Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Blue scrren


  • This topic is locked This topic is locked
198 replies to this topic

#1 Fixing1

Fixing1

  • Members
  • 350 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 18 October 2012 - 11:33 AM

I didn't know where to put this I was told to follow these instructions: I did the DDS and I have the DDS.txt file. I followed the instructions for gmer.zip file and before anything happens I get a blue screen with the error code Bad_pool and I can never make out the rest. Help please? What do I do?


Microsoft error reporting:

Error signature
BCCode: 19
BCP1: 00000020
BCP2: 83050000
BCP3: 83050828
BCP4: 1B0500000
OSVer: 5_1_2600
SP: 3_0
Product: 768_1

C:\DOCUME~1\4\LOCAL~1\TEMP\WER17d6.dir00\Mini101812-01.dmp
C:\DOCUME~1\4\LOCAL~1\TEMP\WER17d6.dir00\sysdata.xml


Here is the dds.txt

DDS (Ver_2012-10-14.05) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
Run by 4 at 3:51:14 on 2012-10-18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.303 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: ZoneAlarm Free Firewall Firewall *Enabled*
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Documents and Settings\All Users\Application Data\Mobilicity Connect\OnlineUpdate\ouc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\DOCUME~1\4\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mobilicity Connect\Mobilicity Connect.exe
C:\Documents and Settings\4\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\4\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\4\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\4\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\4\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\4\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\4\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\4\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\4\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\4\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\4\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\4\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\4\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\4\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\4\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\4\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\4\My Documents\Downloads\Defogger.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0812&m=aoa150
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0812&m=aoa150
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\3.1.415.1646\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\installshield\AzMixerSel.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1345659554921
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1345663294312
TCP: Interfaces\{7A513C8A-FEF9-490C-970C-277211D8BE70} : NameServer = 184.94.26.141 184.94.26.142
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 193552]
R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2012-8-29 526640]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2012-8-30 238952]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2012-8-30 27056]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2012-8-30 497320]
R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2012-8-29 117504]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2012-8-30 36608]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-8-29 72576]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-9-8 116648]
S2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\all users\application data\datacardservice\hwdeviceservice.exe -/service --> c:\documents and settings\all users\application data\datacardservice\HWDeviceService.exe -/service [?]
S2 Mobilicity Connect. RunOuc;Mobilicity Connect. OUC;c:\program files\mobilicity connect\updatedog\ouc.exe [2012-8-29 218624]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-9-21 250808]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-8-29 102784]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-9-8 116648]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
.
=============== Created Last 30 ================
.
2012-10-18 05:29:21 6918632 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b8952dd7-fbe4-4a3a-a8a6-b4a621c0c7f7}\mpengine.dll
2012-10-15 07:02:47 -------- d-----w- c:\documents and settings\4\local settings\application data\Norman Malware Cleaner
2012-10-15 06:22:05 6980552 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-10-15 02:18:34 -------- d-----w- c:\documents and settings\4\application data\SUPERAntiSpyware.com
2012-10-14 03:49:49 -------- d-----w- c:\documents and settings\4\application data\#ISW.FS#
2012-10-12 06:17:22 -------- d-----w- c:\documents and settings\4\local settings\application data\PCHealth
2012-10-09 01:07:30 9575864 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-10-03 14:52:43 -------- d-----w- c:\windows\Performance
2012-10-03 14:52:08 -------- d-----w- c:\documents and settings\4\local settings\application data\Microsoft Corporation
2012-10-03 14:35:00 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2012-09-24 16:41:30 -------- d-----w- c:\documents and settings\4\Downloads
2012-09-23 16:44:05 -------- d-----w- c:\documents and settings\4\application data\Malwarebytes
2012-09-23 16:43:23 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-09-23 16:43:17 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-23 16:43:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-23 16:38:55 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-09-23 16:38:55 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-09-23 01:53:31 -------- d-----w- c:\windows\pss
2012-09-23 00:27:56 -------- d-----w- c:\documents and settings\4\application data\CheckPoint
2012-09-23 00:20:06 -------- d-----w- c:\program files\CheckPoint
2012-09-23 00:20:02 -------- d-----w- c:\documents and settings\all users\application data\CheckPoint
2012-09-22 23:31:34 -------- d-----w- c:\windows\system32\NtmsData
2012-09-21 14:41:17 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-21 14:41:16 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-20 14:58:25 -------- d-----w- c:\documents and settings\4\.swt
2012-09-20 14:55:53 -------- d-----w- c:\documents and settings\4\local settings\application data\CRE
2012-09-20 14:55:03 -------- d-----w- c:\documents and settings\4\local settings\application data\Temp
2012-09-20 14:54:19 -------- d-----w- c:\documents and settings\4\application data\Azureus
2012-09-20 14:53:36 -------- d-----w- c:\program files\Vuze
2012-09-19 05:30:01 221184 ----a-w- c:\windows\system32\wmpns.dll
2012-09-19 05:29:01 -------- d-----w- c:\program files\Windows Media Connect 2
2012-09-19 05:11:36 -------- d-----w- c:\documents and settings\4\local settings\application data\Adobe
.
==================== Find3M ====================
.
2012-09-16 16:26:34 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-16 16:26:22 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-16 16:26:19 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-16 16:26:18 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-31 02:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-29 12:11:06 860928 ----a-w- c:\windows\system32\drivers\mod7700.sys
2012-08-29 12:11:06 28672 ----a-w- c:\windows\system32\drivers\usbccid.sys
2012-08-29 12:11:05 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2012-08-29 12:11:04 51456 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2012-08-29 12:11:04 26496 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2012-08-29 12:11:03 85248 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2012-08-29 12:11:03 72576 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2012-08-29 12:11:03 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2012-08-29 12:11:02 117504 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2012-08-29 12:11:01 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-08-29 12:11:01 106496 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-08-29 12:11:00 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 14:05:04 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-22 19:14:23 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-08-22 19:14:23 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-08-21 13:33:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:09 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-20 07:33:43 125 ----a-w- c:\windows\xUninstall.bat
2012-08-20 07:03:37 3 ----a-w- c:\windows\HotFix.bat
2012-08-20 07:03:37 139 ----a-w- c:\windows\HotFix2.bat
.
============= FINISH: 3:56:09.57 ===============

Edit: Moved topic from AntiVirus, Firewall and Privacy Products and Protection Methods to the more appropriate forum. Also link to original AII topic here.~ Animal

BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,615 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:25 PM

Posted 21 October 2012 - 08:34 AM

Greetings Fixing1 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary. If you would allow me to call you by your first name I would prefer to do that. :thumbup2:


===================================================


Ground Rules:

  • First, I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:

===================================================


Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please consider and perform the following for me.


===================================================


Can you tell me if this IP Address is known to you:

184.94.26.142


===================================================


ComboFix

--------------------

For a more detailed explanation on running Combofix and the prompts you will be following please see here.

Please download ComboFix from one of these locations and save it to your desktop:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

  • Note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista/Windows 7, ComboFix will skip the below Recovery Console pop ups and continue its malware removal procedure.

Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Posted Image



Click on Yes, to continue scanning for malware.

Please Note: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If ComboFix has stopped running please stop and advise me.

  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
When finished, it will produce a log. Please include the C:\Combofix.txt log in your next reply.


===================================================


BlueScreenView

----------

  • Download BlueScreenView and save it to your desktop
  • Double click the BlueScreenView.exe file then click OK
  • Select Run, Next, then Next again
  • Click Install
  • When the scanning is complete, select Edit and Select All
  • Then click File and Save Selected Items
  • Save the report as BSOD.txt
  • Open BSOD.txt in Notepad, copy the entire content and paste it into your next reply
More information about the program can be found here


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Combofix.txt
  • BSOD.txt

Edited by Oh My, 21 October 2012 - 02:45 PM.
Added Combofix

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Fixing1

Fixing1
  • Topic Starter

  • Members
  • 350 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 23 October 2012 - 12:28 PM

Hi and thank you for your patience with me. I downloaded combo fix and it took over 4 hours and I don't know if it finished. I can't find a log anywhere. My computer did restart on its own with an error. I wasn't able to get. But looking in system management it is a code 1003. Also, Internet explorer popped up with the topic being the blue screen.

http://wer.microsoft.com/responses/Response.aspx/10/en-us/5.1.2600.2.00010300.3.0?SGD=2ca79151-9ca4-4c6b-86dc-c3764e68b15c&Bucket=0x19_20_catchme%2b10d7

what should I do next? Should I try the combo fix again? or move on to blue screenview?

As for the IP address, Would it be mine? Do you have any more information about it? off hand I can think of it.

Edited by Fixing1, 23 October 2012 - 12:32 PM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,615 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:25 PM

Posted 23 October 2012 - 01:05 PM

Hi Fixing1,

Thanks for the great explanation about what happened. It was good for you to pause and ask for some direction about a next step. :thumbsup:

I would like you to try to run Combofix again. If it completed some work before a hiccup that information should be included in a subsequent log.

I would like you to run BlueScreenView. That may provide some clues about what is going on behind the scenes.

As for the IP address, please click on it in the previous post (sorry I should have made that more clear). It is a link I created which will take you to some information about who owns the IP address. Please let me know if any or all of the owner information makes sense to you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Fixing1

Fixing1
  • Topic Starter

  • Members
  • 350 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 23 October 2012 - 02:52 PM

I tried the combo fix again and it gave me a blue screen error which was so quick that I couldn`t get the actual error message. As for the IP address I don`t regonize it and that information doesn`t mean anything to me unless you explain it. It looks like there is an order form for something.

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,615 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:25 PM

Posted 23 October 2012 - 03:11 PM

Hi Fixing1,

Go ahead and run BlueScreenView for me and post the results.

As far as the IP address, are you located anywhere near this or does the OrgName (company name) ring a bell?:


OrgName: Allstream Corp.
OrgId: ACCA-2
Address: 200 Wellington Street West
Address: 16th Floor
City: Toronto
StateProv: ON
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Fixing1

Fixing1
  • Topic Starter

  • Members
  • 350 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 23 October 2012 - 03:22 PM

==================================================
Dump File : Mini102312-02.dmp
Crash Time : 10/23/2012 3:49:39 PM
Bug Check String : BAD_POOL_HEADER
Bug Check Code : 0x00000019
Parameter 1 : 0x00000020
Parameter 2 : 0x8319cae8
Parameter 3 : 0x8319cf00
Parameter 4 : 0x1a830001
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+6070a
File Description : NT Kernel & System
Product Name : Microsoft« Windows« Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6284 (xpsp_sp3_gdr.120821-1629)
Processor : 32-bit
Crash Address : ntoskrnl.exe+6070a
Stack Address 1 : ntoskrnl.exe+7afc5
Stack Address 2 : ntoskrnl.exe+1bc5f
Stack Address 3 : ntoskrnl.exe+1bdf5
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini102312-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 106,496
==================================================

==================================================
Dump File : Mini102312-01.dmp
Crash Time : 10/23/2012 9:55:44 AM
Bug Check String : BAD_POOL_HEADER
Bug Check Code : 0x00000019
Parameter 1 : 0x00000020
Parameter 2 : 0x82f75800
Parameter 3 : 0x82f75c18
Parameter 4 : 0x1a830001
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+6070a
File Description : NT Kernel & System
Product Name : Microsoft« Windows« Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.6284 (xpsp_sp3_gdr.120821-1629)
Processor : 32-bit
Crash Address : ntoskrnl.exe+6070a
Stack Address 1 : ntoskrnl.exe+7afc5
Stack Address 2 : ntoskrnl.exe+1bc5f
Stack Address 3 : ntoskrnl.exe+1bdf5
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini102312-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 106,496
==================================================

==================================================
Dump File : Mini101812-03.dmp
Crash Time : 10/18/2012 11:53:02 AM
Bug Check String : BAD_POOL_HEADER
Bug Check Code : 0x00000019
Parameter 1 : 0x00000020
Parameter 2 : 0x83190528
Parameter 3 : 0x83190d50
Parameter 4 : 0x1b05003b
Caused By Driver : uxxiraob.sys
Caused By Address : uxxiraob.sys+55b0
File Description :
Product Name :
Company :
File Version :
Processor : 32-bit
Crash Address : ntoskrnl.exe+6070a
Stack Address 1 : ntoskrnl.exe+7afc5
Stack Address 2 : ntoskrnl.exe+1bc5f
Stack Address 3 : ntoskrnl.exe+1bdf5
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini101812-03.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 106,496
==================================================

==================================================
Dump File : Mini101812-02.dmp
Crash Time : 10/18/2012 11:05:02 AM
Bug Check String : BAD_POOL_HEADER
Bug Check Code : 0x00000019
Parameter 1 : 0x00000020
Parameter 2 : 0x831a0608
Parameter 3 : 0x831a0e30
Parameter 4 : 0x1b050007
Caused By Driver : uxxiraob.sys
Caused By Address : uxxiraob.sys+55b0
File Description :
Product Name :
Company :
File Version :
Processor : 32-bit
Crash Address : ntoskrnl.exe+6070a
Stack Address 1 : ntoskrnl.exe+7afc5
Stack Address 2 : ntoskrnl.exe+1bc5f
Stack Address 3 : ntoskrnl.exe+1bdf5
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini101812-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 106,496
==================================================

==================================================
Dump File : Mini101812-01.dmp
Crash Time : 10/18/2012 4:00:05 AM
Bug Check String : BAD_POOL_HEADER
Bug Check Code : 0x00000019
Parameter 1 : 0x00000020
Parameter 2 : 0x83050000
Parameter 3 : 0x83050828
Parameter 4 : 0x1b050000
Caused By Driver : uxxiraob.sys
Caused By Address : uxxiraob.sys+55b0
File Description :
Product Name :
Company :
File Version :
Processor : 32-bit
Crash Address : ntoskrnl.exe+6070a
Stack Address 1 : ntoskrnl.exe+7afc5
Stack Address 2 : ntoskrnl.exe+1bc5f
Stack Address 3 : ntoskrnl.exe+1bdf5
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini101812-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 106,496
==================================================

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,615 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:25 PM

Posted 23 October 2012 - 03:52 PM

Hi Fixing1,

Thank you for that information. I would like to hunt down a file that is showing up in the Blue Screen report. Please do this for me.


===================================================


SystemLook by jpshortstuff

--------------------

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
    uxxiraob.*
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • SystemLook log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Fixing1

Fixing1
  • Topic Starter

  • Members
  • 350 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 23 October 2012 - 04:50 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 17:47 on 23/10/2012 by 4
Administrator - Elevation successful

========== filefind ==========

Searching for "uxxiraob.*"
No files found.No files found.


-= EOF =-
-= EOF =-

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,615 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:25 PM

Posted 23 October 2012 - 06:31 PM

Hi Fixit1,

Thank you for the information verifying the IP address appears to be legitimate. That address is contained in the DDS report under the Pseudo HJT Report category. (refer Post 1).

Based on the results of the SystemLook search I think it is time to become more aggressive in looking for malware on your computer. Please perform the following steps for me.


===================================================


Running TDSSKiller with Changed Parameters

--------------------

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    Posted Image

  • Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system
  • Click OK


    Posted Image

  • Click Start Scan and allow the scan process to run


    Posted Image

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue


    Posted Image

  • Click Reboot computer
  • Please copy and paste the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)

===================================================


aswMBR

--------------------

  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.


    Posted Image
  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.


    Posted Image
  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • TDSSKiller log
  • aswMBR log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Fixing1

Fixing1
  • Topic Starter

  • Members
  • 350 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 23 October 2012 - 08:19 PM

19:47:35.0859 2884 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
19:47:35.0906 2884 ============================================================
19:47:35.0906 2884 Current date / time: 2012/10/23 19:47:35.0906
19:47:35.0906 2884 SystemInfo:
19:47:35.0906 2884
19:47:35.0906 2884 OS Version: 5.1.2600 ServicePack: 3.0
19:47:35.0906 2884 Product type: Workstation
19:47:35.0906 2884 ComputerName: ACER-6E40E97492
19:47:35.0906 2884 UserName: 4
19:47:35.0906 2884 Windows directory: C:\WINDOWS
19:47:35.0906 2884 System windows directory: C:\WINDOWS
19:47:35.0906 2884 Processor architecture: Intel x86
19:47:35.0906 2884 Number of processors: 2
19:47:35.0906 2884 Page size: 0x1000
19:47:35.0906 2884 Boot type: Normal boot
19:47:35.0906 2884 ============================================================
19:47:47.0750 2884 BG loaded
19:48:08.0984 2884 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01,

SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:48:09.0281 2884 ============================================================
19:48:09.0281 2884 \Device\Harddisk0\DR0:
19:48:09.0328 2884 MBR partitions:
19:48:09.0328 2884 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9C263D, BlocksNum 0x12056484
19:48:09.0328 2884 ============================================================
19:48:10.0500 2884 C: <-> \Device\Harddisk0\DR0\Partition1
19:48:11.0031 2884 ============================================================
19:48:11.0031 2884 Initialize success
19:48:11.0031 2884 ============================================================
19:48:33.0375 3456 ============================================================
19:48:33.0375 3456 Scan started
19:48:33.0375 3456 Mode: Manual; SigCheck; TDLFS;
19:48:33.0375 3456 ============================================================
19:48:34.0375 3456 ================ Scan system memory ========================
19:48:34.0375 3456 System memory - ok
19:48:34.0390 3456 ================ Scan services =============================
19:48:36.0609 3456 [ C07D5197410AAB28D0D93F943F59656D ] 6to4 C:\WINDOWS\System32\6to4svc.dll
19:48:37.0203 3456 6to4 - ok
19:48:37.0406 3456 Abiosdsk - ok
19:48:37.0484 3456 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
19:48:38.0093 3456 abp480n5 - ok
19:48:38.0375 3456 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:48:38.0890 3456 ACPI - ok
19:48:38.0906 3456 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
19:48:39.0250 3456 ACPIEC - ok
19:48:39.0453 3456 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32

\Macromed\Flash\FlashPlayerUpdateService.exe
19:48:40.0109 3456 AdobeFlashPlayerUpdateSvc - ok
19:48:40.0421 3456 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
19:48:40.0828 3456 adpu160m - ok
19:48:40.0906 3456 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:48:41.0328 3456 aec - ok
19:48:41.0468 3456 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:48:41.0687 3456 AFD - ok
19:48:41.0718 3456 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
19:48:42.0140 3456 agp440 - ok
19:48:42.0187 3456 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
19:48:42.0562 3456 agpCPQ - ok
19:48:42.0625 3456 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
19:48:42.0781 3456 Aha154x - ok
19:48:42.0812 3456 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
19:48:44.0921 3456 aic78u2 - ok
19:48:44.0953 3456 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
19:48:45.0593 3456 aic78xx - ok
19:48:45.0671 3456 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:48:46.0109 3456 Alerter - ok
19:48:46.0187 3456 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
19:48:46.0562 3456 ALG - ok
19:48:46.0593 3456 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
19:48:46.0953 3456 AliIde - ok
19:48:47.0015 3456 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
19:48:47.0468 3456 alim1541 - ok
19:48:47.0531 3456 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
19:48:48.0171 3456 amdagp - ok
19:48:48.0265 3456 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
19:48:48.0546 3456 amsint - ok
19:48:48.0562 3456 AppMgmt - ok
19:48:48.0828 3456 [ 7CAE93FE5511D0C0688CFA56CF241E31 ] AR5416 C:\WINDOWS\system32\DRIVERS\athw.sys
19:48:49.0640 3456 AR5416 - ok
19:48:49.0718 3456 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
19:48:50.0250 3456 asc - ok
19:48:50.0484 3456 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
19:48:50.0953 3456 asc3350p - ok
19:48:50.0968 3456 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
19:48:51.0468 3456 asc3550 - ok
19:48:51.0781 3456 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727

\aspnet_state.exe
19:48:51.0984 3456 aspnet_state - ok
19:48:52.0015 3456 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:48:52.0656 3456 AsyncMac - ok
19:48:52.0718 3456 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:48:53.0078 3456 atapi - ok
19:48:53.0093 3456 Atdisk - ok
19:48:53.0234 3456 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:48:54.0125 3456 Atmarpc - ok
19:48:54.0203 3456 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:48:54.0718 3456 AudioSrv - ok
19:48:54.0796 3456 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:48:55.0312 3456 audstub - ok
19:48:55.0578 3456 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:48:56.0375 3456 Beep - ok
19:48:56.0468 3456 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
19:48:57.0921 3456 BITS - ok
19:48:57.0968 3456 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
19:48:58.0312 3456 Browser - ok
19:48:58.0812 3456 catchme - ok
19:48:58.0937 3456 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
19:48:59.0578 3456 cbidf - ok
19:48:59.0609 3456 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:49:00.0062 3456 cbidf2k - ok
19:49:00.0140 3456 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:49:01.0265 3456 CCDECODE - ok
19:49:01.0484 3456 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
19:49:03.0000 3456 cd20xrnt - ok
19:49:03.0031 3456 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:49:03.0546 3456 Cdaudio - ok
19:49:03.0734 3456 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:49:04.0156 3456 Cdfs - ok
19:49:04.0203 3456 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:49:04.0671 3456 Cdrom - ok
19:49:04.0687 3456 Changer - ok
19:49:04.0734 3456 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:49:05.0203 3456 CiSvc - ok
19:49:05.0281 3456 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:49:05.0843 3456 ClipSrv - ok
19:49:06.0000 3456 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:49:06.0468 3456 clr_optimization_v2.0.50727_32 - ok
19:49:06.0640 3456 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
19:49:07.0000 3456 CmBatt - ok
19:49:07.0031 3456 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
19:49:07.0453 3456 CmdIde - ok
19:49:07.0468 3456 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
19:49:07.0859 3456 Compbatt - ok
19:49:07.0859 3456 COMSysApp - ok
19:49:07.0937 3456 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
19:49:08.0375 3456 Cpqarray - ok
19:49:08.0531 3456 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:49:08.0906 3456 CryptSvc - ok
19:49:09.0000 3456 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
19:49:09.0390 3456 dac2w2k - ok
19:49:09.0468 3456 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
19:49:09.0921 3456 dac960nt - ok
19:49:10.0000 3456 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:49:10.0140 3456 DcomLaunch - ok
19:49:10.0156 3456 dgderdrv - ok
19:49:10.0250 3456 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:49:10.0515 3456 Dhcp - ok
19:49:10.0765 3456 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:49:11.0125 3456 Disk - ok
19:49:11.0203 3456 [ 08D30AF92C270F2E76787C81589DBAD6 ] DKbFltr C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
19:49:11.0328 3456 DKbFltr - ok
19:49:11.0343 3456 dmadmin - ok
19:49:11.0484 3456 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:49:12.0062 3456 dmboot - ok
19:49:12.0093 3456 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:49:12.0453 3456 dmio - ok
19:49:12.0500 3456 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:49:12.0828 3456 dmload - ok
19:49:12.0890 3456 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:49:13.0250 3456 dmserver - ok
19:49:13.0281 3456 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:49:17.0203 3456 DMusic - ok
19:49:17.0250 3456 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:49:17.0562 3456 Dnscache - ok
19:49:17.0609 3456 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:49:18.0015 3456 Dot3svc - ok
19:49:18.0046 3456 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
19:49:18.0531 3456 dpti2o - ok
19:49:18.0671 3456 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:49:19.0031 3456 drmkaud - ok
19:49:19.0109 3456 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:49:19.0484 3456 EapHost - ok
19:49:19.0515 3456 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:49:19.0875 3456 ERSvc - ok
19:49:19.0953 3456 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
19:49:20.0140 3456 Eventlog - ok
19:49:20.0187 3456 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
19:49:20.0265 3456 EventSystem - ok
19:49:20.0609 3456 [ A52794C010C6DF5B4BC70C4AB5E04088 ] ewusbnet C:\WINDOWS\system32\DRIVERS\ewusbnet.sys
19:49:20.0765 3456 ewusbnet - ok
19:49:20.0796 3456 [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys
19:49:21.0000 3456 ew_hwusbdev - ok
19:49:21.0046 3456 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:49:21.0343 3456 Fastfat - ok
19:49:21.0406 3456 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:49:21.0593 3456 FastUserSwitchingCompatibility - ok
19:49:21.0640 3456 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
19:49:21.0875 3456 Fax - ok
19:49:21.0937 3456 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
19:49:22.0250 3456 Fdc - ok
19:49:22.0281 3456 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:49:22.0609 3456 Fips - ok
19:49:22.0609 3456 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
19:49:22.0875 3456 Flpydisk - ok
19:49:22.0953 3456 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
19:49:23.0218 3456 FltMgr - ok
19:49:23.0343 3456 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0

\WPF\PresentationFontCache.exe
19:49:23.0406 3456 FontCache3.0.0.0 - ok
19:49:23.0453 3456 [ CBE5F69A5E5B918225F420BA748F3742 ] FsUsbExDisk C:\WINDOWS\system32\FsUsbExDisk.SYS
19:49:23.0453 3456 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
19:49:23.0453 3456 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
19:49:23.0484 3456 [ 0CFB220B912F3E1E299C9D4113F07B69 ] FsUsbExService C:\WINDOWS\system32\FsUsbExService.Exe
19:49:23.0703 3456 FsUsbExService - ok
19:49:23.0718 3456 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:49:24.0000 3456 Fs_Rec - ok
19:49:24.0046 3456 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:49:24.0312 3456 Ftdisk - ok
19:49:24.0390 3456 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:49:24.0671 3456 Gpc - ok
19:49:24.0765 3456 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:49:24.0921 3456 gupdate - ok
19:49:24.0937 3456 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:49:24.0968 3456 gupdatem - ok
19:49:25.0031 3456 [ 751C1D2CA2ABF4A9F5A6B8D7D45B907C ] gusvc C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
19:49:25.0187 3456 gusvc - ok
19:49:25.0203 3456 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:49:25.0765 3456 HDAudBus - ok
19:49:25.0812 3456 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:49:26.0093 3456 helpsvc - ok
19:49:26.0093 3456 HidServ - ok
19:49:26.0171 3456 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:49:26.0421 3456 HidUsb - ok
19:49:26.0484 3456 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:49:26.0921 3456 hkmsvc - ok
19:49:26.0984 3456 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
19:49:27.0234 3456 hpn - ok
19:49:27.0328 3456 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:49:27.0375 3456 HTTP - ok
19:49:27.0437 3456 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:49:27.0718 3456 HTTPFilter - ok
19:49:27.0781 3456 [ BED3A9F86A637CC6C2C5296CD82423D8 ] huawei_enumerator C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
19:49:28.0234 3456 huawei_enumerator - ok
19:49:28.0265 3456 [ 1F40368DC40B17DE3FA0FBE8A9D82F9E ] hwdatacard C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
19:49:28.0531 3456 hwdatacard - ok
19:49:28.0562 3456 HWDeviceService.exe - ok
19:49:28.0609 3456 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
19:49:28.0921 3456 i2omgmt - ok
19:49:28.0984 3456 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
19:49:29.0250 3456 i2omp - ok
19:49:29.0296 3456 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:49:29.0578 3456 i8042prt - ok
19:49:29.0796 3456 [ 48846B31BE5A4FA662CCFDE7A1BA86B9 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
19:49:30.0140 3456 ialm - ok
19:49:30.0250 3456 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows

Communication Foundation\infocard.exe
19:49:30.0578 3456 idsvc - ok
19:49:30.0609 3456 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:49:30.0890 3456 Imapi - ok
19:49:30.0968 3456 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
19:49:31.0343 3456 ImapiService - ok
19:49:31.0421 3456 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
19:49:31.0687 3456 ini910u - ok
19:49:31.0828 3456 [ 4D8D5B1C895EA0F2A721B98A7CE198F1 ] int15.sys C:\Acer\Empowering Technology\eRecovery\int15.sys
19:49:31.0828 3456 int15.sys ( UnsignedFile.Multi.Generic ) - warning
19:49:31.0828 3456 int15.sys - detected UnsignedFile.Multi.Generic (1)
19:49:32.0093 3456 [ 19AFBB8427CE65042599555E578170DF ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:49:32.0375 3456 IntcAzAudAddService - ok
19:49:32.0406 3456 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
19:49:32.0656 3456 IntelIde - ok
19:49:32.0671 3456 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:49:32.0937 3456 intelppm - ok
19:49:32.0984 3456 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
19:49:33.0265 3456 Ip6Fw - ok
19:49:33.0328 3456 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:49:33.0593 3456 IpFilterDriver - ok
19:49:33.0609 3456 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:49:33.0875 3456 IpInIp - ok
19:49:33.0906 3456 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:49:34.0187 3456 IpNat - ok
19:49:34.0234 3456 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:49:34.0546 3456 IPSec - ok
19:49:34.0562 3456 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:49:34.0687 3456 IRENUM - ok
19:49:34.0703 3456 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:49:34.0984 3456 isapnp - ok
19:49:35.0093 3456 [ 6ED8D475BF2F950F3262942F630B3A20 ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
19:49:35.0171 3456 ISWKL - ok
19:49:35.0203 3456 [ 8A698B79EDF2BA40E42ADD764F43FAA7 ] IswSvc C:\Program

Files\CheckPoint\ZAForceField\IswSvc.exe
19:49:35.0500 3456 IswSvc - ok
19:49:35.0562 3456 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common

Files\InterVideo\RegMgr\iviRegMgr.exe
19:49:35.0718 3456 IviRegMgr - ok
19:49:35.0781 3456 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
19:49:36.0000 3456 JavaQuickStarterService - ok
19:49:36.0046 3456 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:49:36.0312 3456 Kbdclass - ok
19:49:36.0359 3456 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:49:36.0562 3456 kmixer - ok
19:49:36.0609 3456 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:49:36.0812 3456 KSecDD - ok
19:49:36.0859 3456 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
19:49:36.0984 3456 LanmanServer - ok
19:49:37.0031 3456 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:49:37.0203 3456 lanmanworkstation - ok
19:49:37.0203 3456 lbrtfdc - ok
19:49:37.0265 3456 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:49:37.0625 3456 LmHosts - ok
19:49:37.0687 3456 [ DDF15A42E27E8EFE27B18FD403151A86 ] MatSvc C:\Program Files\Microsoft Fix it

Center\Matsvc.exe
19:49:37.0734 3456 MatSvc - ok
19:49:37.0781 3456 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\mbamswissarmy.sys
19:49:37.0890 3456 MBAMSwissArmy - ok
19:49:37.0937 3456 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:49:38.0203 3456 Messenger - ok
19:49:38.0265 3456 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:49:38.0546 3456 mnmdd - ok
19:49:38.0625 3456 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
19:49:38.0953 3456 mnmsrvc - ok
19:49:39.0078 3456 [ 38106C7BD34EAE89D2769AC0BA2E846B ] Mobilicity Connect. RunOuc C:\Program Files\Mobilicity

Connect\UpdateDog\ouc.exe
19:49:39.0156 3456 Mobilicity Connect. RunOuc ( UnsignedFile.Multi.Generic ) - warning
19:49:39.0156 3456 Mobilicity Connect. RunOuc - detected UnsignedFile.Multi.Generic (1)
19:49:39.0171 3456 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:49:39.0375 3456 Modem - ok
19:49:39.0406 3456 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:49:39.0687 3456 Mouclass - ok
19:49:39.0718 3456 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:49:39.0984 3456 mouhid - ok
19:49:40.0046 3456 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:49:40.0312 3456 MountMgr - ok
19:49:40.0609 3456 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
19:49:40.0703 3456 MpFilter - ok
19:49:40.0734 3456 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
19:49:41.0046 3456 mraid35x - ok
19:49:41.0093 3456 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:49:41.0343 3456 MRxDAV - ok
19:49:41.0437 3456 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:49:41.0593 3456 MRxSmb - ok
19:49:41.0640 3456 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
19:49:41.0890 3456 MSDTC - ok
19:49:41.0921 3456 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:49:42.0296 3456 Msfs - ok
19:49:42.0312 3456 MSIServer - ok
19:49:42.0359 3456 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:49:42.0609 3456 MSKSSRV - ok
19:49:42.0734 3456 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security

Client\MsMpEng.exe
19:49:42.0812 3456 MsMpSvc - ok
19:49:42.0843 3456 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:49:43.0078 3456 MSPCLOCK - ok
19:49:43.0140 3456 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:49:43.0375 3456 MSPQM - ok
19:49:43.0406 3456 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:49:43.0656 3456 mssmbios - ok
19:49:43.0687 3456 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
19:49:43.0921 3456 MSTEE - ok
19:49:44.0000 3456 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:49:44.0125 3456 Mup - ok
19:49:44.0156 3456 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:49:44.0437 3456 NABTSFEC - ok
19:49:44.0546 3456 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
19:49:44.0921 3456 napagent - ok
19:49:45.0000 3456 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:49:45.0281 3456 NDIS - ok
19:49:45.0312 3456 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:49:45.0796 3456 NdisIP - ok
19:49:45.0859 3456 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:49:45.0984 3456 NdisTapi - ok
19:49:46.0015 3456 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:49:46.0296 3456 Ndisuio - ok
19:49:46.0312 3456 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:49:46.0671 3456 NdisWan - ok
19:49:46.0703 3456 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:49:46.0843 3456 NDProxy - ok
19:49:46.0890 3456 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:49:47.0156 3456 NetBIOS - ok
19:49:47.0187 3456 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:49:47.0531 3456 NetBT - ok
19:49:47.0578 3456 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
19:49:48.0000 3456 NetDDE - ok
19:49:48.0046 3456 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:49:48.0312 3456 NetDDEdsdm - ok
19:49:48.0390 3456 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:49:48.0656 3456 Netlogon - ok
19:49:48.0703 3456 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
19:49:48.0937 3456 Netman - ok
19:49:49.0015 3456 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows

Communication Foundation\SMSvcHost.exe
19:49:49.0093 3456 NetTcpPortSharing - ok
19:49:49.0125 3456 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
19:49:49.0187 3456 Nla - ok
19:49:49.0250 3456 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:49:49.0515 3456 Npfs - ok
19:49:49.0562 3456 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:49:49.0843 3456 Ntfs - ok
19:49:49.0890 3456 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
19:49:50.0093 3456 NtLmSsp - ok
19:49:50.0171 3456 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:49:50.0468 3456 NtmsSvc - ok
19:49:50.0640 3456 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:49:50.0937 3456 Null - ok
19:49:50.0968 3456 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:49:51.0234 3456 NwlnkFlt - ok
19:49:51.0281 3456 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:49:51.0546 3456 NwlnkFwd - ok
19:49:51.0734 3456 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft

Shared\OFFICE12\ODSERV.EXE
19:49:51.0953 3456 odserv - ok
19:49:51.0984 3456 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft

Shared\Source Engine\OSE.EXE
19:49:52.0187 3456 ose - ok
19:49:52.0250 3456 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\drivers\Parport.sys
19:49:52.0656 3456 Parport - ok
19:49:52.0687 3456 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:49:52.0968 3456 PartMgr - ok
19:49:53.0015 3456 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:49:53.0250 3456 ParVdm - ok
19:49:53.0265 3456 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:49:53.0593 3456 PCI - ok
19:49:53.0593 3456 PCIDump - ok
19:49:53.0609 3456 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:49:53.0843 3456 PCIIde - ok
19:49:53.0921 3456 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
19:49:54.0203 3456 Pcmcia - ok
19:49:54.0203 3456 PDCOMP - ok
19:49:54.0218 3456 PDFRAME - ok
19:49:54.0234 3456 PDRELI - ok
19:49:54.0250 3456 PDRFRAME - ok
19:49:54.0296 3456 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
19:49:54.0546 3456 perc2 - ok
19:49:54.0546 3456 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
19:49:54.0796 3456 perc2hib - ok
19:49:54.0859 3456 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
19:49:54.0921 3456 PlugPlay - ok
19:49:54.0953 3456 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:49:55.0156 3456 PolicyAgent - ok
19:49:55.0203 3456 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:49:55.0484 3456 PptpMiniport - ok
19:49:55.0500 3456 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:49:55.0703 3456 ProtectedStorage - ok
19:49:55.0734 3456 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:49:56.0031 3456 PSched - ok
19:49:56.0046 3456 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:49:56.0281 3456 Ptilink - ok
19:49:56.0312 3456 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
19:49:56.0578 3456 ql1080 - ok
19:49:56.0609 3456 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
19:49:56.0843 3456 Ql10wnt - ok
19:49:56.0859 3456 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
19:49:57.0093 3456 ql12160 - ok
19:49:57.0109 3456 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
19:49:57.0390 3456 ql1240 - ok
19:49:57.0406 3456 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
19:49:57.0671 3456 ql1280 - ok
19:49:57.0687 3456 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:49:57.0906 3456 RasAcd - ok
19:49:57.0968 3456 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:49:58.0250 3456 RasAuto - ok
19:49:58.0296 3456 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:49:58.0578 3456 Rasl2tp - ok
19:49:58.0609 3456 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:49:58.0843 3456 RasMan - ok
19:49:58.0843 3456 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:49:59.0140 3456 RasPppoe - ok
19:49:59.0171 3456 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:49:59.0421 3456 Raspti - ok
19:49:59.0468 3456 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:49:59.0703 3456 Rdbss - ok
19:49:59.0765 3456 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:50:00.0015 3456 RDPCDD - ok
19:50:00.0078 3456 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:50:00.0312 3456 rdpdr - ok
19:50:00.0390 3456 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:50:00.0656 3456 RDPWD - ok
19:50:00.0703 3456 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:50:01.0125 3456 RDSessMgr - ok
19:50:01.0156 3456 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:50:01.0453 3456 redbook - ok
19:50:01.0515 3456 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:50:01.0796 3456 RemoteAccess - ok
19:50:01.0859 3456 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
19:50:02.0156 3456 RpcLocator - ok
19:50:02.0203 3456 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\system32\rpcss.dll
19:50:02.0250 3456 RpcSs - ok
19:50:02.0265 3456 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
19:50:02.0562 3456 RSVP - ok
19:50:02.0625 3456 [ F0A21C62B9B835E1C96268EAAE31D239 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
19:50:02.0796 3456 RTLE8023xp - ok
19:50:02.0828 3456 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
19:50:03.0031 3456 SamSs - ok
19:50:03.0046 3456 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:50:03.0406 3456 SCardSvr - ok
19:50:03.0437 3456 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:50:03.0734 3456 Schedule - ok
19:50:03.0796 3456 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:50:03.0937 3456 Secdrv - ok
19:50:03.0984 3456 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
19:50:04.0171 3456 seclogon - ok
19:50:04.0218 3456 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
19:50:04.0453 3456 SENS - ok
19:50:04.0484 3456 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
19:50:04.0828 3456 Serial - ok
19:50:04.0921 3456 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:50:05.0171 3456 Sfloppy - ok
19:50:05.0250 3456 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:50:05.0484 3456 SharedAccess - ok
19:50:05.0546 3456 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:50:05.0578 3456 ShellHWDetection - ok
19:50:05.0593 3456 Simbad - ok
19:50:05.0625 3456 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
19:50:05.0937 3456 sisagp - ok
19:50:06.0000 3456 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:50:06.0250 3456 SLIP - ok
19:50:06.0406 3456 [ 0302BC619D4A723317E7F8EB0C362BD3 ] SNP2UVC C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
19:50:06.0671 3456 SNP2UVC - ok
19:50:06.0703 3456 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
19:50:06.0875 3456 Sparrow - ok
19:50:06.0921 3456 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:50:07.0234 3456 splitter - ok
19:50:07.0296 3456 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:50:08.0671 3456 Spooler - ok
19:50:08.0687 3456 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:50:08.0890 3456 sr - ok
19:50:08.0937 3456 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
19:50:09.0015 3456 srservice - ok
19:50:09.0078 3456 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:50:09.0203 3456 Srv - ok
19:50:09.0250 3456 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:50:09.0343 3456 SSDPSRV - ok
19:50:09.0406 3456 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:50:09.0656 3456 stisvc - ok
19:50:09.0703 3456 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:50:09.0953 3456 streamip - ok
19:50:10.0031 3456 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:50:10.0281 3456 swenum - ok
19:50:10.0312 3456 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:50:10.0578 3456 swmidi - ok
19:50:10.0593 3456 SwPrv - ok
19:50:10.0640 3456 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
19:50:10.0859 3456 symc810 - ok
19:50:10.0906 3456 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
19:50:11.0187 3456 symc8xx - ok
19:50:11.0234 3456 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
19:50:11.0484 3456 sym_hi - ok
19:50:11.0500 3456 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
19:50:11.0750 3456 sym_u3 - ok
19:50:11.0796 3456 [ 409F7EEB079D6154CCB26A02E6E27844 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
19:50:11.0953 3456 SynTP - ok
19:50:11.0968 3456 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:50:12.0234 3456 sysaudio - ok
19:50:12.0312 3456 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:50:12.0625 3456 SysmonLog - ok
19:50:12.0671 3456 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:50:12.0875 3456 TapiSrv - ok
19:50:12.0921 3456 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:50:13.0046 3456 Tcpip - ok
19:50:13.0156 3456 [ 4E53BBCC4BE37D7A4BD6EF1098C89FF7 ] Tcpip6 C:\WINDOWS\system32\DRIVERS\tcpip6.sys
19:50:13.0265 3456 Tcpip6 - ok
19:50:13.0312 3456 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:50:13.0562 3456 TDPIPE - ok
19:50:13.0593 3456 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:50:13.0859 3456 TDTCP - ok
19:50:13.0906 3456 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:50:14.0187 3456 TermDD - ok
19:50:14.0281 3456 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
19:50:14.0500 3456 TermService - ok
19:50:14.0531 3456 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
19:50:14.0562 3456 Themes - ok
19:50:14.0640 3456 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
19:50:14.0859 3456 TosIde - ok
19:50:14.0906 3456 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:50:15.0140 3456 TrkWks - ok
19:50:15.0187 3456 [ 8F861EDA21C05857EB8197300A92501C ] tunmp C:\WINDOWS\system32\DRIVERS\tunmp.sys
19:50:15.0437 3456 tunmp - ok
19:50:15.0515 3456 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:50:15.0812 3456 Udfs - ok
19:50:15.0875 3456 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
19:50:16.0031 3456 ultra - ok
19:50:16.0078 3456 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:50:16.0343 3456 Update - ok
19:50:16.0421 3456 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:50:16.0609 3456 upnphost - ok
19:50:16.0640 3456 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
19:50:17.0046 3456 UPS - ok
19:50:17.0109 3456 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:50:17.0375 3456 usbccgp - ok
19:50:17.0437 3456 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:50:17.0687 3456 usbehci - ok
19:50:17.0718 3456 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:50:18.0015 3456 usbhub - ok
19:50:18.0062 3456 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:50:18.0328 3456 USBSTOR - ok
19:50:18.0375 3456 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:50:18.0625 3456 usbuhci - ok
19:50:18.0656 3456 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:50:18.0984 3456 VgaSave - ok
19:50:19.0046 3456 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
19:50:19.0328 3456 viaagp - ok
19:50:19.0343 3456 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
19:50:19.0578 3456 ViaIde - ok
19:50:19.0593 3456 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:50:19.0875 3456 VolSnap - ok
19:50:20.0015 3456 [ 8576A595D3C7DBB8768BEEF50381A141 ] Vsdatant C:\WINDOWS\system32\vsdatant.sys
19:50:20.0343 3456 Vsdatant - ok
19:50:20.0375 3456 vsmon - ok
19:50:20.0437 3456 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
19:50:20.0640 3456 VSS - ok
19:50:20.0750 3456 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
19:50:20.0968 3456 W32Time - ok
19:50:21.0000 3456 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:50:21.0296 3456 Wanarp - ok
19:50:21.0375 3456 [ D918617B46457B9AC28027722E30F647 ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
19:50:21.0468 3456 Wdf01000 - ok
19:50:21.0468 3456 WDICA - ok
19:50:21.0500 3456 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:50:21.0796 3456 wdmaud - ok
19:50:21.0875 3456 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:50:22.0140 3456 WebClient - ok
19:50:22.0281 3456 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:50:22.0500 3456 winmgmt - ok
19:50:22.0578 3456 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUSB C:\WINDOWS\system32\DRIVERS\WinUSB.sys
19:50:22.0687 3456 WinUSB - ok
19:50:22.0718 3456 [ 051B1BDECD6DEE18C771B5D5EC7F044D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:50:22.0859 3456 WmdmPmSN - ok
19:50:22.0890 3456 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
19:50:23.0125 3456 WmiAcpi - ok
19:50:23.0203 3456 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:50:23.0562 3456 WmiApSrv - ok
19:50:23.0640 3456 [ 6BAB4DC65515A098505F8B3D01FB6FE5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
19:50:24.0281 3456 WMPNetworkSvc - ok
19:50:24.0312 3456 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:50:24.0546 3456 WS2IFSL - ok
19:50:24.0718 3456 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:50:24.0953 3456 wscsvc - ok
19:50:25.0015 3456 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:50:25.0312 3456 WSTCODEC - ok
19:50:25.0375 3456 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:50:25.0859 3456 wuauserv - ok
19:50:26.0125 3456 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:50:26.0343 3456 WudfPf - ok
19:50:26.0359 3456 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:50:26.0500 3456 WudfRd - ok
19:50:26.0531 3456 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
19:50:26.0609 3456 WudfSvc - ok
19:50:26.0687 3456 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:50:26.0984 3456 WZCSVC - ok
19:50:27.0046 3456 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:50:27.0328 3456 xmlprov - ok
19:50:27.0390 3456 ================ Scan global ===============================
19:50:27.0453 3456 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
19:50:27.0531 3456 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:50:27.0640 3456 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:50:27.0671 3456 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
19:50:27.0671 3456 [Global] - ok
19:50:27.0671 3456 ================ Scan MBR ==================================
19:50:27.0703 3456 [ 99852D5C3A78447C3D6D82B6155FE848 ] \Device\Harddisk0\DR0
19:50:35.0656 3456 \Device\Harddisk0\DR0 - ok
19:50:35.0656 3456 ================ Scan VBR ==================================
19:50:35.0687 3456 [ 9CA58B3AA437F57D94A6EBB7C10A9233 ] \Device\Harddisk0\DR0\Partition1
19:50:35.0687 3456 \Device\Harddisk0\DR0\Partition1 - ok
19:50:35.0687 3456 ================ Scan active images ========================
19:50:35.0703 3456 [ 8F861EDA21C05857EB8197300A92501C ] C:\WINDOWS\system32\drivers\tunmp.sys
19:50:35.0703 3456 C:\WINDOWS\system32\drivers\tunmp.sys - ok
19:50:35.0703 3456 [ 8C953733D8F36EB2133F5BB58808B66B ] C:\WINDOWS\system32\drivers\intelppm.sys
19:50:35.0703 3456 C:\WINDOWS\system32\drivers\intelppm.sys - ok
19:50:35.0718 3456 [ 0F6C187D38D98F8DF904589A5F94D411 ] C:\WINDOWS\system32\drivers\CmBatt.sys
19:50:35.0718 3456 C:\WINDOWS\system32\drivers\CmBatt.sys - ok
19:50:35.0734 3456 [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
19:50:35.0734 3456 C:\WINDOWS\system32\drivers\videoprt.sys - ok
19:50:35.0734 3456 [ 48846B31BE5A4FA662CCFDE7A1BA86B9 ] C:\WINDOWS\system32\drivers\igxpmp32.sys
19:50:35.0750 3456 C:\WINDOWS\system32\drivers\igxpmp32.sys - ok
19:50:35.0750 3456 [ 573C7D0A32852B48F3058CFD8026F511 ] C:\WINDOWS\system32\drivers\hdaudbus.sys
19:50:35.0750 3456 C:\WINDOWS\system32\drivers\hdaudbus.sys - ok
19:50:35.0765 3456 [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys
19:50:35.0765 3456 C:\WINDOWS\system32\drivers\usbport.sys - ok
19:50:35.0781 3456 [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys
19:50:35.0781 3456 C:\WINDOWS\system32\drivers\i8042prt.sys - ok
19:50:35.0781 3456 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
19:50:35.0781 3456 C:\WINDOWS\system32\drivers\usbehci.sys - ok
19:50:35.0796 3456 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] C:\WINDOWS\system32\drivers\usbuhci.sys
19:50:35.0796 3456 C:\WINDOWS\system32\drivers\usbuhci.sys - ok
19:50:35.0812 3456 [ 08D30AF92C270F2E76787C81589DBAD6 ] C:\WINDOWS\system32\drivers\DKbFltr.SYS
19:50:35.0812 3456 C:\WINDOWS\system32\drivers\DKbFltr.SYS - ok
19:50:35.0812 3456 [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
19:50:35.0812 3456 C:\WINDOWS\system32\drivers\kbdclass.sys - ok
19:50:35.0828 3456 [ 409F7EEB079D6154CCB26A02E6E27844 ] C:\WINDOWS\system32\drivers\SynTP.sys
19:50:35.0828 3456 C:\WINDOWS\system32\drivers\SynTP.sys - ok
19:50:35.0843 3456 [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
19:50:35.0843 3456 C:\WINDOWS\system32\drivers\usbd.sys - ok
19:50:35.0843 3456 [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
19:50:35.0843 3456 C:\WINDOWS\system32\drivers\mouclass.sys - ok
19:50:35.0859 3456 [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
19:50:35.0859 3456 C:\WINDOWS\system32\drivers\audstub.sys - ok
19:50:35.0875 3456 [ C42584FD66CE9E17403AEBCA199F7BDB ] C:\WINDOWS\system32\drivers\wmiacpi.sys
19:50:35.0875 3456 C:\WINDOWS\system32\drivers\wmiacpi.sys - ok
19:50:35.0875 3456 [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys
19:50:35.0875 3456 C:\WINDOWS\system32\drivers\ndistapi.sys - ok
19:50:35.0890 3456 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
19:50:35.0890 3456 C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
19:50:35.0906 3456 [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
19:50:35.0906 3456 C:\WINDOWS\system32\drivers\ndiswan.sys - ok
19:50:35.0906 3456 [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
19:50:35.0906 3456 C:\WINDOWS\system32\drivers\raspppoe.sys - ok
19:50:35.0921 3456 [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
19:50:35.0921 3456 C:\WINDOWS\system32\drivers\tdi.sys - ok
19:50:35.0921 3456 [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys
19:50:35.0921 3456 C:\WINDOWS\system32\drivers\psched.sys - ok
19:50:35.0937 3456 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
19:50:35.0937 3456 C:\WINDOWS\system32\drivers\raspptp.sys - ok
19:50:35.0953 3456 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
19:50:35.0953 3456 C:\WINDOWS\system32\drivers\msgpc.sys - ok
19:50:35.0953 3456 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
19:50:35.0953 3456 C:\WINDOWS\system32\drivers\ptilink.sys - ok
19:50:35.0968 3456 [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
19:50:35.0968 3456 C:\WINDOWS\system32\drivers\raspti.sys - ok
19:50:35.0984 3456 [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
19:50:35.0984 3456 C:\WINDOWS\system32\drivers\ks.sys - ok
19:50:35.0984 3456 [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
19:50:36.0000 3456 C:\WINDOWS\system32\drivers\termdd.sys - ok
19:50:36.0000 3456 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
19:50:36.0000 3456 C:\WINDOWS\system32\drivers\swenum.sys - ok
19:50:36.0015 3456 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
19:50:36.0015 3456 C:\WINDOWS\system32\drivers\update.sys - ok
19:50:36.0031 3456 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
19:50:36.0031 3456 C:\WINDOWS\system32\drivers\mssmbios.sys - ok
19:50:36.0031 3456 [ BED3A9F86A637CC6C2C5296CD82423D8 ] C:\WINDOWS\system32\drivers\ew_jubusenum.sys
19:50:36.0031 3456 C:\WINDOWS\system32\drivers\ew_jubusenum.sys - ok
19:50:36.0046 3456 [ D918617B46457B9AC28027722E30F647 ] C:\WINDOWS\system32\drivers\wdf01000.sys
19:50:36.0046 3456 C:\WINDOWS\system32\drivers\wdf01000.sys - ok
19:50:36.0062 3456 [ 399C974DDA25FD3E59F22BAB787F662B ] C:\WINDOWS\system32\drivers\wdfldr.sys
19:50:36.0062 3456 C:\WINDOWS\system32\drivers\wdfldr.sys - ok
19:50:36.0062 3456 [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys
19:50:36.0062 3456 C:\WINDOWS\system32\drivers\ndproxy.sys - ok
19:50:36.0078 3456 [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
19:50:36.0078 3456 C:\WINDOWS\system32\drivers\usbhub.sys - ok
19:50:36.0093 3456 [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
19:50:36.0093 3456 C:\WINDOWS\system32\drivers\drmk.sys - ok
19:50:36.0093 3456 [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys
19:50:36.0093 3456 C:\WINDOWS\system32\drivers\portcls.sys - ok
19:50:36.0109 3456 [ 19AFBB8427CE65042599555E578170DF ] C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:50:36.0109 3456 C:\WINDOWS\system32\drivers\RtkHDAud.sys - ok
19:50:36.0125 3456 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys
19:50:36.0125 3456 C:\WINDOWS\system32\drivers\fdc.sys - ok
19:50:36.0125 3456 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys
19:50:36.0125 3456 C:\WINDOWS\system32\drivers\flpydisk.sys - ok
19:50:36.0140 3456 [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
19:50:36.0140 3456 C:\WINDOWS\system32\drivers\sfloppy.sys - ok
19:50:36.0156 3456 [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys
19:50:36.0156 3456 C:\WINDOWS\system32\drivers\cdrom.sys - ok
19:50:36.0156 3456 [ 9368670BD426EBEA5E8B18A62416EC28 ] C:\WINDOWS\system32\drivers\i2omgmt.sys
19:50:36.0156 3456 C:\WINDOWS\system32\drivers\i2omgmt.sys - ok
19:50:36.0171 3456 [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
19:50:36.0171 3456 C:\WINDOWS\system32\drivers\cdaudio.sys - ok
19:50:36.0171 3456 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
19:50:36.0171 3456 C:\WINDOWS\system32\drivers\fs_rec.sys - ok
19:50:36.0187 3456 [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
19:50:36.0187 3456 C:\WINDOWS\system32\drivers\beep.sys - ok
19:50:36.0203 3456 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
19:50:36.0203 3456 C:\WINDOWS\system32\drivers\null.sys - ok
19:50:36.0218 3456 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
19:50:36.0218 3456 C:\WINDOWS\system32\drivers\vga.sys - ok
19:50:36.0218 3456 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
19:50:36.0218 3456 C:\WINDOWS\system32\drivers\mnmdd.sys - ok
19:50:36.0234 3456 [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
19:50:36.0234 3456 C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
19:50:36.0250 3456 [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
19:50:36.0250 3456 C:\WINDOWS\system32\drivers\msfs.sys - ok
19:50:36.0250 3456 [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
19:50:36.0250 3456 C:\WINDOWS\system32\drivers\npfs.sys - ok
19:50:36.0265 3456 [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
19:50:36.0265 3456 C:\WINDOWS\system32\drivers\ipsec.sys - ok
19:50:36.0281 3456 [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
19:50:36.0281 3456 C:\WINDOWS\system32\drivers\rasacd.sys - ok
19:50:36.0281 3456 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys
19:50:36.0281 3456 C:\WINDOWS\system32\drivers\tcpip.sys - ok
19:50:36.0296 3456 [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys
19:50:36.0296 3456 C:\WINDOWS\system32\drivers\ipnat.sys - ok
19:50:36.0312 3456 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
19:50:36.0312 3456 C:\WINDOWS\system32\drivers\netbt.sys - ok
19:50:36.0312 3456 [ 4E53BBCC4BE37D7A4BD6EF1098C89FF7 ] C:\WINDOWS\system32\drivers\tcpip6.sys
19:50:36.0312 3456 C:\WINDOWS\system32\drivers\tcpip6.sys - ok
19:50:36.0328 3456 [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
19:50:36.0328 3456 C:\WINDOWS\system32\drivers\wanarp.sys - ok
19:50:36.0343 3456 [ 3BB22519A194418D5FEC05D800A19AD0 ] C:\WINDOWS\system32\drivers\ip6fw.sys
19:50:36.0343 3456 C:\WINDOWS\system32\drivers\ip6fw.sys - ok
19:50:36.0343 3456 [ 8576A595D3C7DBB8768BEEF50381A141 ] C:\WINDOWS\system32\vsdatant.sys
19:50:36.0343 3456 C:\WINDOWS\system32\vsdatant.sys - ok
19:50:36.0359 3456 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] C:\WINDOWS\system32\drivers\ws2ifsl.sys
19:50:36.0359 3456 C:\WINDOWS\system32\drivers\ws2ifsl.sys - ok
19:50:36.0375 3456 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys
19:50:36.0375 3456 C:\WINDOWS\system32\drivers\afd.sys - ok
19:50:36.0375 3456 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
19:50:36.0375 3456 C:\WINDOWS\system32\drivers\netbios.sys - ok
19:50:36.0390 3456 [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
19:50:36.0390 3456 C:\WINDOWS\system32\drivers\rdbss.sys - ok
19:50:36.0406 3456 [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
19:50:36.0406 3456 C:\WINDOWS\system32\drivers\redbook.sys - ok
19:50:36.0406 3456 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
19:50:36.0406 3456 C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
19:50:36.0421 3456 [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
19:50:36.0421 3456 C:\WINDOWS\system32\drivers\fips.sys - ok
19:50:36.0437 3456 [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
19:50:36.0437 3456 C:\WINDOWS\system32\drivers\imapi.sys - ok
19:50:36.0437 3456 [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll
19:50:36.0437 3456 C:\WINDOWS\system32\ntdll.dll - ok
19:50:36.0453 3456 [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
19:50:36.0453 3456 C:\WINDOWS\system32\smss.exe - ok
19:50:36.0468 3456 [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe
19:50:36.0468 3456 C:\WINDOWS\system32\autochk.exe - ok
19:50:36.0468 3456 [ 173F317CE0DB8E21322E71B7E60A27E8 ] C:\WINDOWS\system32\drivers\usbccgp.sys
19:50:36.0468 3456 C:\WINDOWS\system32\drivers\usbccgp.sys - ok
19:50:36.0484 3456 [ 3E5D89099DED9E86E5639F411693218F ] C:\WINDOWS\system32\drivers\stream.sys
19:50:36.0484 3456 C:\WINDOWS\system32\drivers\stream.sys - ok
19:50:36.0500 3456 [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll
19:50:36.0500 3456 C:\WINDOWS\system32\sfcfiles.dll - ok
19:50:36.0500 3456 [ 0057F29323C393A35903B4C5DAF9A144 ] C:\WINDOWS\system32\drivers\sncduvc.sys
19:50:36.0500 3456 C:\WINDOWS\system32\drivers\sncduvc.sys - ok
19:50:36.0515 3456 [ 0302BC619D4A723317E7F8EB0C362BD3 ] C:\WINDOWS\system32\drivers\snp2uvc.sys
19:50:36.0515 3456 C:\WINDOWS\system32\drivers\snp2uvc.sys - ok
19:50:36.0531 3456 [ 1F40368DC40B17DE3FA0FBE8A9D82F9E ] C:\WINDOWS\system32\drivers\ewusbmdm.sys
19:50:36.0531 3456 C:\WINDOWS\system32\drivers\ewusbmdm.sys - ok
19:50:36.0531 3456 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] C:\WINDOWS\system32\drivers\modem.sys
19:50:36.0531 3456 C:\WINDOWS\system32\drivers\modem.sys - ok
19:50:36.0546 3456 [ A52794C010C6DF5B4BC70C4AB5E04088 ] C:\WINDOWS\system32\drivers\ewusbnet.sys
19:50:36.0546 3456 C:\WINDOWS\system32\drivers\ewusbnet.sys - ok
19:50:36.0562 3456 [ A32426D9B14A089EAA1D922E0C5801A9 ] C:\WINDOWS\system32\drivers\USBSTOR.SYS
19:50:36.0562 3456 C:\WINDOWS\system32\drivers\USBSTOR.SYS - ok
19:50:36.0562 3456 [ 96ECCF28FDBF1B2CC12725818A63628D ] C:\WINDOWS\system32\drivers\hidparse.sys
19:50:36.0562 3456 C:\WINDOWS\system32\drivers\hidparse.sys - ok
19:50:36.0578 3456 [ 1AF592532532A402ED7C060F6954004F ] C:\WINDOWS\system32\drivers\hidclass.sys
19:50:36.0578 3456 C:\WINDOWS\system32\drivers\hidclass.sys - ok
19:50:36.0593 3456 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] C:\WINDOWS\system32\drivers\hidusb.sys
19:50:36.0593 3456 C:\WINDOWS\system32\drivers\hidusb.sys - ok
19:50:36.0593 3456 [ B1C303E17FB9D46E87A98E4BA6769685 ] C:\WINDOWS\system32\drivers\mouhid.sys
19:50:36.0593 3456 C:\WINDOWS\system32\drivers\mouhid.sys - ok
19:50:36.0609 3456 [ 2F31B7F954BED437F2C75026C65CAF7B ] C:\WINDOWS\system32\drivers\wmilib.sys
19:50:36.0609 3456 C:\WINDOWS\system32\drivers\wmilib.sys - ok
19:50:36.0625 3456 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] C:\WINDOWS\system32\drivers\atapi.sys
19:50:36.0625 3456 C:\WINDOWS\system32\drivers\atapi.sys - ok
19:50:36.0625 3456 [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
19:50:36.0625 3456 C:\WINDOWS\system32\drivers\dxapi.sys - ok
19:50:36.0640 3456 [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
19:50:36.0640 3456 C:\WINDOWS\system32\watchdog.sys - ok
19:50:36.0656 3456 [ D6F934A361D7F0BE8271673988D4E7FD ] C:\WINDOWS\system32\win32k.sys
19:50:36.0656 3456 C:\WINDOWS\system32\win32k.sys - ok
19:50:36.0656 3456 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
19:50:36.0656 3456 C:\WINDOWS\system32\basesrv.dll - ok
19:50:36.0671 3456 [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\system32\csrsrv.dll
19:50:36.0671 3456 C:\WINDOWS\system32\csrsrv.dll - ok
19:50:36.0687 3456 [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
19:50:36.0687 3456 C:\WINDOWS\system32\csrss.exe - ok
19:50:36.0687 3456 [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll
19:50:36.0687 3456 C:\WINDOWS\system32\gdi32.dll - ok
19:50:36.0703 3456 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:50:36.0703 3456 C:\WINDOWS\system32\winsrv.dll - ok
19:50:36.0718 3456 [ B921FB870C9AC0D509B2CCABBBBE95F3 ] C:\WINDOWS\system32\kernel32.dll
19:50:36.0718 3456 C:\WINDOWS\system32\kernel32.dll - ok
19:50:36.0718 3456 [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
19:50:36.0718 3456 C:\WINDOWS\system32\user32.dll - ok
19:50:36.0734 3456 [ 012DF358CEBAA23ACB26D82077820817 ] C:\WINDOWS\system32\lpk.dll
19:50:36.0734 3456 C:\WINDOWS\system32\lpk.dll - ok
19:50:36.0734 3456 [ 9E03DC5AB51CFD0190541CE2038D819D ] C:\WINDOWS\system32\usp10.dll
19:50:36.0734 3456 C:\WINDOWS\system32\usp10.dll - ok
19:50:36.0750 3456 [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll
19:50:36.0750 3456 C:\WINDOWS\system32\advapi32.dll - ok
19:50:36.0765 3456 [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll
19:50:36.0765 3456 C:\WINDOWS\system32\rpcrt4.dll - ok
19:50:36.0765 3456 [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll
19:50:36.0765 3456 C:\WINDOWS\system32\secur32.dll - ok
19:50:36.0781 3456 [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
19:50:36.0781 3456 C:\WINDOWS\system32\drivers\dxg.sys - ok
19:50:36.0796 3456 [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
19:50:36.0796 3456 C:\WINDOWS\system32\drivers\dxgthk.sys - ok
19:50:36.0812 3456 [ 74DBB7ED3ABB6C9F0D8E1A2CCADDF4FB ] C:\WINDOWS\system32\igxpgd32.dll
19:50:36.0812 3456 C:\WINDOWS\system32\igxpgd32.dll - ok
19:50:36.0812 3456 [ C1A0DEB3A8E701D53C7B25A7735B9CD2 ] C:\WINDOWS\system32\igxprd32.dll
19:50:36.0812 3456 C:\WINDOWS\system32\igxprd32.dll - ok
19:50:36.0828 3456 [ CBAE8185F15210BE3F9E09F5BF14E94E ] C:\WINDOWS\system32\igxpdv32.dll
19:50:36.0828 3456 C:\WINDOWS\system32\igxpdv32.dll - ok
19:50:36.0843 3456 [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
19:50:36.0843 3456 C:\WINDOWS\system32\vga.dll - ok
19:50:36.0843 3456 [ 8BF96C13124872CC1054D7F8CC9F5A26 ] C:\WINDOWS\system32\igxpdx32.dll
19:50:36.0843 3456 C:\WINDOWS\system32\igxpdx32.dll - ok
19:50:36.0859 3456 [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
19:50:36.0859 3456 C:\WINDOWS\system32\authz.dll - ok
19:50:36.0859 3456 [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll
19:50:36.0859 3456 C:\WINDOWS\system32\msvcrt.dll - ok
19:50:36.0875 3456 [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe
19:50:36.0875 3456 C:\WINDOWS\system32\winlogon.exe - ok
19:50:36.0890 3456 [ 6BEE5D4EFF0A0341BCC4A462D81CCFC1 ] C:\WINDOWS\system32\crypt32.dll
19:50:36.0890 3456 C:\WINDOWS\system32\crypt32.dll - ok
19:50:36.0890 3456 [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll
19:50:36.0906 3456 C:\WINDOWS\system32\msasn1.dll - ok
19:50:36.0906 3456 [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll
19:50:36.0906 3456 C:\WINDOWS\system32\nddeapi.dll - ok
19:50:36.0921 3456 [ CAC752BF84DB4666ED3CE0948E6EA937 ] C:\WINDOWS\system32\netapi32.dll
19:50:36.0921 3456 C:\WINDOWS\system32\netapi32.dll - ok
19:50:36.0921 3456 [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll
19:50:36.0921 3456 C:\WINDOWS\system32\profmap.dll - ok
19:50:36.0937 3456 [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll
19:50:36.0937 3456 C:\WINDOWS\system32\userenv.dll - ok
19:50:36.0953 3456 [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll
19:50:36.0953 3456 C:\WINDOWS\system32\psapi.dll - ok
19:50:36.0953 3456 [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll
19:50:36.0953 3456 C:\WINDOWS\system32\regapi.dll - ok
19:50:36.0968 3456 [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll
19:50:36.0968 3456 C:\WINDOWS\system32\setupapi.dll - ok
19:50:36.0984 3456 [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll
19:50:36.0984 3456 C:\WINDOWS\system32\version.dll - ok
19:50:36.0984 3456 [ FFC01A72D1C25CCB39F61B202CE60819 ] C:\WINDOWS\system32\imagehlp.dll
19:50:36.0984 3456 C:\WINDOWS\system32\imagehlp.dll - ok
19:50:37.0000 3456 [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll
19:50:37.0000 3456 C:\WINDOWS\system32\winsta.dll - ok
19:50:37.0015 3456 [ D458B738B4C2CE33174CFB2CE12412DB ] C:\WINDOWS\system32\wintrust.dll
19:50:37.0015 3456 C:\WINDOWS\system32\wintrust.dll - ok
19:50:37.0015 3456 [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll
19:50:37.0015 3456 C:\WINDOWS\system32\imm32.dll - ok
19:50:37.0031 3456 [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll
19:50:37.0031 3456 C:\WINDOWS\system32\ws2help.dll - ok
19:50:37.0046 3456 [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll
19:50:37.0046 3456 C:\WINDOWS\system32\ws2_32.dll - ok
19:50:37.0046 3456 [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
19:50:37.0046 3456 C:\WINDOWS\system32\kbdus.dll - ok
19:50:37.0062 3456 [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll
19:50:37.0062 3456 C:\WINDOWS\system32\msgina.dll - ok
19:50:37.0062 3456 [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll
19:50:37.0078 3456 C:\WINDOWS\system32\comctl32.dll - ok
19:50:37.0078 3456 [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] C:\WINDOWS\system32\odbc32.dll
19:50:37.0078 3456 C:\WINDOWS\system32\odbc32.dll - ok
19:50:37.0093 3456 [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll
19:50:37.0093 3456 C:\WINDOWS\system32\comdlg32.dll - ok
19:50:37.0093 3456 [ 6843D54BC4A40CC8C5741AF750233D10 ] C:\WINDOWS\system32\shell32.dll
19:50:37.0109 3456 C:\WINDOWS\system32\shell32.dll - ok
19:50:37.0109 3456 [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll
19:50:37.0109 3456 C:\WINDOWS\system32\shlwapi.dll - ok
19:50:37.0125 3456 [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll
19:50:37.0125 3456 C:\WINDOWS\system32\sxs.dll - ok
19:50:37.0140 3456 [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-

Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
19:50:37.0140 3456 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202

\comctl32.dll - ok
19:50:37.0140 3456 [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll
19:50:37.0140 3456 C:\WINDOWS\system32\odbcint.dll - ok
19:50:37.0156 3456 [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\system32\shsvcs.dll
19:50:37.0156 3456 C:\WINDOWS\system32\shsvcs.dll - ok
19:50:37.0156 3456 [ 6BAD1BED9872E62049E487FB91AE2F3A ] C:\WINDOWS\system32\ole32.dll
19:50:37.0156 3456 C:\WINDOWS\system32\ole32.dll - ok
19:50:37.0171 3456 [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll
19:50:37.0171 3456 C:\WINDOWS\system32\sfc.dll - ok
19:50:37.0187 3456 [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll
19:50:37.0187 3456 C:\WINDOWS\system32\sfc_os.dll - ok
19:50:37.0187 3456 [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll
19:50:37.0187 3456 C:\WINDOWS\system32\apphelp.dll - ok
19:50:37.0203 3456 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
19:50:37.0203 3456 C:\WINDOWS\system32\services.exe - ok
19:50:37.0218 3456 [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] C:\WINDOWS\system32\lsasrv.dll
19:50:37.0218 3456 C:\WINDOWS\system32\lsasrv.dll - ok
19:50:37.0218 3456 [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe
19:50:37.0218 3456 C:\WINDOWS\system32\lsass.exe - ok
19:50:37.0234 3456 [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll
19:50:37.0234 3456 C:\WINDOWS\system32\msvcp60.dll - ok
19:50:37.0250 3456 [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll
19:50:37.0250 3456 C:\WINDOWS\system32\ncobjapi.dll - ok
19:50:37.0250 3456 [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll
19:50:37.0250 3456 C:\WINDOWS\system32\scesrv.dll - ok
19:50:37.0265 3456 [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll
19:50:37.0265 3456 C:\WINDOWS\system32\umpnpmgr.dll - ok
19:50:37.0281 3456 [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll
19:50:37.0281 3456 C:\WINDOWS\system32\mpr.dll - ok
19:50:37.0281 3456 [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll
19:50:37.0281 3456 C:\WINDOWS\system32\shimeng.dll - ok
19:50:37.0296 3456 [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\AcAdProc.dll
19:50:37.0296 3456 C:\WINDOWS\AppPatch\AcAdProc.dll - ok
19:50:37.0312 3456 [ 389496118B3B03C2328024AF320132AC ] C:\WINDOWS\system32\dnsapi.dll
19:50:37.0312 3456 C:\WINDOWS\system32\dnsapi.dll - ok
19:50:37.0312 3456 [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll
19:50:37.0312 3456 C:\WINDOWS\system32\ntdsapi.dll - ok
19:50:37.0328 3456 [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll
19:50:37.0328 3456 C:\WINDOWS\system32\wldap32.dll - ok
19:50:37.0343 3456 [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll
19:50:37.0343 3456 C:\WINDOWS\system32\samlib.dll - ok
19:50:37.0343 3456 [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll
19:50:37.0343 3456 C:\WINDOWS\system32\samsrv.dll - ok
19:50:37.0359 3456 [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\AcGenral.dll
19:50:37.0359 3456 C:\WINDOWS\AppPatch\AcGenral.dll - ok
19:50:37.0375 3456 [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll
19:50:37.0375 3456 C:\WINDOWS\system32\cryptdll.dll - ok
19:50:37.0375 3456 [ 1B2BE5777F69A71778F52FFEE1C798D6 ] C:\WINDOWS\system32\oleaut32.dll
19:50:37.0375 3456 C:\WINDOWS\system32\oleaut32.dll - ok
19:50:37.0390 3456 [ 4A953F13942867BA8FB41F141EC1B80C ] C:\WINDOWS\system32\winmm.dll
19:50:37.0390 3456 C:\WINDOWS\system32\winmm.dll - ok
19:50:37.0406 3456 [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll
19:50:37.0406 3456 C:\WINDOWS\system32\msacm32.dll - ok
19:50:37.0406 3456 [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll
19:50:37.0406 3456 C:\WINDOWS\system32\uxtheme.dll - ok
19:50:37.0421 3456 [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll
19:50:37.0421 3456 C:\WINDOWS\system32\msapsspc.dll - ok
19:50:37.0421 3456 [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll
19:50:37.0421 3456 C:\WINDOWS\system32\msvcrt40.dll - ok
19:50:37.0437 3456 [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll
19:50:37.0437 3456 C:\WINDOWS\system32\digest.dll - ok
19:50:37.0453 3456 [ 0F64207B49390C8063C36AE7CBF9C2DB ] C:\WINDOWS\system32\schannel.dll
19:50:37.0453 3456 C:\WINDOWS\system32\schannel.dll - ok
19:50:37.0453 3456 [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll
19:50:37.0453 3456 C:\WINDOWS\system32\msnsspc.dll - ok
19:50:37.0468 3456 [ A525C96C51D55111FDF3BEA9FFFFC7AE ] C:\WINDOWS\system32\kerberos.dll
19:50:37.0468 3456 C:\WINDOWS\system32\kerberos.dll - ok
19:50:37.0484 3456 [ 5733177BCF16EE78B99543C9B0AB81EA ] C:\WINDOWS\system32\MSCTFIME.IME
19:50:37.0484 3456 C:\WINDOWS\system32\MSCTFIME.IME - ok
19:50:37.0484 3456 [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
19:50:37.0484 3456 C:\WINDOWS\system32\msprivs.dll - ok
19:50:37.0500 3456 [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll
19:50:37.0500 3456 C:\WINDOWS\system32\iphlpapi.dll - ok
19:50:37.0515 3456 [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\system32\msv1_0.dll
19:50:37.0515 3456 C:\WINDOWS\system32\msv1_0.dll - ok
19:50:37.0515 3456 [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll
19:50:37.0515 3456 C:\WINDOWS\system32\netlogon.dll - ok
19:50:37.0531 3456 [ 1E644E3533DCE2B580A663AE1ACBD539 ] C:\WINDOWS\system32\atmfd.dll
19:50:37.0531 3456 C:\WINDOWS\system32\atmfd.dll - ok
19:50:37.0546 3456 [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll
19:50:37.0546 3456 C:\WINDOWS\system32\w32time.dll - ok
19:50:37.0546 3456 [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
19:50:37.0546 3456 C:\WINDOWS\system32\rsaenh.dll - ok
19:50:37.0562 3456 [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\system32\wdigest.dll
19:50:37.0562 3456 C:\WINDOWS\system32\wdigest.dll - ok
19:50:37.0578 3456 [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll
19:50:37.0578 3456 C:\WINDOWS\system32\winscard.dll - ok
19:50:37.0578 3456 [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll
19:50:37.0578 3456 C:\WINDOWS\system32\wtsapi32.dll - ok
19:50:37.0593 3456 [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll
19:50:37.0593 3456 C:\WINDOWS\system32\scecli.dll - ok
19:50:37.0609 3456 [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe
19:50:37.0609 3456 C:\WINDOWS\system32\svchost.exe - ok
19:50:37.0609 3456 [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll
19:50:37.0609 3456 C:\WINDOWS\system32\ntmarta.dll - ok
19:50:37.0625 3456 [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\system32\rpcss.dll
19:50:37.0625 3456 C:\WINDOWS\system32\rpcss.dll - ok
19:50:37.0640 3456 [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll
19:50:37.0640 3456 C:\WINDOWS\system32\xpsp2res.dll - ok
19:50:37.0640 3456 [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll
19:50:37.0640 3456 C:\WINDOWS\system32\eventlog.dll - ok
19:50:37.0656 3456 [ 943337D786A56729263071623BBB9DE5 ] C:\WINDOWS\system32\mswsock.dll
19:50:37.0656 3456 C:\WINDOWS\system32\mswsock.dll - ok
19:50:37.0671 3456 [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll
19:50:37.0671 3456 C:\WINDOWS\system32\hnetcfg.dll - ok
19:50:37.0671 3456 [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll
19:50:37.0671 3456 C:\WINDOWS\system32\wshtcpip.dll - ok
19:50:37.0687 3456 [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll
19:50:37.0687 3456 C:\WINDOWS\system32\winrnr.dll - ok
19:50:37.0687 3456 [ 60B8C0DB5A8E4D7B4712DF66D6FF2788 ] C:\WINDOWS\system32\wship6.dll
19:50:37.0687 3456 C:\WINDOWS\system32\wship6.dll - ok
19:50:37.0703 3456 [ 9AC7F31404F784753C4C04296E48CFAB ] C:\Program Files\Microsoft Security Client\MpSvc.dll
19:50:37.0703 3456 C:\Program Files\Microsoft Security Client\MpSvc.dll - ok
19:50:37.0718 3456 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] C:\Program Files\Microsoft Security Client\MsMpEng.exe
19:50:37.0718 3456 C:\Program Files\Microsoft Security Client\MsMpEng.exe - ok
19:50:37.0718 3456 [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll
19:50:37.0718 3456 C:\WINDOWS\system32\rasadhlp.dll - ok
19:50:37.0734 3456 [ 84204FDA617A3611D510A1DCBAE64004 ] C:\Program Files\Microsoft Security Client\MpClient.dll
19:50:37.0734 3456 C:\Program Files\Microsoft Security Client\MpClient.dll - ok
19:50:37.0750 3456 [ 2081A5B5E4ABA206A0A8A1A97DF0FB23 ] C:\WINDOWS\system32\logonui.exe
19:50:37.0750 3456 C:\WINDOWS\system32\logonui.exe - ok
19:50:37.0750 3456 [ 3D41A9326F0376FC73AF961DD23B1FB1 ] C:\WINDOWS\system32\duser.dll
19:50:37.0750 3456 C:\WINDOWS\system32\duser.dll - ok
19:50:37.0765 3456 [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll
19:50:37.0765 3456 C:\WINDOWS\system32\msimg32.dll - ok
19:50:37.0781 3456 [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\system32\oleacc.dll
19:50:37.0781 3456 C:\WINDOWS\system32\oleacc.dll - ok
19:50:37.0781 3456 [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll
19:50:37.0781 3456 C:\WINDOWS\system32\clbcatq.dll - ok
19:50:37.0796 3456 [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys
19:50:37.0796 3456 C:\WINDOWS\system32\drivers\ndisuio.sys - ok
19:50:37.0812 3456 [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll
19:50:37.0812 3456 C:\WINDOWS\system32\cscdll.dll - ok
19:50:37.0812 3456 [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll
19:50:37.0812 3456 C:\WINDOWS\system32\dhcpcsvc.dll - ok
19:50:37.0828 3456 [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll
19:50:37.0828 3456 C:\WINDOWS\system32\dimsntfy.dll - ok
19:50:37.0843 3456 [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll
19:50:37.0843 3456 C:\WINDOWS\system32\wlnotify.dll - ok
19:50:37.0843 3456 [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll
19:50:37.0843 3456 C:\WINDOWS\system32\comres.dll - ok
19:50:37.0859 3456 [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv
19:50:37.0859 3456 C:\WINDOWS\system32\winspool.drv - ok
19:50:37.0875 3456 [ E5EDBD51476DB5001ABF5C82AE5C3DD1 ] C:\WINDOWS\system32\shgina.dll
19:50:37.0875 3456 C:\WINDOWS\system32\shgina.dll - ok
19:50:37.0875 3456 [ 5F7E24FA9EAB896051FFB87F840730D2 ] C:\WINDOWS\system32\dnsrslvr.dll
19:50:37.0875 3456 C:\WINDOWS\system32\dnsrslvr.dll - ok
19:50:37.0890 3456 [ 7C29BC74635524E13FAA556A5FD48968 ] C:\Program Files\Microsoft Security Client\MpRTP.dll
19:50:37.0890 3456 C:\Program Files\Microsoft Security Client\MpRTP.dll - ok
19:50:37.0906 3456 [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll
19:50:37.0906 3456 C:\WINDOWS\system32\cryptsvc.dll - ok
19:50:37.0906 3456 [ A7DB739AE99A796D91580147E919CC59 ] C:\WINDOWS\system32\lmhsvc.dll
19:50:37.0906 3456 C:\WINDOWS\system32\lmhsvc.dll - ok
19:50:37.0921 3456 [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll
19:50:37.0921 3456 C:\WINDOWS\system32\certcli.dll - ok
19:50:37.0921 3456 [ 5D43C9A33F18C707BA169AFDA88BDF30 ] C:\WINDOWS\system32\fltlib.dll
19:50:37.0921 3456 C:\WINDOWS\system32\fltlib.dll - ok
19:50:37.0937 3456 [ 224FB925C641DA16CEB6D60F40CA4C75 ] C:\WINDOWS\system32\atl.dll
19:50:37.0937 3456 C:\WINDOWS\system32\atl.dll - ok
19:50:37.0953 3456 [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll
19:50:37.0953 3456 C:\WINDOWS\system32\cryptui.dll - ok
19:50:37.0953 3456 [ FF1C14BCA1A797CE45DD359FA2C9EDA8 ] C:\WINDOWS\system32\wininet.dll
19:50:37.0953 3456 C:\WINDOWS\system32\wininet.dll - ok
19:50:37.0968 3456 [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
19:50:37.0968 3456 C:\WINDOWS\system32\normaliz.dll - ok
19:50:37.0984 3456 [ 9371862D37E8F0AF21E4DEA95E867C39 ] C:\WINDOWS\system32\urlmon.dll
19:50:37.0984 3456 C:\WINDOWS\system32\urlmon.dll - ok
19:50:37.0984 3456 [ 0579CC3B95EDD1CE664A35E016F3DD58 ] C:\WINDOWS\system32\iertutil.dll
19:50:37.0984 3456 C:\WINDOWS\system32\iertutil.dll - ok
19:50:38.0000 3456 [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll
19:50:38.0000 3456 C:\WINDOWS\system32\esent.dll - ok
19:50:38.0015 3456 [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll
19:50:38.0015 3456 C:\WINDOWS\system32\riched20.dll - ok
19:50:38.0015 3456 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll
19:50:38.0015 3456 C:\WINDOWS\system32\wzcsvc.dll - ok
19:50:38.0031 3456 [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll
19:50:38.0031 3456 C:\WINDOWS\system32\eapolqec.dll - ok
19:50:38.0046 3456 [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll
19:50:38.0046 3456 C:\WINDOWS\system32\rtutils.dll - ok
19:50:38.0046 3456 [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll
19:50:38.0046 3456 C:\WINDOWS\system32\wmi.dll - ok
19:50:38.0062 3456 [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll
19:50:38.0062 3456 C:\WINDOWS\system32\dot3api.dll - ok
19:50:38.0078 3456 [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll
19:50:38.0078 3456 C:\WINDOWS\system32\qutil.dll - ok
19:50:38.0078 3456 [ 4A54B602854DFFE1C0BBFB2EEF52194F ] C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
19:50:38.0078 3456 C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe - ok
19:50:38.0093 3456 [ E64AAFF64FC90A953078AECD9DC8D2E2 ] C:\Program Files\CheckPoint\ZoneAlarm\vsdata.dll
19:50:38.0093 3456 C:\Program Files\CheckPoint\ZoneAlarm\vsdata.dll - ok
19:50:38.0109 3456 [ BC91C8F83A7D19684A2F98ECF46F6BF3 ] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll
19:50:38.0109 3456 C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll - ok
19:50:38.0109 3456 [ A39BE37C9237DB5F1990D61B268EA555 ] C:\WINDOWS\system32\rastls.dll
19:50:38.0109 3456 C:\WINDOWS\system32\rastls.dll - ok
19:50:38.0125 3456 [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll
19:50:38.0125 3456 C:\WINDOWS\system32\activeds.dll - ok
19:50:38.0140 3456 [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll
19:50:38.0140 3456 C:\WINDOWS\system32\mprapi.dll - ok
19:50:38.0156 3456 [ 871F979D70414C900B35E56222932DAF ]

C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
19:50:38.0156 3456 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll - ok
19:50:38.0171 3456 [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll
19:50:38.0171 3456 C:\WINDOWS\system32\adsldpc.dll - ok
19:50:38.0171 3456 [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll
19:50:38.0171 3456 C:\WINDOWS\system32\rasapi32.dll - ok
19:50:38.0187 3456 [ 4D03CA609E68F4C90CF66515218017F8 ]

C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
19:50:38.0187 3456 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll - ok
19:50:38.0203 3456 [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll
19:50:38.0203 3456 C:\WINDOWS\system32\rasman.dll - ok
19:50:38.0218 3456 [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll
19:50:38.0218 3456 C:\WINDOWS\system32\tapi32.dll - ok
19:50:38.0218 3456 [ 56CE97FF94B7662A300D359CD6F4D601 ] C:\WINDOWS\system32\raschap.dll
19:50:38.0218 3456 C:\WINDOWS\system32\raschap.dll - ok
19:50:38.0234 3456 [ 5A62AC5AD0613DC6CAEFDAC58857FF36 ] C:\Program Files\CheckPoint\ZoneAlarm\vsutil.dll
19:50:38.0234 3456 C:\Program Files\CheckPoint\ZoneAlarm\vsutil.dll - ok
19:50:38.0250 3456 [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll
19:50:38.0250 3456 C:\WINDOWS\system32\wsock32.dll - ok
19:50:38.0250 3456 [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll
19:50:38.0250 3456 C:\WINDOWS\system32\cscui.dll - ok
19:50:38.0265 3456 [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll
19:50:38.0265 3456 C:\WINDOWS\system32\powrprof.dll - ok
19:50:38.0281 3456 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll
19:50:38.0281 3456 C:\WINDOWS\system32\netman.dll - ok
19:50:38.0281 3456 [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll
19:50:38.0281 3456 C:\WINDOWS\system32\netshell.dll - ok
19:50:38.0296 3456 [ 3E2F3E2F4A82B7FAE23BAB864FB0F837 ] C:\WINDOWS\system32\dpcdll.dll
19:50:38.0296 3456 C:\WINDOWS\system32\dpcdll.dll - ok
19:50:38.0312 3456 [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll
19:50:38.0312 3456 C:\WINDOWS\system32\credui.dll - ok
19:50:38.0312 3456 [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll
19:50:38.0312 3456 C:\WINDOWS\system32\dot3dlg.dll - ok
19:50:38.0328 3456 [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll
19:50:38.0328 3456 C:\WINDOWS\system32\onex.dll - ok
19:50:38.0343 3456 [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll
19:50:38.0343 3456 C:\WINDOWS\system32\eappcfg.dll - ok
19:50:38.0343 3456 [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll
19:50:38.0343 3456 C:\WINDOWS\system32\eappprxy.dll - ok
19:50:38.0359 3456 [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll
19:50:38.0359 3456 C:\WINDOWS\system32\wzcsapi.dll - ok
19:50:38.0375 3456 [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe
19:50:38.0375 3456 C:\WINDOWS\system32\userinit.exe - ok
19:50:38.0375 3456 [ DD072705435259D5ABB5D7E0C348EB35 ] C:\Program Files\CheckPoint\ZoneAlarm\dbghelp.dll
19:50:38.0375 3456 C:\Program Files\CheckPoint\ZoneAlarm\dbghelp.dll - ok
19:50:38.0390 3456 [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe
19:50:38.0390 3456 C:\WINDOWS\explorer.exe - ok
19:50:38.0406 3456 [ E392E172687BE172F8600C5F41AB03D9 ] C:\WINDOWS\system32\browseui.dll
19:50:38.0406 3456 C:\WINDOWS\system32\browseui.dll - ok
19:50:38.0406 3456 [ 66F67AA5A830BAED4CBBB00032AB0514 ] C:\Program Files\CheckPoint\ZoneAlarm\icslta.dll
19:50:38.0406 3456 C:\Program Files\CheckPoint\ZoneAlarm\icslta.dll - ok
19:50:38.0421 3456 [ 576E2368C04E61B208B81174665368EF ] C:\Program Files\CheckPoint\ZoneAlarm\ssleay32.dll
19:50:38.0421 3456 C:\Program Files\CheckPoint\ZoneAlarm\ssleay32.dll - ok
19:50:38.0421 3456 [ 1868EFA845C0078BF74A49D5F0AE3FD1 ] C:\Program Files\CheckPoint\ZoneAlarm\vsdb.dll
19:50:38.0421 3456 C:\Program Files\CheckPoint\ZoneAlarm\vsdb.dll - ok
19:50:38.0437 3456 [ 26CB10FA893F940AB09713FF46DCDADE ] C:\WINDOWS\system32\shdocvw.dll
19:50:38.0437 3456 C:\WINDOWS\system32\shdocvw.dll - ok
19:50:38.0453 3456 [ 2384D41A82B4CAD6196302CAF25291E1 ] C:\Program Files\CheckPoint\ZoneAlarm\vsxml.dll
19:50:38.0453 3456 C:\Program Files\CheckPoint\ZoneAlarm\vsxml.dll - ok
19:50:38.0453 3456 [ 04BB203851F00BFA6F31852AE0A77E23 ] C:\Program Files\CheckPoint\ZoneAlarm\fbl.dll
19:50:38.0453 3456 C:\Program Files\CheckPoint\ZoneAlarm\fbl.dll - ok
19:50:38.0468 3456 [ F53D6613AF5A4F3C03AC7732B81A28BC ] C:\Program Files\CheckPoint\ZoneAlarm\featuremap.dll
19:50:38.0468 3456 C:\Program Files\CheckPoint\ZoneAlarm\featuremap.dll - ok
19:50:38.0484 3456 [ 66D2866E6F2A2F90AF231F68DCA681B3 ] C:\Program Files\CheckPoint\ZoneAlarm\vswmi.dll
19:50:38.0484 3456 C:\Program Files\CheckPoint\ZoneAlarm\vswmi.dll - ok
19:50:38.0484 3456 [ BDFBFE7373539912B3D7EE6DC6FE0ADD ] C:\Program Files\CheckPoint\ZoneAlarm\zlcomm.dll
19:50:38.0484 3456 C:\Program Files\CheckPoint\ZoneAlarm\zlcomm.dll - ok
19:50:38.0500 3456 [ F00C0FB6EB554A523CF73C7BA595F195 ] C:\Program Files\CheckPoint\ZoneAlarm\zlcommdb.dll
19:50:38.0500 3456 C:\Program Files\CheckPoint\ZoneAlarm\zlcommdb.dll - ok
19:50:38.0515 3456 [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl
19:50:38.0515 3456 C:\WINDOWS\system32\desk.cpl - ok
19:50:38.0515 3456 [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll
19:50:38.0515 3456 C:\WINDOWS\system32\themeui.dll - ok
19:50:38.0531 3456 [ 380D0B2B017D808493AC8B67AAC00635 ] C:\Program Files\CheckPoint\ZoneAlarm\vsruledb.dll
19:50:38.0531 3456 C:\Program Files\CheckPoint\ZoneAlarm\vsruledb.dll - ok
19:50:38.0546 3456 [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys
19:50:38.0546 3456 C:\WINDOWS\system32\drivers\cdfs.sys - ok
19:50:38.0562 3456 [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe
19:50:38.0562 3456 C:\WINDOWS\system32\cmd.exe - ok
19:50:38.0562 3456 [ D573DEB87CB2DF4E5116D2A4E284EAB4 ] C:\WINDOWS\system32\ieframe.dll
19:50:38.0562 3456 C:\WINDOWS\system32\ieframe.dll - ok
19:50:38.0578 3456 [ 0994F62F1ADE63C9C2E506DBECF53EE6 ] C:\Program Files\CheckPoint\ZoneAlarm\vsvault.dll
19:50:38.0578 3456 C:\Program Files\CheckPoint\ZoneAlarm\vsvault.dll - ok
19:50:38.0593 3456 [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll
19:50:38.0593 3456 C:\WINDOWS\system32\cryptnet.dll - ok
19:50:38.0593 3456 [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll
19:50:38.0593 3456 C:\WINDOWS\system32\sensapi.dll - ok
19:50:38.0609 3456 [ 684559A03CBC1D05BA120A18B0D8BA5D ] C:\WINDOWS\system32\winhttp.dll
19:50:38.0609 3456 C:\WINDOWS\system32\winhttp.dll - ok
19:50:38.0625 3456 [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll
19:50:38.0625 3456 C:\WINDOWS\system32\cabinet.dll - ok
19:50:38.0625 3456 [ 09DEF3ABB6A196749299359AC5578DD8 ] C:\WINDOWS\system32\msxml4.dll
19:50:38.0625 3456 C:\WINDOWS\system32\msxml4.dll - ok
19:50:38.0640 3456 [ E54ABB1ACCF730C171C83C88C8BABC25 ] C:\Program Files\CheckPoint\ZoneAlarm\scheduler.dll
19:50:38.0640 3456 C:\Program Files\CheckPoint\ZoneAlarm\scheduler.dll - ok
19:50:38.0656 3456 [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll
19:50:38.0656 3456 C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
19:50:38.0656 3456 [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll
19:50:38.0656 3456 C:\WINDOWS\system32\wbem\wbemprox.dll - ok
19:50:38.0671 3456 [ CC8D429C759E7CFA6AA20F4FDDD7100C ] C:\Program Files\CheckPoint\ZoneAlarm\zlupdate.dll
19:50:38.0671 3456 C:\Program Files\CheckPoint\ZoneAlarm\zlupdate.dll - ok
19:50:38.0671 3456 [ B6A3033B50564A56C738EAF230722D69 ] C:\Program Files\CheckPoint\ZoneAlarm\zdx.dll
19:50:38.0671 3456 C:\Program Files\CheckPoint\ZoneAlarm\zdx.dll - ok
19:50:38.0687 3456 [ 6ED8D475BF2F950F3262942F630B3A20 ] C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
19:50:38.0687 3456 C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys - ok
19:50:38.0703 3456 [ 8A698B79EDF2BA40E42ADD764F43FAA7 ] C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
19:50:38.0703 3456 C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe - ok
19:50:38.0703 3456 [ 1169436EE42F860C7DB37A4692B38F0E ]

C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
19:50:38.0703 3456 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll - ok
19:50:38.0718 3456 [ 8C53CCD787C381CD535D8DCCA12584D8 ]

C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
19:50:38.0718 3456 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll - ok
19:50:38.0734 3456 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll
19:50:38.0734 3456 C:\WINDOWS\system32\schedsvc.dll - ok
19:50:38.0750 3456 [ BC3C5C6EA950FE21B2E62F90EC87E829 ] C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll
19:50:38.0750 3456 C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll - ok
19:50:38.0750 3456 [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll
19:50:38.0750 3456 C:\WINDOWS\system32\msidle.dll - ok
19:50:38.0765 3456 [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\system32\spoolsv.exe
19:50:38.0765 3456 C:\WINDOWS\system32\spoolsv.exe - ok
19:50:38.0781 3456 [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll
19:50:38.0781 3456 C:\WINDOWS\system32\audiosrv.dll - ok
19:50:38.0781 3456 [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\system32\wkssvc.dll
19:50:38.0781 3456 C:\WINDOWS\system32\wkssvc.dll - ok
19:50:38.0796 3456 [ 037B1E7798960E0420003D05BB577EE6 ] C:\WINDOWS\system32\rundll32.exe
19:50:38.0796 3456 C:\WINDOWS\system32\rundll32.exe - ok
19:50:38.0812 3456 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] C:\WINDOWS\system32\drivers\mrxdav.sys
19:50:38.0812 3456 C:\WINDOWS\system32\drivers\mrxdav.sys - ok
19:50:38.0812 3456 [ CC01BF9AFD6F446452F22677CF613145 ] C:\Program Files\Microsoft Fix it Center\MatsApi.dll
19:50:38.0812 3456 C:\Program Files\Microsoft Fix it Center\MatsApi.dll - ok
19:50:38.0828 3456 [ B921FB870C9AC0D509B2CCABBBBE95F3 ] C:\WINDOWS\Temp\IswTmp\WH\0
19:50:38.0828 3456 C:\WINDOWS\Temp\IswTmp\WH\0 - ok
19:50:38.0843 3456 [ 77A354E28153AD2D5E120A5A8687BC06 ] C:\WINDOWS\system32\webclnt.dll
19:50:38.0843 3456 C:\WINDOWS\system32\webclnt.dll - ok
19:50:38.0843 3456 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\system32\drivers\serial.sys
19:50:38.0843 3456 C:\WINDOWS\system32\drivers\serial.sys - ok
19:50:38.0859 3456 [ BC93B4A066477954555966D77FEC9ECB ] C:\WINDOWS\system32\ersvc.dll
19:50:38.0859 3456 C:\WINDOWS\system32\ersvc.dll - ok
19:50:38.0875 3456 [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\system32\es.dll
19:50:38.0875 3456 C:\WINDOWS\system32\es.dll - ok
19:50:38.0875 3456 [ 0CFB220B912F3E1E299C9D4113F07B69 ] C:\WINDOWS\system32\FsUsbExService.Exe
19:50:38.0875 3456 C:\WINDOWS\system32\FsUsbExService.Exe - ok
19:50:38.0890 3456 [ 0B467F470CC9918FDCEEDCFD7DC4D697 ] C:\WINDOWS\system32\oledlg.dll
19:50:38.0890 3456 C:\WINDOWS\system32\oledlg.dll - ok
19:50:38.0906 3456 [ 5652F6CE1D9E9D8068B9D29BC21B5409 ] C:\WINDOWS\system32\olepro32.dll
19:50:38.0906 3456 C:\WINDOWS\system32\olepro32.dll - ok
19:50:38.0906 3456 [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv
19:50:38.0906 3456 C:\WINDOWS\system32\wdmaud.drv - ok
19:50:38.0921 3456 [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys
19:50:38.0921 3456 C:\WINDOWS\system32\drivers\wdmaud.sys - ok
19:50:38.0921 3456 [ 72233914DA4764DB055513AFDAF3353C ] C:\Program Files\CheckPoint\ZAForceField\iswrcs.dll
19:50:38.0937 3456 C:\Program Files\CheckPoint\ZAForceField\iswrcs.dll - ok
19:50:38.0937 3456 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys
19:50:38.0937 3456 C:\WINDOWS\system32\drivers\sysaudio.sys - ok
19:50:38.0953 3456 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys
19:50:38.0953 3456 C:\WINDOWS\system32\drivers\splitter.sys - ok
19:50:38.0968 3456 [ 59862958A64BE13AFBCD5E3E475A4135 ] C:\Program Files\CheckPoint\ZAForceField\ZDXUI.dll
19:50:38.0968 3456 C:\Program Files\CheckPoint\ZAForceField\ZDXUI.dll - ok
19:50:38.0968 3456 [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys
19:50:38.0968 3456 C:\WINDOWS\system32\drivers\aec.sys - ok
19:50:38.0984 3456 [ 03D806901C1119528265171886932530 ] C:\Program Files\CheckPoint\ZAForceField\FFApi.dll
19:50:38.0984 3456 C:\Program Files\CheckPoint\ZAForceField\FFApi.dll - ok
19:50:39.0000 3456 [ 506708142BC63DABA64F2D3AD1DCD5BF ] C:\Program Files\Google\Update\GoogleUpdate.exe
19:50:39.0000 3456 C:\Program Files\Google\Update\GoogleUpdate.exe - ok
19:50:39.0000 3456 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys
19:50:39.0000 3456 C:\WINDOWS\system32\drivers\swmidi.sys - ok
19:50:39.0015 3456 [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\DMusic.sys
19:50:39.0015 3456 C:\WINDOWS\system32\drivers\DMusic.sys - ok
19:50:39.0031 3456 [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys
19:50:39.0031 3456 C:\WINDOWS\system32\drivers\kmixer.sys - ok
19:50:39.0031 3456 [ 5480D7F36A998CA8C1BFD1079F94AD6D ] C:\Program Files\CheckPoint\ZAForceField\ISWUILib.dll
19:50:39.0031 3456 C:\Program Files\CheckPoint\ZAForceField\ISWUILib.dll - ok
19:50:39.0046 3456 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys
19:50:39.0046 3456 C:\WINDOWS\system32\drivers\drmkaud.sys - ok
19:50:39.0062 3456 [ 9FF47CD8A3787C8FD3CDFE40441C722E ] C:\Program Files\Google\Update\1.3.21.123\goopdate.dll
19:50:39.0062 3456 C:\Program Files\Google\Update\1.3.21.123\goopdate.dll - ok
19:50:39.0062 3456 [ 80776884E7A05D6DA5040926F82B0273 ]

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
19:50:39.0062 3456 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154

\GdiPlus.dll - ok
19:50:39.0078 3456 [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
19:50:39.0078 3456 C:\WINDOWS\system32\msacm32.drv - ok
19:50:39.0093 3456 [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll
19:50:39.0093 3456 C:\WINDOWS\system32\midimap.dll - ok
19:50:39.0109 3456 [ D3F72D50DE53F9F1F55240115AF4D42E ] C:\WINDOWS\system32\msi.dll
19:50:39.0109 3456 C:\WINDOWS\system32\msi.dll - ok
19:50:39.0109 3456 [ 1A3FB4E84D8FE3801BE6B2220F1E38C4 ] C:\Program Files\CheckPoint\ZAForceField\Zdx.dll
19:50:39.0109 3456 C:\Program Files\CheckPoint\ZAForceField\Zdx.dll - ok
19:50:39.0125 3456 [ 36BF37CF5FE0CC87AD3C56D0531F55B2 ] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll
19:50:39.0125 3456 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll - ok
19:50:39.0140 3456 [ 1D83D94C269C8886C2DA584C3165418C ] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWMENUS.dll
19:50:39.0140 3456 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWMENUS.dll - ok
19:50:39.0140 3456 [ B6E6F3F5B63053D5DC1F4EE32992492F ] C:\WINDOWS\system32\dbghelp.dll
19:50:39.0140 3456 C:\WINDOWS\system32\dbghelp.dll - ok
19:50:39.0156 3456 [ AAD40F7C75D888AAFE2A0D3875A5A9C0 ] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSTATS.dll
19:50:39.0156 3456 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSTATS.dll - ok
19:50:39.0171 3456 [ E6019253451DBB67740F7027AD9E1CB5 ] C:\Program Files\Real\RealUpgrade\realupgrade.exe
19:50:39.0171 3456 C:\Program Files\Real\RealUpgrade\realupgrade.exe - ok
19:50:39.0171 3456 [ 3F994A6CF62AA8ED7B82CBE8AD7BE810 ] C:\Program Files\Real\RealUpgrade\Common\hxmedpltfm.dll
19:50:39.0171 3456 C:\Program Files\Real\RealUpgrade\Common\hxmedpltfm.dll - ok
19:50:39.0187 3456 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
19:50:39.0187 3456 C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
19:50:39.0187 3456 [ 213822072085B5BBAD9AF30AB577D817 ] C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
19:50:39.0187 3456 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe - ok
19:50:39.0203 3456 [ C19C224CB4F457BB9591757AADB8C47E ] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSPYSCAN.dll
19:50:39.0203 3456 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSPYSCAN.dll - ok
19:50:39.0218 3456 [ B591E761161D1EF547D76EF236EAA6A5 ] C:\Program Files\Java\jre7\bin\jqs.exe
19:50:39.0218 3456 C:\Program Files\Java\jre7\bin\jqs.exe - ok
19:50:39.0234 3456 [ 67EC459E42D3081DD8FD34356F7CAFC1 ] C:\Program Files\Java\jre7\bin\msvcr100.dll
19:50:39.0234 3456 C:\Program Files\Java\jre7\bin\msvcr100.dll - ok
19:50:39.0234 3456 [ 27DB3CEB88A1EF2BE1E193A05964973C ] C:\Program Files\Real\RealUpgrade\Plugins\upgrade.dll
19:50:39.0234 3456 C:\Program Files\Real\RealUpgrade\Plugins\upgrade.dll - ok
19:50:39.0250 3456 [ 62CF83A6989312A0DD39BBFFB3D1C166 ] C:\WINDOWS\system32\pdh.dll
19:50:39.0250 3456 C:\WINDOWS\system32\pdh.dll - ok
19:50:39.0265 3456 [ BE2B617CCE84F74B437E4B4A1ACDBB81 ] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll
19:50:39.0265 3456 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll - ok
19:50:39.0265 3456 [ 369F7B1A4F358B976176556A1A331F36 ] C:\WINDOWS\system32\odbcbcp.dll
19:50:39.0265 3456 C:\WINDOWS\system32\odbcbcp.dll - ok
19:50:39.0281 3456 [ C524A23C91323D0BC8353BDB18D06FB4 ] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWUPD.dll
19:50:39.0281 3456 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWUPD.dll - ok
19:50:39.0296 3456 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] C:\WINDOWS\system32\srvsvc.dll
19:50:39.0296 3456 C:\WINDOWS\system32\srvsvc.dll - ok
19:50:39.0296 3456 [ 38106C7BD34EAE89D2769AC0BA2E846B ] C:\Program Files\Mobilicity Connect\UpdateDog\ouc.exe
19:50:39.0296 3456 C:\Program Files\Mobilicity Connect\UpdateDog\ouc.exe - ok
19:50:39.0312 3456 [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
19:50:39.0312 3456 C:\WINDOWS\system32\netmsg.dll - ok
19:50:39.0328 3456 [ DBDA60D92E774B4ACB3B1CD71F909426 ] C:\Program Files\Mobilicity Connect\UpdateDog\mingwm10.dll
19:50:39.0328 3456 C:\Program Files\Mobilicity Connect\UpdateDog\mingwm10.dll - ok
19:50:39.0328 3456 [ AE5A69F44C1F97EDC83237FC0B29B6FB ] C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
19:50:39.0328 3456 C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe - ok
19:50:39.0343 3456 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] C:\WINDOWS\system32\drivers\srv.sys
19:50:39.0343 3456 C:\WINDOWS\system32\drivers\srv.sys - ok
19:50:39.0359 3456 [ C4B4409F186DA70FCF2BCC60D5F05489 ] C:\Program Files\Mobilicity Connect\UpdateDog\libgcc_s_dw2-1.dll
19:50:39.0359 3456 C:\Program Files\Mobilicity Connect\UpdateDog\libgcc_s_dw2-1.dll - ok
19:50:39.0359 3456 [ 4044E880593FE1AC9942190FCE414BE7 ] C:\WINDOWS\system32\mstask.dll
19:50:39.0359 3456 C:\WINDOWS\system32\mstask.dll - ok
19:50:39.0375 3456 [ FB398D88FF38A97E069E9DFB44D84FC6 ] C:\Program Files\Mobilicity Connect\UpdateDog\QtCore4.dll
19:50:39.0375 3456 C:\Program Files\Mobilicity Connect\UpdateDog\QtCore4.dll - ok
19:50:39.0390 3456 [ 7CE06A2A9A9A909FC9B0CDD157D4FF7D ] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
19:50:39.0390 3456 C:\Program Files\CheckPoint\ZAForceField\ForceField.exe - ok
19:50:39.0406 3456 [ A58BC88BD84D6D2325CA2475F94AFA37 ] C:\Program Files\Mobilicity Connect\UpdateDog\QtNetwork4.dll
19:50:39.0406 3456 C:\Program Files\Mobilicity Connect\UpdateDog\QtNetwork4.dll - ok
19:50:39.0406 3456 [ ACDAFCD14EC0ECE89198503746A5C147 ] C:\WINDOWS\system32\perfos.dll
19:50:39.0406 3456 C:\WINDOWS\system32\perfos.dll - ok
19:50:39.0421 3456 [ 1715E6502A72FF2AA06EDF114ADA7CD9 ] C:\Program

Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustChecker.dll
19:50:39.0421 3456 C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustChecker.dll - ok
19:50:39.0421 3456 [ ABFB673B24A9B3287761D497529FB5B9 ] C:\WINDOWS\system32\perfdisk.dll
19:50:39.0421 3456 C:\WINDOWS\system32\perfdisk.dll - ok
19:50:39.0437 3456 [ AEFD5E1D91B86AB41D9705600303F34E ] C:\Documents and Settings\All Users\Application

Data\Microsoft\Microsoft Antimalware\Definition Updates\{76EA3268-AF71-40CF-9D48-D5F077FD3999}\mpengine.dll
19:50:39.0437 3456 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition

Updates\{76EA3268-AF71-40CF-9D48-D5F077FD3999}\mpengine.dll - ok
19:50:39.0453 3456 [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll
19:50:39.0453 3456 C:\WINDOWS\system32\spoolss.dll - ok
19:50:39.0453 3456 [ 5677DFE438EC1F009273FC84FEED6B10 ] C:\WINDOWS\system32\localspl.dll
19:50:39.0453 3456 C:\WINDOWS\system32\localspl.dll - ok
19:50:39.0468 3456 [ B921FB870C9AC0D509B2CCABBBBE95F3 ] C:\Documents and Settings\4\Local Settings\Temp\IswTmp\WH\0
19:50:39.0468 3456 C:\Documents and Settings\4\Local Settings\Temp\IswTmp\WH\0 - ok
19:50:39.0484 3456 [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll
19:50:39.0484 3456 C:\WINDOWS\system32\cnbjmon.dll - ok
19:50:39.0500 3456 [ BDB83C844EDEC9BD01A94750D2C38DDF ] C:\WINDOWS\system32\fxsevent.dll
19:50:39.0500 3456 C:\WINDOWS\system32\fxsevent.dll - ok
19:50:39.0500 3456 [ CC6292CA575E851E5B74BF8883AB967A ] C:\WINDOWS\system32\fxsmon.dll
19:50:39.0500 3456 C:\WINDOWS\system32\fxsmon.dll - ok
19:50:39.0515 3456 [ C52CE534397E1D3A442FB4C88A3CBE42 ] C:\WINDOWS\system32\msonpmon.dll
19:50:39.0515 3456 C:\WINDOWS\system32\msonpmon.dll - ok
19:50:39.0515 3456 [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll
19:50:39.0531 3456 C:\WINDOWS\system32\pjlmon.dll - ok
19:50:39.0531 3456 [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll
19:50:39.0531 3456 C:\WINDOWS\system32\tcpmon.dll - ok
19:50:39.0546 3456 [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll
19:50:39.0546 3456 C:\WINDOWS\system32\usbmon.dll - ok
19:50:39.0562 3456 [ EEE7F12D9FF46F68FBC0DA059A359E9E ] C:\WINDOWS\system32\spool\prtprocs\w32x86

\filterpipelineprintproc.dll
19:50:39.0562 3456 C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok
19:50:39.0562 3456 [ F348280907B38FDBDB3CEF55D456E149 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
19:50:39.0562 3456 C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll - ok
19:50:39.0578 3456 [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll
19:50:39.0578 3456 C:\WINDOWS\system32\win32spl.dll - ok
19:50:39.0593 3456 [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll
19:50:39.0593 3456 C:\WINDOWS\system32\netrap.dll - ok
19:50:39.0593 3456 [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll
19:50:39.0593 3456 C:\WINDOWS\system32\inetpp.dll - ok
19:50:39.0609 3456 [ 9A0E983BF1DD6B9C1CF9CA830D1FF3FE ] C:\Program Files\CheckPoint\ZAForceField\ISWUL_MIN\ISWUL.dll
19:50:39.0609 3456 C:\Program Files\CheckPoint\ZAForceField\ISWUL_MIN\ISWUL.dll - ok
19:50:39.0625 3456 [ E267833D8A4AF20E90274502588B5CD9 ] C:\Program Files\CheckPoint\ZAForceField\Plugins\updating.dll
19:50:39.0625 3456 C:\Program Files\CheckPoint\ZAForceField\Plugins\updating.dll - ok
19:50:39.0625 3456 [ 705A06FCFB25801A40A66B7FE0E4C4BA ] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
19:50:39.0625 3456 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll - ok
19:50:39.0640 3456 [ 31AD46E8873309E7D08B0DDB7543D33C ] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWHRPLG.dll
19:50:39.0640 3456 C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWHRPLG.dll - ok
19:50:39.0656 3456 [ 9A6A8733E19C673322A8DBBE7EA45D3F ] C:\Program Files\CheckPoint\ZAForceField\Plugins\SiteChecker.dll
19:50:39.0656 3456 C:\Program Files\CheckPoint\ZAForceField\Plugins\SiteChecker.dll - ok
19:50:39.0656 3456 [ C7D789DF7DA3813DD70D8B19D5A308B5 ] C:\Program

Files\CheckPoint\ZAForceField\TrustChecker\bin\samplesites.dll
19:50:39.0656 3456 C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\samplesites.dll - ok
19:50:39.0671 3456 [ B921FB870C9AC0D509B2CCABBBBE95F3 ] C:\Documents and Settings\LocalService\Local

Settings\Temp\IswTmp\WH\0
19:50:39.0671 3456 C:\Documents and Settings\LocalService\Local Settings\Temp\IswTmp\WH\0 - ok
19:50:39.0687 3456 [ B921FB870C9AC0D509B2CCABBBBE95F3 ] C:\Documents and Settings\NetworkService\Local

Settings\Temp\IswTmp\WH\0
19:50:39.0687 3456 C:\Documents and Settings\NetworkService\Local Settings\Temp\IswTmp\WH\0 - ok
19:50:39.0687 3456 [ D1E18F4AE94FFEC7270BE0A10C0B295E ] C:\WINDOWS\system32\xmllite.dll
19:50:39.0687 3456 C:\WINDOWS\system32\xmllite.dll - ok
19:50:39.0703 3456 [ 5A0A194A065493C7556267477F63F520 ] C:\Program

Files\CheckPoint\ZAForceField\TrustChecker\bin\liblua.dll
19:50:39.0703 3456 C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\liblua.dll - ok
19:50:39.0718 3456 [ 1BA458F8C3C5A84A8F818592C6A33EE4 ] C:\Program

Files\CheckPoint\ZAForceField\TrustChecker\bin\libtextcat.dll
19:50:39.0718 3456 C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\libtextcat.dll - ok
19:50:39.0718 3456 [ ED0E17C0A0D6A613784B8005E68C6E5E ] C:\Program

Files\CheckPoint\ZAForceField\TrustChecker\bin\TCData.dll
19:50:39.0718 3456 C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TCData.dll - ok
19:50:39.0734 3456 [ 38106C7BD34EAE89D2769AC0BA2E846B ] C:\Documents and Settings\All Users\Application Data\Mobilicity

Connect\OnlineUpdate\ouc.exe
19:50:39.0734 3456 C:\Documents and Settings\All Users\Application Data\Mobilicity Connect\OnlineUpdate\ouc.exe - ok
19:50:39.0750 3456 [ DBDA60D92E774B4ACB3B1CD71F909426 ] C:\Documents and Settings\All Users\Application Data\Mobilicity

Connect\OnlineUpdate\mingwm10.dll
19:50:39.0750 3456 C:\Documents and Settings\All Users\Application Data\Mobilicity Connect\OnlineUpdate\mingwm10.dll - ok
19:50:39.0765 3456 [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll
19:50:39.0765 3456 C:\WINDOWS\system32\ipsecsvc.dll - ok
19:50:39.0765 3456 [ C5FF8682EADA5B3B27A865F1C3EF9270 ] C:\WINDOWS\system32\oakley.dll
19:50:39.0765 3456 C:\WINDOWS\system32\oakley.dll - ok
19:50:39.0781 3456 [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll
19:50:39.0781 3456 C:\WINDOWS\system32\winipsec.dll - ok
19:50:39.0796 3456 [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll
19:50:39.0796 3456 C:\WINDOWS\system32\pstorsvc.dll - ok
19:50:39.0796 3456 [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll
19:50:39.0796 3456 C:\WINDOWS\system32\psbase.dll - ok
19:50:39.0812 3456 [ FC5372FD2DEB28E847C8394C58BC76FA ] C:\Program Files\Microsoft Security Client\MpCmdRun.exe
19:50:39.0812 3456 C:\Program Files\Microsoft Security Client\MpCmdRun.exe - ok
19:50:39.0828 3456 [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll
19:50:39.0828 3456 C:\WINDOWS\system32\dssenh.dll - ok
19:50:39.0828 3456 [ C4B4409F186DA70FCF2BCC60D5F05489 ] C:\Documents and Settings\All Users\Application Data\Mobilicity

Connect\OnlineUpdate\libgcc_s_dw2-1.dll
19:50:39.0828 3456 C:\Documents and Settings\All Users\Application Data\Mobilicity Connect\OnlineUpdate\libgcc_s_dw2-1.dll

- ok
19:50:39.0843 3456 [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll
19:50:39.0843 3456 C:\WINDOWS\system32\seclogon.dll - ok
19:50:39.0859 3456 [ FB398D88FF38A97E069E9DFB44D84FC6 ] C:\Documents and Settings\All Users\Application Data\Mobilicity

Connect\OnlineUpdate\QtCore4.dll
19:50:39.0859 3456 C:\Documents and Settings\All Users\Application Data\Mobilicity Connect\OnlineUpdate\QtCore4.dll - ok
19:50:39.0859 3456 [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll
19:50:39.0859 3456 C:\WINDOWS\system32\srsvc.dll - ok
19:50:39.0875 3456 [ A58BC88BD84D6D2325CA2475F94AFA37 ] C:\Documents and Settings\All Users\Application Data\Mobilicity

Connect\OnlineUpdate\QtNetwork4.dll
19:50:39.0875 3456 C:\Documents and Settings\All Users\Application Data\Mobilicity Connect\OnlineUpdate\QtNetwork4.dll -

ok
19:50:39.0890 3456 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll
19:50:39.0890 3456 C:\WINDOWS\system32\sens.dll - ok
19:50:39.0890 3456 [ 3CB78C17BB664637787C9A1C98F79C38 ] C:\WINDOWS\system32\tapisrv.dll
19:50:39.0890 3456 C:\WINDOWS\system32\tapisrv.dll - ok
19:50:39.0906 3456 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] C:\WINDOWS\system32\wiaservc.dll
19:50:39.0906 3456 C:\WINDOWS\system32\wiaservc.dll - ok
19:50:39.0921 3456 [ 55BCA12F7F523D35CA3CB833C725F54E ] C:\WINDOWS\system32\trkwks.dll
19:50:39.0921 3456 C:\WINDOWS\system32\trkwks.dll - ok
19:50:39.0921 3456 [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll
19:50:39.0921 3456 C:\WINDOWS\system32\cfgmgr32.dll - ok
19:50:39.0937 3456 [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll
19:50:39.0937 3456 C:\WINDOWS\system32\wbem\wmisvc.dll - ok
19:50:39.0937 3456 [ E97D6A8684466DF94FF3BC24FB787A07 ] C:\WINDOWS\system32\fxssvc.exe
19:50:39.0937 3456 C:\WINDOWS\system32\fxssvc.exe - ok
19:50:39.0953 3456 [ 4AC2FA4A6F0DF2511BAC13393C06EFF1 ] C:\WINDOWS\system32\mscms.dll
19:50:39.0953 3456 C:\WINDOWS\system32\mscms.dll - ok
19:50:39.0968 3456 [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll
19:50:39.0968 3456 C:\WINDOWS\system32\vssapi.dll - ok
19:50:39.0968 3456 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] C:\WINDOWS\system32\wuauserv.dll
19:50:39.0968 3456 C:\WINDOWS\system32\wuauserv.dll - ok
19:50:39.0984 3456 [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\WINDOWS\system32\wuaueng.dll
19:50:39.0984 3456 C:\WINDOWS\system32\wuaueng.dll - ok
19:50:40.0000 3456 [ 1144EF6B4BB72E33B41912AE1AE4F97A ] C:\WINDOWS\system32\fxstiff.dll
19:50:40.0000 3456 C:\WINDOWS\system32\fxstiff.dll - ok
19:50:40.0000 3456 [ B85E95679B5ADC12311BCD3F5385D623 ] C:\WINDOWS\system32\mspatcha.dll
19:50:40.0000 3456 C:\WINDOWS\system32\mspatcha.dll - ok
19:50:40.0015 3456 [ 0329D0A4F230094B669A87BB3B85606E ] C:\WINDOWS\system32\fxsapi.dll
19:50:40.0015 3456 C:\WINDOWS\system32\fxsapi.dll - ok
19:50:40.0031 3456 [ CFD4E51402DA9838B5A04AE680AF54A0 ] C:\WINDOWS\system32\browser.dll
19:50:40.0031 3456 C:\WINDOWS\system32\browser.dll - ok
19:50:40.0031 3456 [ 83F41D0D89645D7235C051AB1D9523AC ] C:\WINDOWS\system32\ipnathlp.dll
19:50:40.0031 3456 C:\WINDOWS\system32\ipnathlp.dll - ok
19:50:40.0046 3456 [ C14AA05881A35B6D6BB8D55B117EE22D ] C:\WINDOWS\system32\shfolder.dll
19:50:40.0046 3456 C:\WINDOWS\system32\shfolder.dll - ok
19:50:40.0062 3456 [ 7C278E6408D1DCE642230C0585A854D5 ] C:\WINDOWS\system32\wscsvc.dll
19:50:40.0062 3456 C:\WINDOWS\system32\wscsvc.dll - ok
19:50:40.0062 3456 [ 3B47E60E1012B23873ED2E4A9B4F2310 ] C:\Program Files\Microsoft Security Client\MsseWat.dll
19:50:40.0062 3456 C:\Program Files\Microsoft Security Client\MsseWat.dll - ok
19:50:40.0078 3456 [ C07D5197410AAB28D0D93F943F59656D ] C:\WINDOWS\system32\6to4svc.dll
19:50:40.0078 3456 C:\WINDOWS\system32\6to4svc.dll - ok
19:50:40.0093 3456 [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\WINDOWS\system32\wups.dll
19:50:40.0093 3456 C:\WINDOWS\system32\wups.dll - ok
19:50:40.0093 3456 [ 0CE5F8AE9C371A965D17E3F2ED134809 ] C:\WINDOWS\system32\fxst30.dll
19:50:40.0093 3456 C:\WINDOWS\system32\fxst30.dll - ok
19:50:40.0109 3456 [ A26E0A6A7EBB45815A3583E170C27031 ] C:\Program Files\Microsoft Security Client\LegitLib.dll
19:50:40.0109 3456 C:\Program Files\Microsoft Security Client\LegitLib.dll - ok
19:50:40.0125 3456 [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\WINDOWS\system32\wups2.dll
19:50:40.0125 3456 C:\WINDOWS\system32\wups2.dll - ok
19:50:40.0125 3456 [ 2D583E2844FDD592D1629EB6B10E5702 ] C:\WINDOWS\system32\fxsroute.dll
19:50:40.0125 3456 C:\WINDOWS\system32\fxsroute.dll - ok
19:50:40.0140 3456 [ AACE07FE34FADDDF973CE068A6424957 ] C:\WINDOWS\system32\unimdm.tsp
19:50:40.0140 3456 C:\WINDOWS\system32\unimdm.tsp - ok
19:50:40.0156 3456 [ 995252FCC4692B5B97EE17D596C9386E ] C:\WINDOWS\system32\uniplat.dll
19:50:40.0156 3456 C:\WINDOWS\system32\uniplat.dll - ok
19:50:40.0156 3456 [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll
19:50:40.0156 3456 C:\WINDOWS\system32\wbem\wbemcore.dll - ok
19:50:40.0171 3456 [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll
19:50:40.0171 3456 C:\WINDOWS\system32\wbem\esscli.dll - ok
19:50:40.0171 3456 [ 378A0AEFB11D8B0DC8C27B9F7604B88D ] C:\WINDOWS\system32\wbem\fastprox.dll
19:50:40.0171 3456 C:\WINDOWS\system32\wbem\fastprox.dll - ok
19:50:40.0187 3456 [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
19:50:40.0187 3456 C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
19:50:40.0203 3456 [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll
19:50:40.0203 3456 C:\WINDOWS\system32\comsvcs.dll - ok
19:50:40.0218 3456 [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll
19:50:40.0218 3456 C:\WINDOWS\system32\colbact.dll - ok
19:50:40.0218 3456 [ 36795A645EAA47FE31D2A8F136A2C69B ] C:\WINDOWS\system32\mtxclu.dll
19:50:40.0218 3456 C:\WINDOWS\system32\mtxclu.dll - ok
19:50:40.0234 3456 [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll
19:50:40.0234 3456 C:\WINDOWS\system32\clusapi.dll - ok
19:50:40.0234 3456 [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll
19:50:40.0234 3456 C:\WINDOWS\system32\resutils.dll - ok
19:50:40.0250 3456 [ 19AE6CBA05B9005698A6DEDCC88F202E ] C:\WINDOWS\system32\unimdmat.dll
19:50:40.0250 3456 C:\WINDOWS\system32\unimdmat.dll - ok
19:50:40.0265 3456 [ FE4A73CDBC882A19D070F1C01586E81A ] C:\WINDOWS\system32\modemui.dll
19:50:40.0265 3456 C:\WINDOWS\system32\modemui.dll - ok
19:50:40.0265 3456 [ 76EC97C5068D3D9FAA7774B0F659D31A ] C:\WINDOWS\system32\kmddsp.tsp
19:50:40.0265 3456 C:\WINDOWS\system32\kmddsp.tsp - ok
19:50:40.0281 3456 [ 2E0B0A051FFAA86E358465BB0880D453 ] C:\WINDOWS\system32\wuauclt.exe
19:50:40.0281 3456 C:\WINDOWS\system32\wuauclt.exe - ok
19:50:40.0296 3456 [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll
19:50:40.0296 3456 C:\WINDOWS\system32\wbem\wmiutils.dll - ok
19:50:40.0296 3456 [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll
19:50:40.0312 3456 C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
19:50:40.0312 3456 [ 4589963D84F2984FA5949A72162BA4F4 ] C:\WINDOWS\system32\ndptsp.tsp
19:50:40.0312 3456 C:\WINDOWS\system32\ndptsp.tsp - ok
19:50:40.0328 3456 [ 8B8A45DF7CEF36D93C7BD3E4C84003B8 ] C:\WINDOWS\system32\ipconf.tsp
19:50:40.0328 3456 C:\WINDOWS\system32\ipconf.tsp - ok
19:50:40.0328 3456 [ 39DD0C97932CDFDCF006569E1A942728 ] C:\WINDOWS\system32\wiavusd.dll
19:50:40.0328 3456 C:\WINDOWS\system32\wiavusd.dll - ok
19:50:40.0343 3456 [ 8BC2B02DC11C98D14CEE43B8E8393FF3 ] C:\WINDOWS\system32\h323.tsp
19:50:40.0343 3456 C:\WINDOWS\system32\h323.tsp - ok
19:50:40.0359 3456 [ 071143F687B4F887E21461CA6CC7EB29 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
19:50:40.0359 3456 C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
19:50:40.0359 3456 [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll
19:50:40.0359 3456 C:\WINDOWS\system32\actxprxy.dll - ok
19:50:40.0375 3456 [ 6B552ED3BEE5AA3C4560478FF779BA98 ] C:\WINDOWS\system32\hidphone.tsp
19:50:40.0375 3456 C:\WINDOWS\system32\hidphone.tsp - ok
19:50:40.0390 3456 [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll
19:50:40.0390 3456 C:\WINDOWS\system32\hid.dll - ok
19:50:40.0390 3456 [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll
19:50:40.0390 3456 C:\WINDOWS\system32\wbem\wbemess.dll - ok
19:50:40.0406 3456 [ 1A617835452EEE5060976C9B9F5FE635 ] C:\WINDOWS\system32\wuapi.dll
19:50:40.0406 3456 C:\WINDOWS\system32\wuapi.dll - ok
19:50:40.0421 3456 [ D26451B540720A7313A9BCBE794DAF62 ] C:\WINDOWS\system32\wbem\ncprov.dll
19:50:40.0421 3456 C:\WINDOWS\system32\wbem\ncprov.dll - ok
19:50:40.0421 3456 [ D2033210D4DA9E9CE7670DFF45D7101B ] C:\DOCUME~1\4\LOCALS~1\Temp\410DECAF-0012-4944-8410-

1FFF4C53B9A6.exe
19:50:40.0421 3456 C:\DOCUME~1\4\LOCALS~1\Temp\410DECAF-0012-4944-8410-1FFF4C53B9A6.exe - ok
19:50:40.0437 3456 [ 6404807ABC7AF52FA3792697AE638B50 ] C:\WINDOWS\system32\wbem\wbemcons.dll
19:50:40.0437 3456 C:\WINDOWS\system32\wbem\wbemcons.dll - ok
19:50:40.0453 3456 [ 798A9E6828997EEF4517ADA8A2259831 ] C:\WINDOWS\system32\wbem\wmiprvse.exe
19:50:40.0453 3456 C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
19:50:40.0453 3456 [ 17AA58A54C00F1746B8654C050491F43 ] C:\WINDOWS\system32\msutb.dll
19:50:40.0453 3456 C:\WINDOWS\system32\msutb.dll - ok
19:50:40.0468 3456 [ E40FCF943127DDC8FD60554B722D762B ] C:\WINDOWS\system32\MSCTF.dll
19:50:40.0468 3456 C:\WINDOWS\system32\MSCTF.dll - ok
19:50:40.0484 3456 [ FF3477C03BE7201C294C35F684B3479F ] C:\WINDOWS\system32\termsrv.dll
19:50:40.0484 3456 C:\WINDOWS\system32\termsrv.dll - ok
19:50:40.0484 3456 [ DF6551E4C4C46655A0C76194F1FCEA5D ] C:\WINDOWS\system32\icaapi.dll
19:50:40.0484 3456 C:\WINDOWS\system32\icaapi.dll - ok
19:50:40.0500 3456 [ 2D65D56C2F8B6CC5EBFF8E7200C30304 ] C:\WINDOWS\system32\mstlsapi.dll
19:50:40.0500 3456 C:\WINDOWS\system32\mstlsapi.dll - ok
19:50:40.0515 3456 [ 5D999BF519415D1C8EE0B97FF6A254DB ] C:\Program Files\Microsoft Office\Office12\MSOHEVI.DLL
19:50:40.0515 3456 C:\Program Files\Microsoft Office\Office12\MSOHEVI.DLL - ok
19:50:40.0515 3456 [ 6895427873D6C37A6D6DA7C3DB37DA14 ] C:\WINDOWS\system32\licwmi.dll
19:50:40.0515 3456 C:\WINDOWS\system32\licwmi.dll - ok
19:50:40.0531 3456 [ 4306FA2F1099D7C606139255FDB62B19 ] C:\WINDOWS\system32\wbem\framedyn.dll
19:50:40.0531 3456 C:\WINDOWS\system32\wbem\framedyn.dll - ok
19:50:40.0546 3456 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] C:\WINDOWS\system32\rasmans.dll
19:50:40.0546 3456 C:\WINDOWS\system32\rasmans.dll - ok
19:50:40.0546 3456 [ DDF15A42E27E8EFE27B18FD403151A86 ] C:\Program Files\Microsoft Fix it Center\Matsvc.exe
19:50:40.0546 3456 C:\Program Files\Microsoft Fix it Center\Matsvc.exe - ok
19:50:40.0562 3456 [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll
19:50:40.0562 3456 C:\WINDOWS\system32\netcfgx.dll - ok
19:50:40.0578 3456 [ A693A49A67673F2C8D76797EA9A628D0 ] C:\WINDOWS\system32\licdll.dll
19:50:40.0578 3456 C:\WINDOWS\system32\licdll.dll - ok
19:50:40.0578 3456 [ 5F7692CEC90E2E9AA32CD58321E234B8 ] C:\WINDOWS\system32\rastapi.dll
19:50:40.0578 3456 C:\WINDOWS\system32\rastapi.dll - ok
19:50:40.0593 3456 [ D0545A010ED2259A740C8414899A938F ] C:\WINDOWS\system32\rasppp.dll
19:50:40.0593 3456 C:\WINDOWS\system32\rasppp.dll - ok
19:50:40.0609 3456 [ B464BD425D5D09ABE4192234D1577B22 ] C:\WINDOWS\system32\ntlsapi.dll
19:50:40.0609 3456 C:\WINDOWS\system32\ntlsapi.dll - ok
19:50:40.0609 3456 [ 0D41B4B1CA63DA752CCE93371664DF29 ] C:\Program Files\Microsoft Fix it Center\Lts.dll
19:50:40.0609 3456 C:\Program Files\Microsoft Fix it Center\Lts.dll - ok
19:50:40.0625 3456 [ ACFEE2392503DD5E457363A0510B8BCB ] C:\WINDOWS\system32\msxml3.dll
19:50:40.0625 3456 C:\WINDOWS\system32\msxml3.dll - ok
19:50:40.0640 3456 [ A655C88AA555BB8EF8957BD29408827F ] C:\WINDOWS\system32\rasqec.dll
19:50:40.0640 3456 C:\WINDOWS\system32\rasqec.dll - ok
19:50:40.0640 3456 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\46507276.sys
19:50:40.0640 3456 C:\WINDOWS\system32\drivers\46507276.sys - ok
19:50:40.0656 3456 [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll
19:50:40.0656 3456 C:\WINDOWS\system32\linkinfo.dll - ok
19:50:40.0671 3456 [ CBE5F69A5E5B918225F420BA748F3742 ] C:\WINDOWS\system32\FsUsbExDisk.Sys
19:50:40.0671 3456 C:\WINDOWS\system32\FsUsbExDisk.Sys - ok
19:50:40.0671 3456 [ 79DEF3A23820DB0AF775F0518D5B3D1A ] C:\Program Files\Microsoft Fix it Center\MatsPs.dll
19:50:40.0671 3456 C:\Program Files\Microsoft Fix it Center\MatsPs.dll - ok
19:50:40.0687 3456 [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll
19:50:40.0687 3456 C:\WINDOWS\system32\ntshrui.dll - ok
19:50:40.0687 3456 [ A0AE7F043497C9971E9D7FE291099D40 ] C:\WINDOWS\system32\msxml6.dll
19:50:40.0687 3456 C:\WINDOWS\system32\msxml6.dll - ok
19:50:40.0703 3456 [ 91790D6749EBED90E2C40479C0A91879 ] C:\WINDOWS\system32\verclsid.exe
19:50:40.0703 3456 C:\WINDOWS\system32\verclsid.exe - ok
19:50:40.0718 3456 [ 8C515081584A38AA007909CD02020B3D ] C:\WINDOWS\system32\alg.exe
19:50:40.0718 3456 C:\WINDOWS\system32\alg.exe - ok
19:50:40.0718 3456 [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll
19:50:40.0718 3456 C:\WINDOWS\system32\webcheck.dll - ok
19:50:40.0734 3456 [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll
19:50:40.0734 3456 C:\WINDOWS\system32\upnp.dll - ok
19:50:40.0750 3456 [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll
19:50:40.0750 3456 C:\WINDOWS\system32\mlang.dll - ok
19:50:40.0750 3456 [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll
19:50:40.0750 3456 C:\WINDOWS\system32\ssdpapi.dll - ok
19:50:40.0765 3456 [ F80A415EF82CD06FFAF0D971528EAD38 ] C:\WINDOWS\system32\drivers\http.sys
19:50:40.0765 3456 C:\WINDOWS\system32\drivers\http.sys - ok
19:50:40.0781 3456 [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll
19:50:40.0781 3456 C:\WINDOWS\system32\stobject.dll - ok
19:50:40.0781 3456 [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll
19:50:40.0781 3456 C:\WINDOWS\system32\batmeter.dll - ok
19:50:40.0796 3456 [ 0A5679B3714EDAB99E357057EE88FCA6 ] C:\WINDOWS\system32\ssdpsrv.dll
19:50:40.0796 3456 C:\WINDOWS\system32\ssdpsrv.dll - ok
19:50:40.0812 3456 [ D7D69F304A604387B86BE991CBF07663 ] C:\WINDOWS\system32\WPDShServiceObj.dll
19:50:40.0812 3456 C:\WINDOWS\system32\WPDShServiceObj.dll - ok
19:50:40.0812 3456 [ 538A270F35A713C360B7ED4168BB7521 ] C:\WINDOWS\system32\mydocs.dll
19:50:40.0812 3456 C:\WINDOWS\system32\mydocs.dll - ok
19:50:40.0828 3456 [ 9F6B6D0BE4F77F8693E9FD15D81C8A01 ] C:\WINDOWS\system32\igfxtray.exe
19:50:40.0828 3456 C:\WINDOWS\system32\igfxtray.exe - ok
19:50:40.0843 3456 [ 9CCA783AC94DED99F23985142D5F3991 ] C:\WINDOWS\system32\hccutils.dll
19:50:40.0843 3456 C:\WINDOWS\system32\hccutils.dll - ok
19:50:40.0843 3456 [ A687C458B80C7D55CBE39649D952ED2A ] C:\WINDOWS\system32\PortableDeviceTypes.dll
19:50:40.0843 3456 C:\WINDOWS\system32\PortableDeviceTypes.dll - ok
19:50:40.0859 3456 [ F56197D5CBDCC6A87C242DC8B8EEEE34 ] C:\WINDOWS\system32\igfxsrvc.exe
19:50:40.0859 3456 C:\WINDOWS\system32\igfxsrvc.exe - ok
19:50:40.0875 3456 [ 4C53C44E7C20E65445037954DC3A6BA4 ] C:\WINDOWS\system32\hkcmd.exe
19:50:40.0875 3456 C:\WINDOWS\system32\hkcmd.exe - ok
19:50:40.0875 3456 [ 30DB789A2D61DBE9BFCC07E3E9F3CDA8 ] C:\WINDOWS\system32\igfxsrvc.dll
19:50:40.0875 3456 C:\WINDOWS\system32\igfxsrvc.dll - ok
19:50:40.0890 3456 [ 1180852DBFADAFC375DBBA1F6B23EEE7 ] C:\WINDOWS\system32\igfxdev.dll
19:50:40.0890 3456 C:\WINDOWS\system32\igfxdev.dll - ok
19:50:40.0906 3456 [ E132AD94798E72ACB650E985984C7F58 ] C:\WINDOWS\system32\PortableDeviceApi.dll
19:50:40.0906 3456 C:\WINDOWS\system32\PortableDeviceApi.dll - ok
19:50:40.0906 3456 [ 8C83E643E864F4CCBDAA851D12564924 ] C:\WINDOWS\system32\igfxres.dll
19:50:40.0906 3456 C:\WINDOWS\system32\igfxres.dll - ok
19:50:40.0921 3456 [ BE4F9A74D02F06538F0025A3AC39A8F1 ] C:\WINDOWS\system32\igfxress.dll
19:50:40.0921 3456 C:\WINDOWS\system32\igfxress.dll - ok
19:50:40.0921 3456 [ E837FDBB92E9873E538395B623F45462 ] C:\WINDOWS\system32\wbem\cimwin32.dll
19:50:40.0921 3456 C:\WINDOWS\system32\wbem\cimwin32.dll - ok
19:50:40.0937 3456 [ D8F3B455D3FA4B40C9BF544F55647C19 ] C:\WINDOWS\system32\igfxpers.exe
19:50:40.0937 3456 C:\WINDOWS\system32\igfxpers.exe - ok
19:50:40.0953 3456 [ 401A8C0BE0BAA7D7A470F0942244152D ] C:\WINDOWS\system32\rasdlg.dll
19:50:40.0953 3456 C:\WINDOWS\system32\rasdlg.dll - ok
19:50:40.0953 3456 [ 8BCD11D38FCE43A519246A91CC40DE6A ] C:\WINDOWS\system32\security.dll
19:50:40.0953 3456 C:\WINDOWS\system32\security.dll - ok
19:50:40.0968 3456 [ A21C2A8E47D40FCC40A2B1573E666A53 ] C:\Program Files\Java\jre7\bin\awt.dll
19:50:40.0968 3456 C:\Program Files\Java\jre7\bin\awt.dll - ok
19:50:40.0984 3456 [ C730F70351D950DDA7388C9A9763CF54 ] C:\WINDOWS\system32\wbem\wmipcima.dll
19:50:40.0984 3456 C:\WINDOWS\system32\wbem\wmipcima.dll - ok
19:50:40.0984 3456 ============================================================
19:50:40.0984 3456 Scan finished
19:50:40.0984 3456 ============================================================
19:50:41.0109 3448 Detected object count: 3
19:50:41.0109 3448 Actual detected object count: 3
19:52:00.0062 3448 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
19:52:00.0062 3448 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:52:00.0062 3448 int15.sys ( UnsignedFile.Multi.Generic ) - skipped by user
19:52:00.0062 3448 int15.sys ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:52:00.0078 3448 Mobilicity Connect. RunOuc ( UnsignedFile.Multi.Generic ) - skipped by user
19:52:00.0078 3448 Mobilicity Connect. RunOuc ( UnsignedFile.Multi.Generic ) - User select action: Skip


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-23 18:11:03
-----------------------------
18:11:03.046 OS Version: Windows 5.1.2600 Service Pack 3
18:11:03.046 Number of processors: 2 586 0x1C02
18:11:03.046 ComputerName: ACER-6E40E97492 UserName: 4
18:11:17.406 Initialize success
18:17:36.921 AVAST engine defs: 12092301
18:22:48.515 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:22:48.515 Disk 0 Vendor: TOSHIBA_MK1652GSX LV020J Size: 152627MB BusType: 3
18:22:48.546 Disk 0 MBR read successfully
18:22:48.546 Disk 0 MBR scan
18:22:48.656 Disk 0 unknown MBR code
18:22:48.656 Disk 0 Partition 1 00 12 Compaq diag MSWIN4.1 4996 MB offset 63
18:22:49.296 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147628 MB offset 10233405
18:22:49.375 Disk 0 scanning sectors +312576705
18:22:49.562 Disk 0 scanning C:\WINDOWS\system32\drivers
18:23:19.718 Service scanning
18:23:51.875 Service MpKslf52608ff c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DC8684D1-4FB2-4B09-9FCB-4918D0AB70DD}\MpKslf52608ff.sys **LOCKED** 32
18:24:22.812 Modules scanning
18:24:35.640 Disk 0 trace - called modules:
18:24:35.812 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
18:24:35.828 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f79688]
18:24:35.828 3 CLASSPNP.SYS[f7937fd7] -> nt!IofCallDriver -> \Device\00000099[0x86fa31c0]
18:24:35.843 5 ACPI.sys[f781e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86f8b4c8]
18:24:37.500 AVAST engine scan C:\WINDOWS
18:25:07.062 AVAST engine scan C:\WINDOWS\system32
18:32:07.062 AVAST engine scan C:\WINDOWS\system32\drivers
18:32:44.718 AVAST engine scan C:\Documents and Settings\4
18:40:31.843 AVAST engine scan C:\Documents and Settings\All Users
18:41:41.687 Scan finished successfully
19:11:11.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\4\Desktop\MBR.dat"
19:11:12.015 The log file has been saved successfully to "C:\Documents and Settings\4\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-23 21:04:32
-----------------------------
21:04:32.609 OS Version: Windows 5.1.2600 Service Pack 3
21:04:32.609 Number of processors: 2 586 0x1C02
21:04:32.609 ComputerName: ACER-6E40E97492 UserName: 4
21:04:38.562 Initialize success
21:12:09.343 AVAST engine defs: 12102302
21:16:10.937 The log file has been saved successfully to "C:\Documents and Settings\4\Desktop\aswMBR.txt"

#12 Fixing1

Fixing1
  • Topic Starter

  • Members
  • 350 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 23 October 2012 - 08:21 PM

Is there anything else we can do about this blue screen issue? Also, is the root kit gone? Is there anything else we can do?

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,615 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:25 PM

Posted 23 October 2012 - 09:15 PM

Hi Fixing1,

Yes we shall certainly continue to address the issues. It can be a lengthy process depending on the nature and severity of your difficulties. We have lots of tools left in our bag to use.

The file we looked for through SystemLook, which showed no results, is very suspicious. We are going to keep that in our sights as we continue.

First, it would help if you told me exactly when the Blue Screen appears. Is it attached to a particular program being launched, does it happen at random times, does it happen frequently or infrequently, etc. You can obviously boot successfully and run some programs.

I would also like you to do this so that when a Blue Screen event happens your computer will actually freeze and provide you with an opportunity to see the information.

Please do this.


===================================================


Diagnose Blue Screen of Death (BSOD) Errors

--------------------

  • When you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe Mode
  • Select "Disable Automatic Restart on System Failure", as shown here:


    Posted Image

  • When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not.


    Posted Image
  • Please include this information in your reply.

===================================================


Things I would like to see in your next reply. :thumbsup2:

  • Explanation of Blue Screen events
  • Blue Screen information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Fixing1

Fixing1
  • Topic Starter

  • Members
  • 350 posts
  • OFFLINE
  •  
  • Local time:04:25 PM

Posted 24 October 2012 - 12:00 AM

I put my computer in safe mode and ran combo fix it got to stage 50 and the screen went black. I hit control, alt, delete and it kept going here is the report:

ComboFix 12-10-22.03 - 4 10/24/2012 0:19.3.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.792 [GMT -4:00]
Running from: c:\documents and settings\4\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\SET2A8.tmp
c:\windows\system32\SET2AC.tmp
c:\windows\system32\SET2B4.tmp
c:\windows\system32\SET2BE.tmp
c:\windows\system32\SET2C0.tmp
c:\windows\system32\SET2C3.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-24 to 2012-10-24 )))))))))))))))))))))))))))))))
.
.
2012-10-24 03:21 . 2012-10-24 03:22 -------- d-----w- c:\documents and settings\Administrator
2012-10-24 00:58 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2FFE6088-9750-4B09-8AE6-CC479900BCB1}\mpengine.dll
2012-10-23 23:47 . 2012-10-23 23:47 177496 ----a-w- c:\windows\system32\drivers\46507276.sys
2012-10-23 20:11 . 2012-10-23 20:11 -------- d-----w- c:\program files\NirSoft
2012-10-23 19:34 . 2012-10-23 19:34 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2012-10-23 17:32 . 2012-10-12 05:56 6918632 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-18 16:21 . 2012-09-25 03:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-15 07:02 . 2012-10-15 07:02 -------- d-----w- c:\documents and settings\4\Local Settings\Application Data\Norman Malware Cleaner
2012-10-15 02:18 . 2012-10-15 02:18 -------- d-----w- c:\documents and settings\4\Application Data\SUPERAntiSpyware.com
2012-10-14 03:49 . 2012-10-14 03:53 -------- d-----w- c:\documents and settings\4\Application Data\#ISW.FS#
2012-10-12 06:17 . 2012-10-12 06:17 -------- d-----w- c:\documents and settings\4\Local Settings\Application Data\PCHealth
2012-10-09 01:12 . 2012-10-09 01:12 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-10-09 01:07 . 2012-10-09 01:11 9575864 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-10-03 14:52 . 2012-10-03 14:52 -------- d-----w- c:\windows\Performance
2012-10-03 14:52 . 2012-10-03 14:52 -------- d-----w- c:\documents and settings\4\Local Settings\Application Data\Microsoft Corporation
2012-10-03 14:35 . 2012-10-03 14:35 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2012-09-24 16:41 . 2012-09-24 16:41 -------- d-----w- c:\documents and settings\4\Downloads
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 01:12 . 2012-09-21 14:41 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 01:12 . 2012-09-21 14:41 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-29 23:54 . 2012-09-23 16:43 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-16 16:26 . 2012-09-16 16:27 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-16 16:26 . 2012-09-16 16:27 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-31 02:03 . 2012-03-21 03:44 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-29 12:11 . 2012-08-29 12:11 860928 ----a-w- c:\windows\system32\drivers\mod7700.sys
2012-08-29 12:11 . 2012-08-29 12:11 28672 ----a-w- c:\windows\system32\drivers\usbccid.sys
2012-08-29 12:11 . 2012-08-29 12:11 11136 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2012-08-29 12:11 . 2012-08-29 12:11 26496 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2012-08-29 12:11 . 2012-08-29 12:11 51456 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2012-08-29 12:11 . 2012-08-29 12:11 85248 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2012-08-29 12:11 . 2012-08-29 12:11 72576 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2012-08-29 12:11 . 2012-08-29 12:11 102784 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2012-08-29 12:11 . 2012-08-29 12:11 117504 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2012-08-29 12:11 . 2012-08-29 12:11 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-08-29 12:11 . 2012-08-29 12:11 106496 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-08-29 12:11 . 2012-08-29 12:11 1112288 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2012-08-28 15:14 . 2007-08-14 01:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2007-08-14 01:44 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2007-08-14 01:45 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 14:05 . 2012-09-17 04:12 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-08-28 14:04 . 2012-08-28 14:04 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2012-08-28 14:04 . 2012-08-28 14:04 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2012-08-28 14:04 . 2012-08-28 14:04 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2012-08-28 14:04 . 2012-08-28 14:04 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2012-08-28 14:04 . 2012-08-28 14:04 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2012-08-28 14:04 . 2012-08-28 14:04 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2012-08-28 14:04 . 2012-08-28 14:04 200704 ----a-w- c:\windows\system32\muzwmts.dll
2012-08-28 14:04 . 2012-08-28 14:04 172032 ----a-w- c:\windows\system32\muzapp.exe
2012-08-28 14:04 . 2012-08-28 14:04 143360 ----a-w- c:\windows\system32\3DAudio.ax
2012-08-28 14:04 . 2012-08-28 14:04 135168 ----a-w- c:\windows\system32\muzaf1.dll
2012-08-28 14:04 . 2012-08-28 14:04 122880 ----a-w- c:\windows\system32\muzeffect.ax
2012-08-28 14:04 . 2012-08-28 14:04 118784 ----a-w- c:\windows\system32\MaDRM.dll
2012-08-28 14:04 . 2012-08-28 14:04 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2012-08-28 14:04 . 2012-08-28 14:04 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2012-08-28 14:04 . 2012-08-28 14:04 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2012-08-28 14:04 . 2012-08-28 14:04 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2012-08-28 14:04 . 2012-08-28 14:04 569344 ----a-w- c:\windows\system32\muzdecode.ax
2012-08-28 14:04 . 2012-08-28 14:04 491520 ----a-w- c:\windows\system32\muzapp.dll
2012-08-28 14:04 . 2012-08-28 14:04 45320 ----a-w- c:\windows\system32\MAMACExtract.dll
2012-08-28 14:04 . 2012-08-28 14:04 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2012-08-28 14:04 . 2012-08-28 14:04 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2012-08-28 14:04 . 2012-08-28 14:04 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2012-08-28 14:04 . 2012-08-28 14:04 245760 ----a-w- c:\windows\system32\MSCLib.dll
2012-08-28 14:04 . 2012-08-28 14:04 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2012-08-28 14:04 . 2012-08-28 14:04 155648 ----a-w- c:\windows\system32\MSFLib.dll
2012-08-28 14:04 . 2012-08-28 14:04 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2012-08-28 12:07 . 2008-04-15 03:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2008-04-15 03:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-22 19:14 . 2012-08-22 19:14 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-08-22 19:14 . 2012-08-22 19:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-08-21 13:33 . 2008-04-15 03:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2008-04-15 03:00 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-20 07:33 . 2012-08-20 07:33 125 ----a-w- c:\windows\xUninstall.bat
2012-08-20 07:03 . 2004-09-21 21:28 3 ----a-w- c:\windows\HotFix.bat
2012-08-20 07:03 . 2004-06-26 00:13 139 ----a-w- c:\windows\HotFix2.bat
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1044480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-15 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-05-22 425984]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-08-30 738984]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2012-08-29 73392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStartNPSAgent]
2010-12-29 01:00 95576 ----a-w- c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-08-22 18:22 116648 ----atw- c:\documents and settings\4\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2008-05-14 03:14 821768 ----a-w- c:\progra~1\LAUNCH~1\QtZgAcer.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetL]
2007-07-05 19:35 94208 ----a-w- c:\windows\PLFSetL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-08-22 19:14 296096 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
.
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [8/29/2012 8:11 AM 72576]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [8/30/2012 4:05 AM 238952]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/8/2012 9:44 PM 116648]
S2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\All Users\Application Data\DatacardService\HWDeviceService.exe -/service --> c:\documents and settings\All Users\Application Data\DatacardService\HWDeviceService.exe -/service [?]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [8/30/2012 7:03 AM 27056]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [8/30/2012 7:03 AM 497320]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/23/2012 12:43 PM 399432]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/23/2012 12:43 PM 676936]
S2 Mobilicity Connect. RunOuc;Mobilicity Connect. OUC;c:\program files\Mobilicity Connect\UpdateDog\ouc.exe [8/29/2012 8:11 AM 218624]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [9/21/2012 10:41 AM 250808]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [8/29/2012 8:11 AM 102784]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [8/29/2012 8:11 AM 117504]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [8/30/2012 4:05 AM 36608]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/8/2012 9:44 PM 116648]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/23/2012 12:43 PM 22856]
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 14:28]
.
2012-10-24 c:\windows\Tasks\ConfigExec.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 02:09]
.
2012-10-23 c:\windows\Tasks\DataUpload.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 02:09]
.
2012-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-09 01:44]
.
2012-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-09 01:44]
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3324124162-2407129706-4087352155-1006Core.job
- c:\documents and settings\4\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-22 18:22]
.
2012-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3324124162-2407129706-4087352155-1006UA.job
- c:\documents and settings\4\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-08-22 18:22]
.
2012-10-24 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 21:25]
.
2012-10-24 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 21:25]
.
2012-10-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3324124162-2407129706-4087352155-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 21:27]
.
2012-10-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3324124162-2407129706-4087352155-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 21:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0812&m=aoa150
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-41200436.sys
SafeBoot-94300740.sys
MSConfigStartUp-snp2uvc - c:\windows\vsnp2uvc.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-24 00:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(204)
c:\windows\system32\igfxdev.dll
.
Completion time: 2012-10-24 00:37:14
ComboFix-quarantined-files.txt 2012-10-24 04:37
.
Pre-Run: 132,911,448,064 bytes free
Post-Run: 133,155,811,328 bytes free
.
- - End Of File - - BF728213C839B6AC4B49017DE4788735


I think it may have been getting stuck on the screen saver some how I`m not sure. Also how do I get my computer out of safe mode. And since uninstalling super anti-spyware i get this found new hardware alert everytime I start my computer is says the software is unknown ah what should i do╔

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,615 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:25 PM

Posted 24 October 2012 - 09:29 AM

Hi Fixing1,

I think it may have been getting stuck on the screen saver

Does this mean you think the screen saver freezes your computer or causes the blue screen? What makes you think that?

I would still like you to perform the Blue Screen instructions in my last post. Until we are able to isolate the driver causing the difficulty we will be spinning our wheels.

Does the Found New Hardware notification indicate what hardware was found (name or type)?

Please post back with the Blue Screen information.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users