Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect/Rivalgaming addon


  • This topic is locked This topic is locked
18 replies to this topic

#1 afterlifex

afterlifex

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 03 November 2012 - 01:13 PM

A while back I had started to get ad links(since fixed) as well as Google searches being redirected, all that seems to go along with the FireFox add-on from RivalGaming that can't be removed and research has shown to be an issue.

So I am here ask for help with the search redirect issue associated with rivalgaming.


DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by GreenPeaPrincess at 13:16:20 on 2012-11-03
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2938.1312 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Sony\VAIO Care\collsvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\ShadowSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uDefault_Page_URL = hxxp://www.sony.com/vaiopeople_f08
mDefault_Page_URL = hxxp://www.sony.com/vaiopeople_f08
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\12.1.0.20\AVG Secure Search_toolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\12.1.0.20\AVG Secure Search_toolbar.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [VWLASU] "c:\program files\sony\vaio wireless wizard\AutoLaunchWLASU.exe"
mRun: [VAIORegistration] "c:\program files\sony\first experience\WelcomeLauncher.exe"
mRun: [VAIOMyMemCenter] "c:\program files\sony\vaio my memory center\VAIO MyMemCenter.exe" 1
mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\aolddi.lnk - c:\ddi\AOLICON.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2iexp.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{2254EE63-273E-4B14-892F-09D31DC42288} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{F7813D0C-A64B-499D-AC42-7930257E707E} : DHCPNameServer = 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.1.3\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\greenpeaprincess\appdata\roaming\mozilla\firefox\profiles\ald84gpd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\12.1.3\npsitesafety.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\users\greenpeaprincess\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\greenpeaprincess\appdata\roaming\kalydo\kalydoplayer\bin2\npkalydo.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1165635.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_278.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2012-09-16 12:27; links@rivalgaming.com; c:\users\greenpeaprincess\appdata\roaming\mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com
FF - ExtSQL: 2012-09-25 17:32; {dd3d7613-0246-469d-bc65-2a3cc1668adc}; c:\users\greenpeaprincess\appdata\roaming\mozilla\firefox\profiles\ald84gpd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8F2x2KRw&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - a84fafbe00000000000000214f540597
FF - user.js: extensions.incredibar_i.instlDay - 15596
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.147:23:22
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8F2x2KRw
FF - user.js: extensions.incredibar_i.upn2n - 92825048920630958
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 6666646935
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-7-18 27496]
R1 FAMv4;FAMv4;c:\windows\system32\drivers\FAMv4.sys [2009-10-26 100376]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2010-4-1 24832]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2010-4-1 50432]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2010-4-1 148736]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 SampleCollector;Intel® Sample Collector;c:\program files\sony\vaio care\collsvc.exe [2011-8-15 122880]
R2 ShadowSvc;NTI Backup Now 5 Shadow Service;c:\program files\newtech infosystems\nti backup now 5\ShadowSvc.exe [2010-4-1 275712]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2012-10-8 766400]
R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2008-7-24 411488]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2008-6-20 415744]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2011-8-4 17408]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-7-24 29736]
R3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-7-24 9344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [2012-6-22 19984]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-7-13 115168]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2011-8-4 103712]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2011-8-4 353568]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2011-8-4 62752]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2011-8-4 337184]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2011-8-4 83232]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects\uCamMonitor.exe [2011-8-4 104960]
S4 vToolbarUpdater12.1.3;vToolbarUpdater12.1.3;c:\program files\common files\avg secure search\vtoolbarupdater\12.1.3\ToolbarUpdater.exe [2012-7-18 830048]
.
=============== File Associations ===============
.
ShellExec: VCExporterLaunch.exe: open="c:\program files\sony\vaio vp utilities\VCELaunch.exe" "%1"
.
=============== Created Last 30 ================
.
2012-11-03 15:41:31 110080 ----a-r- c:\users\greenpeaprincess\appdata\roaming\microsoft\installer\{ddabc667-56b3-4122-82b0-2f5782ea2f9a}\IconF7A21AF7.exe
2012-11-03 15:41:31 110080 ----a-r- c:\users\greenpeaprincess\appdata\roaming\microsoft\installer\{ddabc667-56b3-4122-82b0-2f5782ea2f9a}\IconD7F16134.exe
2012-11-03 15:41:31 110080 ----a-r- c:\users\greenpeaprincess\appdata\roaming\microsoft\installer\{ddabc667-56b3-4122-82b0-2f5782ea2f9a}\IconCF33A0CE.exe
2012-11-03 15:39:16 -------- d-----w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP
2012-11-03 15:39:14 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-11-02 20:47:29 6918632 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1db0b663-be99-4ab7-8104-cc1318e2293b}\mpengine.dll
2012-11-02 19:35:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-11-02 19:35:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
.
==================== Find3M ====================
.
2012-10-05 00:36:15 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-05 00:36:15 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-29 23:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-06 15:45:04 44 ---h--w- c:\program files\65a15813.tmp
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys tcpip.sys NETIO.SYS
c:\windows\system32\drivers\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver
1 ntkrnlpa!IofCallDriver[0x8244E936] -> \Device\Harddisk0\DR0[0x86BA8AC8]
3 CLASSPNP[0x8A9A58B3] -> ntkrnlpa!IofCallDriver[0x8244E936] -> [0x85A36370]
5 acpi[0x8069C6BC] -> ntkrnlpa!IofCallDriver[0x8244E936] -> \Device\Ide\IAAStorageDevice-1[0x85A38028]
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user != kernel MBR !!!
.
============= FINISH: 13:17:13.65 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:25 PM

Posted 03 November 2012 - 03:23 PM

Hello afterlifex,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.

1.
Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    Posted Image
  • Put a checkmark beside loaded modules.
    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Posted Image
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply:;
TdssKiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 afterlifex

afterlifex
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 03 November 2012 - 08:35 PM

20:49:35.0731 1044 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:49:36.0387 1044 ============================================================
20:49:36.0387 1044 Current date / time: 2012/11/03 20:49:36.0387
20:49:36.0387 1044 SystemInfo:
20:49:36.0387 1044
20:49:36.0387 1044 OS Version: 6.0.6002 ServicePack: 2.0
20:49:36.0387 1044 Product type: Workstation
20:49:36.0387 1044 ComputerName: GREENPEA-PC
20:49:36.0387 1044 UserName: GreenPeaPrincess
20:49:36.0387 1044 Windows directory: C:\Windows
20:49:36.0387 1044 System windows directory: C:\Windows
20:49:36.0387 1044 Processor architecture: Intel x86
20:49:36.0387 1044 Number of processors: 2
20:49:36.0387 1044 Page size: 0x1000
20:49:36.0387 1044 Boot type: Normal boot
20:49:36.0387 1044 ============================================================
20:49:38.0243 1044 BG loaded
20:49:38.0695 1044 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:49:38.0742 1044 ============================================================
20:49:38.0742 1044 \Device\Harddisk0\DR0:
20:49:38.0742 1044 MBR partitions:
20:49:38.0742 1044 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFCE000, BlocksNum 0x1C1F7000
20:49:38.0742 1044 ============================================================
20:49:38.0976 1044 C: <-> \Device\Harddisk0\DR0\Partition1
20:49:38.0976 1044 ============================================================
20:49:38.0976 1044 Initialize success
20:49:38.0976 1044 ============================================================
20:51:09.0270 3792 ============================================================
20:51:09.0270 3792 Scan started
20:51:09.0270 3792 Mode: Manual; SigCheck; TDLFS;
20:51:09.0270 3792 ============================================================
20:51:10.0066 3792 ================ Scan system memory ========================
20:51:10.0066 3792 System memory - ok
20:51:10.0066 3792 ================ Scan services =============================
20:51:10.0300 3792 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
20:51:10.0502 3792 !SASCORE - ok
20:51:11.0002 3792 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
20:51:11.0251 3792 ACPI - ok
20:51:11.0314 3792 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:51:11.0345 3792 adp94xx - ok
20:51:11.0470 3792 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:51:11.0485 3792 adpahci - ok
20:51:11.0532 3792 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
20:51:11.0548 3792 adpu160m - ok
20:51:11.0579 3792 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:51:11.0594 3792 adpu320 - ok
20:51:11.0657 3792 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:51:11.0750 3792 AeLookupSvc - ok
20:51:12.0016 3792 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
20:51:12.0078 3792 AFD - ok
20:51:12.0218 3792 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:51:12.0234 3792 agp440 - ok
20:51:12.0265 3792 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
20:51:12.0281 3792 aic78xx - ok
20:51:12.0296 3792 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
20:51:12.0390 3792 ALG - ok
20:51:12.0421 3792 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
20:51:12.0437 3792 aliide - ok
20:51:12.0499 3792 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
20:51:12.0515 3792 amdagp - ok
20:51:12.0530 3792 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
20:51:12.0562 3792 amdide - ok
20:51:12.0577 3792 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
20:51:12.0655 3792 AmdK7 - ok
20:51:12.0655 3792 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
20:51:12.0718 3792 AmdK8 - ok
20:51:12.0780 3792 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
20:51:12.0827 3792 Appinfo - ok
20:51:12.0858 3792 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
20:51:12.0874 3792 arc - ok
20:51:12.0905 3792 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:51:12.0920 3792 arcsas - ok
20:51:12.0967 3792 [ 6B3AB8F67B37402A4174CAA45002903E ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
20:51:15.0463 3792 ArcSoftKsUFilter - ok
20:51:15.0775 3792 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:51:15.0822 3792 aspnet_state - ok
20:51:15.0884 3792 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:51:15.0962 3792 AsyncMac - ok
20:51:16.0009 3792 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys
20:51:16.0025 3792 atapi - ok
20:51:16.0212 3792 [ 8899BBD6740FEFBDFFD38EB88693DD26 ] athr C:\Windows\system32\DRIVERS\athr.sys
20:51:16.0321 3792 athr - ok
20:51:16.0368 3792 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:51:16.0415 3792 AudioEndpointBuilder - ok
20:51:16.0415 3792 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:51:16.0446 3792 Audiosrv - ok
20:51:16.0477 3792 [ A870685E10FB2BEEC3125D853450FA58 ] avgtp C:\Windows\system32\drivers\avgtpx86.sys
20:51:16.0477 3792 avgtp - ok
20:51:16.0524 3792 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
20:51:16.0571 3792 Beep - ok
20:51:16.0618 3792 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
20:51:16.0711 3792 BFE - ok
20:51:16.0898 3792 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
20:51:16.0945 3792 BITS - ok
20:51:16.0992 3792 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
20:51:17.0039 3792 blbdrive - ok
20:51:17.0054 3792 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:51:17.0117 3792 bowser - ok
20:51:17.0273 3792 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
20:51:17.0335 3792 BrFiltLo - ok
20:51:17.0429 3792 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
20:51:17.0491 3792 BrFiltUp - ok
20:51:17.0538 3792 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
20:51:17.0600 3792 Browser - ok
20:51:17.0647 3792 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
20:51:17.0834 3792 Brserid - ok
20:51:17.0881 3792 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
20:51:17.0944 3792 BrSerWdm - ok
20:51:17.0959 3792 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
20:51:18.0022 3792 BrUsbMdm - ok
20:51:18.0037 3792 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
20:51:18.0209 3792 BrUsbSer - ok
20:51:18.0271 3792 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
20:51:18.0318 3792 BthEnum - ok
20:51:18.0349 3792 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
20:51:18.0412 3792 BTHMODEM - ok
20:51:18.0443 3792 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
20:51:18.0490 3792 BthPan - ok
20:51:18.0599 3792 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
20:51:18.0692 3792 BTHPORT - ok
20:51:18.0739 3792 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
20:51:18.0817 3792 BthServ - ok
20:51:18.0880 3792 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
20:51:18.0911 3792 BTHUSB - ok
20:51:18.0958 3792 [ ED97CD06EF748004B8AAC56C2D0AA5DB ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
20:51:18.0973 3792 btwaudio - ok
20:51:19.0020 3792 [ 4871B5ED4757197135FF65BE61DA44B3 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
20:51:19.0020 3792 btwavdt - ok
20:51:19.0238 3792 [ 346B62198C40D6CF12A3FA8804247ADF ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
20:51:19.0301 3792 btwdins - ok
20:51:19.0332 3792 [ 6AF9FD2AEEBDC16A98D3E30E68440C5C ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
20:51:19.0332 3792 btwl2cap - ok
20:51:19.0363 3792 [ F5DA7DF99CF11FCB68E2BEA12002F63A ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
20:51:19.0379 3792 btwrchid - ok
20:51:19.0488 3792 [ 0AAB30FD4FC7252C80CFCC3CCFF6D563 ] BUNAgentSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
20:51:19.0504 3792 BUNAgentSvc - ok
20:51:19.0550 3792 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:51:19.0628 3792 cdfs - ok
20:51:19.0675 3792 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:51:19.0706 3792 cdrom - ok
20:51:19.0738 3792 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
20:51:19.0784 3792 CertPropSvc - ok
20:51:19.0800 3792 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
20:51:19.0847 3792 circlass - ok
20:51:19.0878 3792 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
20:51:19.0909 3792 CLFS - ok
20:51:19.0956 3792 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:51:19.0972 3792 clr_optimization_v2.0.50727_32 - ok
20:51:20.0018 3792 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:51:20.0034 3792 clr_optimization_v4.0.30319_32 - ok
20:51:20.0081 3792 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:51:20.0128 3792 CmBatt - ok
20:51:20.0143 3792 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:51:20.0159 3792 cmdide - ok
20:51:20.0174 3792 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:51:20.0190 3792 Compbatt - ok
20:51:20.0190 3792 COMSysApp - ok
20:51:20.0206 3792 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:51:20.0206 3792 crcdisk - ok
20:51:20.0252 3792 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
20:51:20.0315 3792 Crusoe - ok
20:51:20.0362 3792 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:51:20.0627 3792 CryptSvc - ok
20:51:20.0705 3792 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:51:20.0752 3792 DcomLaunch - ok
20:51:20.0798 3792 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:51:20.0830 3792 DfsC - ok
20:51:21.0313 3792 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
20:51:21.0469 3792 DFSR - ok
20:51:21.0547 3792 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
20:51:21.0578 3792 Dhcp - ok
20:51:21.0610 3792 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
20:51:21.0625 3792 disk - ok
20:51:21.0672 3792 [ F206E28ED74C491FD5D7C0A1119CE37F ] DMICall C:\Windows\system32\DRIVERS\DMICall.sys
20:51:21.0672 3792 DMICall - ok
20:51:21.0734 3792 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:51:21.0766 3792 Dnscache - ok
20:51:21.0812 3792 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:51:21.0828 3792 dot3svc - ok
20:51:21.0875 3792 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
20:51:21.0906 3792 DPS - ok
20:51:22.0000 3792 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:51:22.0031 3792 drmkaud - ok
20:51:22.0124 3792 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:51:22.0140 3792 DXGKrnl - ok
20:51:22.0234 3792 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
20:51:22.0280 3792 E1G60 - ok
20:51:22.0296 3792 EagleXNt - ok
20:51:22.0343 3792 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
20:51:22.0374 3792 EapHost - ok
20:51:22.0421 3792 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
20:51:22.0436 3792 Ecache - ok
20:51:22.0499 3792 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:51:22.0530 3792 ehRecvr - ok
20:51:22.0561 3792 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
20:51:22.0608 3792 ehSched - ok
20:51:22.0624 3792 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
20:51:22.0655 3792 ehstart - ok
20:51:22.0702 3792 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:51:22.0717 3792 elxstor - ok
20:51:22.0826 3792 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
20:51:22.0904 3792 EMDMgmt - ok
20:51:22.0998 3792 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:51:23.0029 3792 ErrDev - ok
20:51:23.0123 3792 [ 2407B8164E966755BC6A4242FC9DE31E ] esgiguard C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
20:51:23.0123 3792 esgiguard - ok
20:51:23.0201 3792 [ 01CE484FF6D70A39479BC6D619DE7ED6 ] EsgScanner C:\Windows\system32\DRIVERS\EsgScanner.sys
20:51:23.0216 3792 EsgScanner - ok
20:51:23.0263 3792 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
20:51:23.0310 3792 EventSystem - ok
20:51:23.0482 3792 [ 306AC856622864C761CBDB5E816BB9D8 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
20:51:23.0653 3792 EvtEng ( UnsignedFile.Multi.Generic ) - warning
20:51:23.0653 3792 EvtEng - detected UnsignedFile.Multi.Generic (1)
20:51:23.0716 3792 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
20:51:23.0778 3792 exfat - ok
20:51:23.0825 3792 [ 2304F4651FFBF05BFCBA78ABF03AAD32 ] FAMv4 C:\Windows\system32\DRIVERS\FAMv4.sys
20:51:23.0825 3792 FAMv4 - ok
20:51:23.0872 3792 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:51:23.0950 3792 fastfat - ok
20:51:23.0996 3792 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:51:24.0074 3792 fdc - ok
20:51:24.0106 3792 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
20:51:24.0137 3792 fdPHost - ok
20:51:24.0246 3792 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
20:51:24.0324 3792 FDResPub - ok
20:51:24.0402 3792 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:51:24.0433 3792 FileInfo - ok
20:51:24.0480 3792 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:51:24.0527 3792 Filetrace - ok
20:51:24.0667 3792 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:51:24.0714 3792 FLEXnet Licensing Service - ok
20:51:24.0730 3792 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:51:24.0776 3792 flpydisk - ok
20:51:24.0839 3792 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:51:24.0854 3792 FltMgr - ok
20:51:25.0088 3792 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
20:51:25.0166 3792 FontCache - ok
20:51:25.0244 3792 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:51:25.0260 3792 FontCache3.0.0.0 - ok
20:51:25.0276 3792 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:51:25.0322 3792 Fs_Rec - ok
20:51:25.0478 3792 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:51:25.0494 3792 gagp30kx - ok
20:51:25.0556 3792 [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio C:\Windows\system32\giveio.sys
20:51:25.0603 3792 giveio ( UnsignedFile.Multi.Generic ) - warning
20:51:25.0603 3792 giveio - detected UnsignedFile.Multi.Generic (1)
20:51:25.0697 3792 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
20:51:25.0822 3792 gpsvc - ok
20:51:25.0868 3792 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:51:25.0962 3792 HdAudAddService - ok
20:51:26.0071 3792 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:51:26.0134 3792 HDAudBus - ok
20:51:26.0290 3792 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:51:26.0368 3792 HidBth - ok
20:51:26.0383 3792 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
20:51:26.0461 3792 HidIr - ok
20:51:26.0508 3792 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
20:51:26.0539 3792 hidserv - ok
20:51:26.0555 3792 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:51:26.0570 3792 HidUsb - ok
20:51:26.0680 3792 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:51:26.0711 3792 hkmsvc - ok
20:51:26.0742 3792 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
20:51:26.0758 3792 HpCISSs - ok
20:51:26.0789 3792 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
20:51:26.0836 3792 HSFHWAZL - ok
20:51:26.0929 3792 [ 888D170D7FE1F2AB09ED72DA4CBD32D1 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
20:51:27.0023 3792 HSF_DPV - ok
20:51:27.0038 3792 [ 6734B167529A3542849CCDFEB49EE9F2 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
20:51:27.0085 3792 HSXHWAZL - ok
20:51:27.0132 3792 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:51:27.0241 3792 HTTP - ok
20:51:27.0272 3792 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
20:51:27.0272 3792 i2omp - ok
20:51:27.0382 3792 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:51:27.0413 3792 i8042prt - ok
20:51:27.0460 3792 [ 707C1692214B1C290271067197F075F6 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
20:51:27.0475 3792 iaStor - ok
20:51:27.0506 3792 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
20:51:27.0522 3792 iaStorV - ok
20:51:27.0584 3792 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:51:27.0631 3792 idsvc - ok
20:51:27.0850 3792 [ CE5FF5D5E3F4CA974E36DC24C15474D0 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
20:51:28.0006 3792 igfx - ok
20:51:28.0052 3792 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:51:28.0068 3792 iirsp - ok
20:51:28.0193 3792 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
20:51:28.0224 3792 IKEEXT - ok
20:51:28.0318 3792 [ 2DEB2538C9372568BB67B5FDF2359790 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
20:51:28.0396 3792 IntcAzAudAddService - ok
20:51:28.0458 3792 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
20:51:28.0474 3792 intelide - ok
20:51:28.0489 3792 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:51:28.0536 3792 intelppm - ok
20:51:28.0567 3792 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:51:28.0614 3792 IPBusEnum - ok
20:51:28.0630 3792 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:51:28.0676 3792 IpFilterDriver - ok
20:51:28.0708 3792 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:51:28.0739 3792 iphlpsvc - ok
20:51:28.0754 3792 IpInIp - ok
20:51:28.0770 3792 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
20:51:28.0801 3792 IPMIDRV - ok
20:51:28.0832 3792 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
20:51:28.0864 3792 IPNAT - ok
20:51:28.0895 3792 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:51:28.0926 3792 IRENUM - ok
20:51:28.0942 3792 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:51:28.0957 3792 isapnp - ok
20:51:29.0004 3792 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
20:51:29.0020 3792 iScsiPrt - ok
20:51:29.0035 3792 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
20:51:29.0051 3792 iteatapi - ok
20:51:29.0082 3792 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
20:51:29.0098 3792 iteraid - ok
20:51:29.0129 3792 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
20:51:29.0144 3792 IviRegMgr - ok
20:51:29.0191 3792 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:51:29.0207 3792 kbdclass - ok
20:51:29.0238 3792 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
20:51:29.0269 3792 kbdhid - ok
20:51:29.0300 3792 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
20:51:29.0332 3792 KeyIso - ok
20:51:29.0363 3792 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:51:29.0394 3792 KSecDD - ok
20:51:29.0472 3792 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
20:51:29.0503 3792 KtmRm - ok
20:51:29.0550 3792 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
20:51:29.0612 3792 LanmanServer - ok
20:51:29.0644 3792 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:51:29.0690 3792 LanmanWorkstation - ok
20:51:29.0737 3792 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:51:29.0784 3792 lltdio - ok
20:51:29.0831 3792 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:51:29.0862 3792 lltdsvc - ok
20:51:29.0878 3792 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:51:29.0940 3792 lmhosts - ok
20:51:29.0956 3792 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:51:29.0987 3792 LSI_FC - ok
20:51:30.0002 3792 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:51:30.0018 3792 LSI_SAS - ok
20:51:30.0049 3792 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:51:30.0065 3792 LSI_SCSI - ok
20:51:30.0096 3792 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
20:51:30.0127 3792 luafv - ok
20:51:30.0190 3792 [ 8FD868E32459ECE2A1BB0169F513D31E ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
20:51:30.0205 3792 mcdbus ( UnsignedFile.Multi.Generic ) - warning
20:51:30.0205 3792 mcdbus - detected UnsignedFile.Multi.Generic (1)
20:51:30.0252 3792 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:51:30.0361 3792 Mcx2Svc - ok
20:51:30.0392 3792 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
20:51:30.0408 3792 mdmxsdk - ok
20:51:30.0455 3792 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
20:51:30.0455 3792 megasas - ok
20:51:30.0502 3792 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
20:51:30.0517 3792 MegaSR - ok
20:51:30.0564 3792 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
20:51:30.0595 3792 MMCSS - ok
20:51:30.0611 3792 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
20:51:30.0658 3792 Modem - ok
20:51:30.0689 3792 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:51:30.0720 3792 monitor - ok
20:51:30.0736 3792 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:51:30.0751 3792 mouclass - ok
20:51:30.0782 3792 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:51:30.0814 3792 mouhid - ok
20:51:30.0845 3792 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
20:51:30.0845 3792 MountMgr - ok
20:51:30.0923 3792 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
20:51:30.0938 3792 MozillaMaintenance - ok
20:51:30.0970 3792 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
20:51:31.0001 3792 MpFilter - ok
20:51:31.0032 3792 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
20:51:31.0048 3792 mpio - ok
20:51:31.0063 3792 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:51:31.0094 3792 mpsdrv - ok
20:51:31.0126 3792 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
20:51:31.0188 3792 MpsSvc - ok
20:51:31.0219 3792 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
20:51:31.0235 3792 Mraid35x - ok
20:51:31.0250 3792 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:51:31.0266 3792 MRxDAV - ok
20:51:31.0297 3792 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:51:31.0328 3792 mrxsmb - ok
20:51:31.0360 3792 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:51:31.0391 3792 mrxsmb10 - ok
20:51:31.0422 3792 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:51:31.0453 3792 mrxsmb20 - ok
20:51:31.0500 3792 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
20:51:31.0516 3792 msahci - ok
20:51:31.0594 3792 [ A99D2C7E30AD63EF920A894131CAF5F7 ] MSCSPTISRV C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
20:51:31.0594 3792 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - warning
20:51:31.0594 3792 MSCSPTISRV - detected UnsignedFile.Multi.Generic (1)
20:51:31.0609 3792 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:51:31.0625 3792 msdsm - ok
20:51:31.0672 3792 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
20:51:31.0703 3792 MSDTC - ok
20:51:31.0718 3792 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:51:31.0750 3792 Msfs - ok
20:51:31.0796 3792 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:51:31.0812 3792 msisadrv - ok
20:51:31.0843 3792 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:51:31.0874 3792 MSiSCSI - ok
20:51:31.0874 3792 msiserver - ok
20:51:31.0906 3792 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:51:31.0937 3792 MSKSSRV - ok
20:51:32.0015 3792 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:51:32.0015 3792 MsMpSvc - ok
20:51:32.0046 3792 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:51:32.0077 3792 MSPCLOCK - ok
20:51:32.0077 3792 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:51:32.0124 3792 MSPQM - ok
20:51:32.0155 3792 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:51:32.0171 3792 MsRPC - ok
20:51:32.0186 3792 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:51:32.0202 3792 mssmbios - ok
20:51:32.0233 3792 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:51:32.0280 3792 MSTEE - ok
20:51:32.0296 3792 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
20:51:32.0311 3792 Mup - ok
20:51:32.0358 3792 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
20:51:32.0389 3792 napagent - ok
20:51:32.0420 3792 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:51:32.0452 3792 NativeWifiP - ok
20:51:32.0498 3792 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:51:32.0530 3792 NDIS - ok
20:51:32.0561 3792 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:51:32.0608 3792 NdisTapi - ok
20:51:32.0623 3792 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:51:32.0654 3792 Ndisuio - ok
20:51:32.0701 3792 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:51:32.0732 3792 NdisWan - ok
20:51:32.0748 3792 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:51:32.0779 3792 NDProxy - ok
20:51:32.0810 3792 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:51:32.0857 3792 NetBIOS - ok
20:51:32.0888 3792 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
20:51:32.0920 3792 netbt - ok
20:51:32.0935 3792 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
20:51:32.0951 3792 Netlogon - ok
20:51:33.0013 3792 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
20:51:33.0060 3792 Netman - ok
20:51:33.0091 3792 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:51:33.0107 3792 NetMsmqActivator - ok
20:51:33.0107 3792 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:51:33.0122 3792 NetPipeActivator - ok
20:51:33.0138 3792 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
20:51:33.0200 3792 netprofm - ok
20:51:33.0200 3792 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:51:33.0216 3792 NetTcpActivator - ok
20:51:33.0216 3792 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:51:33.0232 3792 NetTcpPortSharing - ok
20:51:33.0512 3792 [ E559EA9138C77B5D1FDA8C558764A25F ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
20:51:34.0495 3792 NETw5v32 - ok
20:51:34.0792 3792 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:51:34.0807 3792 nfrd960 - ok
20:51:34.0838 3792 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:51:34.0854 3792 NisDrv - ok
20:51:34.0885 3792 [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
20:51:34.0916 3792 NisSrv - ok
20:51:34.0948 3792 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:51:34.0979 3792 NlaSvc - ok
20:51:35.0057 3792 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:51:35.0088 3792 Npfs - ok
20:51:35.0104 3792 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
20:51:35.0150 3792 nsi - ok
20:51:35.0182 3792 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:51:35.0213 3792 nsiproxy - ok
20:51:35.0306 3792 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:51:35.0494 3792 Ntfs - ok
20:51:35.0525 3792 [ EE7C125869D32AA7A4762A2A9EA60509 ] NTIBackupSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
20:51:35.0540 3792 NTIBackupSvc - ok
20:51:35.0915 3792 [ 13E6D89060A3006F8B3ACBE49110635E ] NTIDrvr C:\Windows\system32\Drivers\NTIDrvr.sys
20:51:35.0915 3792 NTIDrvr - ok
20:51:35.0946 3792 [ C44A918E888CA5D9EF5342C058C13EED ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
20:51:35.0962 3792 NTISchedulerSvc - ok
20:51:36.0008 3792 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
20:51:36.0055 3792 ntrigdigi - ok
20:51:36.0118 3792 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
20:51:36.0149 3792 Null - ok
20:51:36.0180 3792 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:51:36.0196 3792 nvraid - ok
20:51:36.0196 3792 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:51:36.0211 3792 nvstor - ok
20:51:36.0242 3792 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:51:36.0258 3792 nv_agp - ok
20:51:36.0258 3792 NwlnkFlt - ok
20:51:36.0274 3792 NwlnkFwd - ok
20:51:36.0445 3792 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:51:36.0461 3792 odserv - ok
20:51:36.0523 3792 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
20:51:36.0570 3792 ohci1394 - ok
20:51:36.0617 3792 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:51:36.0632 3792 ose - ok
20:51:36.0679 3792 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
20:51:36.0757 3792 p2pimsvc - ok
20:51:36.0773 3792 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
20:51:36.0804 3792 p2psvc - ok
20:51:36.0835 3792 [ 41C33FB4FD929FED732A00D2DAEF5BE0 ] PACSPTISVR C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
20:51:36.0898 3792 PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning
20:51:36.0898 3792 PACSPTISVR - detected UnsignedFile.Multi.Generic (1)
20:51:36.0944 3792 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
20:51:36.0991 3792 Parport - ok
20:51:37.0022 3792 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:51:37.0038 3792 partmgr - ok
20:51:37.0054 3792 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
20:51:37.0116 3792 Parvdm - ok
20:51:37.0132 3792 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
20:51:37.0194 3792 PcaSvc - ok
20:51:37.0225 3792 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
20:51:37.0256 3792 pci - ok
20:51:37.0288 3792 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
20:51:37.0303 3792 pciide - ok
20:51:37.0319 3792 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
20:51:37.0334 3792 pcmcia - ok
20:51:37.0381 3792 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:51:37.0444 3792 PEAUTH - ok
20:51:37.0600 3792 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
20:51:37.0709 3792 pla - ok
20:51:37.0756 3792 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:51:37.0771 3792 PlugPlay - ok
20:51:37.0802 3792 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
20:51:37.0834 3792 PNRPAutoReg - ok
20:51:37.0849 3792 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
20:51:37.0880 3792 PNRPsvc - ok
20:51:37.0912 3792 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:51:38.0021 3792 PolicyAgent - ok
20:51:38.0099 3792 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:51:38.0146 3792 PptpMiniport - ok
20:51:38.0177 3792 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
20:51:38.0208 3792 Processor - ok
20:51:38.0239 3792 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
20:51:38.0286 3792 ProfSvc - ok
20:51:38.0302 3792 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
20:51:38.0317 3792 ProtectedStorage - ok
20:51:38.0348 3792 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
20:51:38.0395 3792 PSched - ok
20:51:38.0426 3792 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
20:51:38.0442 3792 PxHelp20 - ok
20:51:38.0551 3792 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:51:38.0598 3792 ql2300 - ok
20:51:38.0614 3792 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:51:38.0629 3792 ql40xx - ok
20:51:38.0660 3792 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
20:51:38.0692 3792 QWAVE - ok
20:51:38.0707 3792 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:51:38.0738 3792 QWAVEdrv - ok
20:51:38.0770 3792 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:51:38.0785 3792 RasAcd - ok
20:51:38.0801 3792 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
20:51:38.0848 3792 RasAuto - ok
20:51:38.0863 3792 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:51:38.0894 3792 Rasl2tp - ok
20:51:38.0926 3792 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
20:51:38.0972 3792 RasMan - ok
20:51:39.0004 3792 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:51:39.0035 3792 RasPppoe - ok
20:51:39.0050 3792 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:51:39.0097 3792 RasSstp - ok
20:51:39.0128 3792 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:51:39.0160 3792 rdbss - ok
20:51:39.0191 3792 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:51:39.0238 3792 RDPCDD - ok
20:51:39.0269 3792 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
20:51:39.0300 3792 rdpdr - ok
20:51:39.0316 3792 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:51:39.0347 3792 RDPENCDD - ok
20:51:39.0394 3792 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:51:39.0440 3792 RDPWD - ok
20:51:39.0503 3792 [ 001B4278407F4303EFC902A2B16F2453 ] regi C:\Windows\system32\drivers\regi.sys
20:51:39.0503 3792 regi - ok
20:51:39.0565 3792 [ B33C88DF3588ACF250B87A004526C31A ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
20:51:39.0643 3792 RegSrvc ( UnsignedFile.Multi.Generic ) - warning
20:51:39.0643 3792 RegSrvc - detected UnsignedFile.Multi.Generic (1)
20:51:39.0690 3792 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:51:39.0721 3792 RemoteAccess - ok
20:51:39.0784 3792 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:51:39.0799 3792 RemoteRegistry - ok
20:51:39.0846 3792 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
20:51:39.0877 3792 RFCOMM - ok
20:51:39.0924 3792 [ D0C2A0CE1091E08EFB7CCBA6CEA4C3F9 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
20:51:39.0986 3792 rimsptsk - ok
20:51:40.0002 3792 [ C22E4E27CCDF9AA5FE8143104F28CDE3 ] risdptsk C:\Windows\system32\DRIVERS\risdptsk.sys
20:51:40.0049 3792 risdptsk - ok
20:51:40.0064 3792 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
20:51:40.0096 3792 RpcLocator - ok
20:51:40.0142 3792 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
20:51:40.0189 3792 RpcSs - ok
20:51:40.0236 3792 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:51:40.0298 3792 rspndr - ok
20:51:40.0376 3792 [ B46731870FA10782F272C99C7E52B9CD ] SampleCollector C:\Program Files\Sony\VAIO Care\collsvc.exe
20:51:40.0501 3792 SampleCollector ( UnsignedFile.Multi.Generic ) - warning
20:51:40.0501 3792 SampleCollector - detected UnsignedFile.Multi.Generic (1)
20:51:40.0501 3792 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
20:51:40.0532 3792 SamSs - ok
20:51:40.0595 3792 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
20:51:40.0610 3792 SASDIFSV - ok
20:51:40.0642 3792 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:51:40.0657 3792 SASKUTIL - ok
20:51:40.0704 3792 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:51:40.0720 3792 sbp2port - ok
20:51:40.0782 3792 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:51:40.0813 3792 SCardSvr - ok
20:51:40.0860 3792 [ 90226947195699EEE8B1241627FE77CE ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
20:51:40.0876 3792 SCDEmu - ok
20:51:40.0922 3792 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
20:51:40.0985 3792 Schedule - ok
20:51:41.0000 3792 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
20:51:41.0032 3792 SCPolicySvc - ok
20:51:41.0063 3792 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
20:51:41.0110 3792 sdbus - ok
20:51:41.0141 3792 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:51:41.0188 3792 SDRSVC - ok
20:51:41.0203 3792 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:51:41.0266 3792 secdrv - ok
20:51:41.0312 3792 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
20:51:41.0359 3792 seclogon - ok
20:51:41.0390 3792 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
20:51:41.0437 3792 SENS - ok
20:51:41.0468 3792 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
20:51:41.0531 3792 Serenum - ok
20:51:41.0562 3792 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
20:51:41.0624 3792 Serial - ok
20:51:41.0624 3792 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:51:41.0656 3792 sermouse - ok
20:51:41.0718 3792 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
20:51:41.0749 3792 SessionEnv - ok
20:51:41.0796 3792 [ 8B7C1768D2CDE2E02E09A66563DDFD16 ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys
20:51:41.0827 3792 SFEP - ok
20:51:41.0858 3792 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:51:41.0890 3792 sffdisk - ok
20:51:41.0890 3792 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:51:41.0936 3792 sffp_mmc - ok
20:51:41.0936 3792 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:51:41.0968 3792 sffp_sd - ok
20:51:41.0983 3792 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
20:51:42.0030 3792 sfloppy - ok
20:51:42.0077 3792 [ 173FDFDA9C02157CD3C629EADB8946E9 ] ShadowSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\ShadowSvc.exe
20:51:42.0092 3792 ShadowSvc - ok
20:51:42.0139 3792 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:51:42.0202 3792 SharedAccess - ok
20:51:42.0248 3792 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:51:42.0326 3792 ShellHWDetection - ok
20:51:42.0358 3792 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
20:51:42.0373 3792 sisagp - ok
20:51:42.0389 3792 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
20:51:42.0404 3792 SiSRaid2 - ok
20:51:42.0420 3792 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:51:42.0436 3792 SiSRaid4 - ok
20:51:42.0560 3792 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
20:51:42.0654 3792 slsvc - ok
20:51:42.0701 3792 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
20:51:42.0732 3792 SLUINotify - ok
20:51:42.0748 3792 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:51:42.0794 3792 Smb - ok
20:51:42.0826 3792 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:51:42.0841 3792 SNMPTRAP - ok
20:51:42.0904 3792 [ DC826AFFA608F50C385BCA4C71EF1BDD ] SOHCImp C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
20:51:42.0919 3792 SOHCImp - ok
20:51:42.0950 3792 [ 1EC739F65C51FA1C7AC4502464A3C3A8 ] SOHDms C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
20:51:42.0966 3792 SOHDms - ok
20:51:43.0013 3792 [ EC8FAB4AC684445D6032AA5C6E77CA2E ] SOHDs C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
20:51:43.0028 3792 SOHDs - ok
20:51:43.0044 3792 [ 3FA2E254BFBCE52B3C6F1BF23AAB6911 ] speedfan C:\Windows\system32\speedfan.sys
20:51:43.0060 3792 speedfan - ok
20:51:43.0091 3792 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
20:51:43.0106 3792 spldr - ok
20:51:43.0122 3792 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
20:51:43.0169 3792 Spooler - ok
20:51:43.0184 3792 [ F63102F289AE2039940B22E9B2A8E0BD ] SPTISRV C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
20:51:43.0200 3792 SPTISRV ( UnsignedFile.Multi.Generic ) - warning
20:51:43.0200 3792 SPTISRV - detected UnsignedFile.Multi.Generic (1)
20:51:43.0262 3792 [ B7A8148CA23C6A55712002ED317A75D9 ] SpyHunter 4 Service C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
20:51:43.0294 3792 SpyHunter 4 Service - ok
20:51:43.0325 3792 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:51:43.0372 3792 srv - ok
20:51:43.0387 3792 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:51:43.0434 3792 srv2 - ok
20:51:43.0465 3792 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:51:43.0496 3792 srvnet - ok
20:51:43.0543 3792 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:51:43.0574 3792 SSDPSRV - ok
20:51:43.0621 3792 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:51:43.0637 3792 SstpSvc - ok
20:51:43.0668 3792 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
20:51:43.0730 3792 stisvc - ok
20:51:43.0808 3792 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:51:43.0824 3792 swenum - ok
20:51:43.0871 3792 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
20:51:43.0902 3792 swprv - ok
20:51:43.0918 3792 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
20:51:43.0933 3792 Symc8xx - ok
20:51:43.0949 3792 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
20:51:43.0964 3792 Sym_hi - ok
20:51:43.0980 3792 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
20:51:43.0980 3792 Sym_u3 - ok
20:51:44.0042 3792 [ A04E767EA7C30EABB1BB8B4B57EDE4F6 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
20:51:44.0058 3792 SynTP - ok
20:51:44.0105 3792 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
20:51:44.0167 3792 SysMain - ok
20:51:44.0198 3792 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:51:44.0214 3792 TabletInputService - ok
20:51:44.0245 3792 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:51:44.0292 3792 TapiSrv - ok
20:51:44.0308 3792 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
20:51:44.0354 3792 TBS - ok
20:51:44.0417 3792 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:51:44.0464 3792 Tcpip - ok
20:51:44.0479 3792 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
20:51:44.0510 3792 Tcpip6 - ok
20:51:44.0557 3792 [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:51:44.0573 3792 tcpipreg - ok
20:51:44.0620 3792 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:51:44.0666 3792 TDPIPE - ok
20:51:44.0666 3792 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:51:44.0698 3792 TDTCP - ok
20:51:44.0729 3792 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:51:44.0760 3792 tdx - ok
20:51:44.0791 3792 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:51:44.0807 3792 TermDD - ok
20:51:44.0838 3792 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
20:51:44.0916 3792 TermService - ok
20:51:44.0932 3792 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
20:51:44.0947 3792 Themes - ok
20:51:44.0978 3792 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
20:51:44.0994 3792 THREADORDER - ok
20:51:45.0041 3792 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
20:51:45.0072 3792 TrkWks - ok
20:51:45.0150 3792 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:51:45.0166 3792 TrustedInstaller - ok
20:51:45.0228 3792 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:51:45.0259 3792 tssecsrv - ok
20:51:45.0337 3792 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
20:51:45.0368 3792 tunmp - ok
20:51:45.0400 3792 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:51:45.0446 3792 tunnel - ok
20:51:45.0462 3792 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:51:45.0478 3792 uagp35 - ok
20:51:45.0509 3792 [ F763E070843EE2803DE1395002B42938 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
20:51:45.0524 3792 UBHelper - ok
20:51:45.0571 3792 [ A1CDF0E7CB409B05EE22F9035CB33C8B ] uCamMonitor C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
20:51:45.0587 3792 uCamMonitor - ok
20:51:45.0634 3792 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:51:45.0665 3792 udfs - ok
20:51:45.0712 3792 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:51:45.0774 3792 UI0Detect - ok
20:51:45.0821 3792 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:51:45.0836 3792 uliagpkx - ok
20:51:45.0852 3792 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
20:51:45.0868 3792 uliahci - ok
20:51:45.0883 3792 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
20:51:45.0899 3792 UlSata - ok
20:51:45.0899 3792 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
20:51:45.0914 3792 ulsata2 - ok
20:51:45.0930 3792 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:51:45.0977 3792 umbus - ok
20:51:46.0024 3792 [ BB879DCFD22926EFBEB3298129898CBB ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
20:51:46.0039 3792 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
20:51:46.0039 3792 UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
20:51:46.0086 3792 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
20:51:46.0117 3792 upnphost - ok
20:51:46.0148 3792 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:51:46.0180 3792 usbccgp - ok
20:51:46.0211 3792 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:51:46.0273 3792 usbcir - ok
20:51:46.0320 3792 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:51:46.0351 3792 usbehci - ok
20:51:46.0382 3792 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:51:46.0414 3792 usbhub - ok
20:51:46.0460 3792 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:51:46.0507 3792 usbohci - ok
20:51:46.0538 3792 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
20:51:46.0585 3792 usbprint - ok
20:51:46.0616 3792 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:51:46.0663 3792 USBSTOR - ok
20:51:46.0694 3792 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:51:46.0741 3792 usbuhci - ok
20:51:46.0757 3792 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
20:51:46.0804 3792 usbvideo - ok
20:51:46.0850 3792 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
20:51:46.0913 3792 UxSms - ok
20:51:46.0991 3792 [ 2A640DC735CB0112AC1DCD1E1549B27E ] VAIO Entertainment TV Device Arbitration Service C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
20:51:47.0006 3792 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning
20:51:47.0006 3792 VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1)
20:51:47.0084 3792 [ 693A3FDD279C345105FFF9DDE277849B ] VAIO Event Service C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
20:51:47.0100 3792 VAIO Event Service - ok
20:51:47.0162 3792 [ 43CEC9BF5A4F2917982AD01D92E0F44D ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
20:51:47.0225 3792 VAIO Power Management - ok
20:51:47.0318 3792 [ CBCBE2233D21E9B278F95F5CB28BC8AE ] VCFw C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
20:51:47.0396 3792 VCFw ( UnsignedFile.Multi.Generic ) - warning
20:51:47.0396 3792 VCFw - detected UnsignedFile.Multi.Generic (1)
20:51:47.0490 3792 [ 27888F132D2EE0B72B28093A5F5F20EB ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
20:51:47.0537 3792 VcmIAlzMgr - ok
20:51:47.0552 3792 [ EE9ABFC2F8F2DCDC624B6A9D5CF3B19D ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
20:51:47.0568 3792 VcmXmlIfHelper - ok
20:51:47.0568 3792 Vcsw - ok
20:51:47.0755 3792 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
20:51:47.0802 3792 vds - ok
20:51:47.0833 3792 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:51:47.0911 3792 vga - ok
20:51:47.0958 3792 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
20:51:48.0005 3792 VgaSave - ok
20:51:48.0005 3792 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
20:51:48.0020 3792 viaagp - ok
20:51:48.0020 3792 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
20:51:48.0083 3792 ViaC7 - ok
20:51:48.0098 3792 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
20:51:48.0114 3792 viaide - ok
20:51:48.0130 3792 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:51:48.0145 3792 volmgr - ok
20:51:48.0192 3792 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:51:48.0223 3792 volmgrx - ok
20:51:48.0254 3792 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:51:48.0270 3792 volsnap - ok
20:51:48.0317 3792 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:51:48.0332 3792 vsmraid - ok
20:51:48.0379 3792 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
20:51:48.0457 3792 VSS - ok
20:51:48.0582 3792 [ F98A970D02B35870C8013B43736F7904 ] vToolbarUpdater12.1.3 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe
20:51:48.0629 3792 vToolbarUpdater12.1.3 - ok
20:51:48.0754 3792 [ 071634532066C2E29350D450C3412837 ] VzCdbSvc C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
20:51:48.0785 3792 VzCdbSvc ( UnsignedFile.Multi.Generic ) - warning
20:51:48.0785 3792 VzCdbSvc - detected UnsignedFile.Multi.Generic (1)
20:51:48.0800 3792 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
20:51:48.0832 3792 W32Time - ok
20:51:48.0910 3792 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:51:48.0956 3792 WacomPen - ok
20:51:48.0972 3792 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
20:51:49.0003 3792 Wanarp - ok
20:51:49.0003 3792 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:51:49.0034 3792 Wanarpv6 - ok
20:51:49.0066 3792 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:51:49.0097 3792 wcncsvc - ok
20:51:49.0128 3792 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:51:49.0144 3792 WcsPlugInService - ok
20:51:49.0206 3792 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
20:51:49.0222 3792 Wd - ok
20:51:49.0253 3792 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:51:49.0284 3792 Wdf01000 - ok
20:51:49.0315 3792 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:51:49.0362 3792 WdiServiceHost - ok
20:51:49.0362 3792 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:51:49.0393 3792 WdiSystemHost - ok
20:51:49.0456 3792 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
20:51:49.0502 3792 WebClient - ok
20:51:49.0534 3792 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:51:49.0565 3792 Wecsvc - ok
20:51:49.0612 3792 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:51:49.0643 3792 wercplsupport - ok
20:51:49.0674 3792 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
20:51:49.0690 3792 WerSvc - ok
20:51:49.0768 3792 [ 090A2B8F055343815556A01F725F6C35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
20:51:49.0783 3792 WimFltr - ok
20:51:49.0846 3792 [ F1265727C078406299FF4B3B033E3132 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
20:51:49.0892 3792 winachsf - ok
20:51:49.0986 3792 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
20:51:50.0002 3792 WinDefend - ok
20:51:50.0017 3792 WinHttpAutoProxySvc - ok
20:51:50.0080 3792 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:51:50.0095 3792 Winmgmt - ok
20:51:50.0220 3792 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
20:51:50.0267 3792 WinRM - ok
20:51:50.0329 3792 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:51:50.0392 3792 Wlansvc - ok
20:51:50.0423 3792 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:51:50.0438 3792 WmiAcpi - ok
20:51:50.0641 3792 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:51:50.0672 3792 wmiApSrv - ok
20:51:50.0766 3792 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
20:51:50.0813 3792 WMPNetworkSvc - ok
20:51:50.0875 3792 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:51:50.0906 3792 WPCSvc - ok
20:51:50.0953 3792 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:51:50.0969 3792 WPDBusEnum - ok
20:51:51.0140 3792 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:51:51.0172 3792 WPFFontCache_v0400 - ok
20:51:51.0218 3792 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:51:51.0265 3792 ws2ifsl - ok
20:51:51.0296 3792 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
20:51:51.0328 3792 wscsvc - ok
20:51:51.0328 3792 WSearch - ok
20:51:51.0406 3792 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
20:51:51.0468 3792 wuauserv - ok
20:51:51.0515 3792 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:51:51.0546 3792 WUDFRd - ok
20:51:51.0608 3792 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:51:51.0655 3792 wudfsvc - ok
20:51:51.0671 3792 [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
20:51:51.0686 3792 XAudio - ok
20:51:51.0733 3792 [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
20:51:51.0764 3792 XAudioService - ok
20:51:51.0811 3792 [ 3E1C915C6291AB5D1CFCA680E1BD6BAD ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
20:51:51.0842 3792 yukonwlh - ok
20:51:51.0858 3792 ================ Scan global ===============================
20:51:51.0889 3792 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
20:51:51.0952 3792 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
20:51:51.0967 3792 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
20:51:52.0014 3792 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
20:51:52.0014 3792 [Global] - ok
20:51:52.0014 3792 ================ Scan MBR ==================================
20:51:52.0030 3792 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
20:51:54.0354 3792 \Device\Harddisk0\DR0 - ok
20:51:54.0354 3792 ================ Scan VBR ==================================
20:51:54.0432 3792 [ 95E2B8D87415A73B421ABDD0EA4F8576 ] \Device\Harddisk0\DR0\Partition1
20:51:54.0432 3792 \Device\Harddisk0\DR0\Partition1 - ok
20:51:54.0432 3792 ================ Scan active images ========================
20:51:54.0432 3792 [ 36975327EF03949CC378AB01E316B574 ] C:\Windows\System32\drivers\crashdmp.sys
20:51:54.0432 3792 C:\Windows\System32\drivers\crashdmp.sys - ok
20:51:54.0448 3792 [ 707C1692214B1C290271067197F075F6 ] C:\Windows\System32\drivers\IaStor.sys
20:51:54.0448 3792 C:\Windows\System32\drivers\IaStor.sys - ok
20:51:54.0448 3792 [ CAECC0120AC49E3D2F758B9169872D38 ] C:\Windows\System32\drivers\TUNMP.SYS
20:51:54.0448 3792 C:\Windows\System32\drivers\TUNMP.SYS - ok
20:51:54.0448 3792 [ 300DB877AC094FEAB0BE7688C3454A9C ] C:\Windows\System32\drivers\tunnel.sys
20:51:54.0448 3792 C:\Windows\System32\drivers\tunnel.sys - ok
20:51:54.0463 3792 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] C:\Windows\System32\drivers\CmBatt.sys
20:51:54.0463 3792 C:\Windows\System32\drivers\CmBatt.sys - ok
20:51:54.0463 3792 [ 224191001E78C89DFA78924C3EA595FF ] C:\Windows\System32\drivers\intelppm.sys
20:51:54.0463 3792 C:\Windows\System32\drivers\intelppm.sys - ok
20:51:54.0463 3792 [ CE5FF5D5E3F4CA974E36DC24C15474D0 ] C:\Windows\System32\drivers\igdkmd32.sys
20:51:54.0463 3792 C:\Windows\System32\drivers\igdkmd32.sys - ok
20:51:54.0479 3792 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] C:\Windows\System32\drivers\dxgkrnl.sys
20:51:54.0479 3792 C:\Windows\System32\drivers\dxgkrnl.sys - ok
20:51:54.0479 3792 [ 4A5C31E2C1646034E6A60EBA4C747FF6 ] C:\Windows\System32\drivers\watchdog.sys
20:51:54.0479 3792 C:\Windows\System32\drivers\watchdog.sys - ok
20:51:54.0479 3792 [ A1C100A87D981AD0774FBC0B4B82E913 ] C:\Windows\System32\drivers\usbport.sys
20:51:54.0479 3792 C:\Windows\System32\drivers\usbport.sys - ok
20:51:54.0494 3792 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] C:\Windows\System32\drivers\usbehci.sys
20:51:54.0494 3792 C:\Windows\System32\drivers\usbehci.sys - ok
20:51:54.0494 3792 [ 814D653EFC4D48BE3B04A307ECEFF56F ] C:\Windows\System32\drivers\usbuhci.sys
20:51:54.0494 3792 C:\Windows\System32\drivers\usbuhci.sys - ok
20:51:54.0494 3792 [ 062452B7FFD68C8C042A6261FE8DFF4A ] C:\Windows\System32\drivers\hdaudbus.sys
20:51:54.0494 3792 C:\Windows\System32\drivers\hdaudbus.sys - ok
20:51:54.0510 3792 [ 3E1C915C6291AB5D1CFCA680E1BD6BAD ] C:\Windows\System32\drivers\yk60x86.sys
20:51:54.0510 3792 C:\Windows\System32\drivers\yk60x86.sys - ok
20:51:54.0510 3792 [ E559EA9138C77B5D1FDA8C558764A25F ] C:\Windows\System32\drivers\NETw5v32.sys
20:51:54.0510 3792 C:\Windows\System32\drivers\NETw5v32.sys - ok
20:51:54.0510 3792 [ 0349BE02F329F4F48F1D48097FD65974 ] C:\Windows\System32\drivers\1394bus.sys
20:51:54.0510 3792 C:\Windows\System32\drivers\1394bus.sys - ok
20:51:54.0526 3792 [ 6F310E890D46E246E0E261A63D9B36B4 ] C:\Windows\System32\drivers\ohci1394.sys
20:51:54.0526 3792 C:\Windows\System32\drivers\ohci1394.sys - ok
20:51:54.0526 3792 [ C22E4E27CCDF9AA5FE8143104F28CDE3 ] C:\Windows\System32\drivers\risdptsk.sys
20:51:54.0526 3792 C:\Windows\System32\drivers\risdptsk.sys - ok
20:51:54.0526 3792 [ D0C2A0CE1091E08EFB7CCBA6CEA4C3F9 ] C:\Windows\System32\drivers\rimsptsk.sys
20:51:54.0526 3792 C:\Windows\System32\drivers\rimsptsk.sys - ok
20:51:54.0541 3792 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] C:\Windows\System32\drivers\i8042prt.sys
20:51:54.0541 3792 C:\Windows\System32\drivers\i8042prt.sys - ok
20:51:54.0541 3792 [ 37605E0A8CF00CBBA538E753E4344C6E ] C:\Windows\System32\drivers\kbdclass.sys
20:51:54.0541 3792 C:\Windows\System32\drivers\kbdclass.sys - ok
20:51:54.0541 3792 [ 790FDAC6D0C762DF9047C3C625A6FF6C ] C:\Windows\System32\drivers\usbd.sys
20:51:54.0541 3792 C:\Windows\System32\drivers\usbd.sys - ok
20:51:54.0557 3792 [ A04E767EA7C30EABB1BB8B4B57EDE4F6 ] C:\Windows\System32\drivers\SynTP.sys
20:51:54.0557 3792 C:\Windows\System32\drivers\SynTP.sys - ok
20:51:54.0557 3792 [ 5BF6A1326A335C5298477754A506D263 ] C:\Windows\System32\drivers\mouclass.sys
20:51:54.0557 3792 C:\Windows\System32\drivers\mouclass.sys - ok
20:51:54.0557 3792 [ 8B7C1768D2CDE2E02E09A66563DDFD16 ] C:\Windows\System32\drivers\SFEP.sys
20:51:54.0557 3792 C:\Windows\System32\drivers\SFEP.sys - ok
20:51:54.0572 3792 [ 6B4BFFB9BECD728097024276430DB314 ] C:\Windows\System32\drivers\cdrom.sys
20:51:54.0572 3792 C:\Windows\System32\drivers\cdrom.sys - ok
20:51:54.0572 3792 [ 13E6D89060A3006F8B3ACBE49110635E ] C:\Windows\System32\drivers\NTIDrvr.sys
20:51:54.0572 3792 C:\Windows\System32\drivers\NTIDrvr.sys - ok
20:51:54.0572 3792 [ 232FA340531D940AAC623B121A595034 ] C:\Windows\System32\drivers\msiscsi.sys
20:51:54.0588 3792 C:\Windows\System32\drivers\msiscsi.sys - ok
20:51:54.0588 3792 [ 47E55AFE1ED1D5AFF09690DB226F4A7A ] C:\Windows\System32\drivers\Storport.sys
20:51:54.0588 3792 C:\Windows\System32\drivers\Storport.sys - ok
20:51:54.0588 3792 [ 77937EFF009AC696B90E09F671F9D0A4 ] C:\Windows\System32\drivers\tdi.sys
20:51:54.0588 3792 C:\Windows\System32\drivers\tdi.sys - ok
20:51:54.0604 3792 [ A214ADBAF4CB47DD2728859EF31F26B0 ] C:\Windows\System32\drivers\rasl2tp.sys
20:51:54.0604 3792 C:\Windows\System32\drivers\rasl2tp.sys - ok
20:51:54.0604 3792 [ 0E186E90404980569FB449BA7519AE61 ] C:\Windows\System32\drivers\ndistapi.sys
20:51:54.0604 3792 C:\Windows\System32\drivers\ndistapi.sys - ok
20:51:54.0604 3792 [ 818F648618AE34F729FDB47EC68345C3 ] C:\Windows\System32\drivers\ndiswan.sys
20:51:54.0604 3792 C:\Windows\System32\drivers\ndiswan.sys - ok
20:51:54.0619 3792 [ 509A98DD18AF4375E1FC40BC175F1DEF ] C:\Windows\System32\drivers\raspppoe.sys
20:51:54.0619 3792 C:\Windows\System32\drivers\raspppoe.sys - ok
20:51:54.0619 3792 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] C:\Windows\System32\drivers\raspptp.sys
20:51:54.0619 3792 C:\Windows\System32\drivers\raspptp.sys - ok
20:51:54.0619 3792 [ 2005F4A1E05FA09389AC85840F0A9E4D ] C:\Windows\System32\drivers\rassstp.sys
20:51:54.0619 3792 C:\Windows\System32\drivers\rassstp.sys - ok
20:51:54.0635 3792 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] C:\Windows\System32\drivers\termdd.sys
20:51:54.0635 3792 C:\Windows\System32\drivers\termdd.sys - ok
20:51:54.0635 3792 [ 8FD868E32459ECE2A1BB0169F513D31E ] C:\Windows\System32\drivers\mcdbus.sys
20:51:54.0635 3792 C:\Windows\System32\drivers\mcdbus.sys - ok
20:51:54.0635 3792 [ 6F5CA34AE885645ACF8A20D564DB976C ] C:\Windows\System32\drivers\scsiport.sys
20:51:54.0635 3792 C:\Windows\System32\drivers\scsiport.sys - ok
20:51:54.0650 3792 [ EF73C1E29FBE7B0FD0274BF4394E346A ] C:\Windows\System32\drivers\ks.sys
20:51:54.0650 3792 C:\Windows\System32\drivers\ks.sys - ok
20:51:54.0650 3792 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] C:\Windows\System32\drivers\swenum.sys
20:51:54.0650 3792 C:\Windows\System32\drivers\swenum.sys - ok
20:51:54.0650 3792 [ E384487CB84BE41D09711C30CA79646C ] C:\Windows\System32\drivers\mssmbios.sys
20:51:54.0650 3792 C:\Windows\System32\drivers\mssmbios.sys - ok
20:51:54.0666 3792 [ 32CFF9F809AE9AED85464492BF3E32D2 ] C:\Windows\System32\drivers\umbus.sys
20:51:54.0666 3792 C:\Windows\System32\drivers\umbus.sys - ok
20:51:54.0666 3792 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] C:\Windows\System32\drivers\usbhub.sys
20:51:54.0666 3792 C:\Windows\System32\drivers\usbhub.sys - ok
20:51:54.0666 3792 [ 71DAB552B41936358F3B541AE5997FB3 ] C:\Windows\System32\drivers\ndproxy.sys
20:51:54.0666 3792 C:\Windows\System32\drivers\ndproxy.sys - ok
20:51:54.0682 3792 [ 7BE5A3C671A2CB56E94403BFC2020A0D ] C:\Windows\System32\drivers\drmk.sys
20:51:54.0682 3792 C:\Windows\System32\drivers\drmk.sys - ok
20:51:54.0682 3792 [ 218286724EC530FF252648369E05B090 ] C:\Windows\System32\drivers\portcls.sys
20:51:54.0682 3792 C:\Windows\System32\drivers\portcls.sys - ok
20:51:54.0682 3792 [ 2DEB2538C9372568BB67B5FDF2359790 ] C:\Windows\System32\drivers\RTKVHDA.sys
20:51:54.0682 3792 C:\Windows\System32\drivers\RTKVHDA.sys - ok
20:51:54.0697 3792 [ 6734B167529A3542849CCDFEB49EE9F2 ] C:\Windows\System32\drivers\HSXHWAZL.sys
20:51:54.0697 3792 C:\Windows\System32\drivers\HSXHWAZL.sys - ok
20:51:54.0697 3792 [ 888D170D7FE1F2AB09ED72DA4CBD32D1 ] C:\Windows\System32\drivers\HSX_DPV.sys
20:51:54.0697 3792 C:\Windows\System32\drivers\HSX_DPV.sys - ok
20:51:54.0697 3792 [ F1265727C078406299FF4B3B033E3132 ] C:\Windows\System32\drivers\HSX_CNXT.sys
20:51:54.0697 3792 C:\Windows\System32\drivers\HSX_CNXT.sys - ok
20:51:54.0713 3792 [ E13B5EA0F51BA5B1512EC671393D09BA ] C:\Windows\System32\drivers\modem.sys
20:51:54.0713 3792 C:\Windows\System32\drivers\modem.sys - ok
20:51:54.0713 3792 [ 2304F4651FFBF05BFCBA78ABF03AAD32 ] C:\Windows\System32\drivers\FAMv4.sys
20:51:54.0713 3792 C:\Windows\System32\drivers\FAMv4.sys - ok
20:51:54.0713 3792 [ B972A66758577E0BFD1DE0F91AAA27B5 ] C:\Windows\System32\drivers\fs_rec.sys
20:51:54.0713 3792 C:\Windows\System32\drivers\fs_rec.sys - ok
20:51:54.0728 3792 [ C5DBBCDA07D780BDA9B685DF333BB41E ] C:\Windows\System32\drivers\null.sys
20:51:54.0728 3792 C:\Windows\System32\drivers\null.sys - ok
20:51:54.0728 3792 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] C:\Windows\System32\drivers\beep.sys
20:51:54.0728 3792 C:\Windows\System32\drivers\beep.sys - ok
20:51:54.0728 3792 [ A870685E10FB2BEEC3125D853450FA58 ] C:\Windows\System32\drivers\avgtpx86.sys
20:51:54.0728 3792 C:\Windows\System32\drivers\avgtpx86.sys - ok
20:51:54.0744 3792 [ 2E93AC0A1D8C79D019DB6C51F036636C ] C:\Windows\System32\drivers\vga.sys
20:51:54.0744 3792 C:\Windows\System32\drivers\vga.sys - ok
20:51:54.0744 3792 [ C048D2C33D27441A0CDCAAE2651EB03D ] C:\Windows\System32\drivers\videoprt.sys
20:51:54.0744 3792 C:\Windows\System32\drivers\videoprt.sys - ok
20:51:54.0744 3792 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] C:\Windows\System32\drivers\RDPCDD.sys
20:51:54.0744 3792 C:\Windows\System32\drivers\RDPCDD.sys - ok
20:51:54.0760 3792 [ 9D91FE5286F748862ECFFA05F8A0710C ] C:\Windows\System32\drivers\RDPENCDD.sys
20:51:54.0760 3792 C:\Windows\System32\drivers\RDPENCDD.sys - ok
20:51:54.0760 3792 [ A9927F4A46B816C92F461ACB90CF8515 ] C:\Windows\System32\drivers\msfs.sys
20:51:54.0760 3792 C:\Windows\System32\drivers\msfs.sys - ok
20:51:54.0775 3792 [ D36F239D7CCE1931598E8FB90A0DBC26 ] C:\Windows\System32\drivers\npfs.sys
20:51:54.0775 3792 C:\Windows\System32\drivers\npfs.sys - ok
20:51:54.0775 3792 [ 147D7F9C556D259924351FEB0DE606C3 ] C:\Windows\System32\drivers\rasacd.sys
20:51:54.0775 3792 C:\Windows\System32\drivers\rasacd.sys - ok
20:51:54.0775 3792 [ 76B06EB8A01FC8624D699E7045303E54 ] C:\Windows\System32\drivers\tdx.sys
20:51:54.0775 3792 C:\Windows\System32\drivers\tdx.sys - ok
20:51:54.0791 3792 [ 7B75299A4D201D6A6533603D6914AB04 ] C:\Windows\System32\drivers\smb.sys
20:51:54.0791 3792 C:\Windows\System32\drivers\smb.sys - ok
20:51:54.0791 3792 [ 3911B972B55FEA0478476B2E777B29FA ] C:\Windows\System32\drivers\afd.sys
20:51:54.0791 3792 C:\Windows\System32\drivers\afd.sys - ok
20:51:54.0791 3792 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] C:\Windows\System32\drivers\netbt.sys
20:51:54.0791 3792 C:\Windows\System32\drivers\netbt.sys - ok
20:51:54.0806 3792 [ 99514FAA8DF93D34B5589187DB3AA0BA ] C:\Windows\System32\drivers\pacer.sys
20:51:54.0806 3792 C:\Windows\System32\drivers\pacer.sys - ok
20:51:54.0806 3792 [ BCD093A5A6777CF626434568DC7DBA78 ] C:\Windows\System32\drivers\netbios.sys
20:51:54.0806 3792 C:\Windows\System32\drivers\netbios.sys - ok
20:51:54.0806 3792 [ 55201897378CCA7AF8B5EFD874374A26 ] C:\Windows\System32\drivers\wanarp.sys
20:51:54.0806 3792 C:\Windows\System32\drivers\wanarp.sys - ok
20:51:54.0822 3792 [ 90226947195699EEE8B1241627FE77CE ] C:\Windows\System32\drivers\scdemu.sys
20:51:54.0822 3792 C:\Windows\System32\drivers\scdemu.sys - ok
20:51:54.0822 3792 [ 77B9FC20084B48408AD3E87570EB4A85 ] C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
20:51:54.0822 3792 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS - ok
20:51:54.0822 3792 [ 39763504067962108505BFF25F024345 ] C:\Program Files\SUPERAntiSpyware\sasdifsv.sys
20:51:54.0822 3792 C:\Program Files\SUPERAntiSpyware\sasdifsv.sys - ok
20:51:54.0838 3792 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] C:\Windows\System32\drivers\rdbss.sys
20:51:54.0838 3792 C:\Windows\System32\drivers\rdbss.sys - ok
20:51:54.0838 3792 [ CAF811AE4C147FFCD5B51750C7F09142 ] C:\Windows\System32\drivers\usbccgp.sys
20:51:54.0838 3792 C:\Windows\System32\drivers\usbccgp.sys - ok
20:51:54.0838 3792 [ 609773E344A97410CE4EBF74A8914FCF ] C:\Windows\System32\drivers\nsiproxy.sys
20:51:54.0838 3792 C:\Windows\System32\drivers\nsiproxy.sys - ok
20:51:54.0853 3792 [ E67998E8F14CB0627A769F6530BCB352 ] C:\Windows\System32\drivers\usbvideo.sys
20:51:54.0853 3792 C:\Windows\System32\drivers\usbvideo.sys - ok
20:51:54.0853 3792 [ F206E28ED74C491FD5D7C0A1119CE37F ] C:\Windows\System32\drivers\DMICall.sys
20:51:54.0853 3792 C:\Windows\System32\drivers\DMICall.sys - ok
20:51:54.0853 3792 [ 6B3AB8F67B37402A4174CAA45002903E ] C:\Windows\System32\drivers\ArcSoftKsUFilter.sys
20:51:54.0853 3792 C:\Windows\System32\drivers\ArcSoftKsUFilter.sys - ok
20:51:54.0869 3792 [ 622C41A07CA7E6DD91770F50D532CB6C ] C:\Windows\System32\drivers\dfsc.sys
20:51:54.0869 3792 C:\Windows\System32\drivers\dfsc.sys - ok
20:51:54.0869 3792 [ DDA770BBD7C2ED024D6F50E279D90E5B ] C:\Windows\System32\ntdll.dll
20:51:54.0869 3792 C:\Windows\System32\ntdll.dll - ok
20:51:54.0869 3792 [ 98AF15A94CD6AC37248E72E5FE789B35 ] C:\Windows\System32\smss.exe
20:51:54.0869 3792 C:\Windows\System32\smss.exe - ok
20:51:54.0884 3792 [ 10761177A6EBE45843F443E99509F5E7 ] C:\Windows\System32\autochk.exe
20:51:54.0884 3792 C:\Windows\System32\autochk.exe - ok
20:51:54.0884 3792 [ 5961CADB7CAD938368D2028725EF771D ] C:\Windows\System32\drivers\hidclass.sys
20:51:54.0884 3792 C:\Windows\System32\drivers\hidclass.sys - ok
20:51:54.0884 3792 [ 175444D3A01CA45D0E1C5DC5F48DF7CD ] C:\Windows\System32\drivers\hidparse.sys
20:51:54.0884 3792 C:\Windows\System32\drivers\hidparse.sys - ok
20:51:54.0900 3792 [ CCA4B519B17E23A00B826C55716809CC ] C:\Windows\System32\drivers\hidusb.sys
20:51:54.0900 3792 C:\Windows\System32\drivers\hidusb.sys - ok
20:51:54.0900 3792 [ 93B8D4869E12CFBE663915502900876F ] C:\Windows\System32\drivers\mouhid.sys
20:51:54.0900 3792 C:\Windows\System32\drivers\mouhid.sys - ok
20:51:54.0900 3792 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] C:\Windows\System32\drivers\bthport.sys
20:51:54.0900 3792 C:\Windows\System32\drivers\bthport.sys - ok
20:51:54.0916 3792 [ D330803EAB2A15CAEC7F011F1D4CB30E ] C:\Windows\System32\drivers\BTHUSB.SYS
20:51:54.0916 3792 C:\Windows\System32\drivers\BTHUSB.SYS - ok
20:51:54.0916 3792 [ C516284DE6DB833E77CC0E5217CDC6AA ] C:\Windows\System32\iertutil.dll
20:51:54.0916 3792 C:\Windows\System32\iertutil.dll - ok
20:51:54.0916 3792 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] C:\Windows\System32\drivers\rfcomm.sys
20:51:54.0916 3792 C:\Windows\System32\drivers\rfcomm.sys - ok
20:51:54.0931 3792 [ 6D39C954799B63BA866910234CF7D726 ] C:\Windows\System32\drivers\bthenum.sys
20:51:54.0931 3792 C:\Windows\System32\drivers\bthenum.sys - ok
20:51:54.0931 3792 [ 5904EFA25F829BF84EA6FB045134A1D8 ] C:\Windows\System32\drivers\bthpan.sys
20:51:54.0931 3792 C:\Windows\System32\drivers\bthpan.sys - ok
20:51:54.0931 3792 [ 4871B5ED4757197135FF65BE61DA44B3 ] C:\Windows\System32\drivers\btwavdt.sys
20:51:54.0931 3792 C:\Windows\System32\drivers\btwavdt.sys - ok
20:51:54.0947 3792 [ ED97CD06EF748004B8AAC56C2D0AA5DB ] C:\Windows\System32\drivers\btwaudio.sys
20:51:54.0947 3792 C:\Windows\System32\drivers\btwaudio.sys - ok
20:51:54.0947 3792 [ 6AF9FD2AEEBDC16A98D3E30E68440C5C ] C:\Windows\System32\drivers\btwl2cap.sys
20:51:54.0947 3792 C:\Windows\System32\drivers\btwl2cap.sys - ok
20:51:54.0947 3792 [ F5DA7DF99CF11FCB68E2BEA12002F63A ] C:\Windows\System32\drivers\btwrchid.sys
20:51:54.0947 3792 C:\Windows\System32\drivers\btwrchid.sys - ok
20:51:54.0962 3792 [ E2281CFF793D7A09CE2B35F9F8732EE3 ] C:\Windows\System32\rpcrt4.dll
20:51:54.0962 3792 C:\Windows\System32\rpcrt4.dll - ok
20:51:54.0962 3792 [ 9586E7CB2255A8B097A7E4538202585E ] C:\Windows\System32\ole32.dll
20:51:54.0962 3792 C:\Windows\System32\ole32.dll - ok
20:51:54.0962 3792 [ 1408CF9B0DD2AAA80D8E7087C8A2E3BC ] C:\Windows\System32\urlmon.dll
20:51:54.0962 3792 C:\Windows\System32\urlmon.dll - ok
20:51:54.0978 3792 [ 4AA2A0E26CEF1A803741253DCF9A1503 ] C:\Windows\System32\comdlg32.dll
20:51:54.0978 3792 C:\Windows\System32\comdlg32.dll - ok
20:51:54.0978 3792 [ EB49FAA5EBBC06356FB12476438781B9 ] C:\Windows\System32\imagehlp.dll
20:51:54.0978 3792 C:\Windows\System32\imagehlp.dll - ok
20:51:54.0978 3792 [ EB0E02749CE5C488741C9A0ABEAB5DEC ] C:\Windows\System32\lpk.dll
20:51:54.0978 3792 C:\Windows\System32\lpk.dll - ok
20:51:54.0994 3792 [ B304D47D5744BA20FCB99FB8B2C07B0B ] C:\Windows\System32\ws2_32.dll
20:51:54.0994 3792 C:\Windows\System32\ws2_32.dll - ok
20:51:54.0994 3792 [ 50CAA7072C171B9887215C83D52069E4 ] C:\Windows\System32\advapi32.dll
20:51:54.0994 3792 C:\Windows\System32\advapi32.dll - ok
20:51:55.0009 3792 [ AAF101900A23D75AE1AE00840FA6F3B8 ] C:\Windows\System32\shell32.dll
20:51:55.0009 3792 C:\Windows\System32\shell32.dll - ok
20:51:55.0009 3792 [ 17AF64D727545F2804F6E6D998327E3F ] C:\Windows\System32\msvcrt.dll
20:51:55.0009 3792 C:\Windows\System32\msvcrt.dll - ok
20:51:55.0009 3792 [ 574B473FACAA0E91702B86578440B525 ] C:\Windows\System32\kernel32.dll
20:51:55.0009 3792 C:\Windows\System32\kernel32.dll - ok
20:51:55.0025 3792 [ 6F29236AB5926100972924BD29D9D225 ] C:\Windows\System32\normaliz.dll
20:51:55.0025 3792 C:\Windows\System32\normaliz.dll - ok
20:51:55.0025 3792 [ B8A609FB5EFB4E44FC1355B1C01C64BC ] C:\Windows\System32\Wldap32.dll
20:51:55.0025 3792 C:\Windows\System32\Wldap32.dll - ok
20:51:55.0025 3792 [ C394079EB162E812D682C73FA96AF6E4 ] C:\Windows\System32\clbcatq.dll
20:51:55.0025 3792 C:\Windows\System32\clbcatq.dll - ok
20:51:55.0040 3792 [ 7856E3B4594714EF89BB97375E8644EE ] C:\Windows\System32\gdi32.dll
20:51:55.0040 3792 C:\Windows\System32\gdi32.dll - ok
20:51:55.0040 3792 [ E3C3BD69701CE6B7B17101E4F7740534 ] C:\Windows\System32\msctf.dll
20:51:55.0040 3792 C:\Windows\System32\msctf.dll - ok
20:51:55.0040 3792 [ 8E87270C4704CF2951E1E7820D6C8A2B ] C:\Windows\System32\wininet.dll
20:51:55.0040 3792 C:\Windows\System32\wininet.dll - ok
20:51:55.0056 3792 [ B218342214D9BBA0F54EA12BA2E9278C ] C:\Windows\System32\oleaut32.dll
20:51:55.0056 3792 C:\Windows\System32\oleaut32.dll - ok
20:51:55.0056 3792 [ 75510147B94598407666F4802797C75A ] C:\Windows\System32\user32.dll
20:51:55.0056 3792 C:\Windows\System32\user32.dll - ok
20:51:55.0056 3792 [ A64AEBC6C78B4CFD7F41A7277879DF8F ] C:\Windows\System32\nsi.dll
20:51:55.0056 3792 C:\Windows\System32\nsi.dll - ok
20:51:55.0072 3792 [ 551F51B66E5EA87A38D8197EB3BDB57A ] C:\Windows\System32\setupapi.dll
20:51:55.0072 3792 C:\Windows\System32\setupapi.dll - ok
20:51:55.0072 3792 [ 80FFF14F1757B9AF8BE9D314FC1AE88B ] C:\Windows\System32\usp10.dll
20:51:55.0072 3792 C:\Windows\System32\usp10.dll - ok
20:51:55.0072 3792 [ C8BDCECEE082B54F0BAC838BF0A34597 ] C:\Windows\System32\imm32.dll
20:51:55.0072 3792 C:\Windows\System32\imm32.dll - ok
20:51:55.0087 3792 [ 9176285122B7B849FEC2AA1B72A8F7A8 ] C:\Windows\System32\shlwapi.dll
20:51:55.0087 3792 C:\Windows\System32\shlwapi.dll - ok
20:51:55.0087 3792 [ DC8891A9203810FC994E7FCCF76E94C8 ] C:\Windows\System32\comctl32.dll
20:51:55.0087 3792 C:\Windows\System32\comctl32.dll - ok
20:51:55.0087 3792 [ 93A1732F7F997E36A5C3893539E2FF02 ] C:\Windows\System32\psapi.dll
20:51:55.0087 3792 C:\Windows\System32\psapi.dll - ok
20:51:55.0103 3792 [ EAAAFEF04FBB45665C9576E525D45A12 ] C:\Windows\System32\drivers\dxapi.sys
20:51:55.0103 3792 C:\Windows\System32\drivers\dxapi.sys - ok
20:51:55.0103 3792 [ 755A0ABC76E18B6E7707A0F2CDA6D4F3 ] C:\Windows\System32\win32k.sys
20:51:55.0103 3792 C:\Windows\System32\win32k.sys - ok
20:51:55.0103 3792 [ 187076DD5D8D4D5D23079D0741195EAD ] C:\Windows\System32\csrsrv.dll
20:51:55.0103 3792 C:\Windows\System32\csrsrv.dll - ok
20:51:55.0118 3792 [ ABCA209EBA02CB59233614DB83B4F50D ] C:\Windows\System32\csrss.exe
20:51:55.0118 3792 C:\Windows\System32\csrss.exe - ok
20:51:55.0134 3792 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\System32\basesrv.dll
20:51:55.0134 3792 C:\Windows\System32\basesrv.dll - ok
20:51:55.0150 3792 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\System32\winsrv.dll
20:51:55.0150 3792 C:\Windows\System32\winsrv.dll - ok
20:51:55.0150 3792 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] C:\Windows\System32\drivers\monitor.sys
20:51:55.0150 3792 C:\Windows\System32\drivers\monitor.sys - ok
20:51:55.0165 3792 [ CC21507D246861671A0BF97E75CE1B00 ] C:\Windows\System32\tsddd.dll
20:51:55.0165 3792 C:\Windows\System32\tsddd.dll - ok
20:51:55.0181 3792 [ D602FEDBD9155FC2DED6863FB60C950F ] C:\Windows\System32\secur32.dll
20:51:55.0181 3792 C:\Windows\System32\secur32.dll - ok
20:51:55.0196 3792 [ 665417528489096BBCB8AEA46D3DA924 ] C:\Windows\System32\userenv.dll
20:51:55.0196 3792 C:\Windows\System32\userenv.dll - ok
20:51:55.0212 3792 [ 101BA3EA053480BB5D957EF37C06B5ED ] C:\Windows\System32\wininit.exe
20:51:55.0212 3792 C:\Windows\System32\wininit.exe - ok
20:51:55.0228 3792 [ 12C8D6C564702B0776512932290A3F6B ] C:\Windows\System32\KBDUS.DLL
20:51:55.0228 3792 C:\Windows\System32\KBDUS.DLL - ok
20:51:55.0228 3792 [ 92283D9E33EC5F41ECC0B430B7459241 ] C:\Windows\System32\WlS0WndH.dll
20:51:55.0228 3792 C:\Windows\System32\WlS0WndH.dll - ok
20:51:55.0243 3792 [ 1107BD574A84367735FEC38B9BD64E6B ] C:\Windows\System32\apphelp.dll
20:51:55.0243 3792 C:\Windows\System32\apphelp.dll - ok
20:51:55.0259 3792 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\System32\services.exe
20:51:55.0259 3792 C:\Windows\System32\services.exe - ok
20:51:55.0274 3792 [ BE6FAC6F0745C67DAE7522C96406D083 ] C:\Windows\System32\sxs.dll
20:51:55.0274 3792 C:\Windows\System32\sxs.dll - ok
20:51:55.0290 3792 [ CF9F5BBC2740C41DD471278C41B91F5F ] C:\Windows\System32\cdd.dll
20:51:55.0290 3792 C:\Windows\System32\cdd.dll - ok
20:51:55.0290 3792 [ A3E186B4B935905B829219502557314E ] C:\Windows\System32\lsass.exe
20:51:55.0290 3792 C:\Windows\System32\lsass.exe - ok
20:51:55.0306 3792 [ 4774AD6C447E02E954BD9A793614EBEC ] C:\Windows\System32\lsm.exe
20:51:55.0306 3792 C:\Windows\System32\lsm.exe - ok
20:51:55.0306 3792 [ 178FAC2B7C66E9A4400CE7AC37623E3F ] C:\Windows\System32\lsasrv.dll
20:51:55.0306 3792 C:\Windows\System32\lsasrv.dll - ok
20:51:55.0337 3792 [ D90911B3FA05D7B930C1286084B404DE ] C:\Windows\System32\scesrv.dll
20:51:55.0337 3792 C:\Windows\System32\scesrv.dll - ok
20:51:55.0337 3792 [ 71F5A7104FDF16C0AC5283A6CE666553 ] C:\Windows\System32\sysntfy.dll
20:51:55.0337 3792 C:\Windows\System32\sysntfy.dll - ok
20:51:55.0352 3792 [ F0321DA5203F1E71917F3B7A13DC4912 ] C:\Windows\System32\wmsgapi.dll
20:51:55.0352 3792 C:\Windows\System32\wmsgapi.dll - ok
20:51:55.0368 3792 [ 1AE011BB950A5E0B05023D2AFEC3666D ] C:\Windows\System32\authz.dll
20:51:55.0368 3792 C:\Windows\System32\authz.dll - ok
20:51:55.0368 3792 [ C94108296530A097B2E1E18C101E4703 ] C:\Windows\System32\netapi32.dll
20:51:55.0368 3792 C:\Windows\System32\netapi32.dll - ok
20:51:55.0399 3792 [ 7808BF0E367ED7348808879CEF482AB3 ] C:\Windows\System32\samsrv.dll
20:51:55.0399 3792 C:\Windows\System32\samsrv.dll - ok
20:51:55.0415 3792 [ 2FA16465F64DB54B1F7F511395EB4FD7 ] C:\Windows\System32\ncobjapi.dll
20:51:55.0415 3792 C:\Windows\System32\ncobjapi.dll - ok
20:51:55.0430 3792 [ A1545B731579895D8CC44FC0481C1192 ] C:\Windows\System32\alg.exe
20:51:55.0430 3792 C:\Windows\System32\alg.exe - ok
20:51:55.0446 3792 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] C:\Windows\System32\appinfo.dll
20:51:55.0446 3792 C:\Windows\System32\appinfo.dll - ok
20:51:55.0446 3792 [ 459B48188494490707DCA8BAA91AA185 ] C:\Windows\System32\cryptdll.dll
20:51:55.0446 3792 C:\Windows\System32\cryptdll.dll - ok
20:51:55.0477 3792 [ 85E861D0B88DB2B54ACB0839654C09F7 ] C:\Windows\System32\dnsapi.dll
20:51:55.0477 3792 C:\Windows\System32\dnsapi.dll - ok
20:51:55.0493 3792 [ EE2FF9A3FC4404234BE3B7C6AA383AF8 ] C:\Windows\System32\msasn1.dll
20:51:55.0493 3792 C:\Windows\System32\msasn1.dll - ok
20:51:55.0508 3792 [ 453DE2958C885527E20C79A3FEFE6AF7 ] C:\Windows\System32\samlib.dll
20:51:55.0508 3792 C:\Windows\System32\samlib.dll - ok
20:51:55.0508 3792 [ F180EDE9CFC3FF218D4B45155119F4D9 ] C:\Windows\System32\crypt32.dll
20:51:55.0508 3792 C:\Windows\System32\crypt32.dll - ok
20:51:55.0508 3792 [ 965AC9FBF2C67231C157E99C03C58D24 ] C:\Windows\System32\feclient.dll
20:51:55.0508 3792 C:\Windows\System32\feclient.dll - ok
20:51:55.0524 3792 [ 1F94EA31C9543B855F53BDAC7792DA4E ] C:\Windows\System32\mpr.dll
20:51:55.0524 3792 C:\Windows\System32\mpr.dll - ok
20:51:55.0524 3792 [ 7F0F1D4B0D847696F8E309423D227DCE ] C:\Windows\System32\ntdsapi.dll
20:51:55.0524 3792 C:\Windows\System32\ntdsapi.dll - ok
20:51:55.0524 3792 [ 3464DAE0E801F5A81A23C571D86F30B2 ] C:\Windows\System32\rascfg.dll
20:51:55.0524 3792 C:\Windows\System32\rascfg.dll - ok
20:51:55.0540 3792 [ 68E2A1A0407A66CF50DA0300852424AB ] C:\Windows\System32\audiosrv.dll
20:51:55.0540 3792 C:\Windows\System32\audiosrv.dll - ok
20:51:55.0540 3792 [ C789AF0F724FDA5852FB9A7D3A432381 ] C:\Windows\System32\BFE.DLL
20:51:55.0540 3792 C:\Windows\System32\BFE.DLL - ok
20:51:55.0555 3792 [ 93952506C6D67330367F7E7934B6A02F ] C:\Windows\System32\qmgr.dll
20:51:55.0555 3792 C:\Windows\System32\qmgr.dll - ok
20:51:55.0555 3792 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] C:\Windows\System32\browser.dll
20:51:55.0555 3792 C:\Windows\System32\browser.dll - ok
20:51:55.0571 3792 [ A4C8377FA4A994E07075107DBE2E3DCE ] C:\Windows\System32\bthserv.dll
20:51:55.0571 3792 C:\Windows\System32\bthserv.dll - ok
20:51:55.0571 3792 [ C6DF7A87063D006ECF1FD8156CB6DE3F ] C:\Windows\System32\SLC.dll
20:51:55.0571 3792 C:\Windows\System32\SLC.dll - ok
20:51:55.0571 3792 [ 4DE3C4D07BAFDE616EFA0ADE076CBAC2 ] C:\Windows\System32\wevtapi.dll
20:51:55.0571 3792 C:\Windows\System32\wevtapi.dll - ok
20:51:55.0586 3792 [ 312EC3E37A0A1F2006534913E37B4423 ] C:\Windows\System32\certprop.dll
20:51:55.0586 3792 C:\Windows\System32\certprop.dll - ok
20:51:55.0586 3792 [ 4211249955AF9133E2E357CC92B54DFD ] C:\Windows\System32\comres.dll
20:51:55.0586 3792 C:\Windows\System32\comres.dll - ok
20:51:55.0602 3792 [ 9028559C132146FB75EB7ACF384B086A ] C:\Windows\System32\dhcpcsvc.dll
20:51:55.0602 3792 C:\Windows\System32\dhcpcsvc.dll - ok
20:51:55.0602 3792 [ 4FE8425F21B3F0F8C4B4726351D43EAA ] C:\Windows\System32\IPHLPAPI.DLL
20:51:55.0602 3792 C:\Windows\System32\IPHLPAPI.DLL - ok
20:51:55.0602 3792 [ DFB6B71CDABA9DFB49C9D2B318B97A1A ] C:\Windows\System32\dhcpcsvc6.dll
20:51:55.0602 3792 C:\Windows\System32\dhcpcsvc6.dll - ok
20:51:55.0618 3792 [ 6B09105742C75DF80CEF21700F20F55A ] C:\Windows\System32\winnsi.dll
20:51:55.0618 3792 C:\Windows\System32\winnsi.dll - ok
20:51:55.0618 3792 [ 7F15B4953378C8B5161D65C26D5FED4D ] C:\Windows\System32\cngaudit.dll
20:51:55.0618 3792 C:\Windows\System32\cngaudit.dll - ok
20:51:55.0633 3792 [ 188CC19108B0EBD6332D6628D4EDE469 ] C:\Windows\System32\ncrypt.dll
20:51:55.0633 3792 C:\Windows\System32\ncrypt.dll - ok
20:51:55.0633 3792 [ 898E7C06A350D4A1A64A9EA264D55452 ] C:\Windows\System32\winlogon.exe
20:51:55.0633 3792 C:\Windows\System32\winlogon.exe - ok
20:51:55.0649 3792 [ 4AAFC7461633848AA87A363B2CBEC522 ] C:\Windows\System32\winsta.dll
20:51:55.0649 3792 C:\Windows\System32\winsta.dll - ok
20:51:55.0649 3792 [ DE0DD9AE3430F84A96B5501112A696BE ] C:\Windows\System32\bcrypt.dll
20:51:55.0711 3792 C:\Windows\System32\bcrypt.dll - ok
20:51:55.0711 3792 [ 75C6A297E364014840B48ECCD7525E30 ] C:\Windows\System32\cryptsvc.dll
20:51:55.0711 3792 C:\Windows\System32\cryptsvc.dll - ok
20:51:55.0711 3792 [ 26F139DDEC6407508071930D3D07337E ] C:\Windows\System32\credssp.dll
20:51:55.0711 3792 C:\Windows\System32\credssp.dll - ok
20:51:55.0727 3792 [ ABE9EEA1EABEA0711610A637A7B1C25D ] C:\Windows\System32\msprivs.dll
20:51:55.0727 3792 C:\Windows\System32\msprivs.dll - ok

Edited by afterlifex, 03 November 2012 - 08:38 PM.


#4 afterlifex

afterlifex
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 03 November 2012 - 08:39 PM

Continued

20:51:55.0727 3792 [ 74F380C8EC8813626C670D46E8A714D1 ] C:\Windows\System32\dfsrres.dll
20:51:55.0727 3792 C:\Windows\System32\dfsrres.dll - ok
20:51:55.0727 3792 [ 08D6D1692B62C9EE4062E1FA04D8FE2F ] C:\Windows\System32\oleres.dll
20:51:55.0727 3792 C:\Windows\System32\oleres.dll - ok
20:51:55.0742 3792 [ AA01497884F9CBAC89470120AF78D2B1 ] C:\Windows\System32\kerberos.dll
20:51:55.0742 3792 C:\Windows\System32\kerberos.dll - ok
20:51:55.0742 3792 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] C:\Windows\System32\dot3svc.dll
20:51:55.0742 3792 C:\Windows\System32\dot3svc.dll - ok
20:51:55.0742 3792 [ 22CFAEB9172F5F198048401485CD0571 ] C:\Windows\System32\WSHTCPIP.DLL
20:51:55.0742 3792 C:\Windows\System32\WSHTCPIP.DLL - ok
20:51:55.0758 3792 [ 9E80FF0752E365F97FD2D1D68C2AFDA1 ] C:\Windows\System32\wship6.dll
20:51:55.0758 3792 C:\Windows\System32\wship6.dll - ok
20:51:55.0758 3792 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] C:\Windows\System32\dps.dll
20:51:55.0758 3792 C:\Windows\System32\dps.dll - ok
20:51:55.0758 3792 [ 05C3B38DB95BA5585817A4F898EE5581 ] C:\Windows\System32\wshqos.dll
20:51:55.0758 3792 C:\Windows\System32\wshqos.dll - ok
20:51:55.0774 3792 [ 9BE3744D295A7701EB425332014F0797 ] C:\Windows\ehome\ehrecvr.exe
20:51:55.0774 3792 C:\Windows\ehome\ehrecvr.exe - ok
20:51:55.0774 3792 [ C0B95E40D85CD807D614E264248A45B9 ] C:\Windows\System32\eapsvc.dll
20:51:55.0774 3792 C:\Windows\System32\eapsvc.dll - ok
20:51:55.0774 3792 [ FC62A635063B762E1C3C60EA77279378 ] C:\Windows\System32\NapiNSP.dll
20:51:55.0774 3792 C:\Windows\System32\NapiNSP.dll - ok
20:51:55.0789 3792 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] C:\Windows\System32\nlasvc.dll
20:51:55.0789 3792 C:\Windows\System32\nlasvc.dll - ok
20:51:55.0789 3792 [ 690D41DF1D555F96D4898A0F54EBA065 ] C:\Windows\System32\pnrpnsp.dll
20:51:55.0789 3792 C:\Windows\System32\pnrpnsp.dll - ok
20:51:55.0789 3792 [ 8617350C9B590B63E620881092751BCB ] C:\Windows\System32\mswsock.dll
20:51:55.0789 3792 C:\Windows\System32\mswsock.dll - ok
20:51:55.0805 3792 [ AD1870C8E5D6DD340C829E6074BF3C3F ] C:\Windows\ehome\ehsched.exe
20:51:55.0805 3792 C:\Windows\ehome\ehsched.exe - ok
20:51:55.0805 3792 [ 4ABCE74D012971305249E45E095E9EA6 ] C:\Windows\System32\msv1_0.dll
20:51:55.0805 3792 C:\Windows\System32\msv1_0.dll - ok
20:51:55.0805 3792 [ 95DAECF0FB120A7B5DA679CC54E37DDE ] C:\Windows\System32\netlogon.dll
20:51:55.0805 3792 C:\Windows\System32\netlogon.dll - ok
20:51:55.0820 3792 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] C:\Windows\ehome\ehstart.dll
20:51:55.0820 3792 C:\Windows\ehome\ehstart.dll - ok
20:51:55.0820 3792 [ 4E6B23DFC917EA39306B529B773950F4 ] C:\Windows\System32\emdmgmt.dll
20:51:55.0820 3792 C:\Windows\System32\emdmgmt.dll - ok
20:51:55.0820 3792 [ 72910BC4A218C49EA8E43D1FAEC403A5 ] C:\Windows\System32\winbrand.dll
20:51:55.0820 3792 C:\Windows\System32\winbrand.dll - ok
20:51:55.0836 3792 [ A1B40A28F38D27A7E3229EE4C7064434 ] C:\Windows\System32\wevtsvc.dll
20:51:55.0836 3792 C:\Windows\System32\wevtsvc.dll - ok
20:51:55.0836 3792 [ 50E3E76B0901BB4FC029BB88BFA5CE79 ] C:\Windows\System32\schannel.dll
20:51:55.0836 3792 C:\Windows\System32\schannel.dll - ok
20:51:55.0836 3792 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] C:\Windows\System32\fdPHost.dll
20:51:55.0836 3792 C:\Windows\System32\fdPHost.dll - ok
20:51:55.0852 3792 [ 93620229F3CC3B67A3528BF39F064C30 ] C:\Windows\System32\wdigest.dll
20:51:55.0852 3792 C:\Windows\System32\wdigest.dll - ok
20:51:55.0852 3792 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] C:\Windows\System32\FDResPub.dll
20:51:55.0852 3792 C:\Windows\System32\FDResPub.dll - ok
20:51:55.0852 3792 [ 8CE364388C8ECA59B14B539179276D44 ] C:\Windows\System32\FntCache.dll
20:51:55.0852 3792 C:\Windows\System32\FntCache.dll - ok
20:51:55.0867 3792 [ E14170AEA125119B98FA2BDE3FF4F462 ] C:\Windows\System32\rsaenh.dll
20:51:55.0867 3792 C:\Windows\System32\rsaenh.dll - ok
20:51:55.0867 3792 [ F8873D15018F411588BEC02C1725BADA ] C:\Windows\System32\TSpkg.dll
20:51:55.0867 3792 C:\Windows\System32\TSpkg.dll - ok
20:51:55.0883 3792 [ 0F420E81062757EA8363CBACD4D40D6D ] C:\Windows\System32\gpapi.dll
20:51:55.0883 3792 C:\Windows\System32\gpapi.dll - ok
20:51:55.0883 3792 [ 302964DCAC79D618CC7B72C778DA9FD2 ] C:\Windows\System32\PresentationHost.exe
20:51:55.0883 3792 C:\Windows\System32\PresentationHost.exe - ok
20:51:55.0883 3792 [ 84067081F3318162797385E11A8F0582 ] C:\Windows\System32\hidserv.dll
20:51:55.0883 3792 C:\Windows\System32\hidserv.dll - ok
20:51:55.0898 3792 [ D8AD255B37DA92434C26E4876DB7D418 ] C:\Windows\System32\KMSVC.DLL
20:51:55.0898 3792 C:\Windows\System32\KMSVC.DLL - ok
20:51:55.0898 3792 [ 05586F5438AB0DA4F5149159E0E5FD4B ] C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll
20:51:55.0898 3792 C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll - ok
20:51:55.0898 3792 [ 9908D8A397B76CD8D31D0D383C5773C9 ] C:\Windows\System32\IKEEXT.DLL
20:51:55.0898 3792 C:\Windows\System32\IKEEXT.DLL - ok
20:51:55.0914 3792 [ 9AC218C6E6105477484C6FDBE7D409A4 ] C:\Windows\System32\IPBusEnum.dll
20:51:55.0914 3792 C:\Windows\System32\IPBusEnum.dll - ok
20:51:55.0914 3792 [ 1998BD97F950680BB55F55A7244679C2 ] C:\Windows\System32\iphlpsvc.dll
20:51:55.0914 3792 C:\Windows\System32\iphlpsvc.dll - ok
20:51:55.0930 3792 [ 74C2F29CC612B2B34231BEBD824D2FB2 ] C:\Windows\System32\keyiso.dll
20:51:55.0930 3792 C:\Windows\System32\keyiso.dll - ok
20:51:55.0930 3792 [ 1BF5EEBFD518DD7298434D8C862F825D ] C:\Windows\System32\srvsvc.dll
20:51:55.0930 3792 C:\Windows\System32\srvsvc.dll - ok
20:51:55.0945 3792 [ 1DB69705B695B987082C8BAEC0C6B34F ] C:\Windows\System32\wkssvc.dll
20:51:55.0945 3792 C:\Windows\System32\wkssvc.dll - ok
20:51:55.0945 3792 [ 132F6237FA3BF3E9715F63A1CCF72BF1 ] C:\Windows\ehome\ehres.dll
20:51:55.0945 3792 C:\Windows\ehome\ehres.dll - ok
20:51:55.0945 3792 [ FA0593D936C9B95FB6FAA32AD1595D49 ] C:\Windows\System32\lltdres.dll
20:51:55.0945 3792 C:\Windows\System32\lltdres.dll - ok
20:51:55.0961 3792 [ 95F1EB99B81CFD6F581C85F0A0AA9B2B ] C:\Windows\System32\FirewallAPI.dll
20:51:55.0961 3792 C:\Windows\System32\FirewallAPI.dll - ok
20:51:55.0961 3792 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] C:\Windows\System32\mmcss.dll
20:51:55.0961 3792 C:\Windows\System32\mmcss.dll - ok
20:51:55.0961 3792 [ EA822412BBBA9B7D2B1A3748AD50EFB8 ] C:\Windows\System32\iscsidsc.dll
20:51:55.0961 3792 C:\Windows\System32\iscsidsc.dll - ok
20:51:55.0976 3792 [ ED21401F1E2F6BC2F54C462BB66D0D6B ] C:\Windows\System32\msimsg.dll
20:51:55.0976 3792 C:\Windows\System32\msimsg.dll - ok
20:51:55.0976 3792 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] C:\Windows\System32\QAGENTRT.DLL
20:51:55.0976 3792 C:\Windows\System32\QAGENTRT.DLL - ok
20:51:55.0976 3792 [ C8052711DAECC48B982434C5116CA401 ] C:\Windows\System32\netman.dll
20:51:55.0976 3792 C:\Windows\System32\netman.dll - ok
20:51:55.0992 3792 [ 4EF5DF1B011B05737ECB8F0B7B171510 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelInstallRC.dll
20:51:55.0992 3792 C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelInstallRC.dll - ok
20:51:55.0992 3792 [ ED640F4CE585058119B824CC76591D9C ] C:\Windows\System32\netprof.dll
20:51:55.0992 3792 C:\Windows\System32\netprof.dll - ok
20:51:56.0008 3792 [ 77C61B93D15CB4EFCDEEBB4A3A7A5938 ] C:\Program Files\Microsoft Security Client\MpAsDesc.dll
20:51:56.0008 3792 C:\Program Files\Microsoft Security Client\MpAsDesc.dll - ok
20:51:56.0008 3792 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] C:\Windows\System32\nsisvc.dll
20:51:56.0008 3792 C:\Windows\System32\nsisvc.dll - ok
20:51:56.0008 3792 [ 0C8E8E61AD1EB0B250B846712C917506 ] C:\Windows\System32\p2psvc.dll
20:51:56.0008 3792 C:\Windows\System32\p2psvc.dll - ok
20:51:56.0023 3792 [ C6276AD11F4BB49B58AA1ED88537F14A ] C:\Windows\System32\pcasvc.dll
20:51:56.0023 3792 C:\Windows\System32\pcasvc.dll - ok
20:51:56.0023 3792 [ B1689DF169143F57053F795390C99DB3 ] C:\Windows\System32\pla.dll
20:51:56.0023 3792 C:\Windows\System32\pla.dll - ok
20:51:56.0023 3792 [ C5E7F8A996EC0A82D508FD9064A5569E ] C:\Windows\System32\umpnpmgr.dll
20:51:56.0023 3792 C:\Windows\System32\umpnpmgr.dll - ok
20:51:56.0039 3792 [ 64B28D672B5B6A01E87B0C3096B1E047 ] C:\Windows\System32\polstore.dll
20:51:56.0039 3792 C:\Windows\System32\polstore.dll - ok
20:51:56.0039 3792 [ 0508FAA222D28835310B7BFCA7A77346 ] C:\Windows\System32\profsvc.dll
20:51:56.0039 3792 C:\Windows\System32\profsvc.dll - ok
20:51:56.0054 3792 [ 08F9134A2215B7ED985409A4DF60AC60 ] C:\Windows\System32\psbase.dll
20:51:56.0054 3792 C:\Windows\System32\psbase.dll - ok
20:51:56.0054 3792 [ E9ECAE663F47E6CB43962D18AB18890F ] C:\Windows\System32\qwave.dll
20:51:56.0054 3792 C:\Windows\System32\qwave.dll - ok
20:51:56.0054 3792 [ 9F5E0E1926014D17486901C88ECA2DB7 ] C:\Windows\System32\drivers\qwavedrv.sys
20:51:56.0054 3792 C:\Windows\System32\drivers\qwavedrv.sys - ok
20:51:56.0070 3792 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] C:\Windows\System32\rasauto.dll
20:51:56.0070 3792 C:\Windows\System32\rasauto.dll - ok
20:51:56.0070 3792 [ 75D47445D70CA6F9F894B032FBC64FCF ] C:\Windows\System32\rasmans.dll
20:51:56.0070 3792 C:\Windows\System32\rasmans.dll - ok
20:51:56.0070 3792 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] C:\Windows\System32\mprdim.dll
20:51:56.0070 3792 C:\Windows\System32\mprdim.dll - ok
20:51:56.0086 3792 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] C:\Windows\System32\sstpsvc.dll
20:51:56.0086 3792 C:\Windows\System32\sstpsvc.dll - ok
20:51:56.0086 3792 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] C:\Windows\System32\regsvc.dll
20:51:56.0086 3792 C:\Windows\System32\regsvc.dll - ok
20:51:56.0086 3792 [ 5123F83CBC4349D065534EEB6BBDC42B ] C:\Windows\System32\Locator.exe
20:51:56.0086 3792 C:\Windows\System32\Locator.exe - ok
20:51:56.0101 3792 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] C:\Windows\System32\SCardSvr.dll
20:51:56.0101 3792 C:\Windows\System32\SCardSvr.dll - ok
20:51:56.0101 3792 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] C:\Windows\System32\schedsvc.dll
20:51:56.0101 3792 C:\Windows\System32\schedsvc.dll - ok
20:51:56.0101 3792 [ 716313D9F6B0529D03F726D5AAF6F191 ] C:\Windows\System32\sdrsvc.dll
20:51:56.0101 3792 C:\Windows\System32\sdrsvc.dll - ok
20:51:56.0117 3792 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] C:\Windows\System32\seclogon.dll
20:51:56.0117 3792 C:\Windows\System32\seclogon.dll - ok
20:51:56.0117 3792 [ A9BBAB5759771E523F55563D6CBE140F ] C:\Windows\System32\Sens.dll
20:51:56.0117 3792 C:\Windows\System32\Sens.dll - ok
20:51:56.0132 3792 [ D2193326F729B163125610DBF3E17D57 ] C:\Windows\System32\SessEnv.dll
20:51:56.0132 3792 C:\Windows\System32\SessEnv.dll - ok
20:51:56.0132 3792 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] C:\Windows\System32\ipnathlp.dll
20:51:56.0132 3792 C:\Windows\System32\ipnathlp.dll - ok
20:51:56.0132 3792 [ C7230FBEE14437716701C15BE02C27B8 ] C:\Windows\System32\shsvcs.dll
20:51:56.0132 3792 C:\Windows\System32\shsvcs.dll - ok
20:51:56.0148 3792 [ 862BB4CBC05D80C5B45BE430E5EF872F ] C:\Windows\System32\SLsvc.exe
20:51:56.0148 3792 C:\Windows\System32\SLsvc.exe - ok
20:51:56.0148 3792 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] C:\Windows\System32\SLUINotify.dll
20:51:56.0148 3792 C:\Windows\System32\SLUINotify.dll - ok
20:51:56.0148 3792 [ E4060CFE50F87C72316CB0FDB20E4913 ] C:\Windows\System32\tcpipcfg.dll
20:51:56.0148 3792 C:\Windows\System32\tcpipcfg.dll - ok
20:51:56.0164 3792 [ 2A146A055B4401C16EE62D18B8E2A032 ] C:\Windows\System32\snmptrap.exe
20:51:56.0164 3792 C:\Windows\System32\snmptrap.exe - ok
20:51:56.0164 3792 [ 8554097E5136C3BF9F69FE578A1B35F4 ] C:\Windows\System32\spoolsv.exe
20:51:56.0164 3792 C:\Windows\System32\spoolsv.exe - ok
20:51:56.0164 3792 [ 03D50B37234967433A5EA5BA72BC0B62 ] C:\Windows\System32\ssdpsrv.dll
20:51:56.0164 3792 C:\Windows\System32\ssdpsrv.dll - ok
20:51:56.0179 3792 [ F21FD248040681CCA1FB6C9A03AAA93D ] C:\Windows\System32\swprv.dll
20:51:56.0179 3792 C:\Windows\System32\swprv.dll - ok
20:51:56.0179 3792 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] C:\Windows\System32\wiaservc.dll
20:51:56.0179 3792 C:\Windows\System32\wiaservc.dll - ok
20:51:56.0179 3792 [ 9A51B04E9886AA4EE90093586B0BA88D ] C:\Windows\System32\sysmain.dll
20:51:56.0179 3792 C:\Windows\System32\sysmain.dll - ok
20:51:56.0195 3792 [ D7673E4B38CE21EE54C59EEEB65E2483 ] C:\Windows\System32\tapisrv.dll
20:51:56.0195 3792 C:\Windows\System32\tapisrv.dll - ok
20:51:56.0195 3792 [ CB05822CD9CC6C688168E113C603DBE7 ] C:\Windows\System32\tbssvc.dll
20:51:56.0195 3792 C:\Windows\System32\tbssvc.dll - ok
20:51:56.0210 3792 [ BB95DA09BEF6E7A131BFF3BA5032090D ] C:\Windows\System32\termsrv.dll
20:51:56.0210 3792 C:\Windows\System32\termsrv.dll - ok
20:51:56.0210 3792 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] C:\Windows\servicing\TrustedInstaller.exe
20:51:56.0210 3792 C:\Windows\servicing\TrustedInstaller.exe - ok
20:51:56.0210 3792 [ ECEF404F62863755951E09C802C94AD5 ] C:\Windows\System32\UI0Detect.exe
20:51:56.0210 3792 C:\Windows\System32\UI0Detect.exe - ok
20:51:56.0226 3792 [ 68308183F4AE0BE7BF8ECD07CB297999 ] C:\Windows\System32\upnphost.dll
20:51:56.0226 3792 C:\Windows\System32\upnphost.dll - ok
20:51:56.0226 3792 [ 01DD1004181FD46ECDC3628228EB269D ] C:\Windows\System32\dwm.exe
20:51:56.0226 3792 C:\Windows\System32\dwm.exe - ok
20:51:56.0226 3792 [ CD88D1B7776DC17A119049742EC07EB4 ] C:\Windows\System32\vds.exe
20:51:56.0226 3792 C:\Windows\System32\vds.exe - ok
20:51:56.0242 3792 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] C:\Windows\System32\VSSVC.exe
20:51:56.0242 3792 C:\Windows\System32\VSSVC.exe - ok
20:51:56.0242 3792 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] C:\Windows\System32\w32time.dll
20:51:56.0304 3792 C:\Windows\System32\w32time.dll - ok
20:51:56.0304 3792 [ A3CD60FD826381B49F03832590E069AF ] C:\Windows\System32\wcncsvc.dll
20:51:56.0304 3792 C:\Windows\System32\wcncsvc.dll - ok
20:51:56.0304 3792 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] C:\Windows\System32\WcsPlugInService.dll
20:51:56.0304 3792 C:\Windows\System32\WcsPlugInService.dll - ok
20:51:56.0320 3792 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] C:\Windows\System32\wdi.dll
20:51:56.0320 3792 C:\Windows\System32\wdi.dll - ok
20:51:56.0320 3792 [ AE3736E7E8892241C23E4EBBB7453B60 ] C:\Windows\System32\wecsvc.dll
20:51:56.0320 3792 C:\Windows\System32\wecsvc.dll - ok
20:51:56.0320 3792 [ 670FF720071ED741206D69BD995EA453 ] C:\Windows\System32\wercplsupport.dll
20:51:56.0320 3792 C:\Windows\System32\wercplsupport.dll - ok
20:51:56.0335 3792 [ 32B88481D3B326DA6DEB07B1D03481E7 ] C:\Windows\System32\wersvc.dll
20:51:56.0335 3792 C:\Windows\System32\wersvc.dll - ok
20:51:56.0335 3792 [ 62DB790A860CDFC4278D2F03CC5675D8 ] C:\Program Files\Windows Defender\MsMpRes.dll
20:51:56.0335 3792 C:\Program Files\Windows Defender\MsMpRes.dll - ok
20:51:56.0335 3792 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] C:\Windows\System32\wbem\WMIsvc.dll
20:51:56.0335 3792 C:\Windows\System32\wbem\WMIsvc.dll - ok
20:51:56.0351 3792 [ DBD02E3E6F061EBBBF9B99A9D7CBA30B ] C:\Windows\System32\winhttp.dll
20:51:56.0351 3792 C:\Windows\System32\winhttp.dll - ok
20:51:56.0351 3792 [ 7CFE68BDC065E55AA5E8421607037511 ] C:\Windows\System32\WsmSvc.dll
20:51:56.0351 3792 C:\Windows\System32\WsmSvc.dll - ok
20:51:56.0351 3792 [ 43BE3875207DCB62A85C8C49970B66CC ] C:\Windows\System32\wbem\WmiApSrv.exe
20:51:56.0351 3792 C:\Windows\System32\wbem\WmiApSrv.exe - ok
20:51:56.0366 3792 [ C008405E4FEEB069E30DA1D823910234 ] C:\Windows\System32\wlansvc.dll
20:51:56.0366 3792 C:\Windows\System32\wlansvc.dll - ok
20:51:56.0366 3792 [ 3978704576A121A9204F8CC49A301A9B ] C:\Program Files\Windows Media Player\wmpnetwk.exe
20:51:56.0366 3792 C:\Program Files\Windows Media Player\wmpnetwk.exe - ok
20:51:56.0366 3792 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] C:\Windows\System32\wpcsvc.dll
20:51:56.0366 3792 C:\Windows\System32\wpcsvc.dll - ok
20:51:56.0382 3792 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:51:56.0382 3792 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe - ok
20:51:56.0382 3792 [ 801FBDB89D472B3C467EB112A0FC9246 ] C:\Windows\System32\wpdbusenum.dll
20:51:56.0382 3792 C:\Windows\System32\wpdbusenum.dll - ok
20:51:56.0382 3792 [ 1CA6C40261DDC0425987980D0CD2AAAB ] C:\Windows\System32\wscsvc.dll
20:51:56.0382 3792 C:\Windows\System32\wscsvc.dll - ok
20:51:56.0398 3792 [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\Windows\System32\wuaueng.dll
20:51:56.0398 3792 C:\Windows\System32\wuaueng.dll - ok
20:51:56.0398 3792 [ 575A4190D989F64732119E4114045A4F ] C:\Windows\System32\WUDFSvc.dll
20:51:56.0398 3792 C:\Windows\System32\WUDFSvc.dll - ok
20:51:56.0413 3792 [ 8FC182167381E9915651267044105EE1 ] C:\Windows\System32\scecli.dll
20:51:56.0413 3792 C:\Windows\System32\scecli.dll - ok
20:51:56.0413 3792 [ CD08EEC61C591AF59A39F4363C567D30 ] C:\Windows\System32\ntmarta.dll
20:51:56.0413 3792 C:\Windows\System32\ntmarta.dll - ok
20:51:56.0413 3792 [ 3794B461C45882E06856F282EEF025AF ] C:\Windows\System32\svchost.exe
20:51:56.0413 3792 C:\Windows\System32\svchost.exe - ok
20:51:56.0429 3792 [ 9A7F4B2EDACD11444D048AA19CBB26AF ] C:\Windows\System32\powrprof.dll
20:51:56.0429 3792 C:\Windows\System32\powrprof.dll - ok
20:51:56.0429 3792 [ 8F5C7426567798E62A3B3614965D62CC ] C:\Windows\System32\drivers\luafv.sys
20:51:56.0429 3792 C:\Windows\System32\drivers\luafv.sys - ok
20:51:56.0429 3792 [ B7A8148CA23C6A55712002ED317A75D9 ] C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
20:51:56.0429 3792 C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE - ok
20:51:56.0444 3792 [ 205CBE408A76F5FBDEF1BB0A509083BD ] C:\PROGRA~1\ENIGMA~1\SPYHUN~1\Common.dll
20:51:56.0444 3792 C:\PROGRA~1\ENIGMA~1\SPYHUN~1\Common.dll - ok
20:51:56.0444 3792 [ BE3C082837866C4C291ADAF163C10EA6 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
20:51:56.0444 3792 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll - ok
20:51:56.0444 3792 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] C:\Windows\System32\rpcss.dll
20:51:56.0444 3792 C:\Windows\System32\rpcss.dll - ok
20:51:56.0460 3792 [ 69827805A221C21450BA22F4326A2EE3 ] C:\Windows\System32\version.dll
20:51:56.0460 3792 C:\Windows\System32\version.dll - ok
20:51:56.0460 3792 [ 4575AA12561C5648483403541D0D7F2B ] C:\Program Files\Windows Defender\MpSvc.dll
20:51:56.0460 3792 C:\Program Files\Windows Defender\MpSvc.dll - ok
20:51:56.0460 3792 [ E253E5DA1249A471D913F7EA4C81FAF6 ] C:\Windows\System32\wintrust.dll
20:51:56.0460 3792 C:\Windows\System32\wintrust.dll - ok
20:51:56.0476 3792 [ 62D577288B48998FC6667BF22DC5B690 ] C:\Windows\System32\LogonUI.exe
20:51:56.0476 3792 C:\Windows\System32\LogonUI.exe - ok
20:51:56.0476 3792 [ 1BD363738B672A394EBE3B8A78EAB9D3 ] C:\Program Files\Windows Defender\MpClient.dll
20:51:56.0476 3792 C:\Program Files\Windows Defender\MpClient.dll - ok
20:51:56.0476 3792 [ 58C2521D87C494831A625202C80354AD ] C:\Windows\System32\authui.dll
20:51:56.0476 3792 C:\Windows\System32\authui.dll - ok
20:51:56.0491 3792 [ DA887F28054D78EE8637BEBB924A2DB5 ] C:\Windows\System32\slwga.dll
20:51:56.0491 3792 C:\Windows\System32\slwga.dll - ok
20:51:56.0491 3792 [ F42483814FC39170B3982A184EC5AAA2 ] C:\Windows\System32\wtsapi32.dll
20:51:56.0491 3792 C:\Windows\System32\wtsapi32.dll - ok
20:51:56.0491 3792 [ 5CAAE5333EF36DB4A8D294418AB37E80 ] C:\Windows\System32\p2pcollab.dll
20:51:56.0491 3792 C:\Windows\System32\p2pcollab.dll - ok
20:51:56.0507 3792 [ 2EC53B5A351C4D443896DBAD117F7E82 ] C:\Windows\System32\msimg32.dll
20:51:56.0507 3792 C:\Windows\System32\msimg32.dll - ok
20:51:56.0507 3792 [ 999D69DEB576C2C424294DF025891CC6 ] C:\Windows\System32\uxtheme.dll
20:51:56.0507 3792 C:\Windows\System32\uxtheme.dll - ok
20:51:56.0507 3792 [ 76EAEF4DDEBBC7C38853F586C0E91DCE ] C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\GdiPlus.dll
20:51:56.0507 3792 C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\GdiPlus.dll - ok
20:51:56.0522 3792 [ 75EB73E64F5B4655D9797D20F26DE320 ] C:\Windows\System32\duser.dll
20:51:56.0522 3792 C:\Windows\System32\duser.dll - ok
20:51:56.0522 3792 [ 1908CC7673F72601AFFDCA022689CEDF ] C:\Windows\System32\xmllite.dll
20:51:56.0522 3792 C:\Windows\System32\xmllite.dll - ok
20:51:56.0522 3792 [ 56B5914070B2C243DFB3D186070DA89D ] C:\Windows\System32\MMDevAPI.dll
20:51:56.0522 3792 C:\Windows\System32\MMDevAPI.dll - ok
20:51:56.0538 3792 [ C9244BCAC83B259B920BBEE18A97BFE1 ] C:\Windows\System32\avrt.dll
20:51:56.0538 3792 C:\Windows\System32\avrt.dll - ok
20:51:56.0538 3792 [ 399BB52AD0668472717498E97CF28341 ] C:\Windows\System32\WUDFPlatform.dll
20:51:56.0538 3792 C:\Windows\System32\WUDFPlatform.dll - ok
20:51:56.0554 3792 [ EC43D9CC95C3BB5FEFDBCF22D375E1F5 ] C:\Windows\System32\adtschema.dll
20:51:56.0554 3792 C:\Windows\System32\adtschema.dll - ok
20:51:56.0554 3792 [ A6BA7D5FA682F6F2B0D87648DA55A561 ] C:\Windows\System32\BtwCP.dll
20:51:56.0554 3792 C:\Windows\System32\BtwCP.dll - ok
20:51:56.0554 3792 [ C9564CF4976E7E96B4052737AA2492B4 ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
20:51:56.0554 3792 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - ok
20:51:56.0569 3792 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] C:\Windows\System32\drivers\fltMgr.sys
20:51:56.0569 3792 C:\Windows\System32\drivers\fltMgr.sys - ok
20:51:56.0569 3792 [ 8269CC01940A202BBB9FDF26705DBD67 ] C:\Windows\System32\hid.dll
20:51:56.0569 3792 C:\Windows\System32\hid.dll - ok
20:51:56.0569 3792 [ B25DBBA6C63A61FF4AFDB5ADAB4E70CB ] C:\Windows\System32\SmartcardCredentialProvider.dll
20:51:56.0569 3792 C:\Windows\System32\SmartcardCredentialProvider.dll - ok
20:51:56.0585 3792 [ 9DC3723519F52B6BC63EACD4BD411313 ] C:\Windows\System32\rasplap.dll
20:51:56.0585 3792 C:\Windows\System32\rasplap.dll - ok
20:51:56.0585 3792 [ 22F73612087430A94DBE912AB58E0C79 ] C:\Windows\System32\ci.dll
20:51:56.0585 3792 C:\Windows\System32\ci.dll - ok
20:51:56.0585 3792 [ 3CB863B78642405371CB3A71C07E2382 ] C:\Windows\System32\rasapi32.dll
20:51:56.0585 3792 C:\Windows\System32\rasapi32.dll - ok
20:51:56.0600 3792 [ 3A1DDA77F331D107BA40DB06E4D666E9 ] C:\Windows\System32\rasman.dll
20:51:56.0600 3792 C:\Windows\System32\rasman.dll - ok
20:51:56.0600 3792 [ 70F08ECE7A30A639D3F0C8C433685C7D ] C:\Windows\System32\tapi32.dll
20:51:56.0600 3792 C:\Windows\System32\tapi32.dll - ok
20:51:56.0600 3792 [ 57418956DDAE128D1023C508E7D07071 ] C:\Windows\System32\PSHED.DLL
20:51:56.0600 3792 C:\Windows\System32\PSHED.DLL - ok
20:51:56.0616 3792 [ 3D418A22A56471295AEB1CEB9027C3DA ] C:\Windows\System32\rtutils.dll
20:51:56.0616 3792 C:\Windows\System32\rtutils.dll - ok
20:51:56.0616 3792 [ 14FF750EFE13B0C21E5A06507C3A97B1 ] C:\Windows\System32\winmm.dll
20:51:56.0616 3792 C:\Windows\System32\winmm.dll - ok
20:51:56.0616 3792 [ DC15AB7168C0309D8F04FD95B6240422 ] C:\Windows\System32\oleacc.dll
20:51:56.0616 3792 C:\Windows\System32\oleacc.dll - ok
20:51:56.0632 3792 [ 627920CFF5DFCF8CF54CF2D592D61307 ] C:\Windows\System32\WinSCard.dll
20:51:56.0632 3792 C:\Windows\System32\WinSCard.dll - ok
20:51:56.0632 3792 [ 12A1DF1B84FB45A00D47B2CDE2CEEBBA ] C:\Windows\System32\shgina.dll
20:51:56.0632 3792 C:\Windows\System32\shgina.dll - ok
20:51:56.0647 3792 [ 7DACD94118E2D8B6D72F47ADEB0367BF ] C:\Windows\System32\propsys.dll
20:51:56.0647 3792 C:\Windows\System32\propsys.dll - ok
20:51:56.0647 3792 [ 70932D6C3D59B416CBD2BE5A3B3D4BE6 ] C:\Windows\System32\shacct.dll
20:51:56.0647 3792 C:\Windows\System32\shacct.dll - ok
20:51:56.0647 3792 [ AEFD5E1D91B86AB41D9705600303F34E ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1DB0B663-BE99-4AB7-8104-CC1318E2293B}\mpengine.dll
20:51:56.0647 3792 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1DB0B663-BE99-4AB7-8104-CC1318E2293B}\mpengine.dll - ok
20:51:56.0663 3792 [ 3437B9E218A2E4586BEF4F7A3BD00777 ] C:\Windows\System32\audiodg.exe
20:51:56.0663 3792 C:\Windows\System32\audiodg.exe - ok
20:51:56.0663 3792 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] C:\Windows\System32\gpsvc.dll
20:51:56.0663 3792 C:\Windows\System32\gpsvc.dll - ok
20:51:56.0678 3792 [ D1A84F7D4CAFCFE2A32149FF418056E5 ] C:\Windows\System32\nlaapi.dll
20:51:56.0678 3792 C:\Windows\System32\nlaapi.dll - ok
20:51:56.0678 3792 [ 409F36C8BD06FCE184631EB4142B009A ] C:\Windows\System32\atl.dll
20:51:56.0678 3792 C:\Windows\System32\atl.dll - ok
20:51:56.0678 3792 [ 67058C46504BC12D821F38CF99B7B28F ] C:\Windows\System32\es.dll
20:51:56.0678 3792 C:\Windows\System32\es.dll - ok
20:51:56.0694 3792 [ 1509E705F3AC1D474C92454A5C2DD81F ] C:\Windows\System32\uxsms.dll
20:51:56.0694 3792 C:\Windows\System32\uxsms.dll - ok
20:51:56.0694 3792 [ D1C5883087A0C3F1344D9D55A44901F6 ] C:\Windows\System32\drivers\lltdio.sys
20:51:56.0694 3792 C:\Windows\System32\drivers\lltdio.sys - ok
20:51:56.0710 3792 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] C:\Windows\System32\drivers\nwifi.sys
20:51:56.0710 3792 C:\Windows\System32\drivers\nwifi.sys - ok
20:51:56.0710 3792 [ D6973AA34C4D5D76C0430B181C3CD389 ] C:\Windows\System32\drivers\ndisuio.sys
20:51:56.0710 3792 C:\Windows\System32\drivers\ndisuio.sys - ok
20:51:56.0710 3792 [ 9C508F4074A39E8B4B31D27198146FAD ] C:\Windows\System32\drivers\rspndr.sys
20:51:56.0710 3792 C:\Windows\System32\drivers\rspndr.sys - ok
20:51:56.0725 3792 [ 6836D001FC733F205ACB80A7986CB6C9 ] C:\Windows\System32\WindowsCodecs.dll
20:51:56.0725 3792 C:\Windows\System32\WindowsCodecs.dll - ok
20:51:56.0725 3792 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] C:\Windows\System32\dnsrslvr.dll
20:51:56.0725 3792 C:\Windows\System32\dnsrslvr.dll - ok
20:51:56.0725 3792 [ A7F8BAD9590ADDC425B4003E94780DFA ] C:\Windows\System32\drivers\spsys.sys
20:51:56.0725 3792 C:\Windows\System32\drivers\spsys.sys - ok
20:51:56.0741 3792 [ 66ADDF8355C54BC22462EC5F39B4C4FB ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1DB0B663-BE99-4AB7-8104-CC1318E2293B}\mpasbase.vdm
20:51:56.0741 3792 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1DB0B663-BE99-4AB7-8104-CC1318E2293B}\mpasbase.vdm - ok
20:51:56.0741 3792 [ 3AB4023CBD406AC33AB8CDFF6C8079A0 ] C:\Windows\System32\eapphost.dll
20:51:56.0741 3792 C:\Windows\System32\eapphost.dll - ok
20:51:56.0741 3792 [ 6CDB3406B41B5851F788DE287D7EF6E3 ] C:\Program Files\Cisco\Cisco LEAP Module\CiscoEapLeap.dll
20:51:56.0741 3792 C:\Program Files\Cisco\Cisco LEAP Module\CiscoEapLeap.dll - ok
20:51:56.0756 3792 [ D0D93E9CAFCFF7C0AFF51638544B0A3E ] C:\Program Files\Cisco\Cisco PEAP Module\CiscoEapPeap.dll
20:51:56.0756 3792 C:\Program Files\Cisco\Cisco PEAP Module\CiscoEapPeap.dll - ok
20:51:56.0756 3792 [ AFDCEF7AAC3EB412EEB21E85490046CE ] C:\Program Files\Cisco\Cisco EAP-FAST Module\CiscoEapFast.dll
20:51:56.0756 3792 C:\Program Files\Cisco\Cisco EAP-FAST Module\CiscoEapFast.dll - ok
20:51:56.0772 3792 [ 3B0489DE8CC3058B48471660C60A7B75 ] C:\Windows\System32\rastls.dll
20:51:56.0772 3792 C:\Windows\System32\rastls.dll - ok
20:51:56.0772 3792 [ D0DD13194AC45A92C77ED1985A051D2D ] C:\Windows\System32\btrez.dll
20:51:56.0772 3792 C:\Windows\System32\btrez.dll - ok
20:51:56.0772 3792 [ 82A79D5BE740D0AE9C91AA6DE4B3AC5A ] C:\Windows\System32\raschap.dll
20:51:56.0772 3792 C:\Windows\System32\raschap.dll - ok
20:51:56.0788 3792 [ 3727F8B85E24BBDD325BFF75F029DDE3 ] C:\Windows\System32\wlanmsm.dll
20:51:56.0788 3792 C:\Windows\System32\wlanmsm.dll - ok
20:51:56.0788 3792 [ E45051C374F845EDF3DB02A35BA13193 ] C:\Windows\System32\umb.dll
20:51:56.0788 3792 C:\Windows\System32\umb.dll - ok
20:51:56.0788 3792 [ 4662AF853DFAD5648CE3814E7D9EF3D6 ] C:\Windows\System32\wlansec.dll
20:51:56.0788 3792 C:\Windows\System32\wlansec.dll - ok
20:51:56.0803 3792 [ B64AC7967D6B9FB2D6152AC768A1CB88 ] C:\Windows\System32\onex.dll
20:51:56.0803 3792 C:\Windows\System32\onex.dll - ok
20:51:56.0803 3792 [ 9D9FFC923FADBB575E0452EA0BBB15BD ] C:\Windows\System32\eappprxy.dll
20:51:56.0803 3792 C:\Windows\System32\eappprxy.dll - ok
20:51:56.0803 3792 [ 5D0FE613570CABE3992F7DBCD68E61D1 ] C:\Windows\System32\eappcfg.dll
20:51:56.0803 3792 C:\Windows\System32\eappcfg.dll - ok
20:51:56.0819 3792 [ 91D995A67D9447592A1BF21CBC15C628 ] C:\Windows\System32\wlgpclnt.dll
20:51:56.0819 3792 C:\Windows\System32\wlgpclnt.dll - ok
20:51:56.0819 3792 [ 19FFAD68A02AF1BF0BC336EE26CD6767 ] C:\Windows\System32\l2gpstore.dll
20:51:56.0819 3792 C:\Windows\System32\l2gpstore.dll - ok
20:51:56.0819 3792 [ EB2170D0DDF3B2A92506AE16BC524B0B ] C:\Windows\System32\wlanutil.dll
20:51:56.0819 3792 C:\Windows\System32\wlanutil.dll - ok
20:51:56.0834 3792 [ 024528E25BBE8768536861EA09BE1672 ] C:\Windows\System32\msxml6.dll
20:51:56.0834 3792 C:\Windows\System32\msxml6.dll - ok
20:51:56.0834 3792 [ 35ACD5EA63D75E97DD0E9A1629E582B2 ] C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll
20:51:56.0834 3792 C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll - ok
20:51:56.0850 3792 [ CA0B849566776A17F35F0339BE17DFD9 ] C:\Windows\System32\ktmw32.dll
20:51:56.0850 3792 C:\Windows\System32\ktmw32.dll - ok
20:51:56.0850 3792 [ 23C3A0680042C0D1DE1F360F8B62BC57 ] C:\Windows\System32\wlanext.exe
20:51:56.0850 3792 C:\Windows\System32\wlanext.exe - ok
20:51:56.0866 3792 [ C1589AA803EDE572C380EFB0D4EAA208 ] C:\Windows\System32\iwmssvc.dll
20:51:56.0928 3792 C:\Windows\System32\iwmssvc.dll - ok
20:51:56.0928 3792 [ 2A6A2C09ECC2CB495628E45F1379ECE8 ] C:\Windows\System32\taskcomp.dll
20:51:56.0928 3792 C:\Windows\System32\taskcomp.dll - ok
20:51:56.0928 3792 [ 5EC8FB83F31AA2D6F421F02C3F4F4475 ] C:\Windows\System32\winspool.drv
20:51:56.0928 3792 C:\Windows\System32\winspool.drv - ok
20:51:56.0944 3792 [ F870AA3E254628EBEAFE754108D664DE ] C:\Windows\System32\drivers\http.sys
20:51:56.0944 3792 C:\Windows\System32\drivers\http.sys - ok
20:51:56.0944 3792 [ 17C0E094BEE5BC03CF491972F71AA6EF ] C:\Windows\System32\wlanapi.dll
20:51:56.0944 3792 C:\Windows\System32\wlanapi.dll - ok
20:51:56.0944 3792 [ 11ADD8816D61A6025844EB5123EC92D3 ] C:\Program Files\Common Files\Intel\WirelessCommon\libeay32.dll
20:51:56.0944 3792 C:\Program Files\Common Files\Intel\WirelessCommon\libeay32.dll - ok
20:51:56.0959 3792 [ CEB026E2CEA75EADA1847BF6818E1739 ] C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1DB0B663-BE99-4AB7-8104-CC1318E2293B}\mpasdlta.vdm
20:51:56.0959 3792 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1DB0B663-BE99-4AB7-8104-CC1318E2293B}\mpasdlta.vdm - ok
20:51:56.0959 3792 [ 1F5AFD468EB5E09E9ED75A087529EAB5 ] C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80.dll
20:51:56.0959 3792 C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80.dll - ok
20:51:56.0975 3792 [ E79FDA8D320147FDC347C504B3487F87 ] C:\Windows\System32\spoolss.dll
20:51:56.0975 3792 C:\Windows\System32\spoolss.dll - ok
20:51:56.0975 3792 [ 73FE2E5FA55088A241AA2732F5D387D6 ] C:\Windows\System32\wiarpc.dll
20:51:56.0975 3792 C:\Windows\System32\wiarpc.dll - ok
20:51:56.0975 3792 [ 7605C0E1D01A08F3ECD743F38B834A44 ] C:\Windows\System32\drivers\srvnet.sys
20:51:56.0975 3792 C:\Windows\System32\drivers\srvnet.sys - ok
20:51:56.0990 3792 [ B0D12F4344EB2AE96E487D2DF6F74413 ] C:\Windows\System32\FWPUCLNT.DLL
20:51:56.0990 3792 C:\Windows\System32\FWPUCLNT.DLL - ok
20:51:56.0990 3792 [ 8A0F4ED15F0A80919A872DA080BB547C ] C:\Program Files\Common Files\Intel\WirelessCommon\PsRegApi.dll
20:51:56.0990 3792 C:\Program Files\Common Files\Intel\WirelessCommon\PsRegApi.dll - ok
20:51:56.0990 3792 [ E582816A4855914DEFFC212E12B3B744 ] C:\Windows\System32\wsock32.dll
20:51:56.0990 3792 C:\Windows\System32\wsock32.dll - ok
20:51:57.0006 3792 [ 28A09777D2D952122567A8A82F1A2C7B ] C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll
20:51:57.0006 3792 C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll - ok
20:51:57.0006 3792 [ B842707B73E86370E7056379137349EF ] C:\Program Files\Common Files\Intel\WirelessCommon\TraceAPI.dll
20:51:57.0006 3792 C:\Program Files\Common Files\Intel\WirelessCommon\TraceAPI.dll - ok
20:51:57.0006 3792 [ 80203240CE6C9F74879A1AD0C319EFF7 ] C:\Program Files\Intel\WiFi\bin\KmmdlPlugins\ccxplugin.dll
20:51:57.0006 3792 C:\Program Files\Intel\WiFi\bin\KmmdlPlugins\ccxplugin.dll - ok
20:51:57.0006 3792 [ C0ABD66F31C0B84CD944802E6D3D02C2 ] C:\Windows\System32\bthprops.cpl
20:51:57.0022 3792 C:\Windows\System32\bthprops.cpl - ok
20:51:57.0022 3792 [ 35F376253F687BDE63976CCB3F2108CA ] C:\Windows\System32\drivers\bowser.sys
20:51:57.0022 3792 C:\Windows\System32\drivers\bowser.sys - ok
20:51:57.0022 3792 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] C:\Windows\System32\drivers\mpsdrv.sys
20:51:57.0022 3792 C:\Windows\System32\drivers\mpsdrv.sys - ok
20:51:57.0037 3792 [ 5DE62C6E9108F14F6794060A9BDECAEC ] C:\Windows\System32\MPSSVC.dll
20:51:57.0037 3792 C:\Windows\System32\MPSSVC.dll - ok
20:51:57.0037 3792 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] C:\Windows\System32\drivers\mrxsmb.sys
20:51:57.0037 3792 C:\Windows\System32\drivers\mrxsmb.sys - ok
20:51:57.0037 3792 [ 0745D6EAD386710110817FBEC03F5161 ] C:\Windows\System32\wfapigp.dll
20:51:57.0037 3792 C:\Windows\System32\wfapigp.dll - ok
20:51:57.0053 3792 [ 35D40113E4A5B961B6CE5C5857702518 ] C:\Windows\System32\lmhsvc.dll
20:51:57.0053 3792 C:\Windows\System32\lmhsvc.dll - ok
20:51:57.0053 3792 [ 5F1DEC3824E566457F53F24F493FEF08 ] C:\Windows\System32\mscms.dll
20:51:57.0053 3792 C:\Windows\System32\mscms.dll - ok
20:51:57.0053 3792 [ E223D2851906B84F52E1B75EA16198F9 ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll
20:51:57.0053 3792 C:\Windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelEvents.dll - ok
20:51:57.0068 3792 [ E230F3776F373F4C5E788794B53101E4 ] C:\Windows\System32\plasrv.exe
20:51:57.0068 3792 C:\Windows\System32\plasrv.exe - ok
20:51:57.0068 3792 [ 1311171CF8F6D2954441EF2A42693035 ] C:\Windows\System32\WsmRes.dll
20:51:57.0068 3792 C:\Windows\System32\WsmRes.dll - ok
20:51:57.0068 3792 [ 9C9388C22E6C1367E1513926EF51EFF7 ] C:\Program Files\Common Files\System\ado\msado15.dll
20:51:57.0068 3792 C:\Program Files\Common Files\System\ado\msado15.dll - ok
20:51:57.0084 3792 [ 4FCCB34D793B116423209C0F8B7A3B03 ] C:\Windows\System32\drivers\mrxsmb10.sys
20:51:57.0084 3792 C:\Windows\System32\drivers\mrxsmb10.sys - ok
20:51:57.0084 3792 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] C:\Windows\System32\drivers\mrxsmb20.sys
20:51:57.0084 3792 C:\Windows\System32\drivers\mrxsmb20.sys - ok
20:51:57.0084 3792 [ 951F36219C7384C6ED6C9F44D45C5235 ] C:\Program Files\Common Files\System\Ole DB\oledb32.dll
20:51:57.0084 3792 C:\Program Files\Common Files\System\Ole DB\oledb32.dll - ok
20:51:57.0100 3792 [ 554ED6988E44FDF18941429E8B2CB652 ] C:\Windows\System32\msdart.dll
20:51:57.0100 3792 C:\Windows\System32\msdart.dll - ok
20:51:57.0100 3792 [ FF33AFF99564B1AA534F58868CBE41EF ] C:\Windows\System32\drivers\srv2.sys
20:51:57.0100 3792 C:\Windows\System32\drivers\srv2.sys - ok
20:51:57.0100 3792 [ 892125B60BA6C2A66F485A89C4A6B918 ] C:\Program Files\Common Files\System\Ole DB\oledb32r.dll
20:51:57.0100 3792 C:\Program Files\Common Files\System\Ole DB\oledb32r.dll - ok
20:51:57.0115 3792 [ 41987F9FC0E61ADF54F581E15029AD91 ] C:\Windows\System32\drivers\srv.sys
20:51:57.0115 3792 C:\Windows\System32\drivers\srv.sys - ok
20:51:57.0115 3792 [ 95A5497D129D95D12A46F7848AFFE1DB ] C:\Windows\System32\comsvcs.dll
20:51:57.0115 3792 C:\Windows\System32\comsvcs.dll - ok
20:51:57.0115 3792 [ A324D72A06C110152E7607745F39BFA1 ] C:\Windows\System32\netmsg.dll
20:51:57.0115 3792 C:\Windows\System32\netmsg.dll - ok
20:51:57.0131 3792 [ 2B13E9849ACC136E65AAE5ACC6A89826 ] C:\Program Files\Common Files\System\Ole DB\msdasql.dll
20:51:57.0131 3792 C:\Program Files\Common Files\System\Ole DB\msdasql.dll - ok
20:51:57.0131 3792 [ D333058925CE305E39DE8D5AD2B52A46 ] C:\Windows\System32\clusapi.dll
20:51:57.0131 3792 C:\Windows\System32\clusapi.dll - ok
20:51:57.0131 3792 [ 452341E471D2D961229DFE0842957272 ] C:\Windows\System32\sscore.dll
20:51:57.0131 3792 C:\Windows\System32\sscore.dll - ok
20:51:57.0146 3792 [ 6468C3FF6D0C7874FA8C619AF3E23B22 ] C:\Windows\System32\activeds.dll
20:51:57.0146 3792 C:\Windows\System32\activeds.dll - ok
20:51:57.0146 3792 [ C3D821190C04C6782B65CDF00896A7B0 ] C:\Program Files\Common Files\System\Ole DB\msdatl3.dll
20:51:57.0146 3792 C:\Program Files\Common Files\System\Ole DB\msdatl3.dll - ok
20:51:57.0162 3792 [ 862363973DCBCC31DD161EF41A69153C ] C:\Windows\System32\odbc32.dll
20:51:57.0162 3792 C:\Windows\System32\odbc32.dll - ok
20:51:57.0162 3792 [ E9B9C1B98C8D6D48407E1C1203EAC659 ] C:\Windows\System32\adsldpc.dll
20:51:57.0162 3792 C:\Windows\System32\adsldpc.dll - ok
20:51:57.0162 3792 [ 93E317D7AD783D8EAEE2E3500BFE889D ] C:\Windows\System32\credui.dll
20:51:57.0162 3792 C:\Windows\System32\credui.dll - ok
20:51:57.0178 3792 [ 0DAAF8032546D1B4543D7B101B53FD6C ] C:\Windows\System32\odbcint.dll
20:51:57.0178 3792 C:\Windows\System32\odbcint.dll - ok
20:51:57.0178 3792 [ 3E2F2CD837734A0577C9E392D7E73886 ] C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll
20:51:57.0178 3792 C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll - ok
20:51:57.0178 3792 [ B9F3FF52B84FD9E3CAFB29B8EE385E5B ] C:\Windows\System32\resutils.dll
20:51:57.0178 3792 C:\Windows\System32\resutils.dll - ok
20:51:57.0193 3792 [ 7CE1E4240F9FA41EE85683B9EEAB8767 ] C:\Windows\System32\msjet40.dll
20:51:57.0193 3792 C:\Windows\System32\msjet40.dll - ok
20:51:57.0193 3792 [ AA9AF23BD99F81784AF0C8F1EF4702AD ] C:\Windows\System32\odbcjt32.dll
20:51:57.0193 3792 C:\Windows\System32\odbcjt32.dll - ok
20:51:57.0209 3792 [ E0B787702BAF0CF4CEDF8F61B71F8383 ] C:\Windows\System32\mswstr10.dll
20:51:57.0209 3792 C:\Windows\System32\mswstr10.dll - ok
20:51:57.0209 3792 [ 9371540C7231BC156501AB933F269762 ] C:\Windows\System32\msjint40.dll
20:51:57.0209 3792 C:\Windows\System32\msjint40.dll - ok
20:51:57.0209 3792 [ 534FD777CB2684392411CE7BCBBDF78E ] C:\Windows\System32\msjter40.dll
20:51:57.0209 3792 C:\Windows\System32\msjter40.dll - ok
20:51:57.0224 3792 [ DA5599911D138F6A2B471B3A60478022 ] C:\Windows\System32\odbcji32.dll
20:51:57.0224 3792 C:\Windows\System32\odbcji32.dll - ok
20:51:57.0224 3792 [ A1B46928E107D770053E6B4D248298A5 ] C:\Windows\System32\odbccp32.dll
20:51:57.0224 3792 C:\Windows\System32\odbccp32.dll - ok
20:51:57.0240 3792 [ BE01E566D1F569AAB32D0335613E1EEA ] C:\Windows\System32\dllhost.exe
20:51:57.0240 3792 C:\Windows\System32\dllhost.exe - ok
20:51:57.0240 3792 [ 1DACD1530C6E58AEAE9F6DE7DA851935 ] C:\Windows\System32\shimeng.dll
20:51:57.0240 3792 C:\Windows\System32\shimeng.dll - ok
20:51:57.0240 3792 [ C411C80F90D6732380352B98B37BBD53 ] C:\Windows\System32\winrnr.dll
20:51:57.0240 3792 C:\Windows\System32\winrnr.dll - ok
20:51:57.0256 3792 [ EFA80360111D8D179E39E314A49C9ED4 ] C:\Windows\System32\wshbth.dll
20:51:57.0256 3792 C:\Windows\System32\wshbth.dll - ok
20:51:57.0256 3792 [ A7D525E5C0D91C8C1D84C6BCD25AD77D ] C:\Windows\System32\rasadhlp.dll
20:51:57.0256 3792 C:\Windows\System32\rasadhlp.dll - ok
20:51:57.0256 3792 [ 3F5F5A4D358126FA69C79FB15A4878B8 ] C:\Windows\System32\localspl.dll
20:51:57.0256 3792 C:\Windows\System32\localspl.dll - ok
20:51:57.0271 3792 [ F4E1AA5D59C849A4AB47E895DC76B9C8 ] C:\Windows\System32\sfc.dll
20:51:57.0271 3792 C:\Windows\System32\sfc.dll - ok
20:51:57.0271 3792 [ C52CE534397E1D3A442FB4C88A3CBE42 ] C:\Windows\System32\msonpmon.dll
20:51:57.0271 3792 C:\Windows\System32\msonpmon.dll - ok
20:51:57.0271 3792 [ 401DFFDBBBD3F07C747ED1AE2BB88106 ] C:\Windows\System32\msi.dll
20:51:57.0271 3792 C:\Windows\System32\msi.dll - ok
20:51:57.0287 3792 [ BB0EB921877A1A7EF15AE2D97A71CBA9 ] C:\Windows\System32\tcpmon.dll
20:51:57.0287 3792 C:\Windows\System32\tcpmon.dll - ok
20:51:57.0287 3792 [ AF24A9DF84637BF9858EC6FB88EBA7B2 ] C:\Windows\System32\snmpapi.dll
20:51:57.0287 3792 C:\Windows\System32\snmpapi.dll - ok
20:51:57.0287 3792 [ 1EDE113859276E4B0F19B80F39E2CC95 ] C:\Windows\System32\wsnmp32.dll
20:51:57.0287 3792 C:\Windows\System32\wsnmp32.dll - ok
20:51:57.0302 3792 [ B4F5DE3DAD8E6B97272F45DB97674878 ] C:\Windows\System32\mgmtapi.dll
20:51:57.0302 3792 C:\Windows\System32\mgmtapi.dll - ok
20:51:57.0302 3792 [ 5091452DC719281CF1DD69367E13B494 ] C:\Windows\System32\tcpmib.dll
20:51:57.0302 3792 C:\Windows\System32\tcpmib.dll - ok
20:51:57.0302 3792 [ 0BF0BB276F17B6AD61A8694D2551EC28 ] C:\Windows\System32\usbmon.dll
20:51:57.0302 3792 C:\Windows\System32\usbmon.dll - ok
20:51:57.0318 3792 [ 0EB1CC5EBFCAAB7DBAEE881E2887F7F9 ] C:\Windows\System32\WSDMon.dll
20:51:57.0318 3792 C:\Windows\System32\WSDMon.dll - ok
20:51:57.0318 3792 [ AD48183027CAFCEBC322CB9CAC60F9B8 ] C:\Windows\System32\WSDApi.dll
20:51:57.0318 3792 C:\Windows\System32\WSDApi.dll - ok
20:51:57.0318 3792 [ 1A09CB187440993FA5E24DE1EEB7B916 ] C:\Windows\System32\cfgmgr32.dll
20:51:57.0334 3792 C:\Windows\System32\cfgmgr32.dll - ok
20:51:57.0334 3792 [ 4EDA94333BDB75B1BC0A7610BED34F00 ] C:\Windows\System32\fundisc.dll
20:51:57.0334 3792 C:\Windows\System32\fundisc.dll - ok
20:51:57.0334 3792 [ F86293D93760C70ADF4F19E66E3FA5E8 ] C:\Windows\System32\httpapi.dll
20:51:57.0334 3792 C:\Windows\System32\httpapi.dll - ok
20:51:57.0349 3792 [ 6ABD253226770EAE1292B4C945ED4B4B ] C:\Windows\System32\msxml3.dll
20:51:57.0349 3792 C:\Windows\System32\msxml3.dll - ok
20:51:57.0349 3792 [ F348280907B38FDBDB3CEF55D456E149 ] C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
20:51:57.0349 3792 C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll - ok
20:51:57.0349 3792 [ C90B296C43EDD9DD1751AD3B590ACDE6 ] C:\Windows\System32\win32spl.dll
20:51:57.0349 3792 C:\Windows\System32\win32spl.dll - ok
20:51:57.0365 3792 [ D4DAA80B44A6C904D87A79CCD10FF911 ] C:\Program Files\Common Files\System\msadc\msadce.dll
20:51:57.0365 3792 C:\Program Files\Common Files\System\msadc\msadce.dll - ok
20:51:57.0365 3792 [ 3D50C4B10352367D5CB20ED1F50F8DA2 ] C:\Windows\System32\taskeng.exe
20:51:57.0365 3792 C:\Windows\System32\taskeng.exe - ok
20:51:57.0365 3792 [ 4BF053944E973C073339BE841C9ECF28 ] C:\Windows\System32\netrap.dll
20:51:57.0365 3792 C:\Windows\System32\netrap.dll - ok
20:51:57.0380 3792 [ 9E064B07B1625BFF18393917519A73CD ] C:\Program Files\Common Files\System\msadc\msadcer.dll
20:51:57.0380 3792 C:\Program Files\Common Files\System\msadc\msadcer.dll - ok
20:51:57.0380 3792 [ E340845C8E96D107C36420065D7A5733 ] C:\Windows\System32\printcom.dll
20:51:57.0380 3792 C:\Windows\System32\printcom.dll - ok
20:51:57.0380 3792 [ EC760B0B76A4353DE49D66520EB2141F ] C:\Windows\System32\SensApi.dll
20:51:57.0380 3792 C:\Windows\System32\SensApi.dll - ok
20:51:57.0396 3792 [ 0E135526E9785D085BCD9AEDE6FBCBF9 ] C:\Windows\System32\userinit.exe
20:51:57.0396 3792 C:\Windows\System32\userinit.exe - ok
20:51:57.0396 3792 [ 2E8E30F3B318A9FDA5A2485723F4C2B3 ] C:\Windows\System32\inetpp.dll
20:51:57.0396 3792 C:\Windows\System32\inetpp.dll - ok
20:51:57.0396 3792 [ 9B96F6952186336CC6E3D4E08BE2E0AF ] C:\Windows\System32\dwmapi.dll
20:51:57.0396 3792 C:\Windows\System32\dwmapi.dll - ok
20:51:57.0427 3792 [ D80C6539C00CB4F5D59066865479C308 ] C:\Windows\System32\dwmredir.dll
20:51:57.0427 3792 C:\Windows\System32\dwmredir.dll - ok
20:51:57.0427 3792 [ C99403A5B641520DAED0021DDA06F272 ] C:\Windows\System32\milcore.dll
20:51:57.0427 3792 C:\Windows\System32\milcore.dll - ok
20:51:57.0427 3792 [ 8AAEEE8E59A70F37579993D118A34EE0 ] C:\Windows\System32\d3d9.dll
20:51:57.0427 3792 C:\Windows\System32\d3d9.dll - ok
20:51:57.0443 3792 [ B11FDCA4410D6252964EF97F9A47DE74 ] C:\Windows\System32\TSChannel.dll
20:51:57.0443 3792 C:\Windows\System32\TSChannel.dll - ok
20:51:57.0443 3792 [ CD6DA5770CAE9D5E6E86722E17B442E0 ] C:\Windows\System32\d3d8thk.dll
20:51:57.0443 3792 C:\Windows\System32\d3d8thk.dll - ok
20:51:57.0443 3792 [ 782C8019C89920A77B1907AD3B4C8FF9 ] C:\Windows\System32\HotStartUserAgent.dll
20:51:57.0443 3792 C:\Windows\System32\HotStartUserAgent.dll - ok
20:51:57.0458 3792 [ 4639BF851D1C1A3FF8C4A90C15148A5C ] C:\Windows\System32\igdumdx32.dll
20:51:57.0458 3792 C:\Windows\System32\igdumdx32.dll - ok
20:51:57.0458 3792 [ 43E1054C713C48D252A1826C5E14AACA ] C:\Windows\System32\MsCtfMonitor.dll
20:51:57.0458 3792 C:\Windows\System32\MsCtfMonitor.dll - ok
20:51:57.0458 3792 [ C6DA42ADA0C5FC8CB05744229D632B47 ] C:\Windows\System32\msutb.dll
20:51:57.0458 3792 C:\Windows\System32\msutb.dll - ok
20:51:57.0474 3792 [ 57125869A7B9638A5D11DD685AA65EB4 ] C:\Windows\System32\PlaySndSrv.dll
20:51:57.0474 3792 C:\Windows\System32\PlaySndSrv.dll - ok
20:51:57.0474 3792 [ CAEBEDE181BFCDB3F0B2406D328ED899 ] C:\Windows\System32\igdumd32.dll
20:51:57.0474 3792 C:\Windows\System32\igdumd32.dll - ok
20:51:57.0474 3792 [ 7A623F6B4C51F6F2BC1A31D5787FC0A7 ] C:\Windows\System32\uDWM.dll
20:51:57.0474 3792 C:\Windows\System32\uDWM.dll - ok
20:51:57.0490 3792 [ D07D4C3038F3578FFCE1C0237F2A1253 ] C:\Windows\explorer.exe
20:51:57.0490 3792 C:\Windows\explorer.exe - ok
20:51:57.0490 3792 [ 167AC31450C0C53A01FA1491E94D7678 ] C:\Windows\System32\shdocvw.dll
20:51:57.0490 3792 C:\Windows\System32\shdocvw.dll - ok
20:51:57.0490 3792 [ 4504819D18FAC09B6108D8728467E5B2 ] C:\Windows\System32\browseui.dll
20:51:57.0490 3792 C:\Windows\System32\browseui.dll - ok
20:51:57.0505 3792 [ 4DF066ECEE5A7B20BF8B39EF4D646600 ] C:\Windows\System32\wdmaud.drv
20:51:57.0505 3792 C:\Windows\System32\wdmaud.drv - ok
20:51:57.0505 3792 [ 919CC2A0476D5A6A4C935D4B88E29912 ] C:\Windows\System32\ksuser.dll
20:51:57.0505 3792 C:\Windows\System32\ksuser.dll - ok
20:51:57.0505 3792 [ DB7F4AB85298F3FE522C5512B8B0F56D ] C:\Windows\System32\AudioEng.dll
20:51:57.0505 3792 C:\Windows\System32\AudioEng.dll - ok
20:51:57.0521 3792 [ 7258434974EA735725FD2D4A65C5E821 ] C:\Windows\System32\AudioSes.dll
20:51:57.0521 3792 C:\Windows\System32\AudioSes.dll - ok
20:51:57.0521 3792 [ BDBB449425991154135E5ED1559927E6 ] C:\Windows\System32\msacm32.dll
20:51:57.0521 3792 C:\Windows\System32\msacm32.dll - ok
20:51:57.0521 3792 [ 166F004D73EA2CF4AC61800CA469458D ] C:\Windows\System32\msacm32.drv
20:51:57.0521 3792 C:\Windows\System32\msacm32.drv - ok
20:51:57.0536 3792 [ 83199EF88D691E730B80666E29F90D58 ] C:\Windows\System32\midimap.dll
20:51:57.0536 3792 C:\Windows\System32\midimap.dll - ok
20:51:57.0536 3792 [ D6CAAB3FE5DABA58053CC7A029996423 ] C:\DDI\OverIcon.dll
20:51:57.0536 3792 C:\DDI\OverIcon.dll - ok
20:51:57.0536 3792 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] C:\Program Files\SUPERAntiSpyware\SASCore.exe
20:51:57.0536 3792 C:\Program Files\SUPERAntiSpyware\SASCore.exe - ok
20:51:57.0536 3792 [ 14E4470BF8ACA69A85D741BA99F75F96 ] C:\Windows\System32\EhStorShell.dll
20:51:57.0536 3792 C:\Windows\System32\EhStorShell.dll - ok
20:51:57.0552 3792 [ 0AAB30FD4FC7252C80CFCC3CCFF6D563 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
20:51:57.0552 3792 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe - ok
20:51:57.0552 3792 [ 111C47816F39A91EAAA18DA0A54E8E63 ] C:\Windows\System32\imageres.dll
20:51:57.0552 3792 C:\Windows\System32\imageres.dll - ok
20:51:57.0568 3792 [ 293C5CCD99D332ECC94637FEDA38D1F2 ] C:\Windows\System32\TMM.dll
20:51:57.0568 3792 C:\Windows\System32\TMM.dll - ok
20:51:57.0568 3792 [ 40FD64C6EF4727395054A62626DDA572 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACE.dll
20:51:57.0568 3792 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACE.dll - ok
20:51:57.0568 3792 [ 218D0DD5FF1EF539A83B2DD64DC864B1 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\msvcp71.dll
20:51:57.0568 3792 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\msvcp71.dll - ok
20:51:57.0583 3792 [ 36F80DF4B2957E03577B80CAB3355DD9 ] C:\Windows\System32\igfxTMM.dll
20:51:57.0583 3792 C:\Windows\System32\igfxTMM.dll - ok
20:51:57.0583 3792 [ D7B1B5FFFCD1A4AA29FF8B04D5D2D41B ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\msvcr71.dll
20:51:57.0583 3792 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\msvcr71.dll - ok
20:51:57.0583 3792 [ 6CBE69D1A4FBFD15C02FDC9F5D98BB23 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Locator.dll
20:51:57.0583 3792 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Locator.dll - ok
20:51:57.0599 3792 [ 306AC856622864C761CBDB5E816BB9D8 ] C:\Program Files\Intel\WiFi\bin\EvtEng.exe
20:51:57.0599 3792 C:\Program Files\Intel\WiFi\bin\EvtEng.exe - ok
20:51:57.0599 3792 [ E7D0F91E44D9D3B2116FA549BDCDB756 ] C:\Windows\System32\wdscore.dll
20:51:57.0599 3792 C:\Windows\System32\wdscore.dll - ok
20:51:57.0599 3792 [ 52E129522C1775DBB8CC252E7A0655C7 ] C:\Windows\System32\taskschd.dll
20:51:57.0614 3792 C:\Windows\System32\taskschd.dll - ok
20:51:57.0614 3792 [ 17FC3EDA0162F513E858B8C8FA7FA6E0 ] C:\Windows\System32\vssapi.dll
20:51:57.0614 3792 C:\Windows\System32\vssapi.dll - ok
20:51:57.0614 3792 [ 5C9609F14769265C19BA5796B6B2B684 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Listor.dll
20:51:57.0614 3792 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Listor.dll - ok
20:51:57.0630 3792 [ 59FDA31AC9FD21BF751F12697BCE0AF0 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML.dll
20:51:57.0630 3792 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML.dll - ok
20:51:57.0630 3792 [ 74D2743FB4EAEB1630A96D313929DFD2 ] C:\Program Files\Intel\WiFi\bin\MurocApi.dll
20:51:57.0630 3792 C:\Program Files\Intel\WiFi\bin\MurocApi.dll - ok
20:51:57.0630 3792 [ A616745BFC7B6B84D885AF008B405966 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML_Parser.dll
20:51:57.0630 3792 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML_Parser.dll - ok
20:51:57.0646 3792 [ DC3AE9F1554DCD97F90983DDBDACD83D ] C:\Windows\System32\vsstrace.dll
20:51:57.0646 3792 C:\Windows\System32\vsstrace.dll - ok
20:51:57.0646 3792 [ F798A893C8C214F74889DBF9D3A412DE ] C:\Windows\System32\cryptnet.dll
20:51:57.0646 3792 C:\Windows\System32\cryptnet.dll - ok
20:51:57.0661 3792 [ 6BC5FCEF351E4CB5A269C1E84B5A06DA ] C:\Windows\System32\netcfgx.dll
20:51:57.0661 3792 C:\Windows\System32\netcfgx.dll - ok
20:51:57.0661 3792 [ DCA3FA9F9DD103DC39C24C85EF073DB1 ] C:\Windows\System32\icmp.dll
20:51:57.0661 3792 C:\Windows\System32\icmp.dll - ok
20:51:57.0661 3792 [ A99871BA522CB2539AE275AC18CACC8F ] C:\Windows\System32\cabinet.dll
20:51:57.0661 3792 C:\Windows\System32\cabinet.dll - ok
20:51:57.0677 3792 [ C895F4694D96B9CB09F4BE2BD32D38A2 ] C:\Program Files\Intel\WiFi\bin\IntStngs.dll
20:51:57.0677 3792 C:\Program Files\Intel\WiFi\bin\IntStngs.dll - ok
20:51:57.0677 3792 [ DEE80F83FAE9ACB02D4DF9FEB0A91178 ] C:\Program Files\Intel\WiFi\bin\PfMgrApi.dll
20:51:57.0677 3792 C:\Program Files\Intel\WiFi\bin\PfMgrApi.dll - ok
20:51:57.0677 3792 [ 62C265C38769B864CB25B4BCF62DF6C3 ] C:\Windows\System32\drivers\ipfltdrv.sys
20:51:57.0677 3792 C:\Windows\System32\drivers\ipfltdrv.sys - ok
20:51:57.0692 3792 [ 213822072085B5BBAD9AF30AB577D817 ] C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
20:51:57.0692 3792 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe - ok
20:51:57.0692 3792 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] C:\Windows\System32\drivers\mdmxsdk.sys
20:51:57.0692 3792 C:\Windows\System32\drivers\mdmxsdk.sys - ok
20:51:57.0708 3792 [ EE7C125869D32AA7A4762A2A9EA60509 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
20:51:57.0708 3792 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe - ok
20:51:57.0708 3792 [ DE7F813217EC88C0A6D4D8F2F39D7949 ] C:\Windows\System32\msiltcfg.dll
20:51:57.0708 3792 C:\Windows\System32\msiltcfg.dll - ok
20:51:57.0708 3792 [ F4D9ED6BD74AD7CC0BEC83C43A1CB76B ] C:\Windows\System32\ncsi.dll
20:51:57.0708 3792 C:\Windows\System32\ncsi.dll - ok
20:51:57.0724 3792 [ C0EDC379E1BAF9C8DEFB8E87E8097545 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\msvcp71.dll
20:51:57.0724 3792 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\msvcp71.dll - ok
20:51:57.0724 3792 [ 01BCD91CC2B0EFDA4890F547010750BD ] C:\Windows\System32\ssdpapi.dll
20:51:57.0724 3792 C:\Windows\System32\ssdpapi.dll - ok
20:51:57.0739 3792 [ A4C6CFCE1ECE43FD56DB729CB63C3434 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\msvcr71.dll
20:51:57.0739 3792 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\msvcr71.dll - ok
20:51:57.0739 3792 [ 7094CC7E9299FD6E38115A15AD33046C ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\MFC71u.dll
20:51:57.0739 3792 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\MFC71u.dll - ok
20:51:57.0755 3792 [ BAF751E7061FF626AA60F56D1D5D1FDC ] C:\Windows\System32\MFC71ENU.DLL
20:51:57.0755 3792 C:\Windows\System32\MFC71ENU.DLL - ok
20:51:57.0755 3792 [ C44A918E888CA5D9EF5342C058C13EED ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
20:51:57.0755 3792 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe - ok
20:51:57.0755 3792 [ D5985C8C4B4D29C16F9616A421ED46CC ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BKaux.dll
20:51:57.0755 3792 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BKaux.dll - ok
20:51:57.0770 3792 [ 8B6482ACDC4F4D45BAF57AFE23644F32 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvcLOC.dll
20:51:57.0770 3792 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvcLOC.dll - ok
20:51:57.0770 3792 [ E53C498005C2194D340FEBA8C6ECB4F7 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Data32.dll
20:51:57.0770 3792 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Data32.dll - ok
20:51:57.0786 3792 [ 6349F6ED9C623B44B52EA3C63C831A92 ] C:\Windows\System32\drivers\PEAuth.sys
20:51:57.0786 3792 C:\Windows\System32\drivers\PEAuth.sys - ok
20:51:57.0786 3792 [ D0494460421A03CD5225CCA0059AA146 ] C:\Windows\System32\IPSECSVC.DLL
20:51:57.0786 3792 C:\Windows\System32\IPSECSVC.DLL - ok
20:51:57.0802 3792 [ B33C88DF3588ACF250B87A004526C31A ] C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
20:51:57.0802 3792 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe - ok
20:51:57.0802 3792 [ 3DE159FF8AC190B02721C92471ED757E ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Cdrw32.dll
20:51:57.0802 3792 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Cdrw32.dll - ok
20:51:57.0817 3792 [ 001B4278407F4303EFC902A2B16F2453 ] C:\Windows\System32\drivers\regi.sys
20:51:57.0817 3792 C:\Windows\System32\drivers\regi.sys - ok
20:51:57.0817 3792 [ 24297051A85867F454519A6DB7BA65A2 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\CdrMmc32.dll
20:51:57.0817 3792 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\CdrMmc32.dll - ok
20:51:57.0833 3792 [ E80BF6EC05A044EE9CF2186CDC9613F2 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\CdrwEx32.dll
20:51:57.0833 3792 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\CdrwEx32.dll - ok
20:51:57.0833 3792 [ 42608AE9AF2641EE473A1797C25CFFC2 ] C:\Windows\System32\FwRemoteSvr.dll
20:51:57.0833 3792 C:\Windows\System32\FwRemoteSvr.dll - ok
20:51:57.0833 3792 [ 8E8319DE10EE5E1DAFAADA6869043937 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\ImagFile.dll
20:51:57.0833 3792 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\ImagFile.dll - ok
20:51:57.0848 3792 [ 2643A788C967903650DBF6133988E401 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Vssagent.dll
20:51:57.0911 3792 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Vssagent.dll - ok
20:51:57.0911 3792 [ B46731870FA10782F272C99C7E52B9CD ] C:\Program Files\Sony\VAIO Care\collsvc.exe
20:51:57.0911 3792 C:\Program Files\Sony\VAIO Care\collsvc.exe - ok
20:51:57.0911 3792 [ 19609A36648C8A531B4EA22DEE7D63B0 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\cryptopp.dll
20:51:57.0911 3792 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\cryptopp.dll - ok
20:51:57.0926 3792 [ 295363D4317820AED0D527E15B90A8ED ] C:\Windows\System32\pdh.dll
20:51:57.0926 3792 C:\Windows\System32\pdh.dll - ok
20:51:57.0926 3792 [ 0B3595A4FF0B36D68E5FC67FD7D70FDC ] C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
20:51:57.0926 3792 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll - ok
20:51:57.0942 3792 [ F9C4316A651991EA1A06ADD821C5D962 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BKAuxLOC.dll
20:51:57.0942 3792 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BKAuxLOC.dll - ok
20:51:57.0942 3792 [ 90A3935D05B494A5A39D37E71F09A677 ] C:\Windows\System32\drivers\secdrv.sys
20:51:57.0942 3792 C:\Windows\System32\drivers\secdrv.sys - ok
20:51:57.0942 3792 [ DAF918651228350F88207CE140D78B83 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BKImage.dll
20:51:57.0942 3792 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BKImage.dll - ok
20:51:57.0958 3792 [ 173FDFDA9C02157CD3C629EADB8946E9 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\ShadowSvc.exe
20:51:57.0958 3792 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\ShadowSvc.exe - ok
20:51:57.0958 3792 [ 5777AECAAC28081A34EDC3966CD43689 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BKImageLOC.dll
20:51:57.0958 3792 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BKImageLOC.dll - ok
20:51:57.0958 3792 [ B0CCB14E68939510156F521A0293463C ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Sqlite3.dll
20:51:57.0958 3792 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Sqlite3.dll - ok
20:51:57.0973 3792 [ 9104EDD1D3BF91AD079A73FBB515E492 ] C:\Windows\System32\perfdisk.dll
20:51:57.0973 3792 C:\Windows\System32\perfdisk.dll - ok
20:51:57.0973 3792 [ 7D1A10A1F3562CCA1FD38E9BADA8FEC0 ] C:\Windows\System32\perfos.dll
20:51:57.0973 3792 C:\Windows\System32\perfos.dll - ok
20:51:57.0973 3792 [ BA7C3E9DD6B1A632124C8659E8014028 ] C:\Windows\System32\perfctrs.dll
20:51:57.0973 3792 C:\Windows\System32\perfctrs.dll - ok
20:51:57.0989 3792 [ E5CE12EC87BAAB7D7F3B60DD3A653F1F ] C:\Program Files\Sony\VAIO Care\listener.exe
20:51:57.0989 3792 C:\Program Files\Sony\VAIO Care\listener.exe - ok
20:51:57.0989 3792 [ 751C624C43CFD87B350B0B402546A6D0 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\ShadowSvcLOC.dll
20:51:57.0989 3792 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\ShadowSvcLOC.dll - ok
20:51:57.0989 3792 [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] C:\Windows\System32\drivers\tcpipreg.sys
20:51:57.0989 3792 C:\Windows\System32\drivers\tcpipreg.sys - ok
20:51:58.0004 3792 [ 693A3FDD279C345105FFF9DDE277849B ] C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
20:51:58.0004 3792 C:\Program Files\Sony\VAIO Event Service\VESMgr.exe - ok
20:51:58.0004 3792 [ 0C84B6AFFA7486422235584110D7176F ] C:\Windows\System32\icaapi.dll
20:51:58.0004 3792 C:\Windows\System32\icaapi.dll - ok
20:51:58.0004 3792 [ 428FF21418ADCD6FAD6189CD9520A67B ] C:\Windows\System32\wiatrace.dll
20:51:58.0004 3792 C:\Windows\System32\wiatrace.dll - ok
20:51:58.0020 3792 [ 9972A6ED4F2388DBFA8E0A96F6F3FDF1 ] C:\Program Files\Sony\VAIO Event Service\msvcr70.dll
20:51:58.0020 3792 C:\Program Files\Sony\VAIO Event Service\msvcr70.dll - ok
20:51:58.0020 3792 [ F0770704BAC5D40462927BAB0DB64503 ] C:\Program Files\Intel\WiFi\bin\iWMSProv.dll
20:51:58.0020 3792 C:\Program Files\Intel\WiFi\bin\iWMSProv.dll - ok
20:51:58.0020 3792 [ 4DBA143F06BAD1DF935CB9603140CF2A ] C:\Windows\System32\wsdchngr.dll
20:51:58.0020 3792 C:\Windows\System32\wsdchngr.dll - ok
20:51:58.0036 3792 [ 43CEC9BF5A4F2917982AD01D92E0F44D ] C:\Program Files\Sony\VAIO Power Management\SPMService.exe
20:51:58.0036 3792 C:\Program Files\Sony\VAIO Power Management\SPMService.exe - ok
20:51:58.0036 3792 [ DBF4F15CEAA754CFE2B167E6C7FE8314 ] C:\Program Files\Common Files\Sony Shared\Sony Utilities\SnyUtils.dll
20:51:58.0036 3792 C:\Program Files\Common Files\Sony Shared\Sony Utilities\SnyUtils.dll - ok
20:51:58.0036 3792 [ 128DD9AF8640DBCC711940903C8B554F ] C:\Windows\System32\mscoree.dll
20:51:58.0036 3792 C:\Windows\System32\mscoree.dll - ok
20:51:58.0051 3792 [ 208FC3B3392545749DDA6412B39B75B9 ] C:\Program Files\Sony\VAIO Event Service\VESStorageProtect.dll
20:51:58.0051 3792 C:\Program Files\Sony\VAIO Event Service\VESStorageProtect.dll - ok
20:51:58.0051 3792 [ 2EA0B8689FC9765DDA4BC4AF7696AC09 ] C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll
20:51:58.0051 3792 C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll - ok
20:51:58.0067 3792 [ 9E5FCFF2612AD2044852FA0CE4EBA09A ] C:\Program Files\Sony\VAIO Event Service\VESSuEvent.dll
20:51:58.0067 3792 C:\Program Files\Sony\VAIO Event Service\VESSuEvent.dll - ok
20:51:58.0067 3792 [ 83BA5E873164A3711B44052F58C8FE9F ] C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
20:51:58.0067 3792 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll - ok
20:51:58.0067 3792 [ B84B9A18BDC0DD7093A9FAC49FAB940E ] C:\Program Files\Intel\WiFi\bin\S24MUDLL.dll
20:51:58.0067 3792 C:\Program Files\Intel\WiFi\bin\S24MUDLL.dll - ok
20:51:58.0082 3792 [ 74B8C2EA72D43727142D12397D5A49F9 ] C:\Windows\System32\wbemcomn.dll
20:51:58.0082 3792 C:\Windows\System32\wbemcomn.dll - ok
20:51:58.0082 3792 [ 30F0DC266B46118E9FBCF5B2A30EB1DB ] C:\Windows\System32\wbem\wbemprox.dll
20:51:58.0082 3792 C:\Windows\System32\wbem\wbemprox.dll - ok
20:51:58.0082 3792 [ 7D1F2AFE12BAFC4C18C5A0E3C6866E38 ] C:\Program Files\Windows Defender\MpRtPlug.dll
20:51:58.0082 3792 C:\Program Files\Windows Defender\MpRtPlug.dll - ok
20:51:58.0098 3792 [ 15F6872BACB7FD508AFF2DFCE43C8DF1 ] C:\Program Files\Sony\VAIO Event Service\VESWndMsg.dll
20:51:58.0098 3792 C:\Program Files\Sony\VAIO Event Service\VESWndMsg.dll - ok
20:51:58.0098 3792 [ 8A38B5E8493A9D103083B8620AC5F3A1 ] C:\Windows\System32\tdh.dll
20:51:58.0098 3792 C:\Windows\System32\tdh.dll - ok
20:51:58.0098 3792 [ A0F4852A5DB9754BEC06F84B400AE743 ] C:\Windows\System32\wscapi.dll
20:51:58.0098 3792 C:\Windows\System32\wscapi.dll - ok
20:51:58.0114 3792 [ C42AE64F5DB6BC5E947B7E3E1B1E633E ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
20:51:58.0114 3792 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll - ok
20:51:58.0114 3792 [ BDE89AB6F15F0093A2A7861D1FC413ED ] C:\Windows\System32\QAGENT.DLL
20:51:58.0114 3792 C:\Windows\System32\QAGENT.DLL - ok
20:51:58.0114 3792 [ DBDA2B0C8624F9B62E82F714AFFA135B ] C:\Program Files\Sony\VAIO Event Service\VESTransform.dll
20:51:58.0114 3792 C:\Program Files\Sony\VAIO Event Service\VESTransform.dll - ok
20:51:58.0129 3792 [ FE729B40B02262E0C5AE7F4D37CD3763 ] C:\Program Files\Sony\VAIO Event Service\VESPowerMgr.dll
20:51:58.0129 3792 C:\Program Files\Sony\VAIO Event Service\VESPowerMgr.dll - ok
20:51:58.0129 3792 [ 769D027B977CED05658C85E698D3C5B1 ] C:\Windows\System32\QUTIL.DLL
20:51:58.0129 3792 C:\Windows\System32\QUTIL.DLL - ok
20:51:58.0129 3792 [ 551C3AA6D12B4344BA7ECAD8BE0148B1 ] C:\Program Files\Sony\VAIO Control Center\CommonSetting.dll
20:51:58.0129 3792 C:\Program Files\Sony\VAIO Control Center\CommonSetting.dll - ok
20:51:58.0145 3792 [ 7866A97DA9BECA4221E459027A014E2D ] C:\Program Files\Sony\VAIO Event Service\VESSemiPnP.dll
20:51:58.0145 3792 C:\Program Files\Sony\VAIO Event Service\VESSemiPnP.dll - ok
20:51:58.0145 3792 [ AD276EB8958197BCFDA2A2A247EDC31F ] C:\Program Files\Sony\VAIO Event Service\VESSuPerform.dll
20:51:58.0145 3792 C:\Program Files\Sony\VAIO Event Service\VESSuPerform.dll - ok
20:51:58.0145 3792 [ 77F252C539BB57FDCDA348755E7A921C ] C:\Program Files\Sony\VAIO Event Service\VESVideo.dll
20:51:58.0145 3792 C:\Program Files\Sony\VAIO Event Service\VESVideo.dll - ok
20:51:58.0160 3792 [ 353796A3367925FC77D4C74E3670A3C5 ] C:\Program Files\Sony\VAIO Event Service\VESPerform.dll
20:51:58.0160 3792 C:\Program Files\Sony\VAIO Event Service\VESPerform.dll - ok
20:51:58.0160 3792 [ EF764E33878B3A4A9E5A2FB5D0D031D0 ] C:\Windows\System32\dciman32.dll
20:51:58.0160 3792 C:\Windows\System32\dciman32.dll - ok
20:51:58.0160 3792 [ FA2A3AFADC4FB47DBC234A4E57F92CDB ] C:\Windows\System32\ddraw.dll
20:51:58.0160 3792 C:\Windows\System32\ddraw.dll - ok
20:51:58.0176 3792 [ 93D15DE2F8E815EEF8C46F4C102AABB1 ] C:\Program Files\Sony\VAIO Event Service\VESAppMon.dll
20:51:58.0176 3792 C:\Program Files\Sony\VAIO Event Service\VESAppMon.dll - ok
20:51:58.0176 3792 [ 354AA56A9B34B5FB987A8091FB0FE644 ] C:\Program Files\Sony\VAIO Launcher\VESAVModeButton.dll
20:51:58.0176 3792 C:\Program Files\Sony\VAIO Launcher\VESAVModeButton.dll - ok
20:51:58.0192 3792 [ 333636910B4E330FAEDAAD416ADDBD19 ] C:\Program Files\Sony\VAIO Event Service\VESColorMgr.dll
20:51:58.0192 3792 C:\Program Files\Sony\VAIO Event Service\VESColorMgr.dll - ok
20:51:58.0192 3792 [ 1C13F88ABDDC9266223B44BB138F5D3F ] C:\Program Files\Sony\VAIO Event Service\VESHKWndCommon.dll
20:51:58.0192 3792 C:\Program Files\Sony\VAIO Event Service\VESHKWndCommon.dll - ok
20:51:58.0192 3792 [ B0C84CEA4FE07231BA87A054AF95984D ] C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
20:51:58.0192 3792 C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe - ok
20:51:58.0207 3792 [ 9771BB81FCEDC800313762033AD18A16 ] C:\Program Files\Sony\VAIO Event Service\VESMgrSubPS.dll
20:51:58.0207 3792 C:\Program Files\Sony\VAIO Event Service\VESMgrSubPS.dll - ok
20:51:58.0207 3792 [ 63E0296CE0E7D39949153D90C000D36E ] C:\Program Files\Sony\VAIO Event Service\VESWndMsgHook.dll
20:51:58.0207 3792 C:\Program Files\Sony\VAIO Event Service\VESWndMsgHook.dll - ok
20:51:58.0207 3792 [ C2016606088B680098EE17AB3691BADF ] C:\Windows\System32\igfxext.exe
20:51:58.0207 3792 C:\Windows\System32\igfxext.exe - ok
20:51:58.0223 3792 [ EB07D2D2CFA6CE451C3CF59862EC7A30 ] C:\Windows\System32\igfxsrvc.exe
20:51:58.0223 3792 C:\Windows\System32\igfxsrvc.exe - ok
20:51:58.0223 3792 [ 9F35CD6829A0F228D08C450AF3E4EFD1 ] C:\Windows\System32\igfxsrvc.dll
20:51:58.0223 3792 C:\Windows\System32\igfxsrvc.dll - ok
20:51:58.0223 3792 [ 0CC97406A06BBE5CB3D7E40DAE5503FB ] C:\Windows\System32\igfxdev.dll
20:51:58.0223 3792 C:\Windows\System32\igfxdev.dll - ok
20:51:58.0238 3792 [ C6667E3F70D21ED526B0BCE6B9DAD9D4 ] C:\Windows\System32\igfxexps.dll
20:51:58.0238 3792 C:\Windows\System32\igfxexps.dll - ok
20:51:58.0238 3792 [ 08578F3CA5365F896D90CE2BF97FD000 ] C:\Windows\System32\IconCodecService.dll
20:51:58.0238 3792 C:\Windows\System32\IconCodecService.dll - ok
20:51:58.0254 3792 [ 537EED203BE43E1E405EB75784D79F69 ] C:\Program Files\Sony\VAIO Event Service\VESShellExeProxy.exe
20:51:58.0254 3792 C:\Program Files\Sony\VAIO Event Service\VESShellExeProxy.exe - ok
20:51:58.0254 3792 [ C5D164C95C7BE6C665E924A0CEDE6F0A ] C:\Program Files\Sony\VAIO Event Service\VideoColorControl.exe
20:51:58.0254 3792 C:\Program Files\Sony\VAIO Event Service\VideoColorControl.exe - ok
20:51:58.0254 3792 [ 015A9D857726C083144CA352A273378A ] C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
20:51:58.0254 3792 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll - ok
20:51:58.0270 3792 [ 3787A4BC97CE6C630F4B581425223D96 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
20:51:58.0270 3792 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll - ok
20:51:58.0270 3792 [ 1E03BABB4D6CA5C27BD2C822F7F95788 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
20:51:58.0270 3792 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll - ok
20:51:58.0270 3792 [ 708A3BBDBFF717F678B64854B7BAF9D3 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll
20:51:58.0270 3792 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll - ok
20:51:58.0285 3792 [ 737619C6FECC93310B3840599FC9DFE1 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1dac5ff29f483e19c77b23b00ba533f9\System.ServiceModel.ni.dll
20:51:58.0285 3792 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1dac5ff29f483e19c77b23b00ba533f9\System.ServiceModel.ni.dll - ok
20:51:58.0285 3792 [ 437AF4A9D53F9926B872525AEFEAFD04 ] C:\Windows\assembly\GAC_MSIL\SPMCommon\3.1.0.6020__e3c7096ba83f9295\SPMCommon.dll
20:51:58.0285 3792 C:\Windows\assembly\GAC_MSIL\SPMCommon\3.1.0.6020__e3c7096ba83f9295\SPMCommon.dll - ok
20:51:58.0301 3792 [ 3606CE1AC3D6A9A9CB7DB35D7F5C54EC ] C:\Windows\System32\shfolder.dll
20:51:58.0301 3792 C:\Windows\System32\shfolder.dll - ok
20:51:58.0301 3792 [ CBCBE2233D21E9B278F95F5CB28BC8AE ] C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
20:51:58.0301 3792 C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe - ok
20:51:58.0301 3792 [ F05FDB5756F82C6CBBC9203D974A0C3B ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
20:51:58.0301 3792 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll - ok
20:51:58.0316 3792 [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
20:51:58.0316 3792 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll - ok
20:51:58.0316 3792 [ 279A8BE318EBC0C25C5EA9AED19E0CF9 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
20:51:58.0316 3792 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll - ok
20:51:58.0332 3792 [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
20:51:58.0332 3792 C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll - ok
20:51:58.0332 3792 [ 7F404E50C93BC4E1DBBF4F47418C418B ] C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\521fb04fdfbb0039a34cc91111d11804\SMDiagnostics.ni.dll
20:51:58.0332 3792 C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\521fb04fdfbb0039a34cc91111d11804\SMDiagnostics.ni.dll - ok
20:51:58.0332 3792 [ 44CC0D04063D49DE3B5160E7FC1963B2 ] C:\Windows\assembly\GAC_MSIL\SPMDam\3.1.0.6020__1b3c579b6925895f\SPMDam.dll
20:51:58.0332 3792 C:\Windows\assembly\GAC_MSIL\SPMDam\3.1.0.6020__1b3c579b6925895f\SPMDam.dll - ok
20:51:58.0332 3792 [ B8876BBA284DFEC2311D7694483AB8AE ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
20:51:58.0348 3792 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll - ok
20:51:58.0348 3792 [ E72B716AA7C3BA2CEC310F12089EFC0D ] C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VzCs.dll
20:51:58.0348 3792 C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VzCs.dll - ok
20:51:58.0348 3792 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\msvcr71.dll
20:51:58.0348 3792 C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\msvcr71.dll - ok
20:51:58.0363 3792 [ 071634532066C2E29350D450C3412837 ] C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
20:51:58.0363 3792 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe - ok
20:51:58.0363 3792 [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\msvcp71.dll
20:51:58.0363 3792 C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\msvcp71.dll - ok
20:51:58.0363 3792 [ 986E387D6706B31F9648CC684B752F09 ] C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\MSVCP71.DLL
20:51:58.0363 3792 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\MSVCP71.DLL - ok
20:51:58.0379 3792 [ 99495E46CBF87F1C1FF3E57C069D0A8D ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
20:51:58.0379 3792 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll - ok
20:51:58.0379 3792 [ B822691BC2506961E5F1AE801AF46ABB ] C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\MSVCR71.DLL
20:51:58.0379 3792 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\MSVCR71.DLL - ok
20:51:58.0394 3792 [ E242D956A5933873F1D2C0667732877F ] C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VzCsDsAudioFile.vzcs
20:51:58.0394 3792 C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VzCsDsAudioFile.vzcs - ok
20:51:58.0394 3792 [ 1D88F4EC1E68993FBDA5CD5A0A501176 ] C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VzCsDsfFile.vzcs
20:51:58.0394 3792 C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VzCsDsfFile.vzcs - ok
20:51:58.0394 3792 [ F71DF0F4513D32AFA57E522F0379A33A ] C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VzCsDsVideoFile.vzcs
20:51:58.0394 3792 C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VzCsDsVideoFile.vzcs - ok
20:51:58.0410 3792 [ 50ABE7CDA2DAE898216121D14092C182 ] C:\Windows\System32\WMVCORE.DLL
20:51:58.0410 3792 C:\Windows\System32\WMVCORE.DLL - ok
20:51:58.0410 3792 [ 527B1949B49856117C711CB4DC130FD1 ] C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbVcds.dll
20:51:58.0410 3792 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbVcds.dll - ok
20:51:58.0426 3792 [ CD5F291A1161F15896D1A4D63DAFF5DF ] C:\Windows\System32\drivers\XAudio.exe
20:51:58.0426 3792 C:\Windows\System32\drivers\XAudio.exe - ok
20:51:58.0426 3792 [ DAB33CFA9DD24251AAA389FF36B64D4B ] C:\Windows\System32\drivers\XAudio.sys
20:51:58.0426 3792 C:\Windows\System32\drivers\XAudio.sys - ok
20:51:58.0441 3792 [ 313C8E670A33DCC0136BC79BEEDC6063 ] C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSsDB.dll
20:51:58.0441 3792 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSsDB.dll - ok
20:51:58.0441 3792 [ AEA07134109F55FA9C303F1216607003 ] C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbLocalDB.dll
20:51:58.0441 3792 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbLocalDB.dll - ok
20:51:58.0441 3792 [ 36CCD8A79539C4ACE3BABE09C2CFBA16 ] C:\Windows\System32\WMASF.DLL
20:51:58.0441 3792 C:\Windows\System32\WMASF.DLL - ok
20:51:58.0457 3792 [ C081D4BE50BEFB49FB12981C142D4D76 ] C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VzCsImageFile.vzcs
20:51:58.0457 3792 C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VzCsImageFile.vzcs - ok
20:51:58.0457 3792 [ 1F18B9EA1BBFF033413414C3BEA13AD6 ] C:\Windows\System32\wbem\WinMgmtR.dll
20:51:58.0457 3792 C:\Windows\System32\wbem\WinMgmtR.dll - ok
20:51:58.0472 3792 [ 2205A220A264E8C8B86492BF3D112907 ] C:\Windows\System32\PortableDeviceApi.dll
20:51:58.0472 3792 C:\Windows\System32\PortableDeviceApi.dll - ok
20:51:58.0472 3792 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] C:\Windows\System32\netprofm.dll
20:51:58.0472 3792 C:\Windows\System32\netprofm.dll - ok
20:51:58.0472 3792 [ 9EFDF7F0153C066BE619450E3D5D59DD ] C:\Windows\System32\avifil32.dll
20:51:58.0472 3792 C:\Windows\System32\avifil32.dll - ok
20:51:58.0488 3792 [ BF7E4D6F60A6D9E866432855C6F8C262 ] C:\Windows\System32\sqmapi.dll
20:51:58.0488 3792 C:\Windows\System32\sqmapi.dll - ok
20:51:58.0488 3792 [ DFCAB29E8FD38F95650CC1E203E8D318 ] C:\Windows\System32\npmproxy.dll
20:51:58.0488 3792 C:\Windows\System32\npmproxy.dll - ok
20:51:58.0504 3792 [ EACACA0F2FF4CC54A909E3C5721FCDE8 ] C:\Windows\System32\msvfw32.dll
20:51:58.0504 3792 C:\Windows\System32\msvfw32.dll - ok
20:51:58.0504 3792 [ B53BD9E63867CD9FD853F666CA172713 ] C:\Windows\System32\PortableDeviceConnectApi.dll
20:51:58.0504 3792 C:\Windows\System32\PortableDeviceConnectApi.dll - ok
20:51:58.0504 3792 [ A952D0DED445F26AEFCF593A935AB300 ] C:\Windows\System32\hnetcfg.dll
20:51:58.0504 3792 C:\Windows\System32\hnetcfg.dll - ok
20:51:58.0519 3792 [ 4C123B5D5D5586EF82FA6A754B0D7ED0 ] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgPcMan.dll
20:51:58.0519 3792 C:\Program Files\Common Files\Sony Shared\OpenMG\OmgPcMan.dll - ok
20:51:58.0519 3792 [ BCD55B205AFDD0502EB901BD5741DF1B ] C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VzCsOmgFile.vzcs
20:51:58.0519 3792 C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VzCsOmgFile.vzcs - ok
20:51:58.0519 3792 [ FC1EEE57EB9CD57279D70BA2A9131C38 ] C:\Windows\System32\wbem\wbemcore.dll
20:51:58.0519 3792 C:\Windows\System32\wbem\wbemcore.dll - ok
20:51:58.0535 3792 [ C10E13721B0AAEBEB5EBA914F1D18181 ] C:\Windows\System32\wbem\esscli.dll
20:51:58.0535 3792 C:\Windows\System32\wbem\esscli.dll - ok
20:51:58.0535 3792 [ A97E84A499A085B1A2D5F667BF77442B ] C:\Program Files\Common Files\Sony Shared\AVLib\OpcOmg.dll
20:51:58.0535 3792 C:\Program Files\Common Files\Sony Shared\AVLib\OpcOmg.dll - ok
20:51:58.0550 3792 [ 41B7F0A4EBF804D9D512637A06D96D34 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
20:51:58.0550 3792 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll - ok
20:51:58.0550 3792 [ 13B5F255E90624A5BA0441D39CFB6BE2 ] C:\Windows\System32\drivers\WUDFPf.sys
20:51:58.0550 3792 C:\Windows\System32\drivers\WUDFPf.sys - ok
20:51:58.0550 3792 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] C:\Windows\System32\drivers\WUDFRd.sys
20:51:58.0550 3792 C:\Windows\System32\drivers\WUDFRd.sys - ok
20:51:58.0566 3792 [ 15678DC0EC612F81C77C89D339B265CF ] C:\Program Files\Common Files\Sony Shared\OpenMG\omgmisc.dll
20:51:58.0566 3792 C:\Program Files\Common Files\Sony Shared\OpenMG\omgmisc.dll - ok
20:51:58.0566 3792 [ 09C7859269563C240AB2AAAB574483DD ] C:\Windows\System32\WUDFHost.exe
20:51:58.0566 3792 C:\Windows\System32\WUDFHost.exe - ok
20:51:58.0582 3792 [ BC5A34B6A14C93BF04E3F4E8EA57090A ] C:\Windows\System32\wbem\fastprox.dll
20:51:58.0582 3792 C:\Windows\System32\wbem\fastprox.dll - ok
20:51:58.0582 3792 [ E89C47AECDB093E3482452916FA79060 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\f26b580d09e9a6805ad7ad56ce4e44b0\System.WorkflowServices.ni.dll
20:51:58.0582 3792 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\f26b580d09e9a6805ad7ad56ce4e44b0\System.WorkflowServices.ni.dll - ok
20:51:58.0582 3792 [ DB0F37DBA4C245C61E5936DDBDE62438 ] C:\Windows\System32\wbem\wbemsvc.dll
20:51:58.0582 3792 C:\Windows\System32\wbem\wbemsvc.dll - ok
20:51:58.0597 3792 [ 2C3B09E586BDA2CC49A292BE7BADC589 ] C:\Windows\System32\wbem\wmiutils.dll
20:51:58.0597 3792 C:\Windows\System32\wbem\wmiutils.dll - ok
20:51:58.0597 3792 [ 834933F16EA839AC5AC7CBF88638DF27 ] C:\Windows\System32\wbem\repdrvfs.dll
20:51:58.0597 3792 C:\Windows\System32\wbem\repdrvfs.dll - ok
20:51:58.0613 3792 [ A50C447359E235AC9DD86B238D1D4075 ] C:\Program Files\Common Files\Sony Shared\OpenMG\pfcom.dll
20:51:58.0613 3792 C:\Program Files\Common Files\Sony Shared\OpenMG\pfcom.dll - ok
20:51:58.0613 3792 [ 64C2302D3764B5499AE0D41EB0FD4622 ] C:\Program Files\Common Files\Sony Shared\OpenMG\OMGUtils.dll
20:51:58.0613 3792 C:\Program Files\Common Files\Sony Shared\OpenMG\OMGUtils.dll - ok
20:51:58.0613 3792 [ 7B6E2011901A2C513FD9DE5B5CDB67BD ] C:\Program Files\Common Files\Sony Shared\OpenMG\salwrap.dll
20:51:58.0613 3792 C:\Program Files\Common Files\Sony Shared\OpenMG\salwrap.dll - ok
20:51:58.0628 3792 [ 31871B4CF07FFF85C983A25C735ACC8D ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\6546e0f4253ce30900e5ff902672a8bc\System.ServiceModel.Web.ni.dll
20:51:58.0628 3792 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\6546e0f4253ce30900e5ff902672a8bc\System.ServiceModel.Web.ni.dll - ok
20:51:58.0628 3792 [ C82A36B7C359E2DAAF52F5FFFBD5878C ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\663112d3002034cf5126be253efff60d\System.Web.Services.ni.dll
20:51:58.0628 3792 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\663112d3002034cf5126be253efff60d\System.Web.Services.ni.dll - ok
20:51:58.0644 3792 [ 9B20DF5ABFEF7F956E296F7A49D1384B ] C:\Program Files\Common Files\Sony Shared\OpenMG\OpcEa3.dll
20:51:58.0644 3792 C:\Program Files\Common Files\Sony Shared\OpenMG\OpcEa3.dll - ok
20:51:58.0644 3792 [ 84A97DF00C17ABF8E5C196731E656A0F ] C:\Program Files\Common Files\Sony Shared\OpenMG\omgconv2.dll
20:51:58.0644 3792 C:\Program Files\Common Files\Sony Shared\OpenMG\omgconv2.dll - ok
20:51:58.0660 3792 [ 5A6BFE723CF0E6E39021CDC01CA57EED ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
20:51:58.0660 3792 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll - ok
20:51:58.0660 3792 [ 1EEF4B69E76A58D9D305232112E3ECA4 ] C:\Program Files\Common Files\Sony Shared\OpenMG\omglgd.dll
20:51:58.0660 3792 C:\Program Files\Common Files\Sony Shared\OpenMG\omglgd.dll - ok
20:51:58.0660 3792 [ 6143C4B3E9530BFC602EA98BBA2A8665 ] C:\Program Files\Common Files\Sony Shared\OpenMG\omgtrans.ax
20:51:58.0660 3792 C:\Program Files\Common Files\Sony Shared\OpenMG\omgtrans.ax - ok
20:51:58.0675 3792 [ C3D06FC12699CDB7AA1A6E0A0C432FF2 ] C:\Program Files\Common Files\Sony Shared\OpenMG\MigrateToGM.dll
20:51:58.0675 3792 C:\Program Files\Common Files\Sony Shared\OpenMG\MigrateToGM.dll - ok
20:51:58.0675 3792 [ C2C6C014B96581EC8BF0C8604DE1743E ] C:\Windows\System32\wbem\WmiPrvSD.dll
20:51:58.0675 3792 C:\Windows\System32\wbem\WmiPrvSD.dll - ok
20:51:58.0675 3792 [ 4F75CE5342DFE50D8A422D5A07ECF216 ] C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VzCsVideoCapsule.vzcs
20:51:58.0675 3792 C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VzCsVideoCapsule.vzcs - ok
20:51:58.0691 3792 [ 4B72B5B342ADA4DE8DEEA39CCE465B58 ] C:\Windows\System32\WUDFx.dll
20:51:58.0691 3792 C:\Windows\System32\WUDFx.dll - ok
20:51:58.0691 3792 [ 119A487B94FCB54D5154EBFBFA124755 ] C:\Windows\System32\drivers\UMDF\WpdFs.dll
20:51:58.0691 3792 C:\Windows\System32\drivers\UMDF\WpdFs.dll - ok
20:51:58.0691 3792 [ B2B117BD8D1EA80536CDD91797EF4A0A ] C:\Windows\System32\PortableDeviceClassExtension.dll
20:51:58.0691 3792 C:\Windows\System32\PortableDeviceClassExtension.dll - ok
20:51:58.0706 3792 [ 35A936C7C029A5B705D3FFD40518D660 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
20:51:58.0706 3792 C:\Windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll - ok
20:51:58.0706 3792 [ A609A192E98934A8D352704C99AB8577 ] C:\Windows\System32\wbem\wbemess.dll
20:51:58.0706 3792 C:\Windows\System32\wbem\wbemess.dll - ok
20:51:58.0722 3792 [ 883D02AB5D350BC45E0F60E8CFA97FDC ] C:\Windows\System32\PortableDeviceTypes.dll
20:51:58.0722 3792 C:\Windows\System32\PortableDeviceTypes.dll - ok
20:51:58.0722 3792 [ B5DC9D0E8A18773C2E25699DA80FAE17 ] C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VzCsWmaFile.vzcs
20:51:58.0722 3792 C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VzCsWmaFile.vzcs - ok
20:51:58.0738 3792 [ B288FF7C1987A736726E87C79148C360 ] C:\Windows\System32\PortableDeviceWiaCompat.dll
20:51:58.0738 3792 C:\Windows\System32\PortableDeviceWiaCompat.dll - ok
20:51:58.0738 3792 [ C7BA2D35210952F6D4713F99F7A1CE04 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1619144e1a9eaca847e53b952b21820b\System.Runtime.Serialization.ni.dll
20:51:58.0738 3792 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1619144e1a9eaca847e53b952b21820b\System.Runtime.Serialization.ni.dll - ok
20:51:58.0753 3792 [ 8CFEB9B815A8ABD63FBB84CE84CA737A ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\32983e3f4c5c20053e6673f37a58a874\System.IdentityModel.ni.dll
20:51:58.0753 3792 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\32983e3f4c5c20053e6673f37a58a874\System.IdentityModel.ni.dll - ok
20:51:58.0753 3792 [ 0A990AFB9F2726323D61C8ECB8B70B17 ] C:\Windows\System32\security.dll
20:51:58.0753 3792 C:\Windows\System32\security.dll - ok
20:51:58.0753 3792 [ D42EBB8B57526FC10B4F8DD14A18C7F1 ] C:\Program Files\Sony\VAIO Power Management\ExecutionProxy.exe
20:51:58.0753 3792 C:\Program Files\Sony\VAIO Power Management\ExecutionProxy.exe - ok
20:51:58.0769 3792 [ 1DFC366D2154EF2B381A7F2CB165C7F4 ] C:\Windows\System32\diagperf.dll
20:51:58.0769 3792 C:\Windows\System32\diagperf.dll - ok
20:51:58.0769 3792 [ 9495FCC01D7AB7B60E5B8BA7AEFE9E3D ] C:\Windows\System32\wbem\WmiPrvSE.exe
20:51:58.0769 3792 C:\Windows\System32\wbem\WmiPrvSE.exe - ok
20:51:58.0784 3792 [ 4AB8A0790E6337D3A37DC2E2C48B00DB ] C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
20:51:58.0784 3792 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe - ok
20:51:58.0784 3792 [ 21322832C99E8DE85BD047689A2A69DB ] C:\Windows\System32\pnpts.dll
20:51:58.0847 3792 C:\Windows\System32\pnpts.dll - ok
20:51:58.0847 3792 [ F0062778F50838145AC46B384FFB4FA3 ] C:\Windows\System32\pcadm.dll
20:51:58.0847 3792 C:\Windows\System32\pcadm.dll - ok
20:51:58.0847 3792 [ A1DCFEC7929748A104BDB4384A37249B ] C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\sonyuppc.dll
20:51:58.0847 3792 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\sonyuppc.dll - ok
20:51:58.0862 3792 [ 26147FDF9C6AA5E957AA3D968AFE9CE8 ] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
20:51:58.0862 3792 C:\Program Files\Sony\VAIO Power Management\SPMgr.exe - ok
20:51:58.0862 3792 [ 10DE220BDFE330073762F89974DB8403 ] C:\Windows\System32\wbem\wmiprov.dll
20:51:58.0862 3792 C:\Windows\System32\wbem\wmiprov.dll - ok
20:51:58.0878 3792 [ 87CDFFCBD09C1CA03A068343D5D93250 ] C:\Windows\System32\wmi.dll
20:51:58.0878 3792 C:\Windows\System32\wmi.dll - ok
20:51:58.0878 3792 [ 366CD1D2EE1AC950A800437DC4C98101 ] C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\UPnPCtrl.dll
20:51:58.0878 3792 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\UPnPCtrl.dll - ok
20:51:58.0878 3792 [ 2310A32BB0164552A311BFA02102A3D6 ] C:\Windows\System32\msvcp60.dll
20:51:58.0878 3792 C:\Windows\System32\msvcp60.dll - ok
20:51:58.0894 3792 [ 045E4A680A460D7C61B73A0798085997 ] C:\Program Files\Sony\VAIO Power Management\SPMDrv.dll
20:51:58.0894 3792 C:\Program Files\Sony\VAIO Power Management\SPMDrv.dll - ok
20:51:58.0894 3792 [ 530ED4B00397C2E65DDFDDFAC60744D2 ] C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
20:51:58.0894 3792 C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll - ok
20:51:58.0894 3792 [ 30B31A2BA25D11CC08BEC4B32437AFD6 ] C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSWEXEps.dll
20:51:58.0894 3792 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSWEXEps.dll - ok
20:51:58.0909 3792 [ 9A6A653ADF28D9D69670B48F535E6B90 ] C:\Windows\System32\runonce.exe
20:51:58.0909 3792 C:\Windows\System32\runonce.exe - ok
20:51:58.0909 3792 [ 219AF0F9A54EBEEB3E7E20025D801034 ] C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
20:51:58.0909 3792 C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll - ok
20:51:58.0909 3792 [ 74F26FC01B180D4A99A168ED69C30A53 ] C:\Windows\System32\cmd.exe
20:51:58.0909 3792 C:\Windows\System32\cmd.exe - ok
20:51:58.0925 3792 [ 1D89E59889B4A5424EF37F195D93E168 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\75df548d77c2833a48c5da51424c93f1\System.IdentityModel.Selectors.ni.dll
20:51:58.0925 3792 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\75df548d77c2833a48c5da51424c93f1\System.IdentityModel.Selectors.ni.dll - ok
20:51:58.0925 3792 [ 8DCDD0B5939043A1EC98C6F168A56B16 ] C:\Windows\System32\ieframe.dll
20:51:58.0925 3792 C:\Windows\System32\ieframe.dll - ok
20:51:58.0925 3792 [ 1D6B95871DC006190964B04E5657E35F ] C:\Windows\System32\rastapi.dll
20:51:58.0925 3792 C:\Windows\System32\rastapi.dll - ok
20:51:58.0940 3792 [ 8B645890A93F1FBBC7DA3E07CC72D762 ] C:\Windows\System32\rasppp.dll
20:51:58.0940 3792 C:\Windows\System32\rasppp.dll - ok
20:51:58.0940 3792 [ 56E315ACFB08A177B4D01E42B9044DB5 ] C:\Windows\System32\mprapi.dll
20:51:58.0940 3792 C:\Windows\System32\mprapi.dll - ok
20:51:58.0940 3792 [ 88225070DD2F7B0B2ED51E7935078641 ] C:\Windows\System32\rasqec.dll
20:51:58.0940 3792 C:\Windows\System32\rasqec.dll - ok
20:51:58.0956 3792 [ 248A1F31ABB58DDDDC01490EF0BDC777 ] C:\Windows\System32\cryptui.dll
20:51:58.0956 3792 C:\Windows\System32\cryptui.dll - ok
20:51:58.0956 3792 [ C8AE490A93C3CC2E537B6E06247785A1 ] C:\Windows\System32\wbem\NCProv.dll
20:51:58.0956 3792 C:\Windows\System32\wbem\NCProv.dll - ok
20:51:58.0956 3792 [ E3F535656B5ABF249702EB64F3CF9AF0 ] C:\Windows\System32\wbem\wbemcons.dll
20:51:58.0956 3792 C:\Windows\System32\wbem\wbemcons.dll - ok
20:51:58.0972 3792 [ EBC984F0CE40E0DAF0454D806EC2A7EC ] C:\Users\GreenPeaPrincess\AppData\Local\Temp\189E883A-0009-408F-8DBC-FBFFB55B7863.exe
20:51:58.0972 3792 C:\Users\GreenPeaPrincess\AppData\Local\Temp\189E883A-0009-408F-8DBC-FBFFB55B7863.exe - ok
20:51:58.0972 3792 [ C6FD3425B1ADD739B95DC4D661FF4DD3 ] C:\Windows\System32\PresentationSettings.exe
20:51:58.0972 3792 C:\Windows\System32\PresentationSettings.exe - ok
20:51:58.0972 3792 [ 12BCF4DAD8E5A1B3D5FA7AB4A79DA105 ] C:\Windows\System32\sfc_os.dll
20:51:58.0972 3792 C:\Windows\System32\sfc_os.dll - ok
20:51:58.0987 3792 [ C0B8B96D018849FD8CCF15FED84E8782 ] C:\Windows\System32\ie4uinit.exe
20:51:58.0987 3792 C:\Windows\System32\ie4uinit.exe - ok
20:51:58.0987 3792 [ F0FEFB0B5D25A75D478A4317139D937E ] C:\Windows\System32\iedkcs32.dll
20:51:58.0987 3792 C:\Windows\System32\iedkcs32.dll - ok
20:51:58.0987 3792 [ 4B19A9A4191353007E9819A832B81186 ] C:\Windows\System32\timedate.cpl
20:51:58.0987 3792 C:\Windows\System32\timedate.cpl - ok
20:51:59.0003 3792 [ 8D78BA30DB4AE040A52EDEE725782715 ] C:\Windows\System32\actxprxy.dll
20:51:59.0003 3792 C:\Windows\System32\actxprxy.dll - ok
20:51:59.0003 3792 [ FF41E1AC301F51E16F61AD7C0F45467C ] C:\Windows\System32\msshsq.dll
20:51:59.0003 3792 C:\Windows\System32\msshsq.dll - ok
20:51:59.0003 3792 [ 1CE4A2790EB4A96F4ED1E4264866AFE6 ] C:\Windows\System32\NaturalLanguage6.dll
20:51:59.0003 3792 C:\Windows\System32\NaturalLanguage6.dll - ok
20:51:59.0018 3792 [ AA111488C03C58A2BF66509ABB4FDE60 ] C:\Windows\System32\NlsData0009.dll
20:51:59.0018 3792 C:\Windows\System32\NlsData0009.dll - ok
20:51:59.0018 3792 [ 8629B71343F61E1140243581C63BC0C7 ] C:\Windows\System32\NlsLexicons0009.dll
20:51:59.0018 3792 C:\Windows\System32\NlsLexicons0009.dll - ok
20:51:59.0034 3792 [ 24F90AEFEBE601D427CB4511E74CDCB6 ] C:\Windows\System32\linkinfo.dll
20:51:59.0034 3792 C:\Windows\System32\linkinfo.dll - ok
20:51:59.0034 3792 [ 2B76545CD2572B92E89AC62C076F4699 ] C:\Windows\RtHDVCpl.exe
20:51:59.0034 3792 C:\Windows\RtHDVCpl.exe - ok
20:51:59.0034 3792 [ FAF567594B8C99B5E453DD964196C257 ] C:\Windows\System32\igfxtray.exe
20:51:59.0034 3792 C:\Windows\System32\igfxtray.exe - ok
20:51:59.0050 3792 [ 6C2FA88E5255C4595437987DA536EED5 ] C:\Windows\System32\hccutils.dll
20:51:59.0050 3792 C:\Windows\System32\hccutils.dll - ok
20:51:59.0050 3792 [ 04044BF8E6989BE45FA718C24407CA28 ] C:\Windows\System32\networkexplorer.dll
20:51:59.0050 3792 C:\Windows\System32\networkexplorer.dll - ok
20:51:59.0050 3792 [ 84B8827562B005C118CADBA0F25DB2C6 ] C:\Windows\System32\dsound.dll
20:51:59.0050 3792 C:\Windows\System32\dsound.dll - ok
20:51:59.0065 3792 [ 8E74D1A2DC724EFA30F7264759C78F34 ] C:\Windows\System32\hkcmd.exe
20:51:59.0065 3792 C:\Windows\System32\hkcmd.exe - ok
20:51:59.0065 3792 [ B55E77BB01E85D2CA2C4B8424E1DF345 ] C:\Windows\System32\opengl32.dll
20:51:59.0065 3792 C:\Windows\System32\opengl32.dll - ok
20:51:59.0081 3792 [ 64EE0AAACFF314DCD079D07DFF301D3F ] C:\Windows\System32\igfxpers.exe
20:51:59.0081 3792 C:\Windows\System32\igfxpers.exe - ok
20:51:59.0081 3792 [ BADC359C9A0D9C217B7E8DA17BF3F5BB ] C:\Windows\System32\ntshrui.dll
20:51:59.0081 3792 C:\Windows\System32\ntshrui.dll - ok
20:51:59.0081 3792 [ D922592AB65C5D9B88B30B4510A3464E ] C:\Windows\System32\cscapi.dll
20:51:59.0096 3792 C:\Windows\System32\cscapi.dll - ok
20:51:59.0096 3792 [ 3EB6D30D82F0E300FCFBAD0498F654FD ] C:\Windows\System32\mlang.dll
20:51:59.0096 3792 C:\Windows\System32\mlang.dll - ok
20:51:59.0096 3792 [ 7A137514F4E48ECDBDD1F29CF7E8D5A4 ] C:\Windows\System32\glu32.dll
20:51:59.0096 3792 C:\Windows\System32\glu32.dll - ok
20:51:59.0112 3792 [ 245FF3ECF2D901277DC06B08EC6A9ADB ] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
20:51:59.0112 3792 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - ok
20:51:59.0112 3792 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\Windows\System32\drivers\36372197.sys
20:51:59.0112 3792 C:\Windows\System32\drivers\36372197.sys - ok
20:51:59.0112 3792 [ 80BD4B26E2CBC0D65445D0463DFF6FC2 ] C:\Windows\System32\oledlg.dll
20:51:59.0112 3792 C:\Windows\System32\oledlg.dll - ok
20:51:59.0128 3792 [ 61216539E55DDF2F78E421E7EF140650 ] C:\Windows\System32\ExplorerFrame.dll
20:51:59.0128 3792 C:\Windows\System32\ExplorerFrame.dll - ok
20:51:59.0128 3792 [ C61DFED19704FA252702727EFCFF97C3 ] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
20:51:59.0128 3792 C:\Program Files\Sony\ISB Utility\ISBMgr.exe - ok
20:51:59.0128 3792 [ FF299BB033DC7B2FB3210F12869E344C ] C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
20:51:59.0128 3792 C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe - ok
20:51:59.0143 3792 [ A9F55A24DC43E1FC2A8299B8BD7E23A1 ] C:\Program Files\Sony\VAIO VP Utilities\VCAutoModeEntrance.exe
20:51:59.0143 3792 C:\Program Files\Sony\VAIO VP Utilities\VCAutoModeEntrance.exe - ok
20:51:59.0143 3792 [ 643CB91C9FA6C3F38B7EFA600F75AA92 ] C:\Windows\System32\SynCOM.dll
20:51:59.0143 3792 C:\Windows\System32\SynCOM.dll - ok
20:51:59.0159 3792 [ 243F2A5F87A81817D73066C0A0CC39C8 ] C:\Windows\System32\SynTPAPI.dll
20:51:59.0159 3792 C:\Windows\System32\SynTPAPI.dll - ok
20:51:59.0159 3792 [ D03B14A8B9AEB70EACB22E782E1D277E ] C:\Program Files\Sony\First Experience\WelcomeLauncher.exe
20:51:59.0159 3792 C:\Program Files\Sony\First Experience\WelcomeLauncher.exe - ok
20:51:59.0174 3792 [ 0CFCDE5D9D074D96B78D1F1CBF1AAB1D ] C:\Windows\System32\riched20.dll
20:51:59.0174 3792 C:\Windows\System32\riched20.dll - ok
20:51:59.0174 3792 [ 07B5AB2F18902CE328E38A8101CBD3F7 ] C:\Program Files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe
20:51:59.0174 3792 C:\Program Files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe - ok
20:51:59.0174 3792 [ 35937EAD711207544E219C2A19A78A7D ] C:\Program Files\Windows Media Player\wmpnscfg.exe
20:51:59.0237 3792 C:\Program Files\Windows Media Player\wmpnscfg.exe - ok
20:51:59.0237 3792 [ BC9BC00C7BB93B470DC61D25253FDB01 ] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
20:51:59.0237 3792 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe - ok
20:51:59.0237 3792 [ 53F0C5CF7E12AB8597BAE3E2DCBE40B8 ] C:\Windows\System32\RtkAPO.dll
20:51:59.0237 3792 C:\Windows\System32\RtkAPO.dll - ok
20:51:59.0252 3792 [ 027E5E14C9CFF810377701BDEAD8210F ] C:\Windows\System32\control.exe
20:51:59.0252 3792 C:\Windows\System32\control.exe - ok
20:51:59.0252 3792 [ D6804F089CBB6749E95124E7C4D80900 ] C:\Windows\AppPatch\AcLayers.dll
20:51:59.0252 3792 C:\Windows\AppPatch\AcLayers.dll - ok
20:51:59.0252 3792 [ E46A4765F8E6D631C9C9CB0B083602F5 ] C:\Program Files\Windows Media Player\wmpnssci.dll
20:51:59.0252 3792 C:\Program Files\Windows Media Player\wmpnssci.dll - ok
20:51:59.0268 3792 [ E6057118B095966054B951068AEE9344 ] C:\Program Files\Smart PC Utilities\Game Fire\GameFire.exe
20:51:59.0268 3792 C:\Program Files\Smart PC Utilities\Game Fire\GameFire.exe - ok
20:51:59.0268 3792 [ 0727200F10320A6BA7E59433094FBBA7 ] C:\Windows\System32\WMALFXGFXDSP.dll
20:51:59.0268 3792 C:\Windows\System32\WMALFXGFXDSP.dll - ok
20:51:59.0268 3792 [ BF142D4F8C61ED3629A9CDD7BA867900 ] C:\Windows\System32\mfplat.dll
20:51:59.0268 3792 C:\Windows\System32\mfplat.dll - ok
20:51:59.0284 3792 [ 687B71C161B246ECE1A13D24AACF0413 ] C:\Program Files\Microsoft Security Client\msseces.exe
20:51:59.0284 3792 C:\Program Files\Microsoft Security Client\msseces.exe - ok
20:51:59.0284 3792 [ 6566905CA103DAD7EB438B7E3AAF0340 ] C:\Program Files\Sony\VAIO VP Utilities\VCExporter.exe
20:51:59.0284 3792 C:\Program Files\Sony\VAIO VP Utilities\VCExporter.exe - ok
20:51:59.0299 3792 [ 790222D6CCFC576F0D07D418E6115D85 ] C:\Program Files\Windows Calendar\WinCal.exe
20:51:59.0299 3792 C:\Program Files\Windows Calendar\WinCal.exe - ok
20:51:59.0299 3792 [ 06164026C38AA5366E4D127E2E36FDE8 ] C:\Program Files\Windows Mail\wab.exe
20:51:59.0299 3792 C:\Program Files\Windows Mail\wab.exe - ok
20:51:59.0299 3792 [ 395335431AD55C167CFDBBAB8420DA73 ] C:\Program Files\Movie Maker\DVDMaker.exe
20:51:59.0299 3792 C:\Program Files\Movie Maker\DVDMaker.exe - ok
20:51:59.0315 3792 [ D02837AC12A640F1B71BCD985219134E ] C:\Program Files\Windows Live\Mail\wlmail.exe
20:51:59.0315 3792 C:\Program Files\Windows Live\Mail\wlmail.exe - ok
20:51:59.0315 3792 [ CF95B4DC2A5512FD8C0A697CB47DD0D6 ] C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
20:51:59.0315 3792 C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe - ok
20:51:59.0315 3792 [ 34B01BBD8F00B6B9C9248DC4F1E3CD01 ] C:\Program Files\Internet Explorer\iexplore.exe
20:51:59.0315 3792 C:\Program Files\Internet Explorer\iexplore.exe - ok
20:51:59.0330 3792 [ 11513B12069E71521B03C1DFAC630FEE ] C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
20:51:59.0330 3792 C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll - ok
20:51:59.0330 3792 [ B7ED332A57FC78CA29E40D3619550225 ] C:\Windows\ehome\ehshell.exe
20:51:59.0330 3792 C:\Windows\ehome\ehshell.exe - ok
20:51:59.0330 3792 [ 7E6EA9CB72B5DE84A5D700BED877E5F9 ] C:\Program Files\Windows Mail\WinMail.exe
20:51:59.0330 3792 C:\Program Files\Windows Mail\WinMail.exe - ok
20:51:59.0346 3792 [ 52BC119E49F88F2A5D1466230B1275C7 ] C:\Program Files\Windows Collaboration\WinCollab.exe
20:51:59.0346 3792 C:\Program Files\Windows Collaboration\WinCollab.exe - ok
20:51:59.0346 3792 [ 2D821AFA5A1A9CA7F9F997A1AAD09E72 ] C:\Program Files\Windows Media Player\wmplayer.exe
20:51:59.0346 3792 C:\Program Files\Windows Media Player\wmplayer.exe - ok
20:51:59.0362 3792 [ C4AB08459CD7B59B410ACFC04D90E87B ] C:\Program Files\Movie Maker\MOVIEMK.exe
20:51:59.0362 3792 C:\Program Files\Movie Maker\MOVIEMK.exe - ok
20:51:59.0362 3792 [ B5950DF243837D8217F4E597919B224A ] C:\Windows\System32\stobject.dll
20:51:59.0362 3792 C:\Windows\System32\stobject.dll - ok
20:51:59.0377 3792 [ EC69B16644C613F41A57169F8D068F1D ] C:\Windows\System32\batmeter.dll
20:51:59.0377 3792 C:\Windows\System32\batmeter.dll - ok
20:51:59.0377 3792 [ ECBF8CBD73ADFCF351A17053CC4E2B01 ] C:\Program Files\Sony\VAIO Wireless Wizard\snyutilswrapper.dll
20:51:59.0377 3792 C:\Program Files\Sony\VAIO Wireless Wizard\snyutilswrapper.dll - ok
20:51:59.0377 3792 [ C03AC1FBCD625F93D2C245D97E06F270 ] C:\Program Files\Windows Photo Gallery\WindowsPhotoGallery.exe
20:51:59.0377 3792 C:\Program Files\Windows Photo Gallery\WindowsPhotoGallery.exe - ok
20:51:59.0393 3792 [ 069385484EA57B663D688894C88975C5 ] C:\Windows\System32\wuapp.exe
20:51:59.0393 3792 C:\Windows\System32\wuapp.exe - ok
20:51:59.0393 3792 [ 30F02D9C55053367E26A11482F51E255 ] C:\Windows\System32\SndVolSSO.dll
20:51:59.0393 3792 C:\Windows\System32\SndVolSSO.dll - ok
20:51:59.0408 3792 [ E47C854A28A81F2939F42CBE9FEA994C ] C:\Windows\System32\Magnify.exe
20:51:59.0408 3792 C:\Windows\System32\Magnify.exe - ok
20:51:59.0408 3792 [ 313B30189557A2E2793F845DE0F0A4D5 ] C:\Windows\ehome\ehSSO.dll
20:51:59.0471 3792 C:\Windows\ehome\ehSSO.dll - ok
20:51:59.0471 3792 [ E98E402067978DB38282158F9E8609CA ] C:\Windows\System32\netshell.dll
20:51:59.0471 3792 C:\Windows\System32\netshell.dll - ok
20:51:59.0471 3792 [ 27BB54357A51594D9F9B6257B5B9A879 ] C:\Windows\System32\Narrator.exe
20:51:59.0471 3792 C:\Windows\System32\Narrator.exe - ok
20:51:59.0486 3792 [ 75AD59B9B12EB194486BE8D97B062994 ] C:\Windows\System32\pnidui.dll
20:51:59.0486 3792 C:\Windows\System32\pnidui.dll - ok
20:51:59.0486 3792 [ 877F2939794EBA4F3D1BB967007E99E8 ] C:\Windows\System32\osk.exe
20:51:59.0486 3792 C:\Windows\System32\osk.exe - ok
20:51:59.0486 3792 [ 2DD6AF8E97F59C9D39329BBC2A81F13F ] C:\Windows\System32\rasdlg.dll
20:51:59.0486 3792 C:\Windows\System32\rasdlg.dll - ok
20:51:59.0502 3792 [ 4A839160ED1963F9A1526DDA2D1233B2 ] C:\Windows\System32\AltTab.dll
20:51:59.0502 3792 C:\Windows\System32\AltTab.dll - ok
20:51:59.0502 3792 [ 6B5C53E0932C510606D700B7A896EF73 ] C:\Windows\System32\WPDShServiceObj.dll
20:51:59.0502 3792 C:\Windows\System32\WPDShServiceObj.dll - ok
20:51:59.0502 3792 [ 0F4DA3F73DBF00EFFBE31D9E6FB13DF0 ] C:\Windows\System32\BTNCopy.dll
20:51:59.0502 3792 C:\Windows\System32\BTNCopy.dll - ok
20:51:59.0518 3792 [ 36B98B8197E1BE8E7382D29C1A3628AA ] C:\Users\GreenPeaPrincess\AppData\Roaming\Microsoft\Installer\{DDABC667-56B3-4122-82B0-2F5782EA2F9A}\IconCF33A0CE.exe
20:51:59.0518 3792 C:\Users\GreenPeaPrincess\AppData\Roaming\Microsoft\Installer\{DDABC667-56B3-4122-82B0-2F5782EA2F9A}\IconCF33A0CE.exe - ok
20:51:59.0518 3792 [ C12BE8A3CEA0F5AAD23472FF8755FBAE ] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
20:51:59.0518 3792 C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe - ok
20:51:59.0518 3792 [ 36B98B8197E1BE8E7382D29C1A3628AA ] C:\Users\GreenPeaPrincess\AppData\Roaming\Microsoft\Installer\{DDABC667-56B3-4122-82B0-2F5782EA2F9A}\IconF7A21AF7.exe
20:51:59.0533 3792 C:\Users\GreenPeaPrincess\AppData\Roaming\Microsoft\Installer\{DDABC667-56B3-4122-82B0-2F5782EA2F9A}\IconF7A21AF7.exe - ok
20:51:59.0533 3792 [ 744F08CF9ACFFB1C715191D04DEEE907 ] C:\Windows\System32\srchadmin.dll
20:51:59.0533 3792 C:\Windows\System32\srchadmin.dll - ok
20:51:59.0533 3792 [ 5193DE33F3284C447E0D31DAFBF92570 ] C:\Windows\System32\webcheck.dll
20:51:59.0533 3792 C:\Windows\System32\webcheck.dll - ok
20:51:59.0549 3792 [ 4ACEA0C4BB15ACE55E3AE5EC4E88DD55 ] C:\Windows\System32\SyncCenter.dll
20:51:59.0549 3792 C:\Windows\System32\SyncCenter.dll - ok
20:51:59.0549 3792 [ C559672F31ABE6BA7277DD73C4502238 ] C:\Windows\System32\msiexec.exe
20:51:59.0549 3792 C:\Windows\System32\msiexec.exe - ok
20:51:59.0549 3792 [ 0B5AC46982E77CAF3EC1D55C9AC6AB56 ] C:\Windows\System32\wscntfy.dll
20:51:59.0549 3792 C:\Windows\System32\wscntfy.dll - ok
20:51:59.0564 3792 [ 7ADD03E75BEB9E6DD102C3081D29840A ] C:\Windows\System32\drivers\cdfs.sys
20:51:59.0564 3792 C:\Windows\System32\drivers\cdfs.sys - ok
20:51:59.0564 3792 [ 9B0726A03B790E5B82BED44D24009BEF ] C:\Windows\System32\imapi2.dll
20:51:59.0564 3792 C:\Windows\System32\imapi2.dll - ok
20:51:59.0564 3792 [ C341C51D39B82C2D923D7345AE2C0DD8 ] C:\Program Files\Unlocker\Unlocker.exe
20:51:59.0564 3792 C:\Program Files\Unlocker\Unlocker.exe - ok
20:51:59.0580 3792 [ 838997426DB271D4B34BFC617B3BE4AD ] C:\Program Files\Unlocker\uninst.exe
20:51:59.0580 3792 C:\Program Files\Unlocker\uninst.exe - ok
20:51:59.0580 3792 [ 40B8684493371CC0FB85AD6AD135BE0B ] C:\Program Files\Adobe\Acrobat.com\Acrobat.com.exe
20:51:59.0580 3792 C:\Program Files\Adobe\Acrobat.com\Acrobat.com.exe - ok
20:51:59.0580 3792 [ 83A96B2142568C09EF5E413BB913436F ] C:\Program Files\Sony\Click to Disc Editor\ctdEditor.exe
20:51:59.0580 3792 C:\Program Files\Sony\Click to Disc Editor\ctdEditor.exe - ok
20:51:59.0596 3792 [ 0602A7B7680699016B6DC29BDB070B80 ] C:\Program Files\Microsoft Works\MSWorks.exe
20:51:59.0596 3792 C:\Program Files\Microsoft Works\MSWorks.exe - ok
20:51:59.0596 3792 [ 5CA1D0935E47FC41D75B9D4533320202 ] C:\Program Files\Microsoft Works\wksdb.exe
20:51:59.0596 3792 C:\Program Files\Microsoft Works\wksdb.exe - ok
20:51:59.0596 3792 [ 3AA6B9015433E1C14A7882C5A8FA6065 ] C:\Program Files\Microsoft Works\msadctls.dll
20:51:59.0596 3792 C:\Program Files\Microsoft Works\msadctls.dll - ok
20:51:59.0611 3792 [ 36CBD2E2C0A075A52F9D319820623B01 ] C:\Program Files\Microsoft Works\msadapi.dll
20:51:59.0611 3792 C:\Program Files\Microsoft Works\msadapi.dll - ok
20:51:59.0611 3792 [ E60E9D5F229CB8DA347D48ADD6E8DC47 ] C:\Program Files\Mozilla Firefox\firefox.exe
20:51:59.0611 3792 C:\Program Files\Mozilla Firefox\firefox.exe - ok
20:51:59.0642 3792 [ AE0081DA0ECF15213A78B21DECB12AB3 ] C:\Program Files\Java\jre1.6.0\bin\jpinscp.dll
20:51:59.0642 3792 C:\Program Files\Java\jre1.6.0\bin\jpinscp.dll - ok
20:51:59.0642 3792 [ E2516EF1DA9D72B70036991667BFD05D ] C:\Program Files\Sony\VAIO Control Center\VAIO Control Center.exe
20:51:59.0642 3792 C:\Program Files\Sony\VAIO Control Center\VAIO Control Center.exe - ok
20:51:59.0642 3792 [ 5F50E81E1A2AEFD3AEE7E8AA054D3FBE ] C:\Program Files\Sony\VAIO Data Restore Tool\Restore.exe
20:51:59.0642 3792 C:\Program Files\Sony\VAIO Data Restore Tool\Restore.exe - ok
20:51:59.0658 3792 [ 66EA948D084385A2C49CB166364F6650 ] C:\Program Files\Sony\VAIO Media plus\VMp.exe
20:51:59.0658 3792 C:\Program Files\Sony\VAIO Media plus\VMp.exe - ok
20:51:59.0658 3792 [ DF4194559E93274289E349FC876729B8 ] C:\Program Files\Sony\VAIO Movie Story\VMStory.exe
20:51:59.0658 3792 C:\Program Files\Sony\VAIO Movie Story\VMStory.exe - ok
20:51:59.0658 3792 [ 3C00387E5A257CE129162D697515A085 ] C:\Program Files\Sony\First Experience\VAIOWelcome.exe
20:51:59.0658 3792 C:\Program Files\Sony\First Experience\VAIOWelcome.exe - ok
20:51:59.0658 3792 [ 0D392EDE3B97E0B3131B2F63EF1DB94E ] C:\Program Files\Windows Defender\MSASCui.exe
20:51:59.0674 3792 C:\Program Files\Windows Defender\MSASCui.exe - ok
20:51:59.0674 3792 [ 89BDDACB7EFFF216B12E2DC87DE92167 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
20:51:59.0674 3792 C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll - ok
20:51:59.0674 3792 [ A59DCD3DB4E966582F6FA83F2977C137 ] C:\Windows\System32\fsquirt.exe
20:51:59.0674 3792 C:\Windows\System32\fsquirt.exe - ok
20:51:59.0689 3792 [ 1ED2124313CCE34C877247574212EFC8 ] C:\Windows\System32\calc.exe
20:51:59.0689 3792 C:\Windows\System32\calc.exe - ok
20:51:59.0689 3792 [ 338104E0E18307CD65604FE317B5FB8D ] C:\Windows\System32\mblctr.exe
20:51:59.0689 3792 C:\Windows\System32\mblctr.exe - ok
20:51:59.0689 3792 [ B1AFF0B6DED627A1D22A6817DD58AC0F ] C:\Windows\System32\NetProj.exe
20:51:59.0689 3792 C:\Windows\System32\NetProj.exe - ok
20:51:59.0705 3792 [ 694AF8B27C9A0A99399E02CE977F986B ] C:\Windows\System32\mspaint.exe
20:51:59.0705 3792 C:\Windows\System32\mspaint.exe - ok
20:51:59.0705 3792 [ 16FEE292E95EDC274385103E6B498019 ] C:\Windows\System32\mstsc.exe
20:51:59.0705 3792 C:\Windows\System32\mstsc.exe - ok
20:51:59.0720 3792 [ E80DB295132C5EF0C623935422BD0FC7 ] C:\Windows\System32\SnippingTool.exe
20:51:59.0720 3792 C:\Windows\System32\SnippingTool.exe - ok
20:51:59.0720 3792 [ 248F33A6C2380757BC1E20E34D9E827B ] C:\Windows\System32\SoundRecorder.exe
20:51:59.0720 3792 C:\Windows\System32\SoundRecorder.exe - ok
20:51:59.0720 3792 [ 9B89B3BB79EA1ACF041F40A7B6FC5827 ] C:\Windows\System32\mobsync.exe
20:51:59.0720 3792 C:\Windows\System32\mobsync.exe - ok
20:51:59.0736 3792 [ 19D0FC69D4E68D5CE2E4B34940529727 ] C:\Program Files\Windows NT\Accessories\wordpad.exe
20:51:59.0736 3792 C:\Program Files\Windows NT\Accessories\wordpad.exe - ok
20:51:59.0736 3792 [ 105A4D87C8DCF2CF5DB042830B203E5F ] C:\Windows\Speech\Common\sapisvr.exe
20:51:59.0736 3792 C:\Windows\Speech\Common\sapisvr.exe - ok
20:51:59.0736 3792 [ A623666C8A8EC9A57DCA07915A3F1EC6 ] C:\Windows\System32\sdclt.exe
20:51:59.0752 3792 C:\Windows\System32\sdclt.exe - ok
20:51:59.0752 3792 [ BB4910DE8B6C5E30DF39EC97308D44BA ] C:\Windows\System32\charmap.exe
20:51:59.0752 3792 C:\Windows\System32\charmap.exe - ok
20:51:59.0752 3792 [ 2327C11B043FCEB80BE00CC8D077E9AA ] C:\Windows\System32\dfrgui.exe
20:51:59.0752 3792 C:\Windows\System32\dfrgui.exe - ok
20:51:59.0752 3792 [ 67EC459E42D3081DD8FD34356F7CAFC1 ] C:\Program Files\Mozilla Firefox\msvcr100.dll
20:51:59.0767 3792 C:\Program Files\Mozilla Firefox\msvcr100.dll - ok
20:51:59.0767 3792 [ 86AB3F6C784197DC1D994A83AF4259CD ] C:\Windows\System32\cleanmgr.exe
20:51:59.0767 3792 C:\Windows\System32\cleanmgr.exe - ok
20:51:59.0767 3792 [ BE852D6AD0A67EE9DD28C6F95E5896E1 ] C:\Program Files\Mozilla Firefox\mozglue.dll
20:51:59.0767 3792 C:\Program Files\Mozilla Firefox\mozglue.dll - ok
20:51:59.0783 3792 [ CEBC736458C1F79C23B1BBC5493DB4C2 ] C:\Program Files\Mozilla Firefox\nspr4.dll
20:51:59.0783 3792 C:\Program Files\Mozilla Firefox\nspr4.dll - ok
20:51:59.0783 3792 [ FBF628702A408977FEB0845D48F4F154 ] C:\Windows\System32\migwiz\migwiz.exe
20:51:59.0783 3792 C:\Windows\System32\migwiz\migwiz.exe - ok
20:51:59.0783 3792 [ 03E9314004F504A14A61C3D364B62F66 ] C:\Program Files\Mozilla Firefox\msvcp100.dll
20:51:59.0783 3792 C:\Program Files\Mozilla Firefox\msvcp100.dll - ok
20:51:59.0798 3792 [ 830F7F5F5197A338B9B4CDDA0AA81C1B ] C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
20:51:59.0798 3792 C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll - ok
20:51:59.0798 3792 [ CC726292A4FDEC2857688CA3C32A510D ] C:\Program Files\Mozilla Firefox\mozjs.dll
20:51:59.0798 3792 C:\Program Files\Mozilla Firefox\mozjs.dll - ok
20:51:59.0798 3792 [ A38276867DF9ECFAC4BAE167BA34772D ] C:\Program Files\Mozilla Firefox\plc4.dll
20:51:59.0798 3792 C:\Program Files\Mozilla Firefox\plc4.dll - ok
20:51:59.0814 3792 [ 74E3FD55C2BCFEDCECC80121E93FFEC5 ] C:\Program Files\Mozilla Firefox\plds4.dll
20:51:59.0814 3792 C:\Program Files\Mozilla Firefox\plds4.dll - ok
20:51:59.0814 3792 [ D8474B89FD26B18EED414A42AE5175AC ] C:\Program Files\Mozilla Firefox\nssutil3.dll
20:51:59.0814 3792 C:\Program Files\Mozilla Firefox\nssutil3.dll - ok
20:51:59.0814 3792 [ D3D1CE8FF30786D50272DA3085149904 ] C:\Windows\System32\msinfo32.exe
20:51:59.0814 3792 C:\Windows\System32\msinfo32.exe - ok
20:51:59.0830 3792 [ E1FBACB92FE471C684546DD9336AFEF6 ] C:\Program Files\Mozilla Firefox\nss3.dll
20:51:59.0830 3792 C:\Program Files\Mozilla Firefox\nss3.dll - ok
20:51:59.0830 3792 [ 94FB1D160021FE9F54C84FF587273868 ] C:\Program Files\Mozilla Firefox\smime3.dll
20:51:59.0830 3792 C:\Program Files\Mozilla Firefox\smime3.dll - ok
20:51:59.0830 3792 [ 5914766C39B2D62CE67E2509F78216AB ] C:\Program Files\Mozilla Firefox\ssl3.dll
20:51:59.0830 3792 C:\Program Files\Mozilla Firefox\ssl3.dll - ok
20:51:59.0845 3792 [ F9CF7ED9F44176962D182B80AE0C66D4 ] C:\Program Files\Mozilla Firefox\mozsqlite3.dll
20:51:59.0845 3792 C:\Program Files\Mozilla Firefox\mozsqlite3.dll - ok
20:51:59.0845 3792 [ 95D5AC5CCBE10E8B4B8A0DF41022568D ] C:\Windows\System32\rstrui.exe
20:51:59.0845 3792 C:\Windows\System32\rstrui.exe - ok
20:51:59.0861 3792 [ 7EF5D4B34137D053B9F4F843AE796802 ] C:\Program Files\Mozilla Firefox\mozalloc.dll
20:51:59.0861 3792 C:\Program Files\Mozilla Firefox\mozalloc.dll - ok
20:51:59.0861 3792 [ B9A5A116229FF8E1D5994F6793EB6A6E ] C:\Program Files\Mozilla Firefox\gkmedias.dll
20:51:59.0861 3792 C:\Program Files\Mozilla Firefox\gkmedias.dll - ok
20:51:59.0861 3792 [ 819FA5F084B3174CF702320CE58AA7E6 ] C:\Program Files\Mozilla Firefox\xul.dll
20:51:59.0861 3792 C:\Program Files\Mozilla Firefox\xul.dll - ok
20:51:59.0876 3792 [ E2C48CD0132D4D1DC7D0DF9A6BEF686A ] C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80u.dll
20:51:59.0876 3792 C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80u.dll - ok
20:51:59.0876 3792 [ 7F89683200960FFAE7C6F7F99360949C ] C:\Program Files\Mozilla Firefox\xpcom.dll
20:51:59.0876 3792 C:\Program Files\Mozilla Firefox\xpcom.dll - ok
20:51:59.0876 3792 [ D9E6FF5E65F891F83D898B1D49E9C79E ] C:\Program Files\Sony\VAIO Wireless Wizard\veswrap.dll
20:51:59.0876 3792 C:\Program Files\Sony\VAIO Wireless Wizard\veswrap.dll - ok
20:51:59.0892 3792 [ 61E69498B2724FD093B23C87ED90CC9A ] C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
20:51:59.0892 3792 C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll - ok
20:51:59.0892 3792 [ CABD1B34BD05C986B4DBC18BC0E947EE ] C:\Windows\System32\DWrite.dll
20:51:59.0892 3792 C:\Windows\System32\DWrite.dll - ok
20:51:59.0892 3792 [ 73FD66B14D3C4252F7A524B8836A4359 ] C:\Windows\System32\mstask.dll
20:51:59.0892 3792 C:\Windows\System32\mstask.dll - ok
20:51:59.0908 3792 [ C9B520028498E5DA23651619F8A556D4 ] C:\Windows\System32\StikyNot.exe
20:51:59.0908 3792 C:\Windows\System32\StikyNot.exe - ok
20:51:59.0908 3792 [ 4934241CD20AC87D78121352E3BA8318 ] C:\Windows\System32\dbghelp.dll
20:51:59.0908 3792 C:\Windows\System32\dbghelp.dll - ok
20:51:59.0908 3792 [ 7122B0AA2212B07BBFC49BD22215BF3B ] C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
20:51:59.0908 3792 C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe - ok
20:51:59.0923 3792 [ C20436B4F0596ACD5569749206F99265 ] C:\Program Files\Windows Journal\Journal.exe
20:51:59.0923 3792 C:\Program Files\Windows Journal\Journal.exe - ok
20:51:59.0923 3792 [ 36B6F71B6D7D280302B348145DB05A9F ] C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe
20:51:59.0923 3792 C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe - ok
20:51:59.0923 3792 [ 4069A06436494C4DE12F65477BB92EBE ] C:\Program Files\Mozilla Firefox\components\browsercomps.dll
20:51:59.0923 3792 C:\Program Files\Mozilla Firefox\components\browsercomps.dll - ok
20:51:59.0939 3792 [ DF4217DDB34A0B73DC7AAC7829371C0C ] C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
20:51:59.0939 3792 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe - ok
20:51:59.0939 3792 [ 4CAAD229A00C0DEFFF51841AE2B93B46 ] C:\Windows\System32\WindowsPowerShell\v1.0\pwrshmsg.dll
20:51:59.0939 3792 C:\Windows\System32\WindowsPowerShell\v1.0\pwrshmsg.dll - ok
20:51:59.0939 3792 [ 1C474C0C4CB5F15A555FE912CBF4549C ] C:\Windows\System32\odbcad32.exe
20:51:59.0939 3792 C:\Windows\System32\odbcad32.exe - ok
20:51:59.0954 3792 [ 1CB1B95D67BC380FBCCFAEA3CF2DDA80 ] C:\Windows\System32\iscsicpl.exe
20:51:59.0954 3792 C:\Windows\System32\iscsicpl.exe - ok
20:51:59.0954 3792 [ 8D865A3E7E2C78317EDE4EAE8316284F ] C:\Windows\System32\MdSched.exe
20:51:59.0954 3792 C:\Windows\System32\MdSched.exe - ok
20:51:59.0954 3792 [ 7629E9BB2FF06EACA62580A2C1D4FE6A ] C:\Windows\System32\msconfig.exe
20:51:59.0954 3792 C:\Windows\System32\msconfig.exe - ok
20:51:59.0970 3792 [ 916B909555CDDA54D4F3D1AB6AAA2682 ] C:\Program Files\ArcSoft\Magic-i Visual Effects\Magic-i Visual Effects.exe
20:51:59.0970 3792 C:\Program Files\ArcSoft\Magic-i Visual Effects\Magic-i Visual Effects.exe - ok
20:51:59.0970 3792 [ BB697946D674C858088287A7C56D952C ] C:\Program Files\ArcSoft\Magic-i Visual Effects\ArcRegister.exe
20:51:59.0970 3792 C:\Program Files\ArcSoft\Magic-i Visual Effects\ArcRegister.exe - ok
20:51:59.0970 3792 [ BB697946D674C858088287A7C56D952C ] C:\Program Files\ArcSoft\WebCam Companion 2\ArcRegister.exe
20:51:59.0970 3792 C:\Program Files\ArcSoft\WebCam Companion 2\ArcRegister.exe - ok
20:51:59.0986 3792 [ E2247D1FBCD7C560B8FA676C7E87DF7B ] C:\Windows\System32\igd10umd32.dll
20:51:59.0986 3792 C:\Windows\System32\igd10umd32.dll - ok
20:51:59.0986 3792 [ C8637D115AEE0DD3CC55565732FDB4C9 ] C:\Program Files\ArcSoft\WebCam Companion 2\uWebCam.exe
20:51:59.0986 3792 C:\Program Files\ArcSoft\WebCam Companion 2\uWebCam.exe - ok
20:51:59.0986 3792 [ BFA034AAC103D8A6F591AC9364688339 ] C:\Windows\System32\t2embed.dll
20:51:59.0986 3792 C:\Windows\System32\t2embed.dll - ok
20:52:00.0001 3792 [ 6E8A4256CEC328029C0D923EADA47F04 ] C:\Program Files\CCleaner\CCleaner.exe
20:52:00.0001 3792 C:\Program Files\CCleaner\CCleaner.exe - ok
20:52:00.0001 3792 [ BFB89A012A5598EEB1E1A7141EC49661 ] C:\Program Files\CCleaner\uninst.exe
20:52:00.0001 3792 C:\Program Files\CCleaner\uninst.exe - ok
20:52:00.0001 3792 [ 56090799322231F261A158810967EE2F ] C:\Program Files\ExtractNow\unins000.exe
20:52:00.0001 3792 C:\Program Files\ExtractNow\unins000.exe - ok
20:52:00.0017 3792 [ 8371F40EFF6370A08D51EB0FE0FD1550 ] C:\Program Files\ExtractNow\extractnow.exe
20:52:00.0017 3792 C:\Program Files\ExtractNow\extractnow.exe - ok
20:52:00.0017 3792 [ 477E08FE0114AFEA114FC954C983D4DB ] C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL
20:52:00.0017 3792 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL - ok
20:52:00.0017 3792 [ 626F198768F67A0FEB3AD909E638F551 ] C:\Windows\System32\WindowsAnytimeUpgrade.exe
20:52:00.0017 3792 C:\Windows\System32\WindowsAnytimeUpgrade.exe - ok
20:52:00.0032 3792 [ 4304D04DFDAAE621171A2F955981016E ] C:\Program Files\Microsoft Games\Chess\Chess.exe
20:52:00.0032 3792 C:\Program Files\Microsoft Games\Chess\Chess.exe - ok
20:52:00.0032 3792 [ 21AD332BE723EFE40D9F32AD97BA8376 ] C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe
20:52:00.0032 3792 C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe - ok
20:52:00.0048 3792 [ 6ED28075D6D9E0C0464048A30432A142 ] C:\Program Files\Microsoft Games\Hearts\Hearts.exe
20:52:00.0048 3792 C:\Program Files\Microsoft Games\Hearts\Hearts.exe - ok
20:52:00.0048 3792 [ 7F1D7CFABB351D8F46A0B94D5787FCF3 ] C:\Program Files\Mozilla Firefox\softokn3.dll
20:52:00.0048 3792 C:\Program Files\Mozilla Firefox\softokn3.dll - ok
20:52:00.0048 3792 [ A062F4F9F2E2A89F7C0ED75BE5AB8D3F ] C:\Program Files\Mozilla Firefox\nssdbm3.dll
20:52:00.0048 3792 C:\Program Files\Mozilla Firefox\nssdbm3.dll - ok
20:52:00.0064 3792 [ 340A842B7C5D21E08BFCBB7F9B58139D ] C:\Program Files\Mozilla Firefox\freebl3.dll
20:52:00.0064 3792 C:\Program Files\Mozilla Firefox\freebl3.dll - ok
20:52:00.0064 3792 [ 2975C66459C426C20BC22D639DF6B611 ] C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
20:52:00.0064 3792 C:\Program Files\SUPERAntiSpyware\SASSEH.DLL - ok
20:52:00.0079 3792 [ F3B8464A02E793FD46BCF6F8F6DA878D ] C:\Program Files\Mozilla Firefox\nssckbi.dll
20:52:00.0079 3792 C:\Program Files\Mozilla Firefox\nssckbi.dll - ok
20:52:00.0079 3792 [ EFF7DBEE92519EB96F70E1E31FDE7098 ] C:\Program Files\Microsoft Games\inkball\inkball.exe
20:52:00.0079 3792 C:\Program Files\Microsoft Games\inkball\inkball.exe - ok
20:52:00.0079 3792 [ 6B447F5802D67E20220BE91917F76033 ] C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
20:52:00.0079 3792 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - ok
20:52:00.0095 3792 [ 7A88900F2F11882FFCE3BF3D4EAEFB4B ] C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe
20:52:00.0095 3792 C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe - ok
20:52:00.0095 3792 [ C8C383E6AA546780B2AD3034D6F6ACEF ] C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe
20:52:00.0095 3792 C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe - ok
20:52:00.0110 3792 [ 3F903BDD206EB3C688651048B5E304E1 ] C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe
20:52:00.0173 3792 C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe - ok
20:52:00.0173 3792 [ 07302F014858D038CB93CC349505D0E6 ] C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe
20:52:00.0173 3792 C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe - ok
20:52:00.0173 3792 [ 401A203AB058DEC44BD44AA81BF2CB64 ] C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe
20:52:00.0173 3792 C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe - ok
20:52:00.0188 3792 [ 40ECCE6175D912BE85ACA6F498CA0E4E ] C:\Program Files\InterVideo\DVD8\WinDVD.exe
20:52:00.0188 3792 C:\Program Files\InterVideo\DVD8\WinDVD.exe - ok
20:52:00.0188 3792 [ A16852B04C0A5654B0B8DFD5E1A25718 ] C:\Program Files\MagicDisc\MagicDisc.exe
20:52:00.0188 3792 C:\Program Files\MagicDisc\MagicDisc.exe - ok
20:52:00.0204 3792 [ 8FD868E32459ECE2A1BB0169F513D31E ] C:\Program Files\MagicDisc\mcdbus.sys
20:52:00.0204 3792 C:\Program Files\MagicDisc\mcdbus.sys - ok
20:52:00.0204 3792 [ 973567B98CDFC147DF4E60471D9DF072 ] C:\Program Files\MagicDisc\UNWISE.EXE
20:52:00.0204 3792 C:\Program Files\MagicDisc\UNWISE.EXE - ok
20:52:00.0204 3792 [ 9658E2BD6D67AAC42B8A906E01129E85 ] C:\Program Files\MagicISO\MagicISO.exe
20:52:00.0204 3792 C:\Program Files\MagicISO\MagicISO.exe - ok
20:52:00.0220 3792 [ 3A938ED2427DF10E571041069E6980CB ] C:\Program Files\MagicISO\UNWISE.EXE
20:52:00.0220 3792 C:\Program Files\MagicISO\UNWISE.EXE - ok
20:52:00.0220 3792 [ BF899F57858B8C6F162D9EEB2370641C ] C:\Windows\System32\wercon.exe
20:52:00.0220 3792 C:\Windows\System32\wercon.exe - ok
20:52:00.0220 3792 [ 3141224EEBA075BC085175E60CD14782 ] C:\Windows\System32\msra.exe
20:52:00.0220 3792 C:\Windows\System32\msra.exe - ok
20:52:00.0235 3792 [ FACE86ABDF4CE94989A9DA4849498EC7 ] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
20:52:00.0235 3792 C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe - ok
20:52:00.0235 3792 [ 41826F4A4FCDDFCAD0A66CF004A67BE8 ] C:\Windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
20:52:00.0235 3792 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll - ok
20:52:00.0235 3792 [ 05B6A5CE1C7767C32DF35966107CB1EC ] C:\Windows\System32\hhctrl.ocx
20:52:00.0235 3792 C:\Windows\System32\hhctrl.ocx - ok
20:52:00.0251 3792 [ 3A72D62137659AD7BDEECBB49DD85684 ] C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe
20:52:00.0251 3792 C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe - ok
20:52:00.0251 3792 [ 2DA95161571D908B1D58255ECE1F783C ] C:\Program Files\Microsoft Money Plus\MNYCoreFiles\mnyinsit.exe
20:52:00.0251 3792 C:\Program Files\Microsoft Money Plus\MNYCoreFiles\mnyinsit.exe - ok
20:52:00.0251 3792 [ 1C5EF9461D26F5974A0738234EC741B5 ] C:\Program Files\Microsoft Money Plus\MNYCoreFiles\msmoney.exe
20:52:00.0251 3792 C:\Program Files\Microsoft Money Plus\MNYCoreFiles\msmoney.exe - ok
20:52:00.0266 3792 [ FD18E25E730858C37F213881DA749B29 ] C:\Program Files\Microsoft Office Suite Activation Assistant\OAA.exe
20:52:00.0266 3792 C:\Program Files\Microsoft Office Suite Activation Assistant\OAA.exe - ok
20:52:00.0266 3792 [ 21EF4BB2A6FF4116FD83FAEE52D4A416 ] C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
20:52:00.0266 3792 C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe - ok
20:52:00.0266 3792 [ 7E2CF680C69680064D43F4FFE5831DD1 ] C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe
20:52:00.0266 3792 C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe - ok
20:52:00.0282 3792 [ C0F4A57BA5E09A28AE3D2F67ED219EEA ] C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe
20:52:00.0282 3792 C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe - ok
20:52:00.0282 3792 [ 484ACF6AF85A29AC52F3CF054DFDE9D3 ] C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe
20:52:00.0282 3792 C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe - ok
20:52:00.0298 3792 [ FF6669F7A1782D54E338F5C6EC806E1E ] C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe
20:52:00.0298 3792 C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe - ok
20:52:00.0298 3792 [ E1AB2AC4A4D50B479DF1B1CEA4A7409B ] C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe
20:52:00.0298 3792 C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe - ok
20:52:00.0298 3792 [ 012A965F34414458075EF4F0EDC11536 ] C:\Windows\System32\WindowsCodecsExt.dll
20:52:00.0298 3792 C:\Windows\System32\WindowsCodecsExt.dll - ok
20:52:00.0313 3792 [ 2C7B4E944A48B9A07B7BF2AB262F197E ] C:\Windows\System32\icm32.dll
20:52:00.0313 3792 C:\Windows\System32\icm32.dll - ok
20:52:00.0313 3792 [ 3E5AA6A816FA331E64C38A45C6FF5637 ] C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe
20:52:00.0313 3792 C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe - ok
20:52:00.0329 3792 [ 222EDB9234167E6793D488E1CD0E2CA1 ] C:\Program Files\Microsoft Silverlight\5.1.10411.0\Silverlight.Configuration.exe
20:52:00.0329 3792 C:\Program Files\Microsoft Silverlight\5.1.10411.0\Silverlight.Configuration.exe - ok
20:52:00.0329 3792 [ 8524E598EAADF41CF180F6876EA91681 ] C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe
20:52:00.0329 3792 C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe - ok
20:52:00.0344 3792 [ 5CA1D0935E47FC41D75B9D4533320202 ] C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe
20:52:00.0344 3792 C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe - ok
20:52:00.0344 3792 [ 528DA0632ACC3EC0DABF0EE8F1DD5C20 ] C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksSb.exe
20:52:00.0344 3792 C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksSb.exe - ok
20:52:00.0344 3792 [ DA6549A4B2350B65F7C853C7E691F2EB ] C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe
20:52:00.0344 3792 C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe - ok
20:52:00.0360 3792 [ 21725D27021A41CD764BBFB4110CC918 ] C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe
20:52:00.0360 3792 C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe - ok
20:52:00.0360 3792 [ 7038BB67F30FC1E8F52EE77FC50CBC31 ] C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WkBoLink.exe
20:52:00.0360 3792 C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WkBoLink.exe - ok
20:52:00.0360 3792 [ 1DBB9AB41A85D3C61472214B0F63AE90 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Bkupnow.exe
20:52:00.0360 3792 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Bkupnow.exe - ok
20:52:00.0376 3792 [ A3988CB8A9C4320A27B40467D0340034 ] C:\Program Files\NewTech Infosystems\JCM\JCMKR32.exe
20:52:00.0376 3792 C:\Program Files\NewTech Infosystems\JCM\JCMKR32.exe - ok
20:52:00.0376 3792 [ 5F641666E23F2E8F171669AFFB130821 ] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\TestDrive\Test Drive.exe
20:52:00.0376 3792 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\TestDrive\Test Drive.exe - ok
20:52:00.0376 3792 [ B24D6DD7AFABD0F55A0AB4166C6C3415 ] C:\Program Files\PingPlotter Standard\PingPlotter.exe
20:52:00.0376 3792 C:\Program Files\PingPlotter Standard\PingPlotter.exe - ok
20:52:00.0391 3792 [ 2D6B91123DB170D46E2431962C8F4F61 ] C:\Program Files\PowerISO\PWRISOVM.EXE
20:52:00.0391 3792 C:\Program Files\PowerISO\PWRISOVM.EXE - ok
20:52:00.0391 3792 [ 7B47B749CA7F511BF61C156D5EDB1BC7 ] C:\Program Files\PowerISO\PowerISO.exe
20:52:00.0391 3792 C:\Program Files\PowerISO\PowerISO.exe - ok
20:52:00.0391 3792 [ 9C0E7E5767D893E8C3105A4A469E59E9 ] C:\Program Files\PowerISO\uninstall.exe
20:52:00.0391 3792 C:\Program Files\PowerISO\uninstall.exe - ok
20:52:00.0407 3792 [ 90ED05A1469696297F5F703A95D2CC6E ] C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUImporterLauncher.exe
20:52:00.0407 3792 C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUImporterLauncher.exe - ok
20:52:00.0407 3792 [ 7CA7B1750925EF1EF5143E883ADBDA18 ] C:\Program Files\Sony\Sony Picture Utility\Music Transfer\PPMusicTransfer.exe
20:52:00.0407 3792 C:\Program Files\Sony\Sony Picture Utility\Music Transfer\PPMusicTransfer.exe - ok
20:52:00.0407 3792 [ 20960A209139814F4615215EAAD8DD4A ] C:\Program Files\Sony\Sony Picture Utility\VideoUtility\SPUAVCHDPlayer.exe
20:52:00.0407 3792 C:\Program Files\Sony\Sony Picture Utility\VideoUtility\SPUAVCHDPlayer.exe - ok
20:52:00.0422 3792 [ F754140875A9C957E64D55FE5C99548D ] C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUBrowser.exe
20:52:00.0422 3792 C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUBrowser.exe - ok
20:52:00.0422 3792 [ 5F6F105F2841740998FC0615A67DB392 ] C:\Program Files\Sony\Sony Picture Utility\VideoUtility\SPUVideoDiscCopier.exe
20:52:00.0422 3792 C:\Program Files\Sony\Sony Picture Utility\VideoUtility\SPUVideoDiscCopier.exe - ok
20:52:00.0438 3792 [ C521845DE34F3985033F3533D6A3B88D ] C:\Program Files\Sony\Sony Picture Utility\VideoUtility\SPUHDD1AppLauncher.exe
20:52:00.0438 3792 C:\Program Files\Sony\Sony Picture Utility\VideoUtility\SPUHDD1AppLauncher.exe - ok
20:52:00.0438 3792 [ DE5C2E6126AE5D82396089DE8E2329D2 ] C:\Program Files\Sony\Sony Picture Utility\VideoUtility\SPUHDD1OneTouch.exe
20:52:00.0438 3792 C:\Program Files\Sony\Sony Picture Utility\VideoUtility\SPUHDD1OneTouch.exe - ok
20:52:00.0438 3792 [ 6B26200E9B61C5F930E8157B8563B1E4 ] C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUAnnounce.exe
20:52:00.0438 3792 C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUAnnounce.exe - ok
20:52:00.0454 3792 [ B08E188B620B9392F7259AAA05EEBDFD ] C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPULocaleSetting.exe
20:52:00.0454 3792 C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPULocaleSetting.exe - ok
20:52:00.0454 3792 [ 0F2D57E7F7EEDA446EEC36EDB4E0A019 ] C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
20:52:00.0454 3792 C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe - ok
20:52:00.0454 3792 [ 757C50C9F7ECFAFE7B64DE2044AAD92F ] C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUInit.exe
20:52:00.0454 3792 C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUInit.exe - ok
20:52:00.0469 3792 [ 0E0B79BFAFB94E95AC12F340330B04AE ] C:\Program Files\SpeedFan\speedfan.exe
20:52:00.0469 3792 C:\Program Files\SpeedFan\speedfan.exe - ok
20:52:00.0469 3792 [ D2D58AD918737B8ADA2E28F8E903ABDE ] C:\Program Files\SpeedFan\uninstall.exe
20:52:00.0469 3792 C:\Program Files\SpeedFan\uninstall.exe - ok
20:52:00.0469 3792 [ 4CD08EEAC08BA53A38E48AF4813E1968 ] C:\Program Files\Spybot - Search & Destroy\SDShred.exe
20:52:00.0469 3792 C:\Program Files\Spybot - Search & Destroy\SDShred.exe - ok
20:52:00.0485 3792 [ 0477C2F9171599CA5BC3307FDFBA8D89 ] C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
20:52:00.0485 3792 C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe - ok
20:52:00.0485 3792 [ 0BA1ACFEE0532249412F53EE6374EE93 ] C:\Program Files\Spybot - Search & Destroy\unins000.exe
20:52:00.0485 3792 C:\Program Files\Spybot - Search & Destroy\unins000.exe - ok
20:52:00.0485 3792 [ 7C616AD7AE8F75278A069641ECFCDC06 ] C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe
20:52:00.0485 3792 C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe - ok
20:52:00.0500 3792 [ 48044CE5D04D7B7815A9F398398EAD35 ] C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE
20:52:00.0500 3792 C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE - ok
20:52:00.0500 3792 [ 1B1BE8DD52BA7023935CE7CDC753DCAB ] C:\Program Files\Sony\VAIO Care\VAIOCare.exe
20:52:00.0500 3792 C:\Program Files\Sony\VAIO Care\VAIOCare.exe - ok
20:52:00.0500 3792 [ A2C9D82E08A943876B516690D7F93E54 ] C:\Program Files\Sony\VAIO Recovery\VAIORecv.exe
20:52:00.0500 3792 C:\Program Files\Sony\VAIO Recovery\VAIORecv.exe - ok
20:52:00.0516 3792 [ 22DC784B32BEE306A99F50D6DC2460BC ] C:\Windows\System32\esent.dll
20:52:00.0516 3792 C:\Windows\System32\esent.dll - ok
20:52:00.0516 3792 [ AC2A93DA925EE0A5D8586C020CBE76A6 ] C:\Program Files\QuickTime\QuickTimePlayer.exe
20:52:00.0516 3792 C:\Program Files\QuickTime\QuickTimePlayer.exe - ok
20:52:00.0516 3792 [ D08A0D4B35C4047074527BF58F556A32 ] C:\Program Files\Sony\VAIO Wireless Wizard\VWLASU.exe
20:52:00.0516 3792 C:\Program Files\Sony\VAIO Wireless Wizard\VWLASU.exe - ok
20:52:00.0532 3792 [ 4EA5B3FBA1200874B7379EAF1183BDF7 ] C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll
20:52:00.0532 3792 C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll - ok
20:52:00.0532 3792 [ 5C760F3FD7EA203F7DF89EE09375DCF6 ] C:\Program Files\Virtual Families\uninst.exe
20:52:00.0532 3792 C:\Program Files\Virtual Families\uninst.exe - ok
20:52:00.0547 3792 [ 7CF2DE85F0283542A7EB43B0D1479F8D ] C:\Program Files\Virtual Families\virtual-families-setup.exe
20:52:00.0547 3792 C:\Program Files\Virtual Families\virtual-families-setup.exe - ok
20:52:00.0547 3792 [ E35C1806C1C41F2EE37EE0FECF24ED78 ] C:\Program Files\Windows Live\Writer\WindowsLiveWriter.exe
20:52:00.0547 3792 C:\Program Files\Windows Live\Writer\WindowsLiveWriter.exe - ok
20:52:00.0547 3792 [ 3A2EEE8444A8E5C1A454C57B2198F5FC ] C:\Windows\System32\ntlanman.dll
20:52:00.0547 3792 C:\Windows\System32\ntlanman.dll - ok
20:52:00.0563 3792 [ 582EFE56FC0858E58A6CEBA2A64B02C7 ] C:\Windows\System32\drprov.dll
20:52:00.0563 3792 C:\Windows\System32\drprov.dll - ok
20:52:00.0563 3792 [ CFBD2E1FE18B50748A76703A2DC6D4E3 ] C:\Windows\System32\davclnt.dll
20:52:00.0563 3792 C:\Windows\System32\davclnt.dll - ok
20:52:00.0563 3792 [ 74847FA4C9FEC9407A1833D04A5B6897 ] C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
20:52:00.0563 3792 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe - ok
20:52:00.0578 3792 [ E44C7D6F8D665DA2D9385E5E15EDEEF7 ] C:\Windows\System32\consent.exe
20:52:00.0578 3792 C:\Windows\System32\consent.exe - ok
20:52:00.0578 3792 [ C6958AD2091238B71237D73358CEC2AB ] C:\Program Files\SUPERAntiSpyware\SSUpdate.exe
20:52:00.0578 3792 C:\Program Files\SUPERAntiSpyware\SSUpdate.exe - ok
20:52:00.0578 3792 ============================================================
20:52:00.0578 3792 Scan finished
20:52:00.0578 3792 ============================================================
20:52:00.0594 4000 Detected object count: 12
20:52:00.0594 4000 Actual detected object count: 12
20:52:27.0582 4000 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
20:52:27.0582 4000 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:52:27.0582 4000 giveio ( UnsignedFile.Multi.Generic ) - skipped by user
20:52:27.0582 4000 giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:52:27.0582 4000 mcdbus ( UnsignedFile.Multi.Generic ) - skipped by user
20:52:27.0582 4000 mcdbus ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:52:27.0598 4000 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
20:52:27.0598 4000 MSCSPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:52:27.0598 4000 PACSPTISVR ( UnsignedFile.Multi.Generic ) - skipped by user
20:52:27.0598 4000 PACSPTISVR ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:52:27.0598 4000 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:52:27.0598 4000 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:52:27.0598 4000 SampleCollector ( UnsignedFile.Multi.Generic ) - skipped by user
20:52:27.0598 4000 SampleCollector ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:52:27.0598 4000 SPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
20:52:27.0598 4000 SPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:52:27.0598 4000 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
20:52:27.0598 4000 UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:52:27.0598 4000 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:52:27.0598 4000 VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:52:27.0613 4000 VCFw ( UnsignedFile.Multi.Generic ) - skipped by user
20:52:27.0613 4000 VCFw ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:52:27.0613 4000 VzCdbSvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:52:27.0613 4000 VzCdbSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:56:21.0629 4068 Deinitialize success

Edited by afterlifex, 03 November 2012 - 08:42 PM.


#5 afterlifex

afterlifex
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 03 November 2012 - 08:42 PM

ComboFix 12-11-04.01 - GreenPeaPrincess 11/03/2012 21:04:36.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2938.2007 [GMT -4:00]
Running from: c:\users\GreenPeaPrincess\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-10-04 to 2012-11-04 )))))))))))))))))))))))))))))))
.
.
2012-11-04 01:15 . 2012-11-04 01:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-04 01:15 . 2012-11-04 01:15 -------- d-----w- c:\users\GreenPeaPrincess\AppData\Local\temp
2012-11-03 15:41 . 2012-11-03 15:41 110080 ----a-r- c:\users\GreenPeaPrincess\AppData\Roaming\Microsoft\Installer\{DDABC667-56B3-4122-82B0-2F5782EA2F9A}\IconF7A21AF7.exe
2012-11-03 15:41 . 2012-11-03 15:41 110080 ----a-r- c:\users\GreenPeaPrincess\AppData\Roaming\Microsoft\Installer\{DDABC667-56B3-4122-82B0-2F5782EA2F9A}\IconD7F16134.exe
2012-11-03 15:41 . 2012-11-03 15:41 110080 ----a-r- c:\users\GreenPeaPrincess\AppData\Roaming\Microsoft\Installer\{DDABC667-56B3-4122-82B0-2F5782EA2F9A}\IconCF33A0CE.exe
2012-11-03 15:39 . 2012-11-03 15:41 -------- d-----w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP
2012-11-03 15:39 . 2012-11-03 15:39 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-11-02 20:47 . 2012-10-17 06:32 6918632 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1DB0B663-BE99-4AB7-8104-CC1318E2293B}\mpengine.dll
2012-11-02 19:35 . 2012-11-02 20:28 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-11-02 19:35 . 2012-11-02 20:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-11-02 19:01 . 2012-11-02 19:17 -------- d-----w- c:\program files\Google
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-05 00:36 . 2012-08-03 18:53 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-05 00:36 . 2011-08-08 17:16 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-29 23:54 . 2012-05-23 21:10 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-13 11:21 . 2012-09-13 11:21 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{554DAA97-623E-48CE-AAE9-4B0E9CF2AA31}\offreg.dll
2012-08-23 07:15 . 2012-09-12 18:32 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{554DAA97-623E-48CE-AAE9-4B0E9CF2AA31}\mpengine.dll
2012-08-23 07:15 . 2012-09-11 18:28 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-11 19:58 . 2012-08-11 19:59 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D264C9A2-FD14-41C3-B460-31D5AC685E5B}\gapaengine.dll
2012-08-09 13:06 . 2012-08-11 19:59 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-08-06 15:45 . 2012-08-08 03:45 44 ---h--w- c:\program files\65a15813.tmp
2012-10-27 10:21 . 2012-10-27 10:21 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-18 23:40 2086496 ----a-w- c:\program files\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll" [2012-07-18 2086496]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon]
@="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}"
[HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}]
2008-06-13 18:16 303104 ----a-w- c:\ddi\OverIcon.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-10-16 4762496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-23 6111232]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-04 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-04 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-04 145944]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1295656]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
"VWLASU"="c:\program files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe" [2008-05-20 24576]
"VAIORegistration"="c:\program files\Sony\First Experience\WelcomeLauncher.exe" [2007-10-17 20480]
"VAIOMyMemCenter"="c:\program files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe" [2008-02-29 679936]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AOLDDI.LNK - c:\ddi\AOLICON.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-16 01:04 98304 ------w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^GreenPeaPrincess^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\GreenPeaPrincess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2012-03-26 21:08 931200 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2012-05-31 04:10 336992 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 22:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2008-06-23 17:51 1826816 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 15:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
2012-07-18 23:40 1147488 ----a-w- c:\program files\AVG Secure Search\vprot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 29264620
*NewlyCreated* - 29407526
*Deregistered* - 29264620
*Deregistered* - 29407526
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.3\ViProtocol.dll
FF - ProfilePath - c:\users\GreenPeaPrincess\AppData\Roaming\Mozilla\Firefox\Profiles\ald84gpd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-09-16 12:27; links@rivalgaming.com; c:\users\GreenPeaPrincess\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\links@rivalgaming.com
FF - ExtSQL: 2012-09-25 17:32; {dd3d7613-0246-469d-bc65-2a3cc1668adc}; c:\users\GreenPeaPrincess\AppData\Roaming\Mozilla\Firefox\Profiles\ald84gpd.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}.xpi
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8F2x2KRw&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - a84fafbe00000000000000214f540597
FF - user.js: extensions.incredibar_i.instlDay - 15596
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.147:23
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8F2x2KRw
FF - user.js: extensions.incredibar_i.upn2n - 92825048920630958
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 6666646935
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-OneCareUI - c:\program files\Microsoft Windows OneCare Live\winssnotify.exe
SafeBoot-29264620.sys
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-03 21:15
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-11-03 21:18:30
ComboFix-quarantined-files.txt 2012-11-04 01:18
.
Pre-Run: 148,041,158,656 bytes free
Post-Run: 148,050,746,368 bytes free
.
- - End Of File - - A5E923639003A404A780A683F967898E

#6 afterlifex

afterlifex
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 03 November 2012 - 08:44 PM

Sorry about so many post was having an issue with size and couldn't attach given I have the first to logs.


That said I see no change in the issue or the computer.

#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:25 PM

Posted 03 November 2012 - 10:03 PM

1.
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.



2.
Download AdwCleaner
  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    Posted Image
  • Click the Search button.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[R1].txt.


Things to include in your next reply::
MBAM log
AdwCleaner log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 afterlifex

afterlifex
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 03 November 2012 - 10:52 PM

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.04.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
GreenPeaPrincess :: GREENPEA-PC [administrator]

11/3/2012 11:42:53 PM
mbam-log-2012-11-03 (23-49-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 193233
Time elapsed: 6 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 6
C:\Users\GreenPeaPrincess\Local Settings\Application Data\PlayVolcanoSA (Adware.HotBar.PV) -> No action taken.
C:\Users\GreenPeaPrincess\Local Settings\Application Data\PlayVolcanoSA\bin (Adware.HotBar.PV) -> No action taken.
C:\Users\GreenPeaPrincess\Local Settings\Application Data\PlayVolcanoSA\bin\1.0.10.0 (Adware.HotBar.PV) -> No action taken.
C:\Users\GreenPeaPrincess\AppData\Local\PlayVolcanoSA (Adware.HotBar.PV) -> No action taken.
C:\Users\GreenPeaPrincess\AppData\Local\PlayVolcanoSA\bin (Adware.HotBar.PV) -> No action taken.
C:\Users\GreenPeaPrincess\AppData\Local\PlayVolcanoSA\bin\1.0.10.0 (Adware.HotBar.PV) -> No action taken.

Files Detected: 0
(No malicious items detected)

(end)

Stops responding when trying to use "Remove Selected"Eventual responded and removed the above.






# AdwCleaner v2.006 - Logfile created 11/03/2012 at 23:51:47
# Updated 30/10/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : GreenPeaPrincess - GREENPEA-PC
# Boot Mode : Normal
# Running from : C:\Users\GreenPeaPrincess\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\user.js
File Found : C:\Users\GreenPeaPrincess\AppData\Roaming\Mozilla\Firefox\Profiles\ald84gpd.default\searchplugins\MyStart Search.xml
Folder Found : C:\Program Files\AVG Secure Search
Folder Found : C:\Program Files\Common Files\AVG Secure Search
Folder Found : C:\Program Files\Common Files\Software Update Utility
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\WeCareReminder
Folder Found : C:\Users\GreenPeaPrincess\AppData\Local\AVG Secure Search
Folder Found : C:\Users\GreenPeaPrincess\AppData\Local\PlayVolcanoSA
Folder Found : C:\Users\GreenPeaPrincess\AppData\LocalLow\AVG Secure Search

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\Web Assistant
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\GreenPeaPrincess\AppData\Roaming\Mozilla\Firefox\Profiles\ald84gpd.default\prefs.js

Found : user_pref("extensions.incredibar.actvtyRptTime", "1347567582968");
Found : user_pref("extensions.incredibar.admin", false);
Found : user_pref("extensions.incredibar.aflt", "orgnl");
Found : user_pref("extensions.incredibar.afterInstallRpt", "sent");
Found : user_pref("extensions.incredibar.cntry", "US");
Found : user_pref("extensions.incredibar.dfltLng", "EN");
Found : user_pref("extensions.incredibar.dfltSrch", false);
Found : user_pref("extensions.incredibar.dfltlng", "en");
Found : user_pref("extensions.incredibar.dfltsrch", "false");
Found : user_pref("extensions.incredibar.did", "10643");
Found : user_pref("extensions.incredibar.envrmnt", "production");
Found : user_pref("extensions.incredibar.excTlbr", false);
Found : user_pref("extensions.incredibar.hdrMd5", "A8F8648DC8E1C35438F4B1F2E40AA4AB");
Found : user_pref("extensions.incredibar.hmpg", false);
Found : user_pref("extensions.incredibar.hrdid", "a84fafbe00000000000000214f540597");
Found : user_pref("extensions.incredibar.id", "a84fafbe00000000000000214f540597");
Found : user_pref("extensions.incredibar.installerproductid", "26");
Found : user_pref("extensions.incredibar.instlDay", "15596");
Found : user_pref("extensions.incredibar.instlRef", "");
Found : user_pref("extensions.incredibar.instlday", "15596");
Found : user_pref("extensions.incredibar.instlref", "");
Found : user_pref("extensions.incredibar.isDcmntCmplt", false);
Found : user_pref("extensions.incredibar.isdcmntcmplt", "false");
Found : user_pref("extensions.incredibar.keywordurl", "");
Found : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.147:23:22");
Found : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Found : user_pref("extensions.incredibar.newTab", false);
Found : user_pref("extensions.incredibar.newtab", "false");
Found : user_pref("extensions.incredibar.newtaburl", "");
Found : user_pref("extensions.incredibar.noFFXTlbr", false);
Found : user_pref("extensions.incredibar.ppd", "6666646935");
Found : user_pref("extensions.incredibar.prdct", "incredibar");
Found : user_pref("extensions.incredibar.productid", "26");
Found : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Found : user_pref("extensions.incredibar.prtnrid", "Incredibar");
Found : user_pref("extensions.incredibar.sg", "none");
Found : user_pref("extensions.incredibar.smplGrp", "none");
Found : user_pref("extensions.incredibar.smplgrp", "none");
Found : user_pref("extensions.incredibar.srch", "");
Found : user_pref("extensions.incredibar.srchprvdr", "");
Found : user_pref("extensions.incredibar.tlbrId", "base");
Found : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8F2x2KRw&loc=IB_T[...]
Found : user_pref("extensions.incredibar.tlbrid", "base");
Found : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6R8F2x2KRw&loc=IB_T[...]
Found : user_pref("extensions.incredibar.upn2", "6R8F2x2KRw");
Found : user_pref("extensions.incredibar.upn2n", "92825048920630958");
Found : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Found : user_pref("extensions.incredibar.vrsnTs", "1.5.11.147:23:22");
Found : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Found : user_pref("extensions.incredibar.vrsnts", "1.5.11.147:23:22");
Found : user_pref("extensions.incredibar_i.aflt", "orgnl");
Found : user_pref("extensions.incredibar_i.dfltLng", "");
Found : user_pref("extensions.incredibar_i.did", "10643");
Found : user_pref("extensions.incredibar_i.excTlbr", false);
Found : user_pref("extensions.incredibar_i.id", "a84fafbe00000000000000214f540597");
Found : user_pref("extensions.incredibar_i.installerproductid", "26");
Found : user_pref("extensions.incredibar_i.instlDay", "15596");
Found : user_pref("extensions.incredibar_i.instlRef", "");
Found : user_pref("extensions.incredibar_i.ms_url_id", "");
Found : user_pref("extensions.incredibar_i.newTab", false);
Found : user_pref("extensions.incredibar_i.ppd", "6666646935");
Found : user_pref("extensions.incredibar_i.prdct", "incredibar");
Found : user_pref("extensions.incredibar_i.productid", "26");
Found : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Found : user_pref("extensions.incredibar_i.smplGrp", "none");
Found : user_pref("extensions.incredibar_i.tlbrId", "base");
Found : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8F2x2KRw&loc=IB[...]
Found : user_pref("extensions.incredibar_i.upn2", "6R8F2x2KRw");
Found : user_pref("extensions.incredibar_i.upn2n", "92825048920630958");
Found : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Found : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.147:23:22");
Found : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

*************************

AdwCleaner[R1].txt - [11360 octets] - [03/11/2012 23:27:59]
AdwCleaner[R2].txt - [11290 octets] - [03/11/2012 23:51:47]

########## EOF - C:\AdwCleaner[R2].txt - [11351 octets] ##########


No improvement with issue.

Edited by afterlifex, 03 November 2012 - 11:01 PM.


#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:25 PM

Posted 04 November 2012 - 09:55 AM

1.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

How is it running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 afterlifex

afterlifex
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 04 November 2012 - 01:36 PM

# AdwCleaner v2.006 - Logfile created 11/04/2012 at 13:31:56
# Updated 30/10/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : GreenPeaPrincess - GREENPEA-PC
# Boot Mode : Normal
# Running from : C:\Users\GreenPeaPrincess\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\user.js
File Deleted : C:\Users\GreenPeaPrincess\AppData\Roaming\Mozilla\Firefox\Profiles\ald84gpd.default\searchplugins\MyStart Search.xml
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\Users\GreenPeaPrincess\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\GreenPeaPrincess\AppData\LocalLow\AVG Secure Search

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\Web Assistant
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\GreenPeaPrincess\AppData\Roaming\Mozilla\Firefox\Profiles\ald84gpd.default\prefs.js

C:\Users\GreenPeaPrincess\AppData\Roaming\Mozilla\Firefox\Profiles\ald84gpd.default\user.js ... Deleted !

Deleted : user_pref("extensions.incredibar.actvtyRptTime", "1347567582968");
Deleted : user_pref("extensions.incredibar.admin", false);
Deleted : user_pref("extensions.incredibar.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar.afterInstallRpt", "sent");
Deleted : user_pref("extensions.incredibar.cntry", "US");
Deleted : user_pref("extensions.incredibar.dfltLng", "EN");
Deleted : user_pref("extensions.incredibar.dfltSrch", false);
Deleted : user_pref("extensions.incredibar.dfltlng", "en");
Deleted : user_pref("extensions.incredibar.dfltsrch", "false");
Deleted : user_pref("extensions.incredibar.did", "10643");
Deleted : user_pref("extensions.incredibar.envrmnt", "production");
Deleted : user_pref("extensions.incredibar.excTlbr", false);
Deleted : user_pref("extensions.incredibar.hdrMd5", "A8F8648DC8E1C35438F4B1F2E40AA4AB");
Deleted : user_pref("extensions.incredibar.hmpg", false);
Deleted : user_pref("extensions.incredibar.hrdid", "a84fafbe00000000000000214f540597");
Deleted : user_pref("extensions.incredibar.id", "a84fafbe00000000000000214f540597");
Deleted : user_pref("extensions.incredibar.installerproductid", "26");
Deleted : user_pref("extensions.incredibar.instlDay", "15596");
Deleted : user_pref("extensions.incredibar.instlRef", "");
Deleted : user_pref("extensions.incredibar.instlday", "15596");
Deleted : user_pref("extensions.incredibar.instlref", "");
Deleted : user_pref("extensions.incredibar.isDcmntCmplt", false);
Deleted : user_pref("extensions.incredibar.isdcmntcmplt", "false");
Deleted : user_pref("extensions.incredibar.keywordurl", "");
Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.147:23:22");
Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Deleted : user_pref("extensions.incredibar.newTab", false);
Deleted : user_pref("extensions.incredibar.newtab", "false");
Deleted : user_pref("extensions.incredibar.newtaburl", "");
Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);
Deleted : user_pref("extensions.incredibar.ppd", "6666646935");
Deleted : user_pref("extensions.incredibar.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar.productid", "26");
Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar.prtnrid", "Incredibar");
Deleted : user_pref("extensions.incredibar.sg", "none");
Deleted : user_pref("extensions.incredibar.smplGrp", "none");
Deleted : user_pref("extensions.incredibar.smplgrp", "none");
Deleted : user_pref("extensions.incredibar.srch", "");
Deleted : user_pref("extensions.incredibar.srchprvdr", "");
Deleted : user_pref("extensions.incredibar.tlbrId", "base");
Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8F2x2KRw&loc=IB_T[...]
Deleted : user_pref("extensions.incredibar.tlbrid", "base");
Deleted : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6R8F2x2KRw&loc=IB_T[...]
Deleted : user_pref("extensions.incredibar.upn2", "6R8F2x2KRw");
Deleted : user_pref("extensions.incredibar.upn2n", "92825048920630958");
Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.147:23:22");
Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Deleted : user_pref("extensions.incredibar.vrsnts", "1.5.11.147:23:22");
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10643");
Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Deleted : user_pref("extensions.incredibar_i.id", "a84fafbe00000000000000214f540597");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15596");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "6666646935");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8F2x2KRw&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6R8F2x2KRw");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92825048920630958");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.147:23:22");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

*************************

AdwCleaner[R1].txt - [11360 octets] - [03/11/2012 22:27:59]
AdwCleaner[R2].txt - [11421 octets] - [03/11/2012 22:51:47]
AdwCleaner[S1].txt - [11682 octets] - [04/11/2012 13:31:56]

########## EOF - C:\AdwCleaner[S1].txt - [11743 octets] ##########


No change, still being redirected.

#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:25 PM

Posted 04 November 2012 - 01:44 PM

Please uninstall and re-install Firefox. Make sure if it ask to delete personal settings select yes.

Let me know if it is still redirecting afterwords.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 afterlifex

afterlifex
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 04 November 2012 - 02:21 PM

The redirection seems to be gone but the firefox extension for rivalgaming still exists.

#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:25 PM

Posted 04 November 2012 - 03:59 PM

  • 1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the Posted Image icon on your desktop.
    4. Under the Custom Scan box paste this in
    c:\windows\*. /SL
    c:\windows\*. /RP 
    netsvcs
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav 
    %systemroot%\system32\drivers\*.sys /90
    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 afterlifex

afterlifex
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:25 PM

Posted 04 November 2012 - 04:15 PM

OTL logfile created on: 11/4/2012 4:01:38 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\GreenPeaPrincess\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 59.42% Memory free
5.94 Gb Paging File | 4.91 Gb Available in Paging File | 82.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.98 Gb Total Space | 138.61 Gb Free Space | 61.61% Space Free | Partition Type: NTFS

Computer Name: GREENPEA-PC | User Name: GreenPeaPrincess | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/04 16:00:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\GreenPeaPrincess\Downloads\OTL.exe
PRC - [2012/10/24 12:50:37 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/10/08 18:21:22 | 000,766,400 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
PRC - [2012/10/04 19:36:15 | 001,807,280 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
PRC - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2010/04/01 14:35:52 | 000,275,712 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\ShadowSvc.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/09 11:57:52 | 000,077,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
PRC - [2008/07/15 20:04:08 | 000,182,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2008/07/15 20:04:08 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2008/06/20 10:56:44 | 000,415,744 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2008/06/19 21:53:20 | 001,771,360 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2008/06/19 21:53:20 | 000,411,488 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe
PRC - [2008/06/19 10:55:48 | 000,279,848 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2008/05/22 16:23:10 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2008/05/20 15:48:32 | 000,024,576 | ---- | M] (Sony Electronics, Inc.) -- C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
PRC - [2008/04/30 21:41:12 | 000,815,104 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/04/30 21:10:10 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/04/03 22:03:38 | 000,317,280 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2007/01/04 21:48:50 | 000,112,152 | ---- | M] (InterVideo) -- c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/24 12:50:39 | 002,295,264 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/10/04 19:36:15 | 009,813,424 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_4_402_278.dll
MOD - [2012/06/22 18:37:39 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\75df548d77c2833a48c5da51424c93f1\System.IdentityModel.Selectors.ni.dll
MOD - [2012/06/22 18:37:37 | 001,070,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\32983e3f4c5c20053e6673f37a58a874\System.IdentityModel.ni.dll
MOD - [2012/06/22 18:37:36 | 002,346,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1619144e1a9eaca847e53b952b21820b\System.Runtime.Serialization.ni.dll
MOD - [2012/06/22 18:37:32 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\521fb04fdfbb0039a34cc91111d11804\SMDiagnostics.ni.dll
MOD - [2012/06/22 18:37:31 | 017,404,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1dac5ff29f483e19c77b23b00ba533f9\System.ServiceModel.ni.dll
MOD - [2012/06/22 18:36:58 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012/06/22 18:36:34 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/06/22 17:22:13 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/06/22 17:21:50 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/22 17:21:39 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/06/22 17:20:02 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/06/22 17:19:45 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2008/07/24 05:10:38 | 000,086,016 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMCommon\3.1.0.6020__e3c7096ba83f9295\SPMCommon.dll
MOD - [2008/07/24 05:10:38 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMDam\3.1.0.6020__1b3c579b6925895f\SPMDam.dll
MOD - [2008/07/15 20:04:10 | 000,010,752 | ---- | M] () -- C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe -- (vToolbarUpdater12.1.3)
SRV - [2012/10/08 18:21:22 | 000,766,400 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2012/03/26 16:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 16:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/08/09 18:24:14 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/01 14:35:52 | 000,275,712 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\ShadowSvc.exe -- (ShadowSvc)
SRV - [2008/09/29 15:07:40 | 000,122,880 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Care\collsvc.exe -- (SampleCollector)
SRV - [2008/07/15 20:04:08 | 000,182,112 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2008/06/20 10:56:44 | 000,415,744 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2008/06/19 21:53:20 | 000,411,488 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2008/06/19 10:55:48 | 000,279,848 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2008/06/12 01:13:24 | 000,337,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2008/06/12 01:10:48 | 000,083,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2008/05/22 16:23:10 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2008/05/22 16:21:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2008/05/20 21:05:40 | 000,353,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
SRV - [2008/05/20 21:05:40 | 000,103,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
SRV - [2008/05/20 21:05:40 | 000,062,752 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
SRV - [2008/05/20 03:51:34 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2008/05/20 03:49:04 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2008/05/20 03:29:06 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2008/04/30 21:41:12 | 000,815,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/04/30 21:10:10 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/03/25 16:32:18 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/04 21:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\GREENP~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/07/18 18:40:12 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/06/22 11:01:30 | 000,019,984 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\EsgScanner.sys -- (EsgScanner)
DRV - [2012/05/30 23:10:50 | 000,113,104 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2012/03/20 19:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/05/06 15:57:08 | 000,013,904 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - [2011/03/18 11:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2009/10/26 19:37:44 | 000,100,376 | ---- | M] (VisionWorks Solutions, Inc) [File_System | System | Running] -- C:\Windows\System32\drivers\FAMv4.sys -- (FAMv4)
DRV - [2009/02/24 17:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/07/11 18:42:58 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2008/07/03 07:11:57 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/06/19 07:04:20 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2008/06/19 07:03:19 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/06/06 07:39:49 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/06/06 01:25:47 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/04/28 08:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008/03/10 05:45:53 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2008/01/30 19:33:28 | 000,017,408 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2007/04/17 22:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{BF0E576B-676B-4B91-A0A3-83A80B37A8AB}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKCU\Software\MozillaPlugins\@eximion.com/KalydoPlayer: C:\Users\GreenPeaPrincess\AppData\Roaming\Kalydo\KalydoPlayer\bin2\npkalydo.dll (Eximion B.V.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\GreenPeaPrincess\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/04 14:14:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/09/16 11:27:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GreenPeaPrincess\AppData\Roaming\Mozilla\Extensions
[2012/11/04 14:14:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/24 12:50:58 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/24 12:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/24 12:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/11/03 20:15:39 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [VAIOMyMemCenter] C:\Program Files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe ()
O4 - HKLM..\Run: [VAIORegistration] C:\Program Files\Sony\First Experience\WelcomeLauncher.exe (Sony Electronics, Inc.)
O4 - HKLM..\Run: [VWLASU] C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe (Sony Electronics, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKCU\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2254EE63-273E-4B14-892F-09D31DC42288}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7813D0C-A64B-499D-AC42-7930257E707E}: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2EDC97D9-FE4C-5369-37C3-A453378FF816} - Java (Sun)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5DED6009-34D7-464E-7BAB-47A15C38B0C0} - Microsoft Windows Media Player 11.0
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {82455E2F-F7A1-0A99-1EBC-963DDC085726} - Microsoft Windows Media Player
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/11/03 22:41:18 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\GreenPeaPrincess\Desktop\123-1.65.1.1000.exe
[2012/11/03 22:17:56 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2012/11/03 20:18:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/03 20:18:33 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/11/03 20:18:33 | 000,000,000 | ---D | C] -- C:\Users\GreenPeaPrincess\AppData\Local\temp
[2012/11/03 20:00:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/03 20:00:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/03 20:00:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/03 19:59:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/03 19:59:24 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/03 19:58:50 | 004,996,943 | R--- | C] (Swearware) -- C:\Users\GreenPeaPrincess\Desktop\ComboFix.exe
[2012/11/03 12:21:15 | 000,000,000 | ---D | C] -- C:\Users\GreenPeaPrincess\Desktop\gmer
[2012/11/03 12:15:10 | 000,687,724 | R--- | C] (Swearware) -- C:\Users\GreenPeaPrincess\Desktop\dds.com
[2012/11/03 10:41:28 | 000,000,000 | ---D | C] -- C:\Users\GreenPeaPrincess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2012/11/03 10:39:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/11/03 10:36:19 | 000,725,952 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Users\GreenPeaPrincess\Desktop\SpyHunter-Installer.exe
[2012/11/02 14:35:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/11/02 14:35:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/11/02 14:35:32 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/11/02 14:31:44 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\GreenPeaPrincess\Desktop\spybotsd162.exe
[2012/11/02 14:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/11/02 14:01:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/11/02 13:59:30 | 021,563,504 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\GreenPeaPrincess\Desktop\SUPERAntiSpywarePro.exe
[2012/11/02 00:22:14 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\GreenPeaPrincess\Desktop\tdsskiller.exe
[2012/10/27 05:21:33 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/04 15:33:06 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/04 15:33:06 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/04 14:14:11 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/11/04 14:01:25 | 000,021,628 | ---- | M] () -- C:\Users\GreenPeaPrincess\Desktop\bookmarks.html
[2012/11/04 13:40:41 | 000,642,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/04 13:40:41 | 000,119,362 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/04 13:33:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/04 13:33:00 | 3081,744,384 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/03 22:42:06 | 000,000,660 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/03 22:41:37 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\GreenPeaPrincess\Desktop\123-1.65.1.1000.exe
[2012/11/03 22:27:41 | 000,540,977 | ---- | M] () -- C:\Users\GreenPeaPrincess\Desktop\adwcleaner.exe
[2012/11/03 20:15:39 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/11/03 19:59:12 | 004,996,943 | R--- | M] (Swearware) -- C:\Users\GreenPeaPrincess\Desktop\ComboFix.exe
[2012/11/03 19:47:19 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\GreenPeaPrincess\Desktop\tdsskiller.exe
[2012/11/03 12:15:17 | 000,687,724 | R--- | M] (Swearware) -- C:\Users\GreenPeaPrincess\Desktop\dds.com
[2012/11/03 10:41:29 | 000,002,099 | ---- | M] () -- C:\Users\GreenPeaPrincess\Desktop\SpyHunter.lnk
[2012/11/03 10:36:28 | 000,725,952 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Users\GreenPeaPrincess\Desktop\SpyHunter-Installer.exe
[2012/11/02 15:29:43 | 000,329,928 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/02 15:16:30 | 000,000,680 | ---- | M] () -- C:\Users\GreenPeaPrincess\AppData\Local\d3d9caps.dat
[2012/11/02 14:35:41 | 000,001,055 | ---- | M] () -- C:\Users\GreenPeaPrincess\Desktop\Spybot - Search & Destroy.lnk
[2012/11/02 14:34:02 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\GreenPeaPrincess\Desktop\spybotsd162.exe
[2012/11/02 14:01:36 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2012/11/02 14:01:00 | 021,563,504 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\GreenPeaPrincess\Desktop\SUPERAntiSpywarePro.exe
[2012/11/02 13:42:43 | 000,980,480 | ---- | M] () -- C:\Users\GreenPeaPrincess\Desktop\MicrosoftFixit50267.msi
[2012/11/01 12:16:01 | 266,106,328 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/04 14:14:11 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/11/04 14:01:25 | 000,021,628 | ---- | C] () -- C:\Users\GreenPeaPrincess\Desktop\bookmarks.html
[2012/11/03 22:27:12 | 000,540,977 | ---- | C] () -- C:\Users\GreenPeaPrincess\Desktop\adwcleaner.exe
[2012/11/03 20:00:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/03 20:00:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/03 20:00:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/03 20:00:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/03 20:00:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/03 10:41:29 | 000,002,099 | ---- | C] () -- C:\Users\GreenPeaPrincess\Desktop\SpyHunter.lnk
[2012/11/02 15:29:14 | 3081,744,384 | -HS- | C] () -- C:\hiberfil.sys
[2012/11/02 15:16:30 | 000,000,680 | ---- | C] () -- C:\Users\GreenPeaPrincess\AppData\Local\d3d9caps.dat
[2012/11/02 14:35:41 | 000,001,055 | ---- | C] () -- C:\Users\GreenPeaPrincess\Desktop\Spybot - Search & Destroy.lnk
[2012/11/02 14:01:36 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2012/11/02 13:42:38 | 000,980,480 | ---- | C] () -- C:\Users\GreenPeaPrincess\Desktop\MicrosoftFixit50267.msi
[2012/10/11 05:46:14 | 266,106,328 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/08/10 04:58:58 | 000,000,146 | ---- | C] () -- C:\Windows\WININIT.INI
[2012/06/23 03:08:14 | 000,000,552 | ---- | C] () -- C:\Users\GreenPeaPrincess\AppData\Local\d3d8caps.dat
[2012/06/22 11:01:30 | 000,019,984 | ---- | C] () -- C:\Windows\System32\ESGScanner.sys
[2012/06/22 11:01:30 | 000,019,984 | ---- | C] () -- C:\Windows\System32\drivers\EsgScanner.sys
[2011/08/06 20:22:50 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/08/06 20:22:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/08/06 20:22:10 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/08/06 19:02:06 | 000,000,000 | ---- | C] () -- C:\Users\GreenPeaPrincess\AppData\Roaming\wklnhst.dat
[2011/08/04 21:46:09 | 000,011,264 | ---- | C] () -- C:\Users\GreenPeaPrincess\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/04 03:03:20 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/08/07 22:43:59 | 000,000,000 | ---D | M] -- C:\Users\GreenPeaPrincess\AppData\Roaming\Downloaded Installations
[2012/08/10 04:56:42 | 000,000,000 | ---D | M] -- C:\Users\GreenPeaPrincess\AppData\Roaming\JAM Software
[2012/10/02 21:16:44 | 000,000,000 | ---D | M] -- C:\Users\GreenPeaPrincess\AppData\Roaming\Kalydo
[2012/08/10 14:33:52 | 000,000,000 | ---D | M] -- C:\Users\GreenPeaPrincess\AppData\Roaming\PingPlotter
[2012/07/18 18:45:23 | 000,000,000 | ---D | M] -- C:\Users\GreenPeaPrincess\AppData\Roaming\PowerISO
[2012/08/01 11:45:04 | 000,000,000 | ---D | M] -- C:\Users\GreenPeaPrincess\AppData\Roaming\SystemRequirementsLab
[2011/08/06 19:02:08 | 000,000,000 | ---D | M] -- C:\Users\GreenPeaPrincess\AppData\Roaming\Template
[2012/08/10 08:52:04 | 000,000,000 | ---D | M] -- C:\Users\GreenPeaPrincess\AppData\Roaming\TuneUp Software
[2012/07/03 14:58:47 | 000,000,000 | ---D | M] -- C:\Users\GreenPeaPrincess\AppData\Roaming\Unity

========== Purity Check ==========



========== Custom Scans ==========

< c:\windows\*. /SL >
[2006/11/02 08:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006/11/02 08:01:49 | 000,032,538 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT

< c:\windows\*. /RP >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2011/08/05 13:21:37 | 000,000,000 | ---D | M] -- C:\Users\GreenPeaPrincess\AppData\Roaming\Adobe
[2011/08/08 19:34:51 | 000,000,000 | ---D | M] -- C:\Users\GreenPeaPrincess\AppData\Roaming\Apple Computer
[2012/09/17 07:46:55 | 000,000,000 | ---D | M] -- C:\Users\GreenPeaPrincess\AppData\Roaming\ArcSoft
[2012/08/07 22:43:59 | 000,000,000 | ---D | M] -- C:\Users\GreenPeaPrincess\AppData\Roaming\Downloaded Installations
[2011/08/04 13:53:00 | 000,000,000 | ---D | M] -- C:\Users\GreenPeaPrincess\AppData\Roaming\Identities
[2012/08/07 22:51:28 | 000,000,000 | ---D | M] -- C:\Users\GreenPeaPrincess\AppData\Roaming\Intel
[2012/08/10 04:56:42 | 000,000,000 | ---D | M] -- C:\Users\GreenPeaPrincess\AppData\Roaming\JAM Software
[2012/10/02 21:16:44 | 000,000,000 | ---D | M] -- C:\Users\GreenPeaPrincess\AppData\Roaming\Kalydo
[2011/08/04 15:31:47 | 000,000,000 | ---D | M] -- C:\Users\GreenPeaPrincess\AppData\Roaming\Macromedia
[2012/05/23 16:10:15 | 000,000,000 | ---D | M] -- C:\Users\GreenPeaPrincess\AppData\Roaming\Malwarebytes
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Users\GreenPeaPrincess\AppData\Roaming\Media Center Programs
[2012/08/09 10:03:52 | 000,000,000 | --SD | M] -- C:\Users\GreenPeaPrincess\AppData\Roaming\Microsoft
[2012/08/10 03:47:33 | 000,000,000 | ---D | M] -- C:\Users\GreenPeaPrincess\AppData\Roaming\mIRC
[2011/08/04 16:05:49 | 000,000,000 | ---D | M] -- C:\Users\GreenPeaPrincess\AppData\Roaming\Mozilla
[2012/08/10 14:33:52 | 000,000,000 | ---D | M] -- C:\Users\GreenPeaPrincess\AppData\Roaming\PingPlotter
[2012/07/18 18:45:23 | 000,000,000 | ---D | M] -- C:\Users\GreenPeaPrincess\AppData\Roaming\PowerISO
[2012/06/22 06:30:26 | 000,000,000 | ---D | M] -- C:\Users\GreenPeaPrincess\AppData\Roaming\Roxio
[2012/07/01 20:10:35 | 000,000,000 | ---D | M] -- C:\Users\GreenPeaPrincess\AppData\Roaming\Sony Corporation
[2012/09/19 10:26:48 | 000,000,000 | ---D | M] -- C:\Users\GreenPeaPrincess\AppData\Roaming\SUPERAntiSpyware.com
[2012/08/01 11:45:04 | 000,000,000 | ---D | M] -- C:\Users\GreenPeaPrincess\AppData\Roaming\SystemRequirementsLab
[2011/08/06 19:02:08 | 000,000,000 | ---D | M] -- C:\Users\GreenPeaPrincess\AppData\Roaming\Template
[2012/08/10 08:52:04 | 000,000,000 | ---D | M] -- C:\Users\GreenPeaPrincess\AppData\Roaming\TuneUp Software
[2012/07/03 14:58:47 | 000,000,000 | ---D | M] -- C:\Users\GreenPeaPrincess\AppData\Roaming\Unity

< %APPDATA%\*.exe /s >
[2012/08/30 02:23:06 | 000,142,568 | ---- | M] (Eximion B.V.) -- C:\Users\GreenPeaPrincess\AppData\Roaming\Kalydo\KalydoPlayer\bin2\appinstall.exe
[2012/10/02 21:22:03 | 000,088,042 | ---- | M] (Eximion B.V.) -- C:\Users\GreenPeaPrincess\AppData\Roaming\Kalydo\KalydoPlayer\bin2\appuninstall.exe
[2012/09/18 07:20:10 | 000,379,328 | ---- | M] (Eximion B.V.) -- C:\Users\GreenPeaPrincess\AppData\Roaming\Kalydo\KalydoPlayer\bin2\kalELLaunch.exe
[2012/09/18 08:03:44 | 002,209,216 | ---- | M] (Eximion B.V.) -- C:\Users\GreenPeaPrincess\AppData\Roaming\Kalydo\KalydoPlayer\bin2\kalydoloader.exe
[2012/10/02 21:16:45 | 000,126,209 | ---- | M] (Eximion B.V.) -- C:\Users\GreenPeaPrincess\AppData\Roaming\Kalydo\KalydoPlayer\bin2\uninstall.exe
[2012/10/02 21:17:19 | 003,412,000 | ---- | M] (Zemi Interactive Inc.) -- C:\Users\GreenPeaPrincess\AppData\Roaming\Kalydo\KalydoPlayer\content\apps\4Story\Bin\tclient.exe
[2012/06/12 00:17:00 | 001,131,776 | ---- | M] (AhnLab, Inc.) -- C:\Users\GreenPeaPrincess\AppData\Roaming\Kalydo\KalydoPlayer\content\apps\4Story\HShield\ahnrpt.exe
[2011/10/13 19:58:00 | 000,113,344 | ---- | M] (AhnLab, Inc.) -- C:\Users\GreenPeaPrincess\AppData\Roaming\Kalydo\KalydoPlayer\content\apps\4Story\HShield\hslogmgr.exe
[2012/03/09 05:05:00 | 000,159,072 | ---- | M] (AhnLab, Inc.) -- C:\Users\GreenPeaPrincess\AppData\Roaming\Kalydo\KalydoPlayer\content\apps\4Story\HShield\hsupdate.exe
[2012/10/02 21:18:39 | 000,256,112 | ---- | M] (AhnLab, Inc.) -- C:\Users\GreenPeaPrincess\AppData\Roaming\Kalydo\KalydoPlayer\content\apps\4Story\HShield\update\autoup.exe
[2012/10/02 21:18:39 | 001,131,776 | ---- | M] (AhnLab, Inc.) -- C:\Users\GreenPeaPrincess\AppData\Roaming\Kalydo\KalydoPlayer\content\apps\4Story\HSOrg\ahnrpt.exe
[2012/10/02 21:18:39 | 000,113,344 | ---- | M] (AhnLab, Inc.) -- C:\Users\GreenPeaPrincess\AppData\Roaming\Kalydo\KalydoPlayer\content\apps\4Story\HSOrg\hslogmgr.exe
[2012/10/02 21:18:39 | 000,159,072 | ---- | M] (AhnLab, Inc.) -- C:\Users\GreenPeaPrincess\AppData\Roaming\Kalydo\KalydoPlayer\content\apps\4Story\HSOrg\hsupdate.exe
[2012/10/02 21:18:39 | 000,256,112 | ---- | M] (AhnLab, Inc.) -- C:\Users\GreenPeaPrincess\AppData\Roaming\Kalydo\KalydoPlayer\content\apps\4Story\HSOrg\update\autoup.exe
[2011/08/08 12:16:22 | 003,085,984 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\GreenPeaPrincess\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2012/11/03 10:41:31 | 000,110,080 | R--- | M] () -- C:\Users\GreenPeaPrincess\AppData\Roaming\Microsoft\Installer\{DDABC667-56B3-4122-82B0-2F5782EA2F9A}\IconCF33A0CE.exe
[2012/11/03 10:41:31 | 000,110,080 | R--- | M] () -- C:\Users\GreenPeaPrincess\AppData\Roaming\Microsoft\Installer\{DDABC667-56B3-4122-82B0-2F5782EA2F9A}\IconD7F16134.exe
[2012/11/03 10:41:31 | 000,110,080 | R--- | M] () -- C:\Users\GreenPeaPrincess\AppData\Roaming\Microsoft\Installer\{DDABC667-56B3-4122-82B0-2F5782EA2F9A}\IconF7A21AF7.exe
[2012/08/08 12:44:18 | 000,045,126 | R--- | M] () -- C:\Users\GreenPeaPrincess\AppData\Roaming\Microsoft\Installer\{F8A10A25-D8DD-4661-9A1E-7F6DBAAA3C5E}\_456E7DB42D3E86C9FA37EB.exe
[2012/08/08 12:44:18 | 000,045,126 | R--- | M] () -- C:\Users\GreenPeaPrincess\AppData\Roaming\Microsoft\Installer\{F8A10A25-D8DD-4661-9A1E-7F6DBAAA3C5E}\_853F67D554F05449430E7E.exe
[2012/08/08 12:44:19 | 000,045,126 | R--- | M] () -- C:\Users\GreenPeaPrincess\AppData\Roaming\Microsoft\Installer\{F8A10A25-D8DD-4661-9A1E-7F6DBAAA3C5E}\_925CC2DD83C5B192FD8874.exe

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2012/09/29 18:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:AF2F4B57

< End of report >




OTL Extras logfile created on: 11/4/2012 4:01:38 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\GreenPeaPrincess\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 59.42% Memory free
5.94 Gb Paging File | 4.91 Gb Available in Paging File | 82.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.98 Gb Total Space | 138.61 Gb Free Space | 61.61% Space Free | Partition Type: NTFS

Computer Name: GREENPEA-PC | User Name: GreenPeaPrincess | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3CBAF40B-94AE-479F-BB54-B913FE18D6B2}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=c:\windows\system32\svchost.exe |
"{DFECF721-1EEF-4C28-9C17-C97FBD31A625}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2974D88E-D2D5-4F5E-8354-F59D475DF72F}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{2AA6B93A-FBFC-4138-BEAF-F95A1B9FCE39}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{2AE8E1AB-A904-42CF-80D8-5C5BAB43C60C}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{48B90448-5FE7-4A17-9FB8-B74FD9C2E3F0}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{4E71F08E-5E5D-4313-89A7-09ED1A2A5D0B}" = protocol=17 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{525D10D4-E8A7-45F1-B331-9BD47E8AA468}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{56D7309B-68F2-417C-A570-E212297B698A}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{6300FF78-48CD-4A73-96F1-739FAE846A2A}" = protocol=6 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{6D8B9516-BDC7-4628-9821-97D6034593B8}" = protocol=17 | dir=in | app=c:\program files\giraffic\veoh_girafficwatchdog.exe |
"{73E5EDA8-0B06-4354-B951-92743665D262}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{83EF12C0-7BF7-4584-809E-4A4E98CC1889}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{8BDCE466-9A1A-496F-A370-59B972C6A347}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8C4B6AEA-011D-4B5F-8D9C-DDAD51BCE28A}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{90099031-573C-4B62-B64C-2097781E88BE}" = protocol=6 | dir=in | app=c:\program files\giraffic\veoh_girafficwatchdog.exe |
"{93657C20-D209-44BE-AF7F-87086D068AF6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A80C39D9-CC19-431D-A70B-4CDF9EFDFF7B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{ADB137F9-1A08-4595-A0EA-CDE3DC5EB83E}" = protocol=6 | dir=in | app=c:\program files\giraffic\veoh_giraffic.exe |
"{C393E1AC-2A14-4F08-8A47-3BE40859E5DE}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\shadowsvc.exe |
"{C5BBAE61-80BE-4FD6-AE2D-B1D844A46F3F}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{C6ADE41C-068D-4487-AF6F-C294EBB56B69}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{CB167B2A-5E91-4790-8356-0EFA46E28C65}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CEF7ED64-5A46-43B0-BC0A-C1467C2D4D3D}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{DF6637CA-04AD-420D-B836-A9DD2D2913DC}" = protocol=17 | dir=in | app=c:\program files\giraffic\veoh_giraffic.exe |
"{E19A4F10-8E97-46F3-AEEA-EE60F994FA05}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\shadowsvc.exe |
"{E4390B6B-1D78-4BD0-A870-4ACA1602CC30}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"TCP Query User{2C0287CC-36CE-479A-BD18-CEAC17F43779}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"TCP Query User{640DB7E4-5867-4B5F-BD11-106042E03F4A}C:\users\greenpeaprincess\desktop\dolphin-win-x86-v3.0-721\dolphin.exe" = protocol=6 | dir=in | app=c:\users\greenpeaprincess\desktop\dolphin-win-x86-v3.0-721\dolphin.exe |
"TCP Query User{84B1FA9A-0B84-4AB8-8FC1-76F300E27AF5}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{2A91ACAB-27E5-41E5-AECD-1BE3868BCAF5}C:\users\greenpeaprincess\desktop\dolphin-win-x86-v3.0-721\dolphin.exe" = protocol=17 | dir=in | app=c:\users\greenpeaprincess\desktop\dolphin-win-x86-v3.0-721\dolphin.exe |
"UDP Query User{6846DB7F-AC69-46E1-B7BB-7D7CD0BB3BE7}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{C5345A3B-45A4-4B90-B8D4-5A56AE65BA6F}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}" = VAIO Media plus
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1B500D37-E7CF-480B-8054-8A563594EC4E}" = VAIO OOBE and Welcome Center
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel® PROSet/Wireless WiFi Software
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 5
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey
"{363611D9-1106-41F2-B74E-BD8481C41219}" = Click to Disc
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" =
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Power Management
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6C50525A-2D77-4C22-B058-9AA2F27ACFF2}" = VAIO Content Metadata Intelligent Analyzing Manager
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects
"{7E823DA5-43A2-46E8-A75E-5A2A0FDE81A1}" = VAIO Content Metadata Manager Setting
"{7F1B3341-A94E-4F5C-B587-CA0EB964221E}" = Microsoft Money Shared Libraries
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89217401-A2E5-4BFA-8973-803076698A3D}" = Game Fire
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BD60AEF-3F9D-47AE-B80A-FB7FFCE335A0}" = VAIO Movie Story
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A552C4EA-D41E-4C61-A0FB-C0E05440F7D7}" = VAIO Entertainment Platform
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B513C7B0-024A-498F-B0F5-00C67E2440A9}" = VAIO Content Metadata Intelligent Analyzing Manager
"{BACD22AE-5B6B-4F23-B506-3FCFF13AC137}" = VAIO Media plus
"{BCED773C-99EE-48DD-8915-25733F69F0A8}" = VAIO Wireless Wizard
"{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB8A8696-93EC-414E-A752-850AB133F68A}" = VAIO Content Metadata XML Interface Library
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D47FE987-EA3D-424B-9886-B752501D7CE7}" = VAIO Help and Support
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D8A50F0B-791E-43E6-8F22-AEC2D3FBEB84}" = PingPlotter Standard 3.40.2s
"{DDABC667-56B3-4122-82B0-2F5782EA2F9A}" = SpyHunter
"{DFD0E9A9-F24A-492B-8975-8C938E32408F}" = VAIO Startup Assistant
"{E1D25278-B51A-4163-BC3D-20A4D2D09F98}" = VAIO My Memory Center
"{E464702F-5433-46EC-8F65-159276C0A54F}" = WIDCOMM Bluetooth Software 6.2.0.4100
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EE59BBF9-415C-45DB-8C4B-EE43CF635FEA}" = VAIO Content Metadata XML Interface Library
"{EF7F7557-FF60-4C19-A8A1-465DA92E5229}" = NTI Backup Now 5
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F485E43D-18B1-4B40-AF4B-EDA78E91DA80}" = Dolby Control Center
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{F8A10A25-D8DD-4661-9A1E-7F6DBAAA3C5E}" = inSSIDer
"{FD72E69E-CF34-4071-BFD6-FD081A365E2C}" = VAIO Content Metadata Intelligent Analyzing Manager
"{FE697886-F392-4E0D-A0C0-47587BF60992}" = VAIO Content Metadata Manager Setting
"6F0C7D0FE1555A94F37AC8E5E5F7EBE1E3A2F290" = Windows Driver Package - Intel (iaStor) hdc (07/20/2008 8.5.0.1032)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_104D1700" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ExtractNow_is1" = ExtractNow
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"InstallShield_{EF7F7557-FF60-4C19-A8A1-465DA92E5229}" = NTI Backup Now 5.5
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Money2008b" = Microsoft Money Plus
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"NTI Open File Manager" = NTI Open File Manager
"NVIDIA Drivers" = NVIDIA Drivers
"pcsx2-r4600" = PCSX2 - Playstation 2 Emulator
"PowerISO" = PowerISO
"ProInst" = Intel PROSet Wireless
"SpeedFan" = SpeedFan (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Unlocker" = Unlocker 1.9.1

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Kalydo App 4Story" = 4Story
"KalydoPlayer" = Kalydo Player 4.09.00
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/27/2012 10:54:32 PM | Computer Name = GreenPea-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/27/2012 10:54:32 PM | Computer Name = GreenPea-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/27/2012 10:54:44 PM | Computer Name = GreenPea-PC | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 10/27/2012 10:54:44 PM | Computer Name = GreenPea-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/28/2012 3:13:34 AM | Computer Name = GreenPea-PC | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 10/28/2012 3:13:34 AM | Computer Name = GreenPea-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/28/2012 12:32:15 PM | Computer Name = GreenPea-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/28/2012 12:32:16 PM | Computer Name = GreenPea-PC | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 10/29/2012 6:27:15 AM | Computer Name = GreenPea-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/29/2012 6:27:16 AM | Computer Name = GreenPea-PC | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

[ System Events ]
Error - 6/22/2012 5:47:53 PM | Computer Name = GreenPea-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 6/22/2012 5:47:53 PM | Computer Name = GreenPea-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/22/2012 5:48:23 PM | Computer Name = GreenPea-PC | Source = DCOM | ID = 10010
Description =

Error - 6/22/2012 5:49:23 PM | Computer Name = GreenPea-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 6/22/2012 5:49:28 PM | Computer Name = GreenPea-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 6/22/2012 5:50:28 PM | Computer Name = GreenPea-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 6/22/2012 5:50:28 PM | Computer Name = GreenPea-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/22/2012 5:50:28 PM | Computer Name = GreenPea-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 6/22/2012 5:50:28 PM | Computer Name = GreenPea-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 6/22/2012 5:50:29 PM | Computer Name = GreenPea-PC | Source = DCOM | ID = 10005
Description =


< End of report >

#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:04:25 PM

Posted 05 November 2012 - 11:03 AM

Hello,
I don't see any signs of the extension in your logs.



We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
    :OTL
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\GREENP~1\AppData\Local\Temp\catchme.sys -- (catchme)
    IE - HKLM\..\SearchScopes,DefaultScope = 
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
    [2012/09/16 11:27:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\GreenPeaPrincess\AppData\Roaming\Mozilla\Extensions
    [2012/11/04 14:14:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
    FF - HKCU\Software\MozillaPlugins\@eximion.com/KalydoPlayer: C:\Users\GreenPeaPrincess\AppData\Roaming\Kalydo\KalydoPlayer\bin2\npkalydo.dll (Eximion B.V.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\GreenPeaPrincess\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    O15 - HKCU\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
    @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:AF2F4B57
    
    :Commands
    [EMPTYTEMP]
    [RESETHOSTS]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.



2.
Please download JRT by thisisu to your desktop and then double click to run the tool. please post the log it creates.


Things to include in your next reply::
OTL.txt
JRT log
How is the machine running now?

Edited by fireman4it, 05 November 2012 - 11:04 AM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users