok
09:45:13.0526 6564 [ 198552AEFECA69D646867EC8D792DE95 ] C:\Windows\System32\ddraw.dll
09:45:13.0526 6564 C:\Windows\System32\ddraw.dll - ok
09:45:13.0530 6564 [ 5E6165A42B5D76C3B3BCEA3F10CADE49 ] C:\Program Files\Common Files\Intel\Privacy Icon\en\PrivacyIconClient.resources.dll
09:45:13.0530 6564 C:\Program Files\Common Files\Intel\Privacy Icon\en\PrivacyIconClient.resources.dll - ok
09:45:13.0534 6564 [ 55E5B32AE8D1F51A63C82919656FD275 ] C:\Windows\System32\dciman32.dll
09:45:13.0534 6564 C:\Windows\System32\dciman32.dll - ok
09:45:13.0538 6564 [ 79E90A8067069F9323BA8FA4CAE56C65 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll
09:45:13.0538 6564 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll - ok
09:45:13.0542 6564 [ A0617B5753E31126AD29C03154F4F329 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
09:45:13.0542 6564 C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll - ok
09:45:13.0547 6564 [ 912649A1B3F9E6ACB3899FBDABA2ED5F ] C:\Windows\System32\stobject.dll
09:45:13.0547 6564 C:\Windows\System32\stobject.dll - ok
09:45:13.0552 6564 [ B799D9FDB26111737F58288D8DC172D9 ] C:\Windows\System32\tbssvc.dll
09:45:13.0552 6564 C:\Windows\System32\tbssvc.dll - ok
09:45:13.0557 6564 [ DCEDB74733F562547150CB1D205452AC ] C:\Windows\System32\TpShocks.exe
09:45:13.0557 6564 C:\Windows\System32\TpShocks.exe - ok
09:45:13.0559 6564 [ 67C1B58706B47EEBA4E117AC197289E6 ] C:\Windows\System32\batmeter.dll
09:45:13.0559 6564 C:\Windows\System32\batmeter.dll - ok
09:45:13.0562 6564 [ F9DCBE9AED5BCCD0E55BBB675A54A5B5 ] C:\Program Files\ThinkPad\TpShocks\MUI\0409\TpShocks.dll
09:45:13.0562 6564 C:\Program Files\ThinkPad\TpShocks\MUI\0409\TpShocks.dll - ok
09:45:13.0566 6564 [ 6143EC5FE54DB6AD0551546F49C62EAE ] C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll
09:45:13.0566 6564 C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll - ok
09:45:13.0572 6564 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] C:\Program Files\Windows Media Player\wmpnetwk.exe
09:45:13.0572 6564 C:\Program Files\Windows Media Player\wmpnetwk.exe - ok
09:45:13.0577 6564 [ 06E23E48D6C89F6F10462017EC3D706A ] C:\Windows\System32\Sensor.DLL
09:45:13.0577 6564 C:\Windows\System32\Sensor.DLL - ok
09:45:13.0581 6564 [ 5CF15474FFDB5005E54958DF6EDD97AB ] C:\Windows\System32\wmdrmdev.dll
09:45:13.0581 6564 C:\Windows\System32\wmdrmdev.dll - ok
09:45:13.0586 6564 [ E739713BA54EFB6F69DF32145FCE0173 ] C:\Windows\System32\hkcmd.exe
09:45:13.0586 6564 C:\Windows\System32\hkcmd.exe - ok
09:45:13.0588 6564 [ 9B1905268BB3ECC04932D061CF620C06 ] C:\Windows\System32\hccutils.dll
09:45:13.0588 6564 C:\Windows\System32\hccutils.dll - ok
09:45:13.0593 6564 [ 47D052D9EE1FD3BA2A55D13F61E3EF24 ] C:\Windows\System32\drmv2clt.dll
09:45:13.0593 6564 C:\Windows\System32\drmv2clt.dll - ok
09:45:13.0596 6564 [ 626F7FCA830F9BA95AD85569BB2038C9 ] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
09:45:13.0596 6564 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe - ok
09:45:13.0600 6564 [ 236F286E103FD44BD85FDD93097FD5DD ] C:\Windows\System32\SearchIndexer.exe
09:45:13.0600 6564 C:\Windows\System32\SearchIndexer.exe - ok
09:45:13.0604 6564 [ 3BCDA891203AC468F10056166EA74E17 ] C:\Windows\System32\igfxpers.exe
09:45:13.0604 6564 C:\Windows\System32\igfxpers.exe - ok
09:45:13.0607 6564 [ 48892C6C23E99FE5E4DF1909CE96FEC9 ] C:\Windows\System32\mshtml.dll
09:45:13.0607 6564 C:\Windows\System32\mshtml.dll - ok
09:45:13.0611 6564 [ 51138BEEA3E2C21EC44D0932C71762A8 ] C:\Windows\System32\rundll32.exe
09:45:13.0611 6564 C:\Windows\System32\rundll32.exe - ok
09:45:13.0614 6564 [ C98E88E22438A025CCAE58C6647A9A89 ] C:\Windows\System32\igfxsrvc.exe
09:45:13.0614 6564 C:\Windows\System32\igfxsrvc.exe - ok
09:45:13.0618 6564 [ 465DBF63A5049E4DB4BC5C12FFE781CB ] C:\Windows\System32\tquery.dll
09:45:13.0618 6564 C:\Windows\System32\tquery.dll - ok
09:45:13.0622 6564 [ C8333F1F77A1B2E25F2202E892CAF634 ] C:\Windows\System32\prnfldr.dll
09:45:13.0622 6564 C:\Windows\System32\prnfldr.dll - ok
09:45:13.0626 6564 [ 2CC24A31F91EDF0C077A19FFA9DA1EF6 ] C:\Windows\System32\igfxsrvc.dll
09:45:13.0626 6564 C:\Windows\System32\igfxsrvc.dll - ok
09:45:13.0629 6564 [ 96C70BD48D49B87475F4572DEDC62EB9 ] C:\Windows\AppPatch\AcLayers.dll
09:45:13.0629 6564 C:\Windows\AppPatch\AcLayers.dll - ok
09:45:13.0633 6564 [ C9AC02202374A5B5FD2DDFEB53A787F6 ] C:\Windows\System32\igfxdev.dll
09:45:13.0633 6564 C:\Windows\System32\igfxdev.dll - ok
09:45:13.0637 6564 [ 3FF0FA0A81910617739644A06D06D016 ] C:\Windows\System32\fdProxy.dll
09:45:13.0637 6564 C:\Windows\System32\fdProxy.dll - ok
09:45:13.0641 6564 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] C:\Windows\System32\provsvc.dll
09:45:13.0641 6564 C:\Windows\System32\provsvc.dll - ok
09:45:13.0644 6564 [ 97B8B25C535DE88740443D5E4BF0B409 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\3079aabe5fd4f325656d52b94b19ae2e\System.Security.ni.dll
09:45:13.0644 6564 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\3079aabe5fd4f325656d52b94b19ae2e\System.Security.ni.dll - ok
09:45:13.0648 6564 [ 0241CB16136B9A4939CA0395768AE286 ] C:\Windows\System32\mssrch.dll
09:45:13.0648 6564 C:\Windows\System32\mssrch.dll - ok
09:45:13.0652 6564 [ 1C7F1C3EA5894995E6C563E9AE9F029F ] C:\Windows\System32\l3codeca.acm
09:45:13.0652 6564 C:\Windows\System32\l3codeca.acm - ok
09:45:13.0656 6564 [ 96D7BC7FC76A120154E86B79D5A293D5 ] C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL
09:45:13.0656 6564 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL - ok
09:45:13.0659 6564 [ ADDB05C93272A62606599B24730BD645 ] C:\Windows\System32\DXP.dll
09:45:13.0659 6564 C:\Windows\System32\DXP.dll - ok
09:45:13.0663 6564 [ E2C48CD0132D4D1DC7D0DF9A6BEF686A ] C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80u.dll
09:45:13.0663 6564 C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80u.dll - ok
09:45:13.0667 6564 [ 856CFFCD835528136367BB1A8FE1DB87 ] C:\Windows\System32\Syncreg.dll
09:45:13.0667 6564 C:\Windows\System32\Syncreg.dll - ok
09:45:13.0671 6564 [ 9AE945D11A2801972F60ADD51FAA9B3F ] C:\Program Files\MediaMall\lua51a.dll
09:45:13.0671 6564 C:\Program Files\MediaMall\lua51a.dll - ok
09:45:13.0673 6564 [ 51D2CBCFA9990DA9F0577BE8F5064640 ] C:\Program Files\Lenovo Fingerprint Software\FPApp.exe
09:45:13.0673 6564 C:\Program Files\Lenovo Fingerprint Software\FPApp.exe - ok
09:45:13.0677 6564 [ F8F03D206F7D5811D630349A23E9B9B9 ] C:\Windows\ehome\ehSSO.dll
09:45:13.0677 6564 C:\Windows\ehome\ehSSO.dll - ok
09:45:13.0681 6564 [ EBD26E3B45CEC837E3F4C4ADB0ABFB09 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\70705382a499703e7a595fada80b04e6\Accessibility.ni.dll
09:45:13.0681 6564 C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\70705382a499703e7a595fada80b04e6\Accessibility.ni.dll - ok
09:45:13.0685 6564 [ 75B4FB5ABCFA4FA3EB01DB142F70D0D6 ] C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-20\Indiv01.key
09:45:13.0685 6564 C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-20\Indiv01.key - ok
09:45:13.0689 6564 [ D1E898186F8713C87F639A91C4AD6D09 ] C:\PROGRA~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL
09:45:13.0689 6564 C:\PROGRA~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL - ok
09:45:13.0693 6564 [ DFFD6E74FF1148B08E49605ABD7A81B6 ] C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIF32V.DLL
09:45:13.0693 6564 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIF32V.DLL - ok
09:45:13.0699 6564 [ 735263DA17BF5BAF9CCD483843BF9D5A ] C:\Windows\System32\WPDShServiceObj.dll
09:45:13.0699 6564 C:\Windows\System32\WPDShServiceObj.dll - ok
09:45:13.0700 6564 [ 1D109ED0D660654EA7FF1574558031C4 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcm80.dll
09:45:13.0700 6564 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcm80.dll - ok
09:45:13.0705 6564 [ 3B376496187AB240FAC6ECD7BD1251F6 ] C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
09:45:13.0705 6564 C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe - ok
09:45:13.0709 6564 [ A63445AE437CDFE13570B8AEAE3514C3 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll
09:45:13.0709 6564 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll - ok
09:45:13.0715 6564 [ ADB45A977BD9E45790CA496DB84BA148 ] C:\Windows\System32\PortableDeviceTypes.dll
09:45:13.0715 6564 C:\Windows\System32\PortableDeviceTypes.dll - ok
09:45:13.0717 6564 [ 8344FD4FCE927880AA1AA7681D4927E5 ] C:\Windows\System32\UI0Detect.exe
09:45:13.0717 6564 C:\Windows\System32\UI0Detect.exe - ok
09:45:13.0721 6564 [ 81600E2E27ED61427AAD865B9BCDDB9D ] C:\Windows\System32\msidle.dll
09:45:13.0721 6564 C:\Windows\System32\msidle.dll - ok
09:45:13.0725 6564 [ B2B3DAE040F6B5AE1DF52B0CD7631A18 ] C:\Windows\System32\AltTab.dll
09:45:13.0725 6564 C:\Windows\System32\AltTab.dll - ok
09:45:13.0731 6564 [ D82B02A6DBF636FB98AF32053F77F233 ] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
09:45:13.0731 6564 C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe - ok
09:45:13.0733 6564 [ 35CAB7CF3754C41AEB69DCE1D5ACA5A4 ] C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
09:45:13.0733 6564 C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll - ok
09:45:13.0737 6564 [ CF4274CEEA9F7791FB7FC40A066BC2C7 ] C:\Windows\System32\cscobj.dll
09:45:13.0737 6564 C:\Windows\System32\cscobj.dll - ok
09:45:13.0741 6564 [ 3D6F22551D422F97AACB0BB927E4C846 ] C:\Windows\System32\pnidui.dll
09:45:13.0741 6564 C:\Windows\System32\pnidui.dll - ok
09:45:13.0747 6564 [ 1D1EAA16D193C6A2D45981ED3914D22A ] C:\Windows\System32\msimtf.dll
09:45:13.0747 6564 C:\Windows\System32\msimtf.dll - ok
09:45:13.0749 6564 [ 72EFA620BBDF0035012182F8DF047D48 ] C:\Program Files\MediaMall\Microsoft.mshtml.dll
09:45:13.0749 6564 C:\Program Files\MediaMall\Microsoft.mshtml.dll - ok
09:45:13.0753 6564 [ 1957D49A9613FAAD1C73B508CCE02AA5 ] C:\Windows\System32\wmp.dll
09:45:13.0753 6564 C:\Windows\System32\wmp.dll - ok
09:45:13.0756 6564 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] C:\Windows\System32\netman.dll
09:45:13.0756 6564 C:\Windows\System32\netman.dll - ok
09:45:13.0760 6564 [ 0F1CDB5A617798AE46C0E59B89F29BAE ] C:\Program Files\Internet Explorer\iecompat.dll
09:45:13.0760 6564 C:\Program Files\Internet Explorer\iecompat.dll - ok
09:45:13.0764 6564 [ 1CBF15FDB0310345A68972EB5C5B948F ] C:\Windows\System32\mssprxy.dll
09:45:13.0764 6564 C:\Windows\System32\mssprxy.dll - ok
09:45:13.0767 6564 [ 674B0C0F6A448EB185CAAB9C51D44032 ] C:\Windows\System32\srchadmin.dll
09:45:13.0767 6564 C:\Windows\System32\srchadmin.dll - ok
09:45:13.0771 6564 [ D39DA70FEA6BD713682F70635587DA9E ] C:\Windows\System32\rasdlg.dll
09:45:13.0771 6564 C:\Windows\System32\rasdlg.dll - ok
09:45:13.0775 6564 [ C0CE1FD30CE222852A061207A579A6FC ] C:\Program Files\Intel\Intel Matrix Storage Manager\ENU\iaaMon_ENU.dll
09:45:13.0775 6564 C:\Program Files\Intel\Intel Matrix Storage Manager\ENU\iaaMon_ENU.dll - ok
09:45:13.0779 6564 [ C2D6A4475B87651D5909E364439FDA52 ] C:\Windows\System32\FXSST.dll
09:45:13.0779 6564 C:\Windows\System32\FXSST.dll - ok
09:45:13.0782 6564 [ 0E4A7C0F383B04D31AC94A11B3F1F22C ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\scrchpg.dll
09:45:13.0782 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\scrchpg.dll - ok
09:45:13.0786 6564 [ 711A2E6A55EC7BFD59B5F649D58B704B ] C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
09:45:13.0786 6564 C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll - ok
09:45:13.0790 6564 [ 9E5868DB59C6D8E949F724DBBC639A31 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll
09:45:13.0790 6564 C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll - ok
09:45:13.0794 6564 [ BAB9EF9A340113666F678AA2474904B6 ] C:\Windows\System32\ddrawex.dll
09:45:13.0794 6564 C:\Windows\System32\ddrawex.dll - ok
09:45:13.0798 6564 [ AD2461E5433DFECC4D068591DB86D90E ] C:\Windows\System32\jscript.dll
09:45:13.0798 6564 C:\Windows\System32\jscript.dll - ok
09:45:13.0804 6564 [ 6BA5D45F242D341EC826A1E93EFACC42 ] C:\Program Files\MediaMall\System.Data.SQLite.dll
09:45:13.0804 6564 C:\Program Files\MediaMall\System.Data.SQLite.dll - ok
09:45:13.0807 6564 [ 2BF2202EDACD6072C2A93365D87A1329 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klscav.dll
09:45:13.0807 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klscav.dll - ok
09:45:13.0811 6564 [ 0FBC74AA20FE0AE6884279F893169C60 ] C:\Windows\System32\wmploc.DLL
09:45:13.0811 6564 C:\Windows\System32\wmploc.DLL - ok
09:45:13.0814 6564 [ 942E57152F1CD0533644AB30EF1A4728 ] C:\Windows\System32\FXSAPI.dll
09:45:13.0814 6564 C:\Windows\System32\FXSAPI.dll - ok
09:45:13.0818 6564 [ C4096CA42199428B3D63DC206C197F0E ] C:\Windows\System32\FXSRESM.dll
09:45:13.0818 6564 C:\Windows\System32\FXSRESM.dll - ok
09:45:13.0822 6564 [ 35E2D005A0D80448BBBC683D29AF76D5 ] C:\Program Files\Internet Explorer\ieproxy.dll
09:45:13.0822 6564 C:\Program Files\Internet Explorer\ieproxy.dll - ok
09:45:13.0826 6564 [ 4B0E67DA04B775457BCF7947622AFFB4 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4d7a457d9f9adcce4d201119b5179c29\System.Transactions.ni.dll
09:45:13.0826 6564 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4d7a457d9f9adcce4d201119b5179c29\System.Transactions.ni.dll - ok
09:45:13.0835 6564 [ 2099A2094B01C2248926553496B51043 ] C:\Program Files\MediaMall\SQLite.Interop.dll
09:45:13.0835 6564 C:\Program Files\MediaMall\SQLite.Interop.dll - ok
09:45:13.0839 6564 [ 5F3F1BF5F5B43293953FC915845910C4 ] C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
09:45:13.0839 6564 C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll - ok
09:45:13.0843 6564 [ 7D548A7319094354AEECA5D14FEE319C ] C:\Program Files\Microsoft Silverlight\4.1.10329.0\agcore.dll
09:45:13.0843 6564 C:\Program Files\Microsoft Silverlight\4.1.10329.0\agcore.dll - ok
09:45:13.0847 6564 [ B63E24E9271E99FD4540E3CA22A937DA ] C:\Windows\System32\en-US\tquery.dll.mui
09:45:13.0847 6564 C:\Windows\System32\en-US\tquery.dll.mui - ok
09:45:13.0853 6564 [ E1EEB7E26AB04075EECC7275239B20B3 ] C:\Program Files\MediaMall\stdole.dll
09:45:13.0853 6564 C:\Program Files\MediaMall\stdole.dll - ok
09:45:13.0858 6564 [ 72334F906C2E2B002CDD2FF9022FD957 ] C:\Windows\PixArt\Pac7302\Monitor.exe
09:45:13.0858 6564 C:\Windows\PixArt\Pac7302\Monitor.exe - ok
09:45:13.0860 6564 [ 6383C60EC0133B14F5705F96369421B2 ] C:\Windows\System32\hnetcfg.dll
09:45:13.0860 6564 C:\Windows\System32\hnetcfg.dll - ok
09:45:13.0866 6564 [ 967EA5B213E9984CBE270205DF37755B ] C:\Windows\System32\FXSSVC.exe
09:45:13.0866 6564 C:\Windows\System32\FXSSVC.exe - ok
09:45:13.0870 6564 [ 2D11BC8B460957E62E4420373A0D8BDA ] C:\Windows\System32\imapi2.dll
09:45:13.0871 6564 C:\Windows\System32\imapi2.dll - ok
09:45:13.0874 6564 [ DAE585379CD93541C635120CF4DBA8C9 ] C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
09:45:13.0874 6564 C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll - ok
09:45:13.0878 6564 [ 1C5492CAF346EEFD66DAA7164C8D8D8B ] C:\Program Files\Winamp\winampa.exe
09:45:13.0878 6564 C:\Program Files\Winamp\winampa.exe - ok
09:45:13.0881 6564 [ 5440EE9CD44616D60CDE57EBDB286E95 ] C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
09:45:13.0881 6564 C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll - ok
09:45:13.0885 6564 [ 9ACE8ECDB1EBC519F48AA65DE5875573 ] C:\Program Files\Common Files\Real\Update_OB\realsched.exe
09:45:13.0885 6564 C:\Program Files\Common Files\Real\Update_OB\realsched.exe - ok
09:45:13.0889 6564 [ 61276C207953FCF2275A64C1304C1428 ] C:\Program Files\Microsoft Silverlight\4.1.10329.0\agcp.exe
09:45:13.0889 6564 C:\Program Files\Microsoft Silverlight\4.1.10329.0\agcp.exe - ok
09:45:13.0893 6564 [ 714C602C1B8CEF17E25C753F1BACF78D ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
09:45:13.0893 6564 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe - ok
09:45:13.0897 6564 [ B9C1B78DA276F254BFDA950B2DFFBA59 ] C:\Program Files\Common Files\Apple\Mobile Device Support\MobileMeNotification.dll
09:45:13.0897 6564 C:\Program Files\Common Files\Apple\Mobile Device Support\MobileMeNotification.dll - ok
09:45:13.0901 6564 [ 0F56CE0B6E577E5FD0647B431F78DA48 ] C:\Windows\System32\atipdlxx.dll
09:45:13.0901 6564 C:\Windows\System32\atipdlxx.dll - ok
09:45:13.0905 6564 [ 0920C46BD70970AE2E60C7A325FD5432 ] C:\Program Files\TPFanControl\TPFanControl.exe
09:45:13.0905 6564 C:\Program Files\TPFanControl\TPFanControl.exe - ok
09:45:13.0909 6564 [ EF294A2159EAE77D837D51141F158EC1 ] C:\Program Files\Common Files\Apple\Mobile Device Support\XMPP.dll
09:45:13.0909 6564 C:\Program Files\Common Files\Apple\Mobile Device Support\XMPP.dll - ok
09:45:13.0914 6564 [ B3283EF6DF3EF5AADF71945C6A195462 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\7c971a5e9473678a34de8925c7edf6f4\System.Configuration.Install.ni.dll
09:45:13.0914 6564 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\7c971a5e9473678a34de8925c7edf6f4\System.Configuration.Install.ni.dll - ok
09:45:13.0918 6564 [ 35AC4B63CBB9FB6B4472913E9948B517 ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
09:45:13.0918 6564 C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe - ok
09:45:13.0922 6564 [ 68CE18072E9CDFE63DD2E083868C7433 ] C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
09:45:13.0922 6564 C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll - ok
09:45:13.0925 6564 [ 29431C7A28278A9EBF4FEF38DB61D86B ] C:\Program Files\Microsoft Silverlight\4.1.10329.0\Silverlight.Configuration.exe
09:45:13.0925 6564 C:\Program Files\Microsoft Silverlight\4.1.10329.0\Silverlight.Configuration.exe - ok
09:45:13.0928 6564 [ 335CC0D7FA11A9DB87A5858DCFF92A6B ] C:\Program Files\Intel\WiFi\bin\zlib1.dll
09:45:13.0928 6564 C:\Program Files\Intel\WiFi\bin\zlib1.dll - ok
09:45:13.0932 6564 [ 3F2B83695E5BF11930C16AF50E991F96 ] C:\Windows\System32\wmpps.dll
09:45:13.0932 6564 C:\Windows\System32\wmpps.dll - ok
09:45:13.0937 6564 [ 0137E8B84D3450789D86794BBEDD409D ] C:\Windows\system\TVicPort.dll
09:45:13.0937 6564 C:\Windows\system\TVicPort.dll - ok
09:45:13.0941 6564 [ 8A6B867FC26B9850D446D2D86E5DB071 ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon_main.dll
09:45:13.0941 6564 C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon_main.dll - ok
09:45:13.0945 6564 [ 7B97346CE563B74BBCC120FC83E5A6D9 ] C:\Windows\System32\wmpmde.dll
09:45:13.0945 6564 C:\Windows\System32\wmpmde.dll - ok
09:45:13.0948 6564 [ 06C93406C5C9C29F2380FF6600AB1320 ] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncPref.resources\en.lproj\AppleSyncPrefLocalized.dll
09:45:13.0948 6564 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncPref.resources\en.lproj\AppleSyncPrefLocalized.dll - ok
09:45:13.0953 6564 [ 916A2C4EB028604783FD5EA169236C1D ] C:\Program Files\QuickTime\QTTask.exe
09:45:13.0953 6564 C:\Program Files\QuickTime\QTTask.exe - ok
09:45:13.0957 6564 [ D9D79F547AE2A70C650DFCFC27AEC0F7 ] C:\Program Files\iTunes\iTunesHelper.exe
09:45:13.0957 6564 C:\Program Files\iTunes\iTunesHelper.exe - ok
09:45:13.0961 6564 [ 622003018EE60AA8A1C662CEBD653624 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\a30d7e65103254213dc62f238be50f97\System.EnterpriseServices.ni.dll
09:45:13.0961 6564 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\a30d7e65103254213dc62f238be50f97\System.EnterpriseServices.ni.dll - ok
09:45:13.0965 6564 [ C70F955220E589652D654AF5A2EE4774 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avpgui.ppl
09:45:13.0965 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avpgui.ppl - ok
09:45:13.0969 6564 [ B64F80B64EE7DE4FB68A0FEDA192EE52 ] C:\Program Files\iTunes\iTunesHelper.dll
09:45:13.0969 6564 C:\Program Files\iTunes\iTunesHelper.dll - ok
09:45:13.0973 6564 [ 1312BDEE8EC4F13CBB25BDBB359768A0 ] C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
09:45:13.0973 6564 C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll - ok
09:45:13.0977 6564 [ A0F110AB73271DA15E6BC314A8C1512A ] C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.dll
09:45:13.0977 6564 C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.dll - ok
09:45:13.0981 6564 [ E07600D02C3A6E59F6D349FADE97DA08 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\basegui.ppl
09:45:13.0981 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\basegui.ppl - ok
09:45:13.0985 6564 [ F047AC8029004B2FB94E2429F54617A9 ] C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll
09:45:13.0985 6564 C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.dll - ok
09:45:13.0990 6564 [ 5B3FA17E1CD6FBBDF41AC34DAEECC256 ] C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
09:45:13.0990 6564 C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll - ok
09:45:13.0994 6564 [ 53683A331F8A1BB20ADD0330F1DE6388 ] C:\Program Files\Windows Media Player\wmpnscfg.exe
09:45:13.0994 6564 C:\Program Files\Windows Media Player\wmpnscfg.exe - ok
09:45:13.0998 6564 [ 81C0FA250EF6DC1C6B3FA2BCE81D6C2E ] C:\Windows\System32\WinSATAPI.dll
09:45:13.0998 6564 C:\Windows\System32\WinSATAPI.dll - ok
09:45:14.0002 6564 [ C02AA67276FEE0C15CC4D6D616BDE95E ] C:\Windows\System32\WWanAPI.dll
09:45:14.0002 6564 C:\Windows\System32\WWanAPI.dll - ok
09:45:14.0006 6564 [ E774F875819DEE4A312A921A88F779FE ] C:\Program Files\Microsoft IntelliPoint\ipoint.exe
09:45:14.0006 6564 C:\Program Files\Microsoft IntelliPoint\ipoint.exe - ok
09:45:14.0010 6564 [ E771D825435436A4276B45DC08A8D980 ] C:\Program Files\iTunes\ITDetector.ocx
09:45:14.0010 6564 C:\Program Files\iTunes\ITDetector.ocx - ok
09:45:14.0014 6564 [ 3CB07566302BCEEB898DE270A0BEC175 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
09:45:14.0014 6564 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
09:45:14.0017 6564 [ 2424231BBD703A677D115C29983B4293 ] C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
09:45:14.0017 6564 C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL - ok
09:45:14.0021 6564 [ D475BBD6FEF8DB2DDE0DA7CCFD2C9042 ] C:\Program Files\Microsoft IntelliPoint\SQMAPI.dll
09:45:14.0021 6564 C:\Program Files\Microsoft IntelliPoint\SQMAPI.dll - ok
09:45:14.0025 6564 [ 529CFF8518D682BD7D08FA6399516C47 ] C:\Program Files\iTunes\iTunes.exe
09:45:14.0025 6564 C:\Program Files\iTunes\iTunes.exe - ok
09:45:14.0029 6564 [ 09EAD9CB2346B671F8F079D3472134D8 ] C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
09:45:14.0029 6564 C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll - ok
09:45:14.0033 6564 [ 6619FBECBF8AD8148AD0B9EAA6B939B2 ] C:\Program Files\Microsoft IntelliPoint\dpgmkb.dll
09:45:14.0033 6564 C:\Program Files\Microsoft IntelliPoint\dpgmkb.dll - ok
09:45:14.0038 6564 [ 4CB25D0504423D7BCCB9C547E253A67F ] C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
09:45:14.0038 6564 C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe - ok
09:45:14.0041 6564 [ E97BC7718923E0B9EF6C10984D4E759A ] C:\Program Files\Microsoft IntelliPoint\ipres.dll
09:45:14.0041 6564 C:\Program Files\Microsoft IntelliPoint\ipres.dll - ok
09:45:14.0045 6564 [ AD8BD96B41C40AC36D803DF267B26EF0 ] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
09:45:14.0045 6564 C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe - ok
09:45:14.0049 6564 [ 12916E0642E92561C98B18A2A2D01B14 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
09:45:14.0049 6564 C:\Program Files\Common Files\Java\Java Update\jusched.exe - ok
09:45:14.0053 6564 [ 23754E13C135B321D39A6F66A4032D11 ] C:\Program Files\Microsoft IntelliPoint\srres.dll
09:45:14.0053 6564 C:\Program Files\Microsoft IntelliPoint\srres.dll - ok
09:45:14.0057 6564 [ DCCA4B04AF87E52EF9EAA2190E06CBAC ] C:\Program Files\Windows Sidebar\sidebar.exe
09:45:14.0057 6564 C:\Program Files\Windows Sidebar\sidebar.exe - ok
09:45:14.0061 6564 [ 598E0604E8B898332BE9A6BEFC6B1746 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\kav.bav
09:45:14.0061 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\kav.bav - ok
09:45:14.0064 6564 [ 8F8AB20AA863EA95A421B9D54C74F20C ] C:\Program Files\Windows Media Player\wmpnssci.dll
09:45:14.0065 6564 C:\Program Files\Windows Media Player\wmpnssci.dll - ok
09:45:14.0068 6564 [ CBBD4D79EEC3EF5A4ADAE9697944C6B9 ] C:\Windows\System32\MSMPEG2ENC.DLL
09:45:14.0069 6564 C:\Windows\System32\MSMPEG2ENC.DLL - ok
09:45:14.0073 6564 [ E3CD0A561F3AABE8607BF1474F4AE1DD ] C:\Program Files\Steam\Steam.exe
09:45:14.0073 6564 C:\Program Files\Steam\Steam.exe - ok
09:45:14.0077 6564 [ 5BB8C06EB5EA4BA22EE8A678F2D79B25 ] C:\Windows\System32\devenum.dll
09:45:14.0077 6564 C:\Windows\System32\devenum.dll - ok
09:45:14.0080 6564 [ 4D3663C67B30EEDF4A6C8A711E7FE6F9 ] C:\Program Files\Java\jre7\bin\java.exe
09:45:14.0080 6564 C:\Program Files\Java\jre7\bin\java.exe - ok
09:45:14.0084 6564 [ 58B8702C20DE211D1FCB248D2FDD71D1 ] C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe
09:45:14.0084 6564 C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe - ok
09:45:14.0088 6564 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] C:\Program Files\iPod\bin\iPodService.exe
09:45:14.0088 6564 C:\Program Files\iPod\bin\iPodService.exe - ok
09:45:14.0093 6564 [ 7069AAB8536F29ED7323140973A2894B ] C:\Windows\System32\msdmo.dll
09:45:14.0093 6564 C:\Windows\System32\msdmo.dll - ok
09:45:14.0097 6564 [ BC83108B18756547013ED443B8CDB31B ] C:\Windows\System32\msvcp100.dll
09:45:14.0097 6564 C:\Windows\System32\msvcp100.dll - ok
09:45:14.0100 6564 [ E619E743E6323C3E292915FF9C67A23F ] C:\Program Files\Java\jre7\bin\jpishare.dll
09:45:14.0100 6564 C:\Program Files\Java\jre7\bin\jpishare.dll - ok
09:45:14.0105 6564 [ 8E8C92DD50F6B34907813AFDC0C8F7DD ] C:\Windows\System32\dbgeng.dll
09:45:14.0105 6564 C:\Windows\System32\dbgeng.dll - ok
09:45:14.0110 6564 [ 833FBB672460EFCE8011D262175FAD33 ] C:\Windows\System32\upnphost.dll
09:45:14.0110 6564 C:\Windows\System32\upnphost.dll - ok
09:45:14.0114 6564 [ 693C7694D451C51BEAE530F75A18E0DF ] C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll
09:45:14.0114 6564 C:\Program Files\iPod\bin\iPodService.Resources\iPodService.dll - ok
09:45:14.0119 6564 [ 648B180E155B553C332857861F8B6502 ] C:\Program Files\MediaMall\PlayOn.exe
09:45:14.0119 6564 C:\Program Files\MediaMall\PlayOn.exe - ok
09:45:14.0121 6564 [ 99F7E13F9C16B255FB5114B0322428E1 ] C:\Program Files\Java\jre7\bin\java.dll
09:45:14.0121 6564 C:\Program Files\Java\jre7\bin\java.dll - ok
09:45:14.0125 6564 [ 0E37FBFA79D349D672456923EC5FBBE3 ] C:\Windows\System32\msvcr100.dll
09:45:14.0125 6564 C:\Windows\System32\msvcr100.dll - ok
09:45:14.0129 6564 [ E2AE392170BDD664739BB09552D833DC ] C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll
09:45:14.0129 6564 C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.dll - ok
09:45:14.0134 6564 [ BF8650D4FEFB972A4A6A5FFC1F41C38C ] C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
09:45:14.0134 6564 C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe - ok
09:45:14.0138 6564 [ 93117349047DDB7B3FF24EB006207606 ] C:\Windows\System32\imgutil.dll
09:45:14.0138 6564 C:\Windows\System32\imgutil.dll - ok
09:45:14.0142 6564 [ EED5AE4EF38893DD1743A95760C98704 ] C:\Windows\System32\pngfilt.dll
09:45:14.0142 6564 C:\Windows\System32\pngfilt.dll - ok
09:45:14.0145 6564 [ 2B92A88E329F4845D31941967A3BAA90 ] C:\Program Files\Java\jre7\bin\msvcr100.dll
09:45:14.0145 6564 C:\Program Files\Java\jre7\bin\msvcr100.dll - ok
09:45:14.0149 6564 [ D96AF6FAF24D5653D558FB5861BD8F29 ] C:\Windows\System32\dxtrans.dll
09:45:14.0149 6564 C:\Windows\System32\dxtrans.dll - ok
09:45:14.0152 6564 [ 34C07D9BED227103E32E21FBCC2F1FBD ] C:\Windows\System32\vbscript.dll
09:45:14.0152 6564 C:\Windows\System32\vbscript.dll - ok
09:45:14.0156 6564 [ 5C5E3AFD499E5146FEF1DA5EF8A23205 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\dbghelp.dll
09:45:14.0156 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\dbghelp.dll - ok
09:45:14.0160 6564 [ 24B7E36FBBDCE69942CBD7ADCEE1A8AA ] C:\Windows\System32\atiu9pag.dll
09:45:14.0160 6564 C:\Windows\System32\atiu9pag.dll - ok
09:45:14.0164 6564 [ EF42D4896AE199685ACE2727E150DEB0 ] C:\Windows\System32\atiumdag.dll
09:45:14.0164 6564 C:\Windows\System32\atiumdag.dll - ok
09:45:14.0167 6564 [ 0764DC82AB4F1D75CBBD2DDDEF31B0D1 ] C:\Program Files\Java\jre7\bin\client\jvm.dll
09:45:14.0167 6564 C:\Program Files\Java\jre7\bin\client\jvm.dll - ok
09:45:14.0172 6564 [ 230EA9ABBC3432CDE388F4891E76E867 ] C:\Windows\System32\udhisapi.dll
09:45:14.0172 6564 C:\Windows\System32\udhisapi.dll - ok
09:45:14.0174 6564 [ 61D353EAB57F8BA42DE9208E35AA74AD ] C:\Program Files\Common Files\Autodesk Shared\AcHelp.exe
09:45:14.0174 6564 C:\Program Files\Common Files\Autodesk Shared\AcHelp.exe - ok
09:45:14.0178 6564 [ BCCC62C0D07C8083711165C60846B5B4 ] C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe
09:45:14.0178 6564 C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe - ok
09:45:14.0182 6564 [ F023A14FE899F5401935CAC119A723CE ] C:\Users\Gabriel\AppData\Local\Akamai\netsession_win.exe
09:45:14.0182 6564 C:\Users\Gabriel\AppData\Local\Akamai\netsession_win.exe - ok
09:45:14.0185 6564 [ 73165EE830627D2B974124F57209F98F ] C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
09:45:14.0185 6564 C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe - ok
09:45:14.0189 6564 [ 57E6D91FA68F94D147F9389F748A0A62 ] C:\Windows\System32\atiumdva.dll
09:45:14.0189 6564 C:\Windows\System32\atiumdva.dll - ok
09:45:14.0193 6564 [ 1D0E69AA5BD5C76E443B5B189ADD049A ] C:\Program Files\CrashPlan\CrashPlanTray.exe
09:45:14.0193 6564 C:\Program Files\CrashPlan\CrashPlanTray.exe - ok
09:45:14.0197 6564 [ E0E15F209360E4A97ABCC21A486B4AEE ] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
09:45:14.0197 6564 C:\Program Files\Common Files\Apple\Internet Services\ubd.exe - ok
09:45:14.0201 6564 [ F03FFC962E18F36A922E61F96BE09925 ] C:\Program Files\Digital Line Detect\DLG.exe
09:45:14.0201 6564 C:\Program Files\Digital Line Detect\DLG.exe - ok
09:45:14.0205 6564 [ 487F44B08EFEAF5AD087878357B9403D ] C:\Windows\System32\pdh.dll
09:45:14.0205 6564 C:\Windows\System32\pdh.dll - ok
09:45:14.0208 6564 [ 82D73D171BF119B5AAE68BFEFADFE9FE ] C:\Program Files\Common Files\Apple\Internet Services\ubd_main.dll
09:45:14.0208 6564 C:\Program Files\Common Files\Apple\Internet Services\ubd_main.dll - ok
09:45:14.0212 6564 [ 5DF19A45F9BCB2F3C7C14BCA2E931A39 ] C:\Program Files\Windows Live\Mesh\WLSync.exe
09:45:14.0212 6564 C:\Program Files\Windows Live\Mesh\WLSync.exe - ok
09:45:14.0216 6564 [ ACEB5E6F416223806421D8864FC0EEB4 ] C:\Program Files\Windows Live\Shared\uxcore.dll
09:45:14.0216 6564 C:\Program Files\Windows Live\Shared\uxcore.dll - ok
09:45:14.0221 6564 [ 5CD0CD0EC4DC5DF459B3AC016764F5AA ] C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
09:45:14.0221 6564 C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - ok
09:45:14.0225 6564 [ C16C054F1E07EE69090B03B5E053BA36 ] C:\Program Files\Common Files\Apple\Internet Services\GenerationalStorage.dll
09:45:14.0225 6564 C:\Program Files\Common Files\Apple\Internet Services\GenerationalStorage.dll - ok
09:45:14.0228 6564 [ AD61C37E1D1E56FAFC5FF7E3CB2D3EFA ] C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
09:45:14.0228 6564 C:\Program Files\Common Files\Autodesk Shared\acstart17.exe - ok
09:45:14.0232 6564 [ F81F14DC4DD866552DD37398E68FE23F ] C:\Program Files\Common Files\Apple\Internet Services\ChunkingLibrary.dll
09:45:14.0232 6564 C:\Program Files\Common Files\Apple\Internet Services\ChunkingLibrary.dll - ok
09:45:14.0236 6564 [ 08E420D873E4FD85241EE2421B02C4A4 ] C:\Windows\System32\wersvc.dll
09:45:14.0236 6564 C:\Windows\System32\wersvc.dll - ok
09:45:14.0239 6564 [ 5DFE72B9F1FF669070FC032090B7B982 ] C:\Program Files\Common Files\Java\Java Update\jucheck.exe
09:45:14.0240 6564 C:\Program Files\Common Files\Java\Java Update\jucheck.exe - ok
09:45:14.0243 6564 [ B39B8CC163C41B12FE83E777199F3378 ] C:\Windows\System32\tzres.dll
09:45:14.0244 6564 C:\Windows\System32\tzres.dll - ok
09:45:14.0246 6564 [ 5896A02C3AD3A429EE6BCD680A1A5E0F ] C:\Program Files\ThinkPad\Bluetooth Software\btwapi.dll
09:45:14.0246 6564 C:\Program Files\ThinkPad\Bluetooth Software\btwapi.dll - ok
09:45:14.0250 6564 [ CA1633BDB9D879263266BCE82F326789 ] C:\Program Files\Common Files\Apple\Internet Services\AOSKit.dll
09:45:14.0250 6564 C:\Program Files\Common Files\Apple\Internet Services\AOSKit.dll - ok
09:45:14.0255 6564 [ 55A97EC5956A72D3B7060560F785FF32 ] C:\Windows\System32\dxtmsft.dll
09:45:14.0255 6564 C:\Windows\System32\dxtmsft.dll - ok
09:45:14.0259 6564 [ 07EBC234EEAA85C45408DB98495F91E0 ] C:\Program Files\Autodesk\DWG TrueView 2012\dwgviewr.exe
09:45:14.0259 6564 C:\Program Files\Autodesk\DWG TrueView 2012\dwgviewr.exe - ok
09:45:14.0262 6564 [ 27FC75229EEE367D4C0E643C108A90FA ] C:\Windows\System32\LocationApi.dll
09:45:14.0262 6564 C:\Windows\System32\LocationApi.dll - ok
09:45:14.0266 6564 [ CB1135906D951B574F9F2498BE8F11F9 ] C:\Program Files\Digital Line Detect\BVRPDiag.dll
09:45:14.0266 6564 C:\Program Files\Digital Line Detect\BVRPDiag.dll - ok
09:45:14.0270 6564 [ 85A2E20FE5877307CCD4C077B89D29A7 ] C:\Program Files\ThinkPad\Bluetooth Software\btosif.dll
09:45:14.0270 6564 C:\Program Files\ThinkPad\Bluetooth Software\btosif.dll - ok
09:45:14.0274 6564 [ DC9C9C409D096F8280546F010A8392A5 ] C:\Program Files\RotateImage\RCIMGDIR.exe
09:45:14.0274 6564 C:\Program Files\RotateImage\RCIMGDIR.exe - ok
09:45:14.0277 6564 [ D9963D39F6711E9A1C14C939C3A25605 ] C:\Windows\System32\mdmxsdk.dll
09:45:14.0277 6564 C:\Windows\System32\mdmxsdk.dll - ok
09:45:14.0281 6564 [ DC3FF4E57BB9E0AD3B62ADC5B47274CC ] C:\Program Files\Common Files\Apple\Apple Application Support\Foundation.dll
09:45:14.0281 6564 C:\Program Files\Common Files\Apple\Apple Application Support\Foundation.dll - ok
09:45:14.0285 6564 [ F58B4EB5E247E6CE29FCE13CB3075D07 ] C:\Program Files\ThinkPad\Bluetooth Software\btwhidcs.dll
09:45:14.0285 6564 C:\Program Files\ThinkPad\Bluetooth Software\btwhidcs.dll - ok
09:45:14.0290 6564 [ D6626C93BF7F557839C028D32247F910 ] C:\Windows\System32\SensorsApi.dll
09:45:14.0290 6564 C:\Windows\System32\SensorsApi.dll - ok
09:45:14.0293 6564 [ A399514D3B28C9A3453A486BBAAFF1C7 ] C:\Windows\System32\wdscore.dll
09:45:14.0293 6564 C:\Windows\System32\wdscore.dll - ok
09:45:14.0297 6564 [ BC5525C19F79B6099B085D0C00C4EF46 ] C:\Windows\System32\irprops.cpl
09:45:14.0297 6564 C:\Windows\System32\irprops.cpl - ok
09:45:14.0300 6564 [ 35CEDE6439FF0D8903223A0817FFE46C ] C:\Windows\System32\d2d1.dll
09:45:14.0300 6564 C:\Windows\System32\d2d1.dll - ok
09:45:14.0304 6564 [ E3C9852C83E44C2DE172F1158D64DCB0 ] C:\Program Files\ThinkPad\Bluetooth Software\BtBalloon.dll
09:45:14.0304 6564 C:\Program Files\ThinkPad\Bluetooth Software\BtBalloon.dll - ok
09:45:14.0308 6564 [ 1AA571774936717EE776DBED51E9EDF4 ] C:\Windows\System32\d3dx10_41.dll
09:45:14.0308 6564 C:\Windows\System32\d3dx10_41.dll - ok
09:45:14.0311 6564 [ A29D734F650F958424743BE3BAA052C8 ] C:\Windows\System32\DWrite.dll
09:45:14.0311 6564 C:\Windows\System32\DWrite.dll - ok
09:45:14.0314 6564 [ 52799EAD792B0E9AE7FD4BA5BD18FE5C ] C:\Windows\System32\wbem\WMIADAP.exe
09:45:14.0314 6564 C:\Windows\System32\wbem\WMIADAP.exe - ok
09:45:14.0318 6564 [ 9CB819197E6B2FD3DC0429E3DC1CCFDD ] C:\Program Files\Common Files\Apple\Apple Application Support\libtidy.dll
09:45:14.0318 6564 C:\Program Files\Common Files\Apple\Apple Application Support\libtidy.dll - ok
09:45:14.0324 6564 [ 9DBD149CAF43D2E7C874C5F40600825C ] C:\Program Files\Windows Live\Shared\wldcore.dll
09:45:14.0325 6564 C:\Program Files\Windows Live\Shared\wldcore.dll - ok
09:45:14.0329 6564 [ E1C1197D2202843F1CBAFB449851C7F5 ] C:\Program Files\Windows Sidebar\wlsrvc.dll
09:45:14.0329 6564 C:\Program Files\Windows Sidebar\wlsrvc.dll - ok
09:45:14.0333 6564 [ BA502FE020F2B4880D7130480ECDDCAF ] C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
09:45:14.0333 6564 C:\Program Files\Microsoft Office\Office12\EXCEL.EXE - ok
09:45:14.0337 6564 [ 5AFDE66182599274EDE47A4448DA096F ] C:\Program Files\Common Files\Apple\Apple Application Support\ApplePushService.dll
09:45:14.0337 6564 C:\Program Files\Common Files\Apple\Apple Application Support\ApplePushService.dll - ok
09:45:14.0342 6564 [ C753ED3DA24F3FE86F754E08A14E2460 ] C:\Program Files\Common Files\Apple\Internet Services\Ubiquity.dll
09:45:14.0342 6564 C:\Program Files\Common Files\Apple\Internet Services\Ubiquity.dll - ok
09:45:14.0344 6564 [ 89084DD8C7A4C7FCDA50485B33C6C98D ] C:\Program Files\Common Files\Apple\Internet Services\mmcs.dll
09:45:14.0344 6564 C:\Program Files\Common Files\Apple\Internet Services\mmcs.dll - ok
09:45:14.0347 6564 [ BB3A22F3EED85A12CFB2DD60D9F9B52F ] C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
09:45:14.0347 6564 C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe - ok
09:45:14.0351 6564 [ 529879612A7FAE235914E3AA6A9A669C ] C:\Windows\System32\loadperf.dll
09:45:14.0351 6564 C:\Windows\System32\loadperf.dll - ok
09:45:14.0355 6564 [ 492D5D1B7ABFFDBBC49F46E6B8E3F4EB ] C:\Program Files\ThinkPad\Bluetooth Software\BtwRSupport.dll
09:45:14.0355 6564 C:\Program Files\ThinkPad\Bluetooth Software\BtwRSupport.dll - ok
09:45:14.0359 6564 [ D475BBD6FEF8DB2DDE0DA7CCFD2C9042 ] C:\Program Files\Windows Live\Mesh\sqmapi.dll
09:45:14.0359 6564 C:\Program Files\Windows Live\Mesh\sqmapi.dll - ok
09:45:14.0363 6564 [ ED9EE6D2265F19C6093FEA94041AC31E ] C:\Program Files\ThinkPad\Bluetooth Software\BtMmHook.dll
09:45:14.0363 6564 C:\Program Files\ThinkPad\Bluetooth Software\BtMmHook.dll - ok
09:45:14.0368 6564 [ 985FA44DED5748469D5AFE36A8C122BD ] C:\Program Files\Windows Live\Mesh\MOE.exe
09:45:14.0368 6564 C:\Program Files\Windows Live\Mesh\MOE.exe - ok
09:45:14.0372 6564 [ 30748F1AD22A561266AEF26C769B59D1 ] C:\Program Files\Windows Live\Mesh\WLRoaming.dll
09:45:14.0372 6564 C:\Program Files\Windows Live\Mesh\WLRoaming.dll - ok
09:45:14.0376 6564 [ 82E53EC685889AD8CFB3AD812A906489 ] C:\Program Files\Windows Live\Photo Gallery\MovieMaker.exe
09:45:14.0376 6564 C:\Program Files\Windows Live\Photo Gallery\MovieMaker.exe - ok
09:45:14.0380 6564 [ 7AB0D59E08A12A697B0DF2AE12E4FCEA ] C:\Program Files\Windows Live\Mesh\en\WLSync.LocalizedResources.dll.mui
09:45:14.0380 6564 C:\Program Files\Windows Live\Mesh\en\WLSync.LocalizedResources.dll.mui - ok
09:45:14.0384 6564 [ 05461F9B00A0CC50E746D29B1B3C17A6 ] C:\Program Files\Windows Live\Mesh\WLSync.Resources.dll
09:45:14.0384 6564 C:\Program Files\Windows Live\Mesh\WLSync.Resources.dll - ok
09:45:14.0388 6564 [ 21A55BABD31DA624449F06A591AE73ED ] C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
09:45:14.0388 6564 C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrlui.dll - ok
09:45:14.0392 6564 [ 3C1F89031F2EDA6EAF8765D2CFEC0805 ] C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
09:45:14.0392 6564 C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE - ok
09:45:14.0396 6564 [ 69A070A618273CCB4BD9C1B5290E38C2 ] C:\Program Files\PC-Doctor\pcdrtoaster.exe
09:45:14.0396 6564 C:\Program Files\PC-Doctor\pcdrtoaster.exe - ok
09:45:14.0399 6564 [ 51F7DCBFFB85624FB72B6119C0D85913 ] C:\Program Files\PhoenixRC\phoenixRC.exe
09:45:14.0399 6564 C:\Program Files\PhoenixRC\phoenixRC.exe - ok
09:45:14.0403 6564 [ 6B7B52EE476B368B29AE46FBC3175239 ] C:\Program Files\Adobe\Photoshop CS\Photoshop.exe
09:45:14.0403 6564 C:\Program Files\Adobe\Photoshop CS\Photoshop.exe - ok
09:45:14.0407 6564 [ 85EDFA58A5C9F9BDF4DC1CBF833627A2 ] C:\PROGRA~1\ThinkPad\UTILIT~1\ATM.DLL
09:45:14.0407 6564 C:\PROGRA~1\ThinkPad\UTILIT~1\ATM.DLL - ok
09:45:14.0411 6564 [ 121B6921618CB75FF05471C3342B96F8 ] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\PrUtil.ppl
09:45:14.0411 6564 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\PrUtil.ppl - ok
09:45:14.0415 6564 [ 45406FFD87F6BA4345B018E303A64FF1 ] C:\Program Files\Common Files\microsoft shared\Windows Live\wlidcli.dll
09:45:14.0415 6564 C:\Program Files\Common Files\microsoft shared\Windows Live\wlidcli.dll - ok
09:45:14.0419 6564 [ 0F6652951129F283C72E1A5A951FF948 ] C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDRES.DLL
09:45:14.0419 6564 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDRES.DLL - ok
09:45:14.0423 6564 [ 6FA41E0C86EF049A12C05CA4BBA8F9AF ] C:\Windows\System32\perfos.dll
09:45:14.0423 6564 C:\Windows\System32\perfos.dll - ok
09:45:14.0425 6564 [ 3A927A1ABED9152B5A3CBDB65CCD0B17 ] C:\Program Files\Windows Live\Contacts\LivePlatform.dll
09:45:14.0425 6564 C:\Program Files\Windows Live\Contacts\LivePlatform.dll - ok
09:45:14.0429 6564 [ 56230760954DB0FAD383DC73EC42515C ] C:\Program Files\Windows Live\Shared\wlbici.dll
09:45:14.0429 6564 C:\Program Files\Windows Live\Shared\wlbici.dll - ok
09:45:14.0433 6564 [ 7A6986DD659B96398A11AF5173892715 ] C:\Windows\System32\cabinet.dll
09:45:14.0433 6564 C:\Windows\System32\cabinet.dll - ok
09:45:14.0437 6564 [ 07A73B15D3EBE2595F506CF1E0AD9BD3 ] C:\Program Files\Windows Live\Mesh\logging.dll
09:45:14.0437 6564 C:\Program Files\Windows Live\Mesh\logging.dll - ok
09:45:14.0441 6564 [ 1E8D06AAE74FED674C1156B3FEA911C2 ] C:\Windows\System32\Faultrep.dll
09:45:14.0441 6564 C:\Windows\System32\Faultrep.dll - ok
09:45:14.0444 6564 [ 7A36C9EE60B0BEE4CA28B7D23BCEE8B0 ] C:\Program Files\Windows Live\Mesh\SqmWrapper.dll
09:45:14.0444 6564 C:\Program Files\Windows Live\Mesh\SqmWrapper.dll - ok
09:45:14.0455 6564 [ 3A03C691171C00DED82355B814719EFD ] C:\Program Files\Steam\Steam.dll
09:45:14.0455 6564 C:\Program Files\Steam\Steam.dll - ok
09:45:14.0462 6564 [ 97D71D8CA9138DD9832CB0B7E002E498 ] C:\Program Files\Windows Live\Mesh\coreclr.dll
09:45:14.0462 6564 C:\Program Files\Windows Live\Mesh\coreclr.dll - ok
09:45:14.0466 6564 [ A7532E66EA2F168A0970E829D8986423 ] C:\Program Files\Steam\dbghelp.dll
09:45:14.0466 6564 C:\Program Files\Steam\dbghelp.dll - ok
09:45:14.0470 6564 [ 173C217E677C4B0C4F8A6D54BA13BF9B ] C:\Program Files\Steam\CSERHelper.dll
09:45:14.0470 6564 C:\Program Files\Steam\CSERHelper.dll - ok
09:45:14.0475 6564 [ 207EDF03958ED11E03D72C6569B37D5A ] C:\Program Files\Steam\SteamUI.dll
09:45:14.0475 6564 C:\Program Files\Steam\SteamUI.dll - ok
09:45:14.0479 6564 [ 2884DA0E5CE6D42F31FC4476A8947F1B ] C:\Program Files\Steam\sdl.dll
09:45:14.0479 6564 C:\Program Files\Steam\sdl.dll - ok
09:45:14.0483 6564 [ 6CBBD891B3397E921C81B6A4F52799D5 ] C:\Program Files\Steam\tier0_s.dll
09:45:14.0483 6564 C:\Program Files\Steam\tier0_s.dll - ok
09:45:14.0488 6564 [ 7C8BFD0842184B15BBF352E23FB97170 ] C:\Program Files\Steam\vstdlib_s.dll
09:45:14.0488 6564 C:\Program Files\Steam\vstdlib_s.dll - ok
09:45:14.0491 6564 [ C9FC1C964526A676F13E3805322EC5BD ] C:\Program Files\Steam\crashhandler.dll
09:45:14.0491 6564 C:\Program Files\Steam\crashhandler.dll - ok
09:45:14.0494 6564 [ F4D475E113AD5F50C1FF1DC240DA42DA ] C:\Program Files\Steam\bin\FileSystem_Steam.dll
09:45:14.0495 6564 C:\Program Files\Steam\bin\FileSystem_Steam.dll - ok
09:45:14.0498 6564 [ 4CCBBA2978F50F93223CBD1BB23FECF4 ] C:\Program Files\Steam\bin\vgui2_s.dll
09:45:14.0498 6564 C:\Program Files\Steam\bin\vgui2_s.dll - ok
09:45:14.0502 6564 [ 9A4841A0CE83A768F7A5F4BA97DE02B5 ] C:\Program Files\Mozilla Firefox\plugin-container.exe
09:45:14.0502 6564 C:\Program Files\Mozilla Firefox\plugin-container.exe - ok
09:45:14.0507 6564 [ D1BBE227367ED791D5FCF08E132D2956 ] C:\Windows\System32\opengl32.dll
09:45:14.0507 6564 C:\Windows\System32\opengl32.dll - ok
09:45:14.0512 6564 [ C5E32E2E3BF43FF6AB89057B5D5556A9 ] C:\Program Files\Autodesk\Revit Architecture 2011\Program\Revit.exe
09:45:14.0512 6564 C:\Program Files\Autodesk\Revit Architecture 2011\Program\Revit.exe - ok
09:45:14.0517 6564 [ EB21913754A746532CC97180F2BA411F ] C:\Program Files\MediaMall\CXL.exe
09:45:14.0517 6564 C:\Program Files\MediaMall\CXL.exe - ok
09:45:14.0520 6564 [ DE3897365B04C4DA1CF8FF725577C082 ] C:\Windows\System32\glu32.dll
09:45:14.0520 6564 C:\Windows\System32\glu32.dll - ok
09:45:14.0525 6564 [ 358DFA9B353CB3C284410F976E261F64 ] C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe
09:45:14.0525 6564 C:\Program Files\Common Files\Roxio Shared\10.0\Roxio Central36\Main\Roxio_Central36.exe - ok
09:45:14.0528 6564 [ 8D350E2B5ED44D65F789B587D3FA3916 ] C:\Program Files\Steam\bin\chromehtml.dll
09:45:14.0528 6564 C:\Program Files\Steam\bin\chromehtml.dll - ok
09:45:14.0532 6564 [ 60BE2CEC0D95BB135D4452F39AAC6805 ] C:\Program Files\Steam\bin\libcef.dll
09:45:14.0532 6564 C:\Program Files\Steam\bin\libcef.dll - ok
09:45:14.0536 6564 [ CBEC06E32D0AC9C3D0A9199EDC1FB959 ] C:\Program Files\Skype\Phone\Skype.exe
09:45:14.0536 6564 C:\Program Files\Skype\Phone\Skype.exe - ok
09:45:14.0540 6564 [ 39D5F5EA5E6F65A807243456DB350189 ] C:\Program Files\Windows Live\Mesh\mscorlib.dll
09:45:14.0540 6564 C:\Program Files\Windows Live\Mesh\mscorlib.dll - ok
09:45:14.0543 6564 [ 045D0F4F41CA53D4CB22BDC814A22B64 ] C:\Program Files\Steam\bin\icudt.dll
09:45:14.0543 6564 C:\Program Files\Steam\bin\icudt.dll - ok
09:45:14.0547 6564 [ 755A3E018D877352C9F6C54E8CAD4123 ] C:\Program Files\Windows Live\Mesh\Microsoft.MeshOperatingEnvironment.Runtime.Client.dll
09:45:14.0547 6564 C:\Program Files\Windows Live\Mesh\Microsoft.MeshOperatingEnvironment.Runtime.Client.dll - ok
09:45:14.0551 6564 [ D738FB8AFEC0FB57B9231A852C6B7166 ] C:\Program Files\Windows Live\Mesh\Microsoft.MeshOperatingEnvironment.Runtime.Client.ILFilter.dll
09:45:14.0551 6564 C:\Program Files\Windows Live\Mesh\Microsoft.MeshOperatingEnvironment.Runtime.Client.ILFilter.dll - ok
09:45:14.0555 6564 [ E3CEFBFEBCD4B6C7ED644F50ACE48323 ] C:\Program Files\Windows Live\Mesh\Microsoft.LiveFx.Runtime.dll
09:45:14.0555 6564 C:\Program Files\Windows Live\Mesh\Microsoft.LiveFx.Runtime.dll - ok
09:45:14.0559 6564 [ 22AEC948604B0DDFA9AE75329F623B28 ] C:\Program Files\Windows Live\Mesh\System.dll
09:45:14.0559 6564 C:\Program Files\Windows Live\Mesh\System.dll - ok
09:45:14.0563 6564 [ 9C4EEEE64FDDDC3B191C3B2AB7C42806 ] C:\Program Files\Windows Live\Mesh\Microsoft.Web.dll
09:45:14.0563 6564 C:\Program Files\Windows Live\Mesh\Microsoft.Web.dll - ok
09:45:14.0567 6564 [ 232B333589533490929A59CAC8B3A74F ] C:\Program Files\Windows Live\Mesh\Microsoft.WlcProfile.dll
09:45:14.0567 6564 C:\Program Files\Windows Live\Mesh\Microsoft.WlcProfile.dll - ok
09:45:14.0571 6564 [ CF0FB66BE718170B894B1867CBE9C54B ] C:\Program Files\Windows Live\Mesh\System.ServiceModel.Syndication.dll
09:45:14.0571 6564 C:\Program Files\Windows Live\Mesh\System.ServiceModel.Syndication.dll - ok
09:45:14.0575 6564 [ 8D89085D34969EEA19793F4D26E9992E ] C:\Program Files\Windows Live\Mesh\Microsoft.LiveFx.Runtime.Framework.dll
09:45:14.0575 6564 C:\Program Files\Windows Live\Mesh\Microsoft.LiveFx.Runtime.Framework.dll - ok
09:45:14.0579 6564 [ 036B6B6AFFD24B9E9617CDC1063B1D74 ] C:\Program Files\Windows Live\Mesh\Microsoft.LiveFx.ResourceModel.dll
09:45:14.0579 6564 C:\Program Files\Windows Live\Mesh\Microsoft.LiveFx.ResourceModel.dll - ok
09:45:14.0582 6564 [ B284E0F20811226BC0211BF742247542 ] C:\Program Files\WinRAR\WinRAR.exe
09:45:14.0582 6564 C:\Program Files\WinRAR\WinRAR.exe - ok
09:45:14.0586 6564 [ 9CB27AE21BF0553BF20F571DD9E2C3A0 ] C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
09:45:14.0586 6564 C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe - ok
09:45:14.0590 6564 [ 0C420DB7D32A3866F83C785127E03EE2 ] C:\Program Files\Windows Live\Mesh\System.Core.dll
09:45:14.0591 6564 C:\Program Files\Windows Live\Mesh\System.Core.dll - ok
09:45:14.0594 6564 [ A80C173AC5C75706BB74AE4D78F2A53D ] C:\Program Files\Windows Media Player\wmplayer.exe
09:45:14.0594 6564 C:\Program Files\Windows Media Player\wmplayer.exe - ok
09:45:14.0598 6564 [ 4F7A22DD85837E2AA777C3F13FA68E7A ] C:\Program Files\Windows Live\Mesh\System.Xml.dll
09:45:14.0598 6564 C:\Program Files\Windows Live\Mesh\System.Xml.dll - ok
09:45:14.0601 6564 [ 7E4774FA6D6C25762965D4D3CEF35F05 ] C:\Program Files\Microsoft IntelliPoint\dpgcmd.dll
09:45:14.0601 6564 C:\Program Files\Microsoft IntelliPoint\dpgcmd.dll - ok
09:45:14.0606 6564 [ 066EA2C61C81EDD90B4A8A72AA87DB7D ] C:\Program Files\Windows Live\Mesh\Microsoft.MeshOperatingEnvironment.Runtime.Client.Platform.dll
09:45:14.0606 6564 C:\Program Files\Windows Live\Mesh\Microsoft.MeshOperatingEnvironment.Runtime.Client.Platform.dll - ok
09:45:14.0610 6564 [ BC3BA0DF92A1EDD2A3DA98FFFD9E7F7B ] C:\Program Files\Microsoft IntelliPoint\Components\Commands\DPGHnt\DPGHnt.dll
09:45:14.0610 6564 C:\Program Files\Microsoft IntelliPoint\Components\Commands\DPGHnt\DPGHnt.dll - ok
09:45:14.0614 6564 [ 62E2D7E9D414798054811126709618A7 ] C:\Program Files\Windows Live\Mesh\Microsoft.MeshOperatingEnvironment.Runtime.Client.WlcProxies.dll
09:45:14.0614 6564 C:\Program Files\Windows Live\Mesh\Microsoft.MeshOperatingEnvironment.Runtime.Client.WlcProxies.dll - ok
09:45:14.0617 6564 [ 6EFD120DAFA7DEBD3C8323F7AE0F704F ] C:\Program Files\Windows Live\Mesh\esestore.dll
09:45:14.0617 6564 C:\Program Files\Windows Live\Mesh\esestore.dll - ok
09:45:14.0620 6564 [ BBA1FE328CEA501FCCE1E5DF16276439 ] C:\Program Files\Steam\bin\avcodec-53.dll
09:45:14.0620 6564 C:\Program Files\Steam\bin\avcodec-53.dll - ok
09:45:14.0626 6564 [ 2A8B8A15A58EDF3B443083EC29894E54 ] C:\Program Files\Steam\bin\avutil-51.dll
09:45:14.0626 6564 C:\Program Files\Steam\bin\avutil-51.dll - ok
09:45:14.0631 6564 [ C5CCB86CD745746B9908031A54315F90 ] C:\Program Files\Steam\bin\avformat-53.dll
09:45:14.0631 6564 C:\Program Files\Steam\bin\avformat-53.dll - ok
09:45:14.0633 6564 [ 22D6FD4D9DE2F2893BB16A33A1BD02E0 ] C:\Program Files\Windows Live\Mesh\MeshSessions.dll
09:45:14.0633 6564 C:\Program Files\Windows Live\Mesh\MeshSessions.dll - ok
09:45:14.0637 6564 [ 9D92C5CE9466F174F05B63EAEB283B45 ] C:\Program Files\Windows Live\Mesh\bitswarm.dll
09:45:14.0637 6564 C:\Program Files\Windows Live\Mesh\bitswarm.dll - ok
09:45:14.0641 6564 [ 904E48D5647A31C5A7E38162777B40E8 ] C:\Program Files\Windows Live\Mesh\lkrhwlc.dll
09:45:14.0641 6564 C:\Program Files\Windows Live\Mesh\lkrhwlc.dll - ok
09:45:14.0645 6564 [ 16295A7D3A3393430AF75BC0185BDD44 ] C:\Program Files\Windows Live\Mesh\utilclasses.dll
09:45:14.0645 6564 C:\Program Files\Windows Live\Mesh\utilclasses.dll - ok
09:45:14.0650 6564 [ E301F09BEB39DAF997D6609C5913599F ] C:\Program Files\Windows Live\Contacts\liveNatTrav.dll
09:45:14.0650 6564 C:\Program Files\Windows Live\Contacts\liveNatTrav.dll - ok
09:45:14.0655 6564 [ E706236E8FF4D97EC9F5C2614BC78646 ] C:\Program Files\Steam\steamclient.dll
09:45:14.0655 6564 C:\Program Files\Steam\steamclient.dll - ok
09:45:14.0659 6564 [ 5E10BF487BC81B9FF3DC5092D475B6D2 ] C:\Program Files\Windows Live\Mesh\System.ServiceModel.Web.dll
09:45:14.0659 6564 C:\Program Files\Windows Live\Mesh\System.ServiceModel.Web.dll - ok
09:45:14.0662 6564 [ DD71E0832AFCDB913B5E7ECB935FA00E ] C:\Program Files\Windows Live\Mesh\System.Runtime.Serialization.dll
09:45:14.0662 6564 C:\Program Files\Windows Live\Mesh\System.Runtime.Serialization.dll - ok
09:45:14.0666 6564 [ D475BBD6FEF8DB2DDE0DA7CCFD2C9042 ] C:\Program Files\Windows Live\Shared\sqmapi.dll
09:45:14.0666 6564 C:\Program Files\Windows Live\Shared\sqmapi.dll - ok
09:45:14.0670 6564 [ 9A5C9CAB7D90D93D23047BA38BA5D3F0 ] C:\Program Files\Common Files\Steam\SteamService.exe
09:45:14.0670 6564 C:\Program Files\Common Files\Steam\SteamService.exe - ok
09:45:14.0675 6564 [ CAE692AE26B7F117CD32644DCAC52FF7 ] C:\Program Files\Steam\bin\SteamService.dll
09:45:14.0675 6564 C:\Program Files\Steam\bin\SteamService.dll - ok
09:45:14.0677 6564 [ 21EEBC63A1B1E135F29D3003E7CAA9AD ] C:\Program Files\Windows Live\Mesh\System.ServiceModel.dll
09:45:14.0677 6564 C:\Program Files\Windows Live\Mesh\System.ServiceModel.dll - ok
09:45:14.0681 6564 [ D7826A7440444F40E0406CF37FD2FA88 ] C:\Program Files\Mozilla Firefox\firefox.exe
09:45:14.0681 6564 C:\Program Files\Mozilla Firefox\firefox.exe - ok
09:45:14.0684 6564 [ 9715FA0174E40E0E41CC01D3850FE176 ] C:\Program Files\Windows Live\Mesh\TesClient.dll
09:45:14.0684 6564 C:\Program Files\Windows Live\Mesh\TesClient.dll - ok
09:45:14.0690 6564 [ 7F002E69166E1103F8E733B4604902B0 ] C:\Program Files\Windows Live\Mesh\commengine.dll
09:45:14.0690 6564 C:\Program Files\Windows Live\Mesh\commengine.dll - ok
09:45:14.0698 6564 [ 43BE3B9CA431F88E049928DC45C4365C ] C:\Windows\System32\wbem\wmipcima.dll
09:45:14.0698 6564 C:\Windows\System32\wbem\wmipcima.dll - ok
09:45:14.0704 6564 [ 3BBCE9F5ABFC39BE716DABB59C5835DB ] C:\Program Files\Windows Live\Mesh\encoders.dll
09:45:14.0704 6564 C:\Program Files\Windows Live\Mesh\encoders.dll - ok
09:45:14.0709 6564 [ F61D535F267550DFFD0D66C39C579512 ] C:\Program Files\Windows Live\Contacts\lmcdata.dll
09:45:14.0709 6564 C:\Program Files\Windows Live\Contacts\lmcdata.dll - ok
09:45:14.0714 6564 [ A28574E9659180AF96C8178FC1D722D8 ] C:\Program Files\Windows Live\Contacts\wlcomm.exe
09:45:14.0714 6564 C:\Program Files\Windows Live\Contacts\wlcomm.exe - ok
09:45:14.0719 6564 [ D25C90F166CB25DCB85755F3DAA984B3 ] C:\Program Files\Windows Live\Shared\wldlog.dll
09:45:14.0719 6564 C:\Program Files\Windows Live\Shared\wldlog.dll - ok
09:45:14.0724 6564 [ 84E061BB8A464D28DDE102E1BD3CCD8C ] C:\Program Files\Windows Live\Contacts\condb.dll
09:45:14.0724 6564 C:\Program Files\Windows Live\Contacts\condb.dll - ok
09:45:14.0728 6564 [ AFBF51D42CD3DE162FA1F53A8C15DA12 ] C:\Program Files\Windows Live\Contacts\conproxy.dll
09:45:14.0728 6564 C:\Program Files\Windows Live\Contacts\conproxy.dll - ok
09:45:14.0733 6564 [ 67EC459E42D3081DD8FD34356F7CAFC1 ] C:\Program Files\Mozilla Firefox\msvcr100.dll
09:45:14.0733 6564 C:\Program Files\Mozilla Firefox\msvcr100.dll - ok
09:45:14.0735 6564 [ A4EE3D80E31D5A3CA8EBE6A67A06CEC0 ] C:\Windows\System32\webcheck.dll
09:45:14.0735 6564 C:\Windows\System32\webcheck.dll - ok
09:45:14.0740 6564 [ E1AC89F6C5252057E6062843E36A6701 ] C:\Windows\System32\SearchProtocolHost.exe
09:45:14.0740 6564 C:\Windows\System32\SearchProtocolHost.exe - ok
09:45:14.0743 6564 [ 22CA9BB95AC4153E014584B18F0569A8 ] C:\Program Files\Mozilla Firefox\mozglue.dll
09:45:14.0743 6564 C:\Program Files\Mozilla Firefox\mozglue.dll - ok
09:45:14.0747 6564 [ 16E2E44C4EC4B22BFB925508D22DD37B ] C:\Program Files\Mozilla Firefox\nspr4.dll
09:45:14.0747 6564 C:\Program Files\Mozilla Firefox\nspr4.dll - ok
09:45:14.0753 6564 [ 03E9314004F504A14A61C3D364B62F66 ] C:\Program Files\Mozilla Firefox\msvcp100.dll
09:45:14.0753 6564 C:\Program Files\Mozilla Firefox\msvcp100.dll - ok
09:45:14.0755 6564 [ 2DDEA2C345DA5BC589EFD398F220DB0E ] C:\Windows\System32\SyncCenter.dll
09:45:14.0755 6564 C:\Windows\System32\SyncCenter.dll - ok
09:45:14.0759 6564 [ E0BA6578EED3E9035955D690E271EF4B ] C:\Program Files\Mozilla Firefox\mozjs.dll
09:45:14.0759 6564 C:\Program Files\Mozilla Firefox\mozjs.dll - ok
09:45:14.0763 6564 [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\Windows\System32\wuaueng.dll
09:45:14.0763 6564 C:\Windows\System32\wuaueng.dll - ok
09:45:14.0766 6564 [ A5D237B8673025B052C0E6FDB6A883E8 ] C:\Windows\System32\msshooks.dll
09:45:14.0766 6564 C:\Windows\System32\msshooks.dll - ok
09:45:14.0770 6564 [ C171D1C50118976EFDB66D2EAE4BC470 ] C:\Program Files\Mozilla Firefox\plc4.dll
09:45:14.0770 6564 C:\Program Files\Mozilla Firefox\plc4.dll - ok
09:45:14.0774 6564 [ 92B9E0393145FDA7B8A159A3EC32E3E7 ] C:\Program Files\Mozilla Firefox\plds4.dll
09:45:14.0774 6564 C:\Program Files\Mozilla Firefox\plds4.dll - ok
09:45:14.0778 6564 [ 8C41E308B8B6F2C1DFFD8293C724900E ] C:\Program Files\Mozilla Firefox\nssutil3.dll
09:45:14.0778 6564 C:\Program Files\Mozilla Firefox\nssutil3.dll - ok
09:45:14.0781 6564 [ C7952D0A4C43A965A1741916BB134751 ] C:\Windows\System32\hgcpl.dll
09:45:14.0781 6564 C:\Windows\System32\hgcpl.dll - ok
09:45:14.0785 6564 [ A6CD6B3F71E13E2E45B727FB8A47EA87 ] C:\Windows\System32\SearchFilterHost.exe
09:45:14.0785 6564 C:\Windows\System32\SearchFilterHost.exe - ok
09:45:14.0788 6564 [ 387A8A473ECC5BA02CF453277C1F3274 ] C:\Windows\System32\mspatcha.dll
09:45:14.0788 6564 C:\Windows\System32\mspatcha.dll - ok
09:45:14.0792 6564 [ 18BE75843430C4F05AC060AE4D574A6B ] C:\Program Files\Mozilla Firefox\nss3.dll
09:45:14.0792 6564 C:\Program Files\Mozilla Firefox\nss3.dll - ok
09:45:14.0796 6564 [ 193FCD8A8ED27A6FF02E073C536C06AA ] C:\Program Files\Mozilla Firefox\smime3.dll
09:45:14.0796 6564 C:\Program Files\Mozilla Firefox\smime3.dll - ok
09:45:14.0800 6564 [ 0176B178B0ABE6AB25FE42326C64559A ] C:\Program Files\Mozilla Firefox\ssl3.dll
09:45:14.0800 6564 C:\Program Files\Mozilla Firefox\ssl3.dll - ok
09:45:14.0803 6564 [ 9AD324B5AF7F7EEDF0E3F28D3B6C5973 ] C:\Program Files\Mozilla Firefox\mozsqlite3.dll
09:45:14.0803 6564 C:\Program Files\Mozilla Firefox\mozsqlite3.dll - ok
09:45:14.0807 6564 [ 93472AF8EFB1E63DFBF2F74BE0BD4033 ] C:\Program Files\Mozilla Firefox\mozalloc.dll
09:45:14.0807 6564 C:\Program Files\Mozilla Firefox\mozalloc.dll - ok
09:45:14.0811 6564 [ 12BBEBAD91CF6374E94F737E6DB0C507 ] C:\Program Files\Mozilla Firefox\gkmedias.dll
09:45:14.0811 6564 C:\Program Files\Mozilla Firefox\gkmedias.dll - ok
09:45:14.0817 6564 [ 068CA24E24E970F275B1AD26E423AE74 ] C:\Program Files\Windows Live\Contacts\consync.dll
09:45:14.0817 6564 C:\Program Files\Windows Live\Contacts\consync.dll - ok
09:45:14.0819 6564 [ 6EF5F3F18413C367195F06E503AB86A6 ] C:\Windows\System32\d3d9.dll
09:45:14.0819 6564 C:\Windows\System32\d3d9.dll - ok
09:45:14.0823 6564 [ DB67C7C62038BDE813CB6486581A7611 ] C:\Windows\System32\mssph.dll
09:45:14.0823 6564 C:\Windows\System32\mssph.dll - ok
09:45:14.0827 6564 [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\Windows\System32\wups.dll
09:45:14.0827 6564 C:\Windows\System32\wups.dll - ok
09:45:14.0830 6564 [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\Windows\System32\wups2.dll
09:45:14.0830 6564 C:\Windows\System32\wups2.dll - ok
09:45:14.0834 6564 [ 7801AFE8E9E15CC19065DD35D35D2680 ] C:\Program Files\Common Files\System\MSMAPI\1033\MSMAPI32.DLL
09:45:14.0834 6564 C:\Program Files\Common Files\System\MSMAPI\1033\MSMAPI32.DLL - ok
09:45:14.0838 6564 [ 2C88B7A18EE8FDB4135B64C603CCBD16 ] C:\Program Files\Microsoft Office\Office12\OLMAPI32.DLL
09:45:14.0838 6564 C:\Program Files\Microsoft Office\Office12\OLMAPI32.DLL - ok
09:45:14.0843 6564 [ BFD17358837F27235BFC1640905C683C ] C:\Program Files\Windows Live\Contacts\PresenceIM.dll
09:45:14.0843 6564 C:\Program Files\Windows Live\Contacts\PresenceIM.dll - ok
09:45:14.0846 6564 [ 77B1471A490B53B24EFE136F09F76550 ] C:\Windows\System32\d3d8thk.dll
09:45:14.0846 6564 C:\Windows\System32\d3d8thk.dll - ok
09:45:14.0850 6564 [ B8956806B33366E28C08C261E746B0B8 ] C:\Program Files\Windows Live\Contacts\livetransport.dll
09:45:14.0850 6564 C:\Program Files\Windows Live\Contacts\livetransport.dll - ok
09:45:14.0854 6564 [ F6EB1CBC95711FC48757518207426FE7 ] C:\Program Files\Steam\bin\friendsUI.dll
09:45:14.0854 6564 C:\Program Files\Steam\bin\friendsUI.dll - ok
09:45:14.0859 6564 [ 531E3414858A817152EDEDE9C1BF9DE3 ] C:\Program Files\Windows Live\Contacts\ObjectStore.dll
09:45:14.0859 6564 C:\Program Files\Windows Live\Contacts\ObjectStore.dll - ok
09:45:14.0862 6564 [ E87FEC12FDF2075E0279898144F05B05 ] C:\Program Files\Steam\bin\ServerBrowser.dll
09:45:14.0862 6564 C:\Program Files\Steam\bin\ServerBrowser.dll - ok
09:45:14.0866 6564 [ 27FF9680FD2FBE75330997DDC3AE0584 ] C:\Program Files\Windows Live\Contacts\abssm.dll
09:45:14.0866 6564 C:\Program Files\Windows Live\Contacts\abssm.dll - ok
09:45:14.0870 6564 [ DD6EED8F1EA31FA36B8247F97E807968 ] C:\Program Files\Mozilla Firefox\xul.dll
09:45:14.0870 6564 C:\Program Files\Mozilla Firefox\xul.dll - ok
09:45:14.0875 6564 [ 7043D485AEAE435312659FF1461F1491 ] C:\Program Files\Common Files\microsoft shared\OFFICE12\MSO.DLL
09:45:14.0875 6564 C:\Program Files\Common Files\microsoft shared\OFFICE12\MSO.DLL - ok
09:45:14.0879 6564 [ ED27D1D75BF5E683AD3EDD9E3123520A ] C:\Windows\System32\inetcomm.dll
09:45:14.0879 6564 C:\Windows\System32\inetcomm.dll - ok
09:45:14.0883 6564 [ B7592E80772071D66336B3EC9B82101D ] C:\Windows\System32\msoert2.dll
09:45:14.0883 6564 C:\Windows\System32\msoert2.dll - ok
09:45:14.0887 6564 [ 9CB30A4E79BE55751312991DE827F6ED ] C:\Windows\System32\INETRES.dll
09:45:14.0887 6564 C:\Windows\System32\INETRES.dll - ok
09:45:14.0891 6564 [ D9BCB480F298718F38C45B3DDEBF0DA7 ] C:\Program Files\Mozilla Firefox\xpcom.dll
09:45:14.0891 6564 C:\Program Files\Mozilla Firefox\xpcom.dll - ok
09:45:14.0895 6564 [ B326F15FEAA40BEE1B2C1CB717CB42DF ] C:\Program Files\Mozilla Firefox\components\browsercomps.dll
09:45:14.0895 6564 C:\Program Files\Mozilla Firefox\components\browsercomps.dll - ok
09:45:14.0898 6564 [ 0C21724A6923C85D1282821DFC48B71E ] C:\Program Files\Microsoft Office\Office12\1033\MAPIR.DLL
09:45:14.0898 6564 C:\Program Files\Microsoft Office\Office12\1033\MAPIR.DLL - ok
09:45:14.0902 6564 [ 6B140B1382F1FE04BA57B196AEB19725 ] C:\Windows\System32\t2embed.dll
09:45:14.0902 6564 C:\Windows\System32\t2embed.dll - ok
09:45:14.0906 6564 [ 1A8B4857F2CAAED89E16B1ED1F24930D ] C:\Program Files\Common Files\microsoft shared\OFFICE12\RICHED20.DLL
09:45:14.0906 6564 C:\Program Files\Common Files\microsoft shared\OFFICE12\RICHED20.DLL - ok
09:45:14.0910 6564 [ 7606B8B56116BEDFBCFECD7107511ED6 ] C:\Program Files\Microsoft Office\Office12\CONTAB32.DLL
09:45:14.0910 6564 C:\Program Files\Microsoft Office\Office12\CONTAB32.DLL - ok
09:45:14.0914 6564 [ D80C1289A285506E3FFFE67E936AA262 ] C:\Program Files\Microsoft Office\Office12\MSPST32.DLL
09:45:14.0914 6564 C:\Program Files\Microsoft Office\Office12\MSPST32.DLL - ok
09:45:14.0918 6564 [ 5E08AC958BE05247FF1539E0D1CE7905 ] C:\Windows\System32\dinput8.dll
09:45:14.0918 6564 C:\Windows\System32\dinput8.dll - ok
09:45:14.0923 6564 [ 77F595DEE5FFACEA72B135B1FCE1312E ] C:\Windows\System32\xinput1_3.dll
09:45:14.0923 6564 C:\Windows\System32\xinput1_3.dll - ok
09:45:14.0926 6564 [ A2631C4465BBCE72B7E371DFB924A9D3 ] C:\Windows\System32\feclient.dll
09:45:14.0926 6564 C:\Windows\System32\feclient.dll - ok
09:45:14.0932 6564 [ 987323F0247D023AD1AE52195540ECE0 ] C:\Windows\System32\mssvp.dll
09:45:14.0932 6564 C:\Windows\System32\mssvp.dll - ok
09:45:14.0937 6564 [ 66FC543011314B0DA6FC240C31A2C58E ] C:\Program Files\Mozilla Firefox\softokn3.dll
09:45:14.0937 6564 C:\Program Files\Mozilla Firefox\softokn3.dll - ok
09:45:14.0941 6564 [ 131F7B10411507306D3049D19E86F97B ] C:\Program Files\Mozilla Firefox\nssdbm3.dll
09:45:14.0941 6564 C:\Program Files\Mozilla Firefox\nssdbm3.dll - ok
09:45:14.0944 6564 [ 279BF886819E8679BE77B2BB81A400C8 ] C:\Program Files\Mozilla Firefox\freebl3.dll
09:45:14.0944 6564 C:\Program Files\Mozilla Firefox\freebl3.dll - ok
09:45:14.0948 6564 [ 9AFBC017FDD2D1F2120F14BE0C38B00C ] C:\Program Files\Mozilla Firefox\nssckbi.dll
09:45:14.0948 6564 C:\Program Files\Mozilla Firefox\nssckbi.dll - ok
09:45:14.0951 6564 [ 3D0F68208608A4B93816AE601CD93848 ] C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
09:45:14.0951 6564 C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll - ok
09:45:14.0955 6564 [ 8B57A1AD493653BB57F281FE75DD175B ] C:\Windows\System32\NaturalLanguage6.dll
09:45:14.0955 6564 C:\Windows\System32\NaturalLanguage6.dll - ok
09:45:14.0959 6564 [ 2992932C1AB1D29A1A4A9E8CB8530CBF ] C:\Windows\System32\NlsData0009.dll
09:45:14.0959 6564 C:\Windows\System32\NlsData0009.dll - ok
09:45:14.0963 6564 [ C8CB301BF896C7C556BBE963FADF5BB6 ] C:\Windows\System32\NlsLexicons0009.dll
09:45:14.0963 6564 C:\Windows\System32\NlsLexicons0009.dll - ok
09:45:14.0967 6564 [ 8888DFA4F99923A91B6C195ED1E8B69F ] C:\Program Files\Skype\Toolbars\Shared\SkypePnr.dll
09:45:14.0967 6564 C:\Program Files\Skype\Toolbars\Shared\SkypePnr.dll - ok
09:45:14.0970 6564 [ 63B282FB2550893724647A359BA2323F ] C:\Windows\System32\Query.dll
09:45:14.0970 6564 C:\Windows\System32\Query.dll - ok
09:45:14.0975 6564 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\Users\Gabriel\Desktop\tdsskiller.exe
09:45:14.0975 6564 C:\Users\Gabriel\Desktop\tdsskiller.exe - ok
09:45:14.0979 6564 [ AB1F1374CE30F0679263A05EF40AFDDC ] C:\Program Files\QuickTime\QuickTimePlayer.exe
09:45:14.0979 6564 C:\Program Files\QuickTime\QuickTimePlayer.exe - ok
09:45:14.0982 6564 [ 8444A7364D6877922049E99BF4B78C5C ] C:\Windows\System32\ELSCore.dll
09:45:14.0982 6564 C:\Windows\System32\ELSCore.dll - ok
09:45:14.0986 6564 [ 7B3FD36359DE5D2EE49D213CCAD13427 ] C:\Windows\System32\elsTrans.dll
09:45:14.0986 6564 C:\Windows\System32\elsTrans.dll - ok
09:45:14.0990 6564 [ 02A2ED8497F437EA200DF3ACED255AFE ] C:\Windows\System32\elslad.dll
09:45:14.0990 6564 C:\Windows\System32\elslad.dll - ok
09:45:14.0994 6564 [ 9AC863FD5976316C29D4CB5E4C9EFD9C ] C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_146.dll
09:45:14.0994 6564 C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_146.dll - ok
09:45:14.0999 6564 [ 4EBF0CF9B48781DA145A147AA7E9E505 ] C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
09:45:14.0999 6564 C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe - ok
09:45:15.0003 6564 [ 816B681CC308FAA128EDCB90643DCED7 ] C:\Windows\System32\icm32.dll
09:45:15.0003 6564 C:\Windows\System32\icm32.dll - ok
09:45:15.0007 6564 [ 19F75D71E4256F5113D64CE2BB66B838 ] C:\Windows\System32\slwga.dll
09:45:15.0007 6564 C:\Windows\System32\slwga.dll - ok
09:45:15.0011 6564 [ 8E4B58E12B3FA65ED1462846906E0B59 ] C:\Windows\System32\sppc.dll
09:45:15.0011 6564 C:\Windows\System32\sppc.dll - ok
09:45:15.0014 6564 [ 2E0B0A051FFAA86E358465BB0880D453 ] C:\Windows\System32\wuauclt.exe
09:45:15.0014 6564 C:\Windows\System32\wuauclt.exe - ok
09:45:15.0018 6564 [ 285C594C4913FA9DC7BB6BA3AD6F101A ] C:\Windows\System32\wucltux.dll
09:45:15.0018 6564 C:\Windows\System32\wucltux.dll - ok
09:45:15.0021 6564 [ 4FE6AA4422BEC5DC3995051C670FFB26 ] C:\Windows\System32\advpack.dll
09:45:15.0021 6564 C:\Windows\System32\advpack.dll - ok
09:45:15.0025 6564 [ 2C49B175AEE1D4364B91B531417FE583 ] C:\Windows\servicing\TrustedInstaller.exe
09:45:15.0025 6564 C:\Windows\servicing\TrustedInstaller.exe - ok
09:45:15.0029 6564 [ 5B3D1C528CD6674FF6BD1F6720F5A686 ] C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\CbsCore.dll
09:45:15.0029 6564 C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\CbsCore.dll - ok
09:45:15.0032 6564 [ 0C0DF0F05BAEA320FA301F34E256E08B ] C:\Windows\System32\dpx.dll
09:45:15.0032 6564 C:\Windows\System32\dpx.dll - ok
09:45:15.0036 6564 [ 8896EF6DEBA34C5507A488729A1D3AF2 ] C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\wcp.dll
09:45:15.0036 6564 C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\wcp.dll - ok
09:45:15.0043 6564 [ 4CCF86AAD1B67168FB51A477307EC288 ] C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\DrUpdate.dll
09:45:15.0043 6564 C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\DrUpdate.dll - ok
09:45:15.0049 6564 [ AA376FE53D239EC404AD28AA14F33564 ] C:\Windows\System32\srclient.dll
09:45:15.0049 6564 C:\Windows\System32\srclient.dll - ok
09:45:15.0055 6564 [ 971A36C4827AD1AE2A54E6407478921A ] C:\Windows\System32\spp.dll
09:45:15.0055 6564 C:\Windows\System32\spp.dll - ok
09:45:15.0061 6564 [ C9B89E87CB6D87FA4CC3F04EBC9F3D1C ] C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\wrpint.dll
09:45:15.0061 6564 C:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\wrpint.dll - ok
09:45:15.0066 6564 [ BBED6A14692C48279F88B3127206A1BA ] C:\Windows\System32\sxsstore.dll
09:45:15.0066 6564 C:\Windows\System32\sxsstore.dll - ok
09:45:15.0069 6564 [ CE292C4C10B8DB6070F262EA2733F0DC ] C:\Windows\System32\sqmapi.dll
09:45:15.0069 6564 C:\Windows\System32\sqmapi.dll - ok
09:45:15.0073 6564 [ 665748B8F1770EFE09AC75D8EC020100 ] C:\Windows\servicing\CbsApi.dll
09:45:15.0073 6564 C:\Windows\servicing\CbsApi.dll - ok
09:45:15.0078 6564 [ 347AAE83C7C7B787CED89544532AA47D ] C:\Windows\System32\PhotoMetadataHandler.dll
09:45:15.0078 6564 C:\Windows\System32\PhotoMetadataHandler.dll - ok
09:45:15.0080 6564 ============================================================
09:45:15.0080 6564 Scan finished
09:45:15.0080 6564 ============================================================
09:45:15.0093 6656 Detected object count: 10
09:45:15.0093 6656 Actual detected object count: 10
09:45:56.0190 6656 ADMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
09:45:56.0190 6656 ADMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:45:56.0190 6656 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:45:56.0190 6656 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:45:56.0191 6656 Autodesk Network Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:45:56.0191 6656 Autodesk Network Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:45:56.0194 6656 CrashPlanService ( UnsignedFile.Multi.Generic ) - skipped by user
09:45:56.0194 6656 CrashPlanService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:45:56.0194 6656 dtsvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:45:56.0194 6656 dtsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:45:56.0195 6656 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
09:45:56.0195 6656 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:45:56.0197 6656 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
09:45:56.0197 6656 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:45:56.0198 6656 SUService ( UnsignedFile.Multi.Generic ) - skipped by user
09:45:56.0198 6656 SUService ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:45:56.0199 6656 ThinkVantage Registry Monitor Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:45:56.0199 6656 ThinkVantage Registry Monitor Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:45:56.0202 6656 TVT Backup Service ( UnsignedFile.Multi.Generic ) - skipped by user
09:45:56.0202 6656 TVT Backup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:46:25.0899 4484 Deinitialize success
  • 0

#5
gabybaby

gabybaby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
ComboFix 13-02-03.03 - Gabriel 02/05/2013 9:58.4.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2520.790 [GMT -8:00]
Running from: c:\users\Gabriel\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Kaspersky Anti-Virus *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Images
c:\images\1072009_4r_1.bmp
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\RCIMGDIR.exe.lnk
c:\programdata\Roaming
c:\users\Gabriel\AppData\Roaming\1A511F
c:\windows\system32\
c:\windows\system32\SETE00D.tmp
c:\windows\TEMP\jna3631678122431405073.dll
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-01-05 to 2013-02-05 )))))))))))))))))))))))))))))))
.
.
2013-02-05 18:09 . 2013-02-05 18:12 -------- d-----w- c:\users\Gabriel\AppData\Local\temp
2013-02-05 18:09 . 2013-02-05 18:09 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-02-05 18:09 . 2013-02-05 18:09 -------- d-----w- c:\users\Default\AppData\Local\temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 06:30 . 2012-07-18 20:43 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-09 06:30 . 2011-06-22 16:38 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-24 04:23 . 2012-12-24 04:23 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-24 04:23 . 2012-05-05 00:24 859072 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-12-24 04:23 . 2010-04-18 19:07 779704 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-22 02:56 . 2012-12-12 12:54 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-12 11:52 . 2012-12-12 12:53 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-09 04:42 . 2012-12-12 12:53 2048 ----a-w- c:\windows\system32\tzres.dll
2013-01-19 08:13 . 2013-01-19 08:13 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Steam"="c:\program files\steam\steam.exe" [2012-12-07 1354736]
"PlayOn"="c:\program files\MediaMall\PlayOn.exe" [2013-01-31 53248]
"Akamai NetSession Interface"="c:\users\Gabriel\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"WLSync"="c:\program files\Windows Live\Mesh\WLSync.exe" [2012-03-09 1449824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-23 1725736]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-08-04 358424]
"TpShocks"="TpShocks.exe" [2009-07-09 337184]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-22 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-22 151064]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-08-23 709920]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-06 186904]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2009-08-20 33304]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2010-08-18 340520]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-09-24 202256]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"TPFanControl"="c:\program files\TPFanControl\TPFanControl.exe" [2010-04-23 154112]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-11 2254768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-2-10 110592]
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-4 11000]
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-7-1 795936]
CrashPlan Tray.lnk - c:\program files\CrashPlan\CrashPlanTray.exe [2011-2-10 217088]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-1-27 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [x]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 PCDSRVC{3037D694-FD904ACA-06020101}_0;PCDSRVC{3037D694-FD904ACA-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [x]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [x]
S2 CrashPlanService;CrashPlan Backup Service;c:\program files\CrashPlan\CrashPlanService.exe [x]
S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [x]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [x]
S2 MediaMall Server;MediaMall Server;c:\program files\MediaMall\MediaMallServer.exe [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [x]
S2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [x]
S2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [x]
S3 5U875UVC;Integrated Camera;c:\windows\system32\DRIVERS\5U875.sys [x]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [x]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 06:30]
.
2011-11-14 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2010-12-13 21:55]
.
2013-02-04 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdrcui.exe [2010-12-13 21:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://m.www.yahoo.com/
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{739DBB35-D90A-4942-9415-A42119EFECEC}: DhcpNameServer = 192.168.1.1
DPF: {12193C65-F0E1-4DD1-AD4E-DB73C6911011} - file:///E:/activeX/DCP.cab
DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} - hxxps://www.mydlink.com/8D/activeX//aplugLiteDL.cab
FF - ProfilePath - c:\users\Gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\61ra9znk.default\
FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Windows Live Sync - c:\program files\Windows Live\Sync\WindowsLiveSync.exe
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
SafeBoot-21842029.sys
.
.
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
copy of MBR has been found in sector 9 !
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{3037D694-FD904ACA-06020101}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3112)
c:\program files\PC-Doctor\ATLPcdToolbar571733.dll
c:\program files\ThinkPad\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\taskhost.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\program files\ThinkPad\Bluetooth Software\btwdins.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2013-02-05 10:20:25 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-05 18:20
ComboFix2.txt 2010-08-28 16:14
ComboFix3.txt 2010-08-27 23:10
.
Pre-Run: 30,950,305,792 bytes free
Post-Run: 30,889,115,648 bytes free
.
- - End Of File - - F17A86EADF122FCB7EBD3B1776F1FE04
  • 0

#6
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi gabybaby,

Combofix did great job. Let's continue.

Step 1

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post

Step 2

  • Run OTL.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

Step 3

Please don't forget to include these items in your reply:

  • OTL log
  • VRT log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#7
gabybaby

gabybaby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Dear Mailprog,

I tried to download the virus removal tool as you instructed from the link, the virus software won't allow it - it says that the tool itself has a virus:

----------------------------------------------------

Kaspersky
Anti-Virus 2010
Access denied
The requested URL could not be retrieved

While trying to retrieve the URL:

http://devbuilds.kaspersky-labs.com/
devbuilds/AVPTool/avptool11/setup_11.0.0.
1245.x01_2013_01_29_22_08.exe

The following threat was encountered:

The requested object is INFECTED with the following viruses: Trojan-GameThief.Win32.Magania.ahlu
Generated:
11:59:51 PM
Kaspersky Anti-Virus 2010

-----------------------------------------------

With this in mind, please make a recommendation for my next step.

Best regards,
  • 0

#8
gabybaby

gabybaby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Sorry, I meant to call you Maliprog in my last message.
  • 0

#9
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK then. Can you scan system with your Kaspersky 2010 that you have installed. When it finish with scan post log with results.

After that do OTL scan as I describe above.
  • 0

#10
gabybaby

gabybaby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Thanks Maliprog - here is the KAV log:


______________________________________________


Full Scan: completed 23 minutes ago (events: 45, objects: 1571929, time: 01:16:35)
2/6/2013 10:53:25 PM Task started
2/6/2013 10:56:27 PM Task stopped
2/6/2013 11:56:56 PM Task started
2/6/2013 11:58:20 PM Processing error c:\Documents and Settings\All Users\CrashPlan\cache\cpgft1 Read error
2/7/2013 12:24:30 AM Detected: Exploit.Java.CVE-2012-1723.jd c:\Documents and Settings\Gabriel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\165d904d-3d8508a5/Bar.class
2/7/2013 12:24:30 AM Detected: HEUR:Exploit.Java.CVE-2012-0507.gen c:\Documents and Settings\Gabriel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\4b247900-4a52a2d9
2/7/2013 12:24:30 AM Detected: HEUR:Exploit.Java.CVE-2012-1723.gen c:\Documents and Settings\Gabriel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\5cf2908c-630404b2
2/7/2013 12:24:31 AM Untreated: HEUR:Exploit.Java.CVE-2012-0507.gen c:\Documents and Settings\Gabriel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\4b247900-4a52a2d9 Skipped by user
2/7/2013 12:24:31 AM Untreated: HEUR:Exploit.Java.CVE-2012-1723.gen c:\Documents and Settings\Gabriel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\5cf2908c-630404b2 Skipped by user
2/7/2013 12:24:31 AM Deleted: Exploit.Java.CVE-2012-1723.jd c:\Documents and Settings\Gabriel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\165d904d-3d8508a5/Bar.class
2/7/2013 12:24:31 AM Detected: Exploit.Java.CVE-2012-1723.jd c:\Documents and Settings\Gabriel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\165d904d-3d8508a5/Esia.class
2/7/2013 12:24:31 AM Deleted: Exploit.Java.CVE-2012-1723.jd c:\Documents and Settings\Gabriel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\165d904d-3d8508a5/Esia.class
2/7/2013 12:24:31 AM Detected: HEUR:Exploit.Java.CVE-2012-0507.gen c:\Documents and Settings\Gabriel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\43466a51-7eb25564
2/7/2013 12:24:31 AM Untreated: HEUR:Exploit.Java.CVE-2012-0507.gen c:\Documents and Settings\Gabriel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\43466a51-7eb25564 Skipped by user
2/7/2013 12:24:32 AM Detected: Trojan.Win32.FakeAV.nozm c:\Documents and Settings\Gabriel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\34d3c727-5a6a9f64/xgfbxwitqgs
2/7/2013 12:24:32 AM Deleted: Trojan.Win32.FakeAV.nozm c:\Documents and Settings\Gabriel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\34d3c727-5a6a9f64/xgfbxwitqgs
2/7/2013 12:24:32 AM Disinfected: HEUR:Exploit.Java.CVE-2012-1723.a.silent.4 c:\Documents and Settings\Gabriel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\34d3c727-5a6a9f64
2/7/2013 12:24:32 AM Disinfected: HEUR:Exploit.Java.CVE-2012-1723.a.silent.4 c:\Documents and Settings\Gabriel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\34d3c727-5a6a9f64
2/7/2013 12:24:34 AM Detected: HEUR:Exploit.Java.CVE-2012-0507.gen c:\Documents and Settings\Gabriel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\2d76daae-15ca3174
2/7/2013 12:24:34 AM Untreated: HEUR:Exploit.Java.CVE-2012-0507.gen c:\Documents and Settings\Gabriel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\2d76daae-15ca3174 Skipped by user
2/7/2013 12:24:35 AM Detected: Exploit.Java.CVE-2012-0507.eq c:\Documents and Settings\Gabriel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\373958b1-3a9350d8/jmennvlywkscqdbp/twtndqmjecgs.class
2/7/2013 12:24:35 AM Deleted: Exploit.Java.CVE-2012-0507.eq c:\Documents and Settings\Gabriel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\373958b1-3a9350d8/jmennvlywkscqdbp/twtndqmjecgs.class
2/7/2013 12:24:37 AM Detected: Exploit.Java.CVE-2010-0094.aw c:\Documents and Settings\Gabriel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\5b0baa7e-19196b03/main.class
2/7/2013 12:24:37 AM Deleted: Exploit.Java.CVE-2010-0094.aw c:\Documents and Settings\Gabriel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\5b0baa7e-19196b03/main.class
2/7/2013 12:31:47 AM Task stopped
2/7/2013 8:16:58 AM Task started
2/7/2013 10:24:13 AM Processing error c:\ProgramData\CrashPlan\cache\cpgft1 Read error
2/7/2013 10:27:54 AM Task stopped
2/7/2013 11:42:22 PM Task started
2/7/2013 11:54:54 PM Processing error c:\Users\All Users\CrashPlan\cache\cpgft1 Read error
2/8/2013 12:12:27 AM Detected: HEUR:Exploit.Java.CVE-2012-0507.gen c:\Users\Gabriel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\4b247900-4a52a2d9
2/8/2013 12:12:27 AM Detected: HEUR:Exploit.Java.CVE-2012-1723.gen c:\Users\Gabriel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\5cf2908c-630404b2
2/8/2013 12:12:27 AM Untreated: HEUR:Exploit.Java.CVE-2012-0507.gen c:\Users\Gabriel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\4b247900-4a52a2d9 Skipped by user
2/8/2013 12:12:27 AM Untreated: HEUR:Exploit.Java.CVE-2012-1723.gen c:\Users\Gabriel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\5cf2908c-630404b2 Skipped by user
2/8/2013 12:12:28 AM Detected: HEUR:Exploit.Java.CVE-2012-0507.gen c:\Users\Gabriel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\43466a51-7eb25564
2/8/2013 12:12:28 AM Untreated: HEUR:Exploit.Java.CVE-2012-0507.gen c:\Users\Gabriel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\43466a51-7eb25564 Skipped by user
2/8/2013 12:12:29 AM Detected: HEUR:Exploit.Java.CVE-2012-0507.gen c:\Users\Gabriel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\2d76daae-15ca3174
2/8/2013 12:12:29 AM Untreated: HEUR:Exploit.Java.CVE-2012-0507.gen c:\Users\Gabriel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\2d76daae-15ca3174 Skipped by user
2/8/2013 12:12:29 AM Detected: HEUR:Exploit.Java.CVE-2012-0507.gen c:\Users\Gabriel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\373958b1-3a9350d8
2/8/2013 12:12:29 AM Untreated: HEUR:Exploit.Java.CVE-2012-0507.gen c:\Users\Gabriel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\373958b1-3a9350d8 Skipped by user
2/8/2013 12:28:12 AM Task stopped
2/8/2013 9:03:17 AM Task started
2/8/2013 9:21:24 AM Detected: Backdoor.Win32.ZAccess.xpv c:\Windows\assembly\GAC\Desktop.ini
2/8/2013 9:21:36 AM Deleted: Backdoor.Win32.ZAccess.xpv c:\Windows\assembly\GAC\Desktop.ini
2/8/2013 10:19:52 AM Task completed
Rootkit Scan: completed 11 hours ago (events: 2, objects: 7370, time: 00:35:54)
2/7/2013 10:32:10 PM Task started
2/7/2013 11:08:04 PM Task completed


________________________________________________
  • 0

Advertisements


#11
gabybaby

gabybaby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Here is the OTL log:


________________________________________


OTL logfile created on: 2/8/2013 10:54:18 AM - Run 8
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gabriel\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.46 Gb Total Physical Memory | 0.68 Gb Available Physical Memory | 27.67% Memory free
4.92 Gb Paging File | 3.06 Gb Available in Paging File | 62.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.15 Gb Total Space | 27.81 Gb Free Space | 9.69% Space Free | Partition Type: NTFS
Drive Q: | 9.77 Gb Total Space | 3.04 Gb Free Space | 31.14% Space Free | Partition Type: NTFS

Computer Name: GABRIEL-W500 | User Name: Gabriel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/07 13:48:31 | 003,491,120 | ---- | M] (MediaMall Technologies, Inc.) -- C:\Program Files\MediaMall\MediaMallServer.exe
PRC - [2013/02/07 13:45:43 | 000,053,248 | ---- | M] (MediaMall Technologies, Inc.) -- C:\Program Files\MediaMall\PlayOn.exe
PRC - [2013/02/04 08:36:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gabriel\Desktop\OTL.exe
PRC - [2013/01/31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/01/19 22:05:36 | 000,541,608 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe
PRC - [2012/12/18 11:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/10 17:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/12/10 17:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2012/12/06 16:01:31 | 001,354,736 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2012/10/09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Gabriel\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/10/04 06:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/02/23 11:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2011/10/28 09:32:16 | 001,744,312 | ---- | M] (Lavasoft Limited ) -- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
PRC - [2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/10 10:55:04 | 000,152,576 | ---- | M] (CrashPlan) -- C:\Program Files\CrashPlan\CrashPlanService.exe
PRC - [2011/02/10 10:54:34 | 000,217,088 | ---- | M] (Code 42 Software, Inc.) -- C:\Program Files\CrashPlan\CrashPlanTray.exe
PRC - [2010/11/20 04:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/19 13:25:18 | 000,866,576 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2010/10/19 13:02:42 | 000,477,456 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010/09/24 12:22:04 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/08/18 07:20:29 | 000,340,520 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
PRC - [2010/04/23 11:21:00 | 000,154,112 | ---- | M] (troubadix) -- C:\Program Files\TPFanControl\TPFanControl.exe
PRC - [2010/04/22 23:16:46 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2010/01/13 14:44:52 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2009/09/27 23:27:20 | 000,144,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\ZOOM\TpScrex.exe
PRC - [2009/09/13 21:14:28 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2009/08/31 23:32:20 | 000,098,304 | ---- | M] () -- C:\Windows\System32\DTS.exe
PRC - [2009/08/31 23:28:04 | 001,692,920 | ---- | M] (AuthenTec, Inc.) -- C:\Windows\System32\AtService.exe
PRC - [2009/08/23 20:00:30 | 000,352,256 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/23 20:00:02 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/08/19 16:38:30 | 000,062,752 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe
PRC - [2009/08/06 12:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/08/06 12:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/07/14 17:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009/07/13 17:14:21 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ipconfig.exe
PRC - [2009/07/13 01:07:48 | 000,021,096 | ---- | M] (The Within Network, LLC) -- C:\Windows\UnsignedThemesSvc.exe
PRC - [2009/07/01 18:03:12 | 002,352,416 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTStackServer.exe
PRC - [2009/07/01 18:03:12 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
PRC - [2009/07/01 18:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
PRC - [2009/05/27 22:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
PRC - [2009/03/13 00:32:48 | 000,068,976 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2009/02/02 01:04:10 | 000,067,432 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/01/04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/11/03 10:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac7302\Monitor.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/19 22:08:21 | 000,647,168 | ---- | M] () -- C:\Program Files\Steam\sdl.dll
MOD - [2013/01/19 22:05:32 | 020,320,240 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll
MOD - [2013/01/19 22:05:26 | 000,969,640 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll
MOD - [2013/01/19 22:05:25 | 001,100,800 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-53.dll
MOD - [2013/01/19 22:05:25 | 000,192,000 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-53.dll
MOD - [2013/01/19 22:05:25 | 000,124,416 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-51.dll
MOD - [2012/11/15 03:44:06 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\17796f2951c17ebf92dd4b7c9b3ce556\System.ServiceProcess.ni.dll
MOD - [2012/11/15 03:43:07 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012/11/15 03:43:00 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/11/15 03:42:36 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/15 03:42:19 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/03/15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/09/04 07:19:30 | 000,644,096 | ---- | M] () -- C:\Program Files\IZArc\IZArcCM.dll
MOD - [2009/08/23 10:04:00 | 000,030,720 | ---- | M] () -- C:\Program Files\ThinkPad\Utilities\US\PWMRT32V.DLL
MOD - [2009/05/27 22:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe


========== Services (SafeList) ==========

SRV - [2013/02/07 13:48:31 | 003,491,120 | ---- | M] (MediaMall Technologies, Inc.) [Auto | Running] -- C:\Program Files\MediaMall\MediaMallServer.exe -- (MediaMall Server)
SRV - [2013/02/06 22:17:16 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/31 10:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/01/19 22:05:36 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/01/08 22:30:21 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 11:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/10 17:29:44 | 001,435,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/28 09:32:11 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/07/29 16:40:40 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/02/10 10:55:04 | 000,152,576 | ---- | M] (CrashPlan) [Auto | Running] -- C:\Program Files\CrashPlan\CrashPlanService.exe -- (CrashPlanService)
SRV - [2010/10/19 13:25:18 | 000,866,576 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2010/10/19 13:02:42 | 000,477,456 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2010/08/18 07:20:29 | 000,340,520 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)
SRV - [2010/03/03 03:00:27 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/01/29 12:52:07 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/09/24 22:55:56 | 000,015,872 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2009/09/13 21:14:28 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS)
SRV - [2009/08/31 23:32:20 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Windows\System32\DTS.exe -- (dtsvc)
SRV - [2009/08/31 23:32:16 | 000,106,496 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\ADMonitor.exe -- (ADMonitor)
SRV - [2009/08/31 23:28:04 | 001,692,920 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Windows\System32\AtService.exe -- (ATService)
SRV - [2009/08/28 14:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2009/08/23 20:00:02 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/08/23 10:04:00 | 000,075,040 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)
SRV - [2009/08/06 12:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/08/04 21:32:42 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/08/03 19:00:14 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS)
SRV - [2009/07/14 17:18:02 | 000,062,320 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2009/07/13 17:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 01:07:48 | 000,021,096 | ---- | M] (The Within Network, LLC) [Auto | Running] -- C:\Windows\UnsignedThemesSvc.exe -- (UnsignedThemes)
SRV - [2009/07/03 01:47:10 | 000,045,424 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2009/07/01 18:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/04/28 18:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2008/06/05 22:41:12 | 001,322,648 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe -- (Autodesk Network Licensing Service)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/01/04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Gabriel\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2011/08/18 14:25:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2011/08/18 14:25:12 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/12/13 13:55:54 | 000,021,744 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc.pkms -- (PCDSRVC{3037D694-FD904ACA-06020101}_0)
DRV - [2010/11/20 04:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 04:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 04:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 02:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 01:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 01:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 01:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/18 01:20:48 | 007,122,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32)
DRV - [2010/04/14 01:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2010/04/07 22:04:04 | 000,223,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6232.sys -- (e1yexpress)
DRV - [2010/01/29 12:23:32 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2010/01/27 19:01:19 | 000,033,088 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2009/10/14 21:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\klbg.sys -- (klbg)
DRV - [2009/10/14 09:59:38 | 000,022,696 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\povrtdev.sys -- (msvad_simple)
DRV - [2009/10/02 19:39:36 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/23 09:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/09/21 18:47:10 | 005,946,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdpmd32.sys -- (intelkmd)
DRV - [2009/09/15 12:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32)
DRV - [2009/09/14 20:30:00 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/09/14 19:36:00 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/09/14 14:46:36 | 000,021,520 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009/09/07 01:00:00 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/09/01 15:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2009/09/01 01:44:16 | 000,485,376 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2009/08/23 20:32:48 | 005,073,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/08/23 20:32:48 | 005,073,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
DRV - [2009/08/23 19:09:56 | 000,106,496 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2009/08/23 10:04:00 | 000,011,552 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\TPPWR32V.SYS -- (TPPWRIF)
DRV - [2009/07/21 21:56:22 | 000,459,264 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2009/07/13 15:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 15:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 14:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/07/13 01:07:46 | 000,025,448 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\uxpatch.sys -- (uxpatch)
DRV - [2009/07/07 22:12:52 | 000,072,320 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\5U875.sys -- (5U875UVC)
DRV - [2009/07/02 10:16:22 | 000,038,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2009/07/01 01:05:10 | 000,232,472 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\iaNvStor.sys -- (iaNvStor)
DRV - [2009/06/29 13:51:04 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2009/06/29 13:51:02 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2009/06/22 19:49:58 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/04/28 18:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2008/12/26 11:56:04 | 000,017,792 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vcsvad.sys -- (VCSVADHWSer)
DRV - [2008/05/12 01:04:04 | 000,013,480 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\System32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2008/01/15 09:17:12 | 000,458,496 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PAC7302.SYS -- (PAC7302)
DRV - [2007/04/17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006/10/13 02:21:00 | 000,020,512 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (TVicPort)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {2E91A6D6-253A-4FE1-84E7-F8ABD8E50297}
IE - HKLM\..\SearchScopes\{2E91A6D6-253A-4FE1-84E7-F8ABD8E50297}: "URL" = http://www.bing.com/...c=IE-SearchBox;

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {2E91A6D6-253A-4FE1-84E7-F8ABD8E50297}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://m.www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: %7B77b819fa-95ad-4f2c-ac7c-486b356188a9%7D:2.0.20120203
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0034-ABCDEFFEDCBA%7D:6.0.34
FF - prefs.js..extensions.enabledAddons: %7B82AF8DCA-6DE9-405D-BD5E-43525BDAD38A%7D:6.6.0.11664
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:9.0.0.736
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.30
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.1
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/06 22:17:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/19 00:13:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{CFB336FE-D07D-11E1-8270-B8AC6F996F26}: C:\Users\Gabriel\AppData\Local\{CFB336FE-D07D-11E1-8270-B8AC6F996F26}\ [2012/07/17 18:11:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/06 22:17:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/19 00:13:18 | 000,000,000 | ---D | M]

[2010/02/04 15:39:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gabriel\AppData\Roaming\Mozilla\Extensions
[2012/11/06 16:56:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\61ra9znk.default\extensions
[2012/11/06 16:56:13 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\61ra9znk.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2012/06/28 00:12:51 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\61ra9znk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/11/16 10:41:58 | 000,000,000 | ---D | M] (Disconnect) -- C:\Users\Gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\61ra9znk.default\extensions\[email protected]
[2013/01/19 00:13:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/02/07 10:03:03 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/01/19 00:13:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2013/01/19 00:13:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/01/19 00:13:12 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2013/02/06 22:17:18 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/13 14:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/08/30 22:02:07 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/19 15:46:37 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com

O1 HOSTS File: ([2013/02/05 10:12:24 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation)
O4 - HKLM..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\tpfnf6r.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\Pac7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [PWMTRV] C:\Program Files\ThinkPad\Utilities\PWMTR32V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPFanControl] C:\Program Files\TPFanControl\TPFanControl.exe (troubadix)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Gabriel\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [PlayOn] C:\Program Files\MediaMall\PlayOn.exe (MediaMall Technologies, Inc.)
O4 - HKCU..\Run: [Steam] c:\program files\steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {12193C65-F0E1-4DD1-AD4E-DB73C6911011} file:///E:/activeX/DCP.cab (DCPForm Control 1.0.1.1)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://navigatela.la...ad/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)
O16 - DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} https://www.mydlink....aplugLiteDL.cab (Gif89 Lite +Audio Class)
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} http://www-307.ibm.c...rt/IbmEgath.cab (IBM Access Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.10.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72C32C4B-597A-4FC1-8E49-96AA5E393656}: DhcpNameServer = 66.51.205.100 156.154.71.16 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{739DBB35-D90A-4942-9415-A42119EFECEC}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/03/15 15:54:58 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/07 00:36:20 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{B68E54EB-808B-4F5C-AEEF-9B4FF68E6C5B}
[2013/02/06 00:35:01 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{8E0E6C2D-2B45-4A74-8BEA-D2E34F59ED4A}
[2013/02/05 12:34:32 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{F2B9B9E0-EDCC-4767-8B9A-398FF1CB319E}
[2013/02/05 10:12:29 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/02/05 10:09:11 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\temp
[2013/02/05 09:50:09 | 005,029,686 | R--- | C] (Swearware) -- C:\Users\Gabriel\Desktop\ComboFix.exe
[2013/02/05 09:26:53 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Gabriel\Desktop\tdsskiller.exe
[2013/02/04 22:37:25 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{47FE82BA-D95D-4167-B070-01AA1F59A1A9}
[2013/02/04 10:36:33 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{9EE6EAFE-2D1B-424C-A4D3-3985972D1EF3}
[2013/02/04 08:36:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gabriel\Desktop\OTL.exe
[2013/02/03 22:35:47 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{03018DB0-4EEA-4591-B5E2-3DE845226A06}
[2013/02/01 22:33:19 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{036BAB42-64AF-4843-B799-5C7740408956}
[2013/01/31 22:31:58 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{91CBE68D-DDCE-4CFA-B1E7-BA7D8B6A1EE9}
[2013/01/29 10:29:18 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{B5CAADDF-0C72-4772-9FC2-B8C5AB7C82DF}
[2013/01/28 22:28:45 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{4D231521-4CD7-4FB0-890F-405BEA6B84C3}
[2013/01/27 22:27:45 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{5D6E27AA-2620-4CF7-A0A2-2CCB9CD2FE5C}
[2013/01/23 10:10:13 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{3A1D30F0-74F8-4B19-ABA7-FCFCD9244BBF}
[2013/01/21 10:07:42 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{549D46DE-7175-4B5B-96CC-CE8CC3E1BFE8}
[2013/01/19 22:06:07 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{BDE96F3A-1BF4-4312-B143-1D25AA049F9E}
[2013/01/19 00:13:09 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/01/17 20:23:27 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{3C28421D-C6F0-4A0A-9E27-FB1A7B19A82F}
[2013/01/16 20:22:06 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{A3C7CC7E-3223-4034-97D2-D68FC736E5D9}
[2013/01/15 08:20:49 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{2E218584-B0EA-4E74-BE96-7A6FC98BA3DE}
[2013/01/14 01:24:02 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{2698549A-8F17-4312-95C3-489C45EAFCFB}
[2013/01/12 01:21:33 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{B7AEA682-D931-4EA9-BA2F-CFC48FCE7D18}
[2013/01/11 13:20:53 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{7B6A4CF6-51BF-442A-9F54-2419160A1B5D}
[2013/01/11 01:20:06 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{C893A486-EF60-42CE-8AB4-61936CAC7685}
[2013/01/10 14:15:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox.bak
[2013/01/10 13:19:26 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{DBEC1F98-3050-427D-87AA-C9A4B26B781D}
[2013/01/10 01:18:00 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{648543AD-3B7B-40F3-91F7-5FAEEDE6B891}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/08 10:57:08 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2013/02/08 10:57:08 | 000,000,044 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2013/02/08 10:50:51 | 000,000,437 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2013/02/08 10:50:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/08 10:49:48 | 1981,816,832 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/08 10:30:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/07 14:03:50 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013/02/06 22:17:34 | 000,002,001 | ---- | M] () -- C:\Users\Gabriel\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/02/06 22:16:12 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/06 22:16:12 | 000,016,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/06 13:20:10 | 000,710,158 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/06 13:20:10 | 000,139,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/02/05 10:12:24 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/02/05 10:11:39 | 000,000,362 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/02/05 09:50:48 | 005,029,686 | R--- | M] (Swearware) -- C:\Users\Gabriel\Desktop\ComboFix.exe
[2013/02/05 09:28:10 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Gabriel\Desktop\tdsskiller.exe
[2013/02/04 08:36:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gabriel\Desktop\OTL.exe
[2013/02/04 08:01:38 | 000,531,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/28 22:13:35 | 000,015,578 | ---- | M] () -- C:\Users\Gabriel\Documents\PrintPayBill__adf.dialog=true&_adf 01-28-13.pdf
[2013/01/23 22:32:56 | 000,017,519 | ---- | M] () -- C:\Users\Gabriel\Documents\One Time Payment Confirmation Printer Friendly 01-23-13.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/28 22:13:59 | 000,015,578 | ---- | C] () -- C:\Users\Gabriel\Documents\PrintPayBill__adf.dialog=true&_adf 01-28-13.pdf
[2013/01/23 22:33:13 | 000,017,519 | ---- | C] () -- C:\Users\Gabriel\Documents\One Time Payment Confirmation Printer Friendly 01-23-13.pdf
[2012/02/19 01:18:45 | 000,000,283 | ---- | C] () -- C:\Windows\Lightspeed!.ini
[2012/01/25 12:32:23 | 000,000,000 | ---- | C] () -- C:\Users\Gabriel\AppData\Local\{B9C9D6B5-DC34-47F5-B143-B45E82285672}
[2012/01/03 12:30:14 | 000,000,000 | ---- | C] () -- C:\Users\Gabriel\AppData\Local\{0F7BA92B-4675-4A90-A7AA-F345ECF06E14}
[2011/10/21 08:18:00 | 000,000,000 | ---- | C] () -- C:\Users\Gabriel\AppData\Local\{C706DC2B-B225-4C64-AC80-432662E0D68A}
[2011/10/14 13:34:16 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011/09/18 12:03:17 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/09/18 12:03:17 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011/09/15 15:59:52 | 000,007,609 | ---- | C] () -- C:\Users\Gabriel\AppData\Local\Temp7.html
[2011/09/15 15:59:19 | 000,001,892 | ---- | C] () -- C:\Users\Gabriel\AppData\Local\Temp1.html
[2011/06/03 17:04:16 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/03/30 11:25:55 | 000,000,133 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/02/22 20:47:12 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2010/09/24 15:13:17 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/08/20 11:44:43 | 000,007,619 | ---- | C] () -- C:\Users\Gabriel\AppData\Local\Resmon.ResmonCfg
[2010/04/18 12:11:31 | 000,870,128 | ---- | C] () -- C:\Users\Gabriel\AppData\Roaming\mcs.rma
[2010/03/14 08:49:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2011/11/16 21:38:39 | 000,002,048 | -HS- | M] () -- C:\Windows\Installer\{81304e1f-4597-e6ae-6928-92a6cb72393f}\@
[2011/11/16 21:38:39 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{81304e1f-4597-e6ae-6928-92a6cb72393f}\L
[2012/07/18 12:38:16 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{81304e1f-4597-e6ae-6928-92a6cb72393f}\U
[2012/07/18 11:51:54 | 000,002,048 | -HS- | M] () -- C:\Users\Gabriel\AppData\Local\{81304e1f-4597-e6ae-6928-92a6cb72393f}\@
[2012/07/24 18:38:21 | 000,000,000 | -HSD | M] -- C:\Users\Gabriel\AppData\Local\{81304e1f-4597-e6ae-6928-92a6cb72393f}\L
[2013/02/04 08:53:31 | 000,000,000 | -HSD | M] -- C:\Users\Gabriel\AppData\Local\{81304e1f-4597-e6ae-6928-92a6cb72393f}\U
[2012/07/24 18:38:21 | 000,000,804 | ---- | M] () -- C:\Users\Gabriel\AppData\Local\{81304e1f-4597-e6ae-6928-92a6cb72393f}\L\[email protected]
[2009/07/13 20:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"ThreadingModel" = Both
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 17:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/03/15 16:05:06 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\Autodesk
[2010/04/07 14:12:51 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\Avnex
[2011/04/22 14:38:04 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\CrashPlan
[2010/05/11 12:31:18 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\EPSON
[2010/06/20 16:26:04 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\ooVoo Details
[2010/08/19 15:55:13 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\QuickScan
[2011/05/20 13:14:13 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\Update
[2012/08/02 19:43:11 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\uTorrent
[2010/05/19 18:55:08 | 000,000,000 | ---D | M] -- C:\Users\Gabriel\AppData\Roaming\ZumoDrive

========== Purity Check ==========



< End of report >



_______________________________________________
  • 0

#12
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi gabybaby,

I still see infection in OTL log.

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2013/02/07 00:36:20 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{B68E54EB-808B-4F5C-AEEF-9B4FF68E6C5B}
    [2013/02/06 00:35:01 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{8E0E6C2D-2B45-4A74-8BEA-D2E34F59ED4A}
    [2013/02/05 12:34:32 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{F2B9B9E0-EDCC-4767-8B9A-398FF1CB319E}
    [2013/02/04 22:37:25 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{47FE82BA-D95D-4167-B070-01AA1F59A1A9}
    [2013/02/04 10:36:33 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{9EE6EAFE-2D1B-424C-A4D3-3985972D1EF3}
    [2013/02/03 22:35:47 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{03018DB0-4EEA-4591-B5E2-3DE845226A06}
    [2013/02/01 22:33:19 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{036BAB42-64AF-4843-B799-5C7740408956}
    [2013/01/31 22:31:58 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{91CBE68D-DDCE-4CFA-B1E7-BA7D8B6A1EE9}
    [2013/01/29 10:29:18 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{B5CAADDF-0C72-4772-9FC2-B8C5AB7C82DF}
    [2013/01/28 22:28:45 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{4D231521-4CD7-4FB0-890F-405BEA6B84C3}
    [2013/01/27 22:27:45 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{5D6E27AA-2620-4CF7-A0A2-2CCB9CD2FE5C}
    [2013/01/23 10:10:13 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{3A1D30F0-74F8-4B19-ABA7-FCFCD9244BBF}
    [2013/01/21 10:07:42 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{549D46DE-7175-4B5B-96CC-CE8CC3E1BFE8}
    [2013/01/19 22:06:07 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{BDE96F3A-1BF4-4312-B143-1D25AA049F9E}
    [2013/01/17 20:23:27 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{3C28421D-C6F0-4A0A-9E27-FB1A7B19A82F}
    [2013/01/16 20:22:06 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{A3C7CC7E-3223-4034-97D2-D68FC736E5D9}
    [2013/01/15 08:20:49 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{2E218584-B0EA-4E74-BE96-7A6FC98BA3DE}
    [2013/01/14 01:24:02 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{2698549A-8F17-4312-95C3-489C45EAFCFB}
    [2013/01/12 01:21:33 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{B7AEA682-D931-4EA9-BA2F-CFC48FCE7D18}
    [2013/01/11 13:20:53 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{7B6A4CF6-51BF-442A-9F54-2419160A1B5D}
    [2013/01/11 01:20:06 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{C893A486-EF60-42CE-8AB4-61936CAC7685}
    [2013/01/10 13:19:26 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{DBEC1F98-3050-427D-87AA-C9A4B26B781D}
    [2013/01/10 01:18:00 | 000,000,000 | ---D | C] -- C:\Users\Gabriel\AppData\Local\{648543AD-3B7B-40F3-91F7-5FAEEDE6B891}
    [2012/01/25 12:32:23 | 000,000,000 | ---- | C] () -- C:\Users\Gabriel\AppData\Local\{B9C9D6B5-DC34-47F5-B143-B45E82285672}
    [2012/01/03 12:30:14 | 000,000,000 | ---- | C] () -- C:\Users\Gabriel\AppData\Local\{0F7BA92B-4675-4A90-A7AA-F345ECF06E14}
    [2011/10/21 08:18:00 | 000,000,000 | ---- | C] () -- C:\Users\Gabriel\AppData\Local\{C706DC2B-B225-4C64-AC80-432662E0D68A}

    :Files
    C:\Windows\Installer\{81304e1f-4597-e6ae-6928-92a6cb72393f}
    C:\Users\Gabriel\AppData\Local\{81304e1f-4597-e6ae-6928-92a6cb72393f}

    :Commands
    [purity]
    [emptyjava]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Please delete your version of Combofix and download new version. After that try to run it on you system. I hope we will nail it this time.

Step 3

Please don't forget to include these items in your reply:

  • OTL fix log
  • Combofix log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#13
gabybaby

gabybaby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Thanks Maliprog. Where should I download Combofix from?

Here is the OTL log:

________________________________________

========== OTL ==========
C:\Users\Gabriel\AppData\Local\{B68E54EB-808B-4F5C-AEEF-9B4FF68E6C5B} folder moved successfully.
C:\Users\Gabriel\AppData\Local\{8E0E6C2D-2B45-4A74-8BEA-D2E34F59ED4A} folder moved successfully.
C:\Users\Gabriel\AppData\Local\{F2B9B9E0-EDCC-4767-8B9A-398FF1CB319E} folder moved successfully.
C:\Users\Gabriel\AppData\Local\{47FE82BA-D95D-4167-B070-01AA1F59A1A9} folder moved successfully.
C:\Users\Gabriel\AppData\Local\{9EE6EAFE-2D1B-424C-A4D3-3985972D1EF3} folder moved successfully.
C:\Users\Gabriel\AppData\Local\{03018DB0-4EEA-4591-B5E2-3DE845226A06} folder moved successfully.
C:\Users\Gabriel\AppData\Local\{036BAB42-64AF-4843-B799-5C7740408956} folder moved successfully.
C:\Users\Gabriel\AppData\Local\{91CBE68D-DDCE-4CFA-B1E7-BA7D8B6A1EE9} folder moved successfully.
C:\Users\Gabriel\AppData\Local\{B5CAADDF-0C72-4772-9FC2-B8C5AB7C82DF} folder moved successfully.
C:\Users\Gabriel\AppData\Local\{4D231521-4CD7-4FB0-890F-405BEA6B84C3} folder moved successfully.
C:\Users\Gabriel\AppData\Local\{5D6E27AA-2620-4CF7-A0A2-2CCB9CD2FE5C} folder moved successfully.
C:\Users\Gabriel\AppData\Local\{3A1D30F0-74F8-4B19-ABA7-FCFCD9244BBF} folder moved successfully.
C:\Users\Gabriel\AppData\Local\{549D46DE-7175-4B5B-96CC-CE8CC3E1BFE8} folder moved successfully.
C:\Users\Gabriel\AppData\Local\{BDE96F3A-1BF4-4312-B143-1D25AA049F9E} folder moved successfully.
C:\Users\Gabriel\AppData\Local\{3C28421D-C6F0-4A0A-9E27-FB1A7B19A82F} folder moved successfully.
C:\Users\Gabriel\AppData\Local\{A3C7CC7E-3223-4034-97D2-D68FC736E5D9} folder moved successfully.
C:\Users\Gabriel\AppData\Local\{2E218584-B0EA-4E74-BE96-7A6FC98BA3DE} folder moved successfully.
C:\Users\Gabriel\AppData\Local\{2698549A-8F17-4312-95C3-489C45EAFCFB} folder moved successfully.
C:\Users\Gabriel\AppData\Local\{B7AEA682-D931-4EA9-BA2F-CFC48FCE7D18} folder moved successfully.
C:\Users\Gabriel\AppData\Local\{7B6A4CF6-51BF-442A-9F54-2419160A1B5D} folder moved successfully.
C:\Users\Gabriel\AppData\Local\{C893A486-EF60-42CE-8AB4-61936CAC7685} folder moved successfully.
C:\Users\Gabriel\AppData\Local\{DBEC1F98-3050-427D-87AA-C9A4B26B781D} folder moved successfully.
C:\Users\Gabriel\AppData\Local\{648543AD-3B7B-40F3-91F7-5FAEEDE6B891} folder moved successfully.
C:\Users\Gabriel\AppData\Local\{B9C9D6B5-DC34-47F5-B143-B45E82285672} moved successfully.
C:\Users\Gabriel\AppData\Local\{0F7BA92B-4675-4A90-A7AA-F345ECF06E14} moved successfully.
C:\Users\Gabriel\AppData\Local\{C706DC2B-B225-4C64-AC80-432662E0D68A} moved successfully.
========== FILES ==========
C:\Windows\Installer\{81304e1f-4597-e6ae-6928-92a6cb72393f}\U folder moved successfully.
C:\Windows\Installer\{81304e1f-4597-e6ae-6928-92a6cb72393f}\L folder moved successfully.
C:\Windows\Installer\{81304e1f-4597-e6ae-6928-92a6cb72393f} folder moved successfully.
C:\Users\Gabriel\AppData\Local\{81304e1f-4597-e6ae-6928-92a6cb72393f}\U folder moved successfully.
C:\Users\Gabriel\AppData\Local\{81304e1f-4597-e6ae-6928-92a6cb72393f}\L folder moved successfully.
C:\Users\Gabriel\AppData\Local\{81304e1f-4597-e6ae-6928-92a6cb72393f} folder moved successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Gabriel
->Java cache emptied: 7145294 bytes

User: Mcx1-GABRIEL-W500

User: Public

Total Java Files Cleaned = 7.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02102013_224927



______________________________________
  • 0

#14
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Here is complete instructions for Combofix

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion just reboot your system once, that will cure it.


Please make sure you include the combo fix log in your next reply
  • 0

#15
gabybaby

gabybaby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
Thanks Maliprog. Here is the Combofix log:

________________________________________

ComboFix 13-02-07.02 - Gabriel 02/10/2013 23:16:04.5.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2520.705 [GMT -8:00]
Running from: c:\users\Gabriel\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\jna199807534927083624.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-01-11 to 2013-02-11 )))))))))))))))))))))))))))))))
.
.
2013-02-11 07:26 . 2013-02-11 08:11 -------- d-----w- c:\users\Gabriel\AppData\Local\temp
2013-02-11 07:26 . 2013-02-11 07:26 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-02-11 07:26 . 2013-02-11 07:26 -------- d-----w- c:\users\Mcx1-GABRIEL-W500\AppData\Local\temp
2013-02-11 07:26 . 2013-02-11 07:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-11 06:49 . 2013-02-11 06:49 -------- d-----w- C:\_OTL
2013-02-08 21:31 . 2013-02-08 21:31 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-08 19:54 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2013-02-08 19:54 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-02-08 19:35 . 2012-11-20 04:51 220160 ----a-w- c:\windows\system32\ncrypt.dll
2013-02-08 19:33 . 2012-11-30 04:45 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-02-08 12:11 . 2013-02-11 07:22 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13D667D8-386E-41EA-BDA5-77B9173ABA67}\offreg.dll
2013-02-08 12:10 . 2013-01-18 20:17 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13D667D8-386E-41EA-BDA5-77B9173ABA67}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-10 01:30 . 2012-07-18 20:43 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-10 01:30 . 2011-06-22 16:38 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-08 21:31 . 2012-05-05 00:24 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-02-08 21:31 . 2010-04-18 19:07 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-17 09:28 . 2010-01-29 18:33 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-02-07 06:17 . 2013-01-19 08:13 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Steam"="c:\program files\steam\steam.exe" [2012-12-07 1354736]
"PlayOn"="c:\program files\MediaMall\PlayOn.exe" [2013-02-07 53248]
"Akamai NetSession Interface"="c:\users\Gabriel\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"WLSync"="c:\program files\Windows Live\Mesh\WLSync.exe" [2012-03-09 1449824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-04-23 1725736]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"LENOVO.TPFNF6R"="c:\program files\Lenovo\HOTKEY\TPFNF6R.exe" [2009-08-20 62752]
"picon"="c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-08-04 358424]
"TpShocks"="TpShocks.exe" [2009-07-09 337184]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-22 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-22 151064]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2009-08-23 709920]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-06 186904]
"IaNvSrv"="c:\program files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe" [2009-08-20 33304]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2010-08-18 340520]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-09-24 202256]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"TPFanControl"="c:\program files\TPFanControl\TPFanControl.exe" [2010-04-23 154112]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-11 2254768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-2-10 110592]
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-4 11000]
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-7-1 795936]
CrashPlan Tray.lnk - c:\program files\CrashPlan\CrashPlanTray.exe [2011-2-10 217088]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-1-27 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [x]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 PCDSRVC{3037D694-FD904ACA-06020101}_0;PCDSRVC{3037D694-FD904ACA-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 iaNvStor;Intel® Turbo Memory Controller;c:\windows\system32\DRIVERS\iaNvStor.sys [x]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [x]
S2 CrashPlanService;CrashPlan Backup Service;c:\program files\CrashPlan\CrashPlanService.exe [x]
S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [x]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [x]
S2 MediaMall Server;MediaMall Server;c:\program files\MediaMall\MediaMallServer.exe [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [x]
S2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe [x]
S2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys [x]
S3 5U875UVC;Integrated Camera;c:\windows\system32\DRIVERS\5U875.sys [x]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [x]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [x]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 17:32]
.
2013-02-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 01:30]
.
2011-11-14 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2010-12-13 21:55]
.
2013-02-11 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdrcui.exe [2010-12-13 21:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://m.www.yahoo.com/
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{739DBB35-D90A-4942-9415-A42119EFECEC}: DhcpNameServer = 192.168.1.1
DPF: {12193C65-F0E1-4DD1-AD4E-DB73C6911011} - file:///E:/activeX/DCP.cab
DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} - hxxps://www.mydlink.com/8D/activeX//aplugLiteDL.cab
FF - ProfilePath - c:\users\Gabriel\AppData\Roaming\Mozilla\Firefox\Profiles\61ra9znk.default\
FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
copy of MBR has been found in sector 9 !
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{3037D694-FD904ACA-06020101}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4536)
c:\program files\PC-Doctor\ATLPcdToolbar571733.dll
c:\program files\ThinkPad\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\UI0Detect.exe
c:\windows\system32\conhost.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\ThinkPad\Bluetooth Software\btwdins.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Intel\AMT\LMS.exe
c:\windows\system32\sppsvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2013-02-11 00:18:23 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-11 08:18
ComboFix2.txt 2010-08-28 16:14
ComboFix3.txt 2010-08-27 23:10
.
Pre-Run: 30,353,768,448 bytes free
Post-Run: 30,300,160,000 bytes free
.
- - End Of File - - BA1FC85D84DE085418808D8D71BAD247


__________________________________
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP