Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan, svchost.exe...possibly zeroaccess


  • This topic is locked This topic is locked
23 replies to this topic

#1 tiko8019

tiko8019

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 06 May 2013 - 09:58 PM

Hello, the other day Avast blocked several attempts to connect to a malicious URL. Using Process Explorer I traced the problem to svchost.exe (exact spelling). On the TCP/IP tab under properties for this instance of svchose.exe I found that it was trying to connect to some site in the Netherlands.
This instance of svchost.exe was spawned by explorer.exe which I thought was odd.

Information under the Image tab
Path: C:\WINDOWS\system32\svchost.exe
Command Line: C:\WINDOWS\system32\svchost.exe -k netsvcs
Current Directory: C:\WINDOWS\Documents and Settings\ACCOUNT NAME
 
I tried several tools like Avast boot time virus scan (found nothing), Spybot (found nothing), TDSSKiller (found nothing), Rougekiller (just scans while using 50% CPU...10 hours later never finished) and OTL (some info comes up under ZERO ACCESS but I do not know how to use program to clean).
 
I finally switched to the administrator account, browsed to C:\WINDOWS\Documents and Settings\ACCOUNT NAME\Local Settings and deleted everything. One folder was protected (C:\WINDOWS\Documents and Settings\ACCOUNT NAME\Local Settings\Temp\Sufnnee) this folder contained a folder named SXUSPIK which contained a file wow.dll.  I gained the proper permissions and deleted the Sufnnee folder and its contents.
 
The instance of svchost.exe that was giving me problems was gone.

 

Side note:(Once the svchost.exe was gone I notice rundll32.exe appiered under explorer.exe

Path: C:\WINDOWS\system32\rundll32.exe

Command Line: C:\WINDOWS\system32\RunDLL32.exe" NvMCTray.dll,NvTaskbarInit -login

Curent Directory: C:\Documents and Settings\Nick\

Auto Start Location: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\VmApplet

)

 
Its back! Avast blocked more malicious URLs.
 
winlogin.exe has spawned svchost.exe which in turn has spawned another svchost.exe that is trying to connect to malicious URLs.
 
Under image tab
Path: C:\WINDOWS\system32\svchost.exe
Command Line: C:\WINDOWS\system32\svchost.exe -k netsvcs
Current Directory: C:\WINDOWS\system32\
 
Please help. I would post the OTL log but I will follow your troubleshooting steps once you give them so everything is current.
 
Thank You in advance!

 

Attached Files

  • Attached File  dds.txt   19.69KB   2 downloads


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:53 PM

Posted 06 May 2013 - 10:01 PM


Hello tiko8019

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-
  • Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
-AdwCleaner-
  • Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 tiko8019

tiko8019
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 06 May 2013 - 11:12 PM

Computer is still trying to access malicious URLs.
 
I ran Security Check
 Results of screen317's Security Check version 0.99.63  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
avast! Antivirus   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 CCleaner     
 Java™ 7    
 Java version out of Date!
 Adobe Flash Player     11.7.700.169  
 Adobe Reader XI  
 Mozilla Firefox (20.0.1)
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastUI.exe  
 CheckPoint ZoneAlarm vsmon.exe  
 CheckPoint ZoneAlarm zatray.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 4%
````````````````````End of Log``````````````````````
 
 
 
I ran AdwCleaner
after pressing Delete it just sits there untill I close it.
I ran RougueKiller
It terminates svchost.exe
I press Scan and it also just sits there untill I close it.
Using process explorer I noticed svchost.exe opens up again.
 
Also right after rebooting I go to svchost.exe to suspend it so the avast warnings stop. I noticed the parent instance of svchost.exe of the problem svchost.exe had spawned wuauclt.exe
 
Path: C:\WINDOWS\system32\wuauclt.exe
Command Line: "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[3c4]SUSDSc182eac3fe607040928c2c0c1508b4fb
Current Directory: C:\WINDOWS\system32\
 
I suspended this also.



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:53 PM

Posted 06 May 2013 - 11:13 PM


Hello tiko8019

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 tiko8019

tiko8019
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 07 May 2013 - 12:11 AM

Computer is still trying to access malicious URLs
 
I ran combofix. A window poped up and siad Parasite Found! Files trying to attach to combofix

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll

It prompted me to download and install revovery console so I clicked yes.

There were no reboots.

 


ComboFix 13-05-06.03 - Nick 05/07/2013   0:27.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3199.2761 [GMT -4:00]
Running from: c:\documents and settings\Nick\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
The following files were disabled during the run:
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-07 to 2013-05-07  )))))))))))))))))))))))))))))))
.
.
2013-04-23 20:03 . 2013-04-23 20:03    --------    d-----w-    C:\swsetup
2013-04-23 05:10 . 2013-04-23 05:10    --------    d-----w-    C:\NVIDIA
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-23 05:22 . 2013-03-23 05:22    1010464    ----a-w-    c:\windows\system32\nvdispco3230790.dll
2013-03-23 05:22 . 2013-03-23 05:22    893728    ----a-w-    c:\windows\system32\nvdispgenco3230790.dll
2013-03-08 08:36 . 2002-08-29 14:00    293376    ----a-w-    c:\windows\system32\winsrv.dll
2013-03-07 01:32 . 2002-08-29 14:00    2149888    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2002-08-29 01:04    2028544    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06 . 2002-08-29 14:00    916480    ----a-w-    c:\windows\system32\wininet.dll
2013-03-02 02:06 . 2002-08-29 14:00    43520    ------w-    c:\windows\system32\licmgr10.dll
2013-03-02 02:06 . 2002-08-29 14:00    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-03-02 01:25 . 2002-08-29 14:00    1867264    ----a-w-    c:\windows\system32\win32k.sys
2013-02-21 19:06 . 2013-02-21 19:06    81920    ------w-    c:\windows\system32\ieencode.dll
2013-02-12 00:32 . 2002-08-29 14:00    12928    ----a-w-    c:\windows\system32\drivers\usb8023.sys
2013-04-10 06:58 . 2013-04-23 06:48    263064    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32    121968    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-03-15 15668512]
"NvMediaCenter"="NvMCTray.dll" [2013-03-15 223008]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-03-15 1982312]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2013-03-27 73832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [4/23/2013 3:07 AM 49248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/23/2013 3:07 AM 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/23/2013 3:07 AM 368176]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/23/2013 3:07 AM 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [4/23/2013 3:07 AM 66336]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [11/22/2012 10:33 AM 27056]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [11/22/2012 10:33 AM 497320]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [4/23/2013 3:07 AM 164736]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PROCEXP152
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-07 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-04-23 22:32]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 72.240.13.7 72.240.13.5 156.154.70.43
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Nick\Application Data\Mozilla\Firefox\Profiles\5se9u5xj.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - ExtSQL: 2013-04-23 03:07; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-04-27 22:52; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\TrustChecker
FF - ExtSQL: 2013-04-28 00:12; {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=base2013&Lan={dfltLng}&gu=efb84f7005354840b9ef33bc90d1cdd1&tu=10G90007n2B0008&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - 989d7d080000000000000050baca00ff
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 15823
FF - user.js: extensions.zonealarm.vrsn - 1.8.11.11
FF - user.js: extensions.zonealarm.vrsni - 1.8.11.11
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.11.1122:50
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1001
FF - user.js: extensions.zonealarm.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base2013
FF - user.js: extensions.zonealarm.instlRef - ZLN117823828601611-1001
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - true
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.kw_url - hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&gu=efb84f7005354840b9ef33bc90d1cdd1&tu=10G90007n2B0008&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.dnsErr - true
FF - user.js: extensions.zonealarm.newTab - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-ISW - (no file)
SafeBoot-75195093.sys
SafeBoot-86838435.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-07 00:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD10EZEX-00RKKA0 rev.80.00A80 -> Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-17
.
device: opened successfully
user: MBR read successfully
error: Read  A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x89E962E2
NDIS: Realtek RTL8139 Family PCI Fast Ethernet NIC -> SendHandler -> 0x89d34018
user & kernel MBR OK
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(588)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
.
- - - - - - - > 'lsass.exe'(648)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
.
- - - - - - - > 'explorer.exe'(1216)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-05-07  00:44:07
ComboFix-quarantined-files.txt  2013-05-07 04:44
.
Pre-Run: 891,962,011,648 bytes free
Post-Run: 891,925,385,216 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 7758FA9DD11541BBE7D58AF45D9693E1



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:53 PM

Posted 07 May 2013 - 12:23 AM



Hello tiko8019


I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================
and I will see if I want to see the whole report

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
  • •Internet access
    •Windows Update
    •Windows Firewall
9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and MBAR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 tiko8019

tiko8019
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 07 May 2013 - 01:06 AM

Computer is NOT trying to access malicious URLs. There is no unusal instance of svchost.exe. Problem seems fixed.

 

I ran TDSSKiller.exe and set up scan as instruced.

 

01:30:50.0687 3444  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
01:30:52.0687 3444  ============================================================
01:30:52.0687 3444  Current date / time: 2013/05/07 01:30:52.0687
01:30:52.0687 3444  SystemInfo:
01:30:52.0687 3444  
01:30:52.0687 3444  OS Version: 5.1.2600 ServicePack: 3.0
01:30:52.0687 3444  Product type: Workstation
01:30:52.0687 3444  ComputerName: MINE
01:30:52.0687 3444  UserName: Nick
01:30:52.0687 3444  Windows directory: C:\WINDOWS
01:30:52.0687 3444  System windows directory: C:\WINDOWS
01:30:52.0687 3444  Processor architecture: Intel x86
01:30:52.0687 3444  Number of processors: 2
01:30:52.0687 3444  Page size: 0x1000
01:30:52.0687 3444  Boot type: Normal boot
01:30:52.0687 3444  ============================================================
01:32:32.0953 3444  BG loaded
01:32:33.0531 3444  Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
01:32:33.0547 3444  Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
01:32:33.0547 3444  Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
01:32:33.0562 3444  ============================================================
01:32:33.0562 3444  \Device\Harddisk0\DR0:
01:32:33.0562 3444  MBR partitions:
01:32:33.0562 3444  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
01:32:33.0562 3444  \Device\Harddisk1\DR1:
01:32:33.0562 3444  MBR partitions:
01:32:33.0562 3444  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
01:32:33.0562 3444  \Device\Harddisk2\DR2:
01:32:33.0562 3444  MBR partitions:
01:32:33.0562 3444  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74701AC1
01:32:33.0562 3444  ============================================================
01:32:33.0609 3444  D: <-> \Device\Harddisk0\DR0\Partition1
01:32:33.0703 3444  C: <-> \Device\Harddisk2\DR2\Partition1
01:32:33.0718 3444  E: <-> \Device\Harddisk1\DR1\Partition1
01:32:33.0734 3444  ============================================================
01:32:33.0734 3444  Initialize success
01:32:33.0734 3444  ============================================================
01:32:44.0140 1408  ============================================================
01:32:44.0140 1408  Scan started
01:32:44.0140 1408  Mode: Manual; SigCheck; TDLFS;
01:32:44.0140 1408  ============================================================
01:32:45.0750 1408  ================ Scan system memory ========================
01:32:45.0750 1408  System memory - ok
01:32:45.0750 1408  ================ Scan services =============================
01:32:46.0078 1408  Abiosdsk - ok
01:32:46.0078 1408  abp480n5 - ok
01:32:46.0140 1408  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
01:32:46.0437 1408  ACPI - ok
01:32:46.0453 1408  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
01:32:46.0593 1408  ACPIEC - ok
01:32:46.0609 1408  adpu160m - ok
01:32:46.0625 1408  [ 3CB6AE5435987B1F8C83FD2730479878 ] aeaudio         C:\WINDOWS\system32\drivers\aeaudio.sys
01:32:46.0656 1408  aeaudio - ok
01:32:46.0703 1408  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
01:32:46.0859 1408  aec - ok
01:32:46.0890 1408  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
01:32:46.0937 1408  AFD - ok
01:32:46.0937 1408  Aha154x - ok
01:32:46.0953 1408  aic78u2 - ok
01:32:46.0953 1408  aic78xx - ok
01:32:46.0984 1408  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
01:32:47.0140 1408  Alerter - ok
01:32:47.0172 1408  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
01:32:47.0343 1408  ALG - ok
01:32:47.0343 1408  AliIde - ok
01:32:47.0359 1408  amsint - ok
01:32:47.0390 1408  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
01:32:47.0531 1408  AppMgmt - ok
01:32:47.0547 1408  asc - ok
01:32:47.0547 1408  asc3350p - ok
01:32:47.0562 1408  asc3550 - ok
01:32:47.0625 1408  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
01:32:47.0672 1408  aspnet_state - ok
01:32:47.0672 1408  [ CCDA8D84FD02AEC52E62F296433AE9DC ] aswFsBlk        C:\WINDOWS\system32\drivers\aswFsBlk.sys
01:32:47.0750 1408  aswFsBlk - ok
01:32:47.0765 1408  [ A6E20E62871A28A0F1C05B1681848FA7 ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
01:32:47.0781 1408  aswMonFlt - ok
01:32:47.0797 1408  [ C1A411B7CCD604554D96EFDAC2F83617 ] AswRdr          C:\WINDOWS\system32\drivers\AswRdr.sys
01:32:47.0828 1408  AswRdr - ok
01:32:47.0828 1408  [ 657A61979F40D67CA29716149766FFA7 ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
01:32:47.0859 1408  aswRvrt - ok
01:32:47.0875 1408  [ 0E604867FC28F00D91CB0B00D2EC830D ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
01:32:47.0922 1408  aswSnx - ok
01:32:47.0937 1408  [ 6FC4AA106AA505394C908D37CCCB9148 ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
01:32:47.0968 1408  aswSP - ok
01:32:47.0984 1408  [ 33E21FFB063CA6C7E00D568467DC72E4 ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
01:32:48.0000 1408  aswTdi - ok
01:32:48.0015 1408  [ EDB0C9BA44B748E420CCA989FD8B826E ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
01:32:48.0047 1408  aswVmm - ok
01:32:48.0078 1408  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
01:32:48.0234 1408  AsyncMac - ok
01:32:48.0234 1408  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
01:32:48.0375 1408  atapi - ok
01:32:48.0390 1408  Atdisk - ok
01:32:48.0406 1408  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
01:32:48.0562 1408  Atmarpc - ok
01:32:48.0593 1408  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
01:32:48.0734 1408  AudioSrv - ok
01:32:48.0750 1408  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
01:32:48.0890 1408  audstub - ok
01:32:48.0968 1408  [ 41735B82DB57E4EBE9504EC400FD120E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
01:32:48.0984 1408  avast! Antivirus - ok
01:32:49.0031 1408  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
01:32:49.0172 1408  Beep - ok
01:32:49.0187 1408  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
01:32:49.0375 1408  BITS - ok
01:32:49.0422 1408  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
01:32:49.0484 1408  Browser - ok
01:32:49.0593 1408  catchme - ok
01:32:49.0640 1408  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
01:32:49.0781 1408  cbidf2k - ok
01:32:49.0781 1408  cd20xrnt - ok
01:32:49.0828 1408  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
01:32:49.0968 1408  Cdaudio - ok
01:32:50.0000 1408  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
01:32:50.0156 1408  Cdfs - ok
01:32:50.0172 1408  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
01:32:50.0312 1408  Cdrom - ok
01:32:50.0328 1408  Changer - ok
01:32:50.0343 1408  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
01:32:50.0515 1408  CiSvc - ok
01:32:50.0531 1408  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
01:32:50.0672 1408  ClipSrv - ok
01:32:50.0734 1408  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:32:50.0781 1408  clr_optimization_v4.0.30319_32 - ok
01:32:50.0797 1408  CmdIde - ok
01:32:50.0797 1408  COMSysApp - ok
01:32:50.0812 1408  Cpqarray - ok
01:32:50.0828 1408  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
01:32:51.0000 1408  CryptSvc - ok
01:32:51.0000 1408  dac2w2k - ok
01:32:51.0015 1408  dac960nt - ok
01:32:51.0047 1408  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
01:32:51.0093 1408  DcomLaunch - ok
01:32:51.0109 1408  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
01:32:51.0265 1408  Dhcp - ok
01:32:51.0297 1408  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
01:32:51.0453 1408  Disk - ok
01:32:51.0453 1408  dmadmin - ok
01:32:51.0515 1408  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
01:32:51.0687 1408  dmboot - ok
01:32:51.0703 1408  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
01:32:51.0859 1408  dmio - ok
01:32:51.0875 1408  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
01:32:52.0015 1408  dmload - ok
01:32:52.0031 1408  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
01:32:52.0187 1408  dmserver - ok
01:32:52.0250 1408  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
01:32:52.0406 1408  DMusic - ok
01:32:52.0437 1408  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
01:32:52.0468 1408  Dnscache - ok
01:32:52.0515 1408  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
01:32:52.0656 1408  Dot3svc - ok
01:32:52.0672 1408  dpti2o - ok
01:32:52.0687 1408  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
01:32:52.0828 1408  drmkaud - ok
01:32:52.0875 1408  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
01:32:53.0015 1408  EapHost - ok
01:32:53.0031 1408  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
01:32:53.0187 1408  ERSvc - ok
01:32:53.0234 1408  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
01:32:53.0265 1408  Eventlog - ok
01:32:53.0281 1408  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\System32\es.dll
01:32:53.0312 1408  EventSystem - ok
01:32:53.0328 1408  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
01:32:53.0468 1408  Fastfat - ok
01:32:53.0515 1408  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
01:32:53.0547 1408  FastUserSwitchingCompatibility - ok
01:32:53.0593 1408  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
01:32:53.0734 1408  Fdc - ok
01:32:53.0765 1408  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
01:32:53.0906 1408  Fips - ok
01:32:53.0922 1408  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
01:32:54.0078 1408  Flpydisk - ok
01:32:54.0093 1408  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
01:32:54.0250 1408  FltMgr - ok
01:32:54.0250 1408  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
01:32:54.0390 1408  Fs_Rec - ok
01:32:54.0406 1408  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
01:32:54.0547 1408  Ftdisk - ok
01:32:54.0578 1408  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
01:32:54.0718 1408  Gpc - ok
01:32:54.0765 1408  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
01:32:54.0906 1408  helpsvc - ok
01:32:54.0922 1408  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
01:32:55.0078 1408  HidServ - ok
01:32:55.0109 1408  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
01:32:55.0250 1408  HidUsb - ok
01:32:55.0312 1408  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
01:32:55.0468 1408  hkmsvc - ok
01:32:55.0468 1408  hpn - ok
01:32:55.0500 1408  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
01:32:55.0531 1408  HTTP - ok
01:32:55.0578 1408  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
01:32:55.0750 1408  HTTPFilter - ok
01:32:55.0750 1408  i2omgmt - ok
01:32:55.0765 1408  i2omp - ok
01:32:55.0797 1408  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
01:32:56.0000 1408  i8042prt - ok
01:32:56.0015 1408  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
01:32:56.0203 1408  Imapi - ok
01:32:56.0218 1408  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
01:32:56.0375 1408  ImapiService - ok
01:32:56.0390 1408  ini910u - ok
01:32:56.0406 1408  IntelIde - ok
01:32:56.0422 1408  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
01:32:56.0562 1408  intelppm - ok
01:32:56.0593 1408  [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw           C:\WINDOWS\system32\drivers\ip6fw.sys
01:32:56.0750 1408  ip6fw - ok
01:32:56.0765 1408  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
01:32:56.0922 1408  IpFilterDriver - ok
01:32:56.0937 1408  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
01:32:57.0140 1408  IpInIp - ok
01:32:57.0156 1408  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
01:32:57.0328 1408  IpNat - ok
01:32:57.0343 1408  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
01:32:57.0484 1408  IPSec - ok
01:32:57.0515 1408  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
01:32:57.0656 1408  IRENUM - ok
01:32:57.0672 1408  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
01:32:57.0828 1408  isapnp - ok
01:32:57.0890 1408  [ 724A6A9AB5E1807665C5DB71C30BFC5F ] ISWKL           C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
01:32:57.0906 1408  ISWKL - ok
01:32:57.0937 1408  [ 57FE873B8246DEF1372503CBC57A7499 ] IswSvc          C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
01:32:57.0984 1408  IswSvc - ok
01:32:58.0047 1408  [ A1509BA3A5FDC5366146E92B3D130EB5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
01:32:58.0078 1408  JavaQuickStarterService - ok
01:32:58.0078 1408  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
01:32:58.0234 1408  Kbdclass - ok
01:32:58.0281 1408  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
01:32:58.0453 1408  kmixer - ok
01:32:58.0468 1408  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
01:32:58.0484 1408  KSecDD - ok
01:32:58.0515 1408  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
01:32:58.0562 1408  lanmanserver - ok
01:32:58.0562 1408  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
01:32:58.0640 1408  lanmanworkstation - ok
01:32:58.0640 1408  lbrtfdc - ok
01:32:58.0672 1408  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
01:32:58.0843 1408  LmHosts - ok
01:32:58.0859 1408  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
01:32:59.0078 1408  Messenger - ok
01:32:59.0093 1408  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
01:32:59.0234 1408  mnmdd - ok
01:32:59.0265 1408  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\System32\mnmsrvc.exe
01:32:59.0422 1408  mnmsrvc - ok
01:32:59.0453 1408  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
01:32:59.0593 1408  Modem - ok
01:32:59.0609 1408  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
01:32:59.0750 1408  Mouclass - ok
01:32:59.0750 1408  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
01:32:59.0922 1408  MountMgr - ok
01:32:59.0968 1408  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
01:33:00.0000 1408  MozillaMaintenance - ok
01:33:00.0000 1408  mraid35x - ok
01:33:00.0015 1408  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
01:33:00.0172 1408  MRxDAV - ok
01:33:00.0218 1408  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
01:33:00.0281 1408  MRxSmb - ok
01:33:00.0312 1408  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
01:33:00.0453 1408  MSDTC - ok
01:33:00.0468 1408  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
01:33:00.0609 1408  Msfs - ok
01:33:00.0609 1408  MSIServer - ok
01:33:00.0640 1408  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
01:33:00.0812 1408  MSKSSRV - ok
01:33:00.0828 1408  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
01:33:01.0000 1408  MSPCLOCK - ok
01:33:01.0000 1408  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
01:33:01.0140 1408  MSPQM - ok
01:33:01.0172 1408  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
01:33:01.0312 1408  mssmbios - ok
01:33:01.0328 1408  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
01:33:01.0343 1408  Mup - ok
01:33:01.0406 1408  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
01:33:01.0562 1408  napagent - ok
01:33:01.0578 1408  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
01:33:01.0734 1408  NDIS - ok
01:33:01.0765 1408  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
01:33:01.0781 1408  NdisTapi - ok
01:33:01.0797 1408  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
01:33:01.0937 1408  Ndisuio - ok
01:33:01.0953 1408  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
01:33:02.0109 1408  NdisWan - ok
01:33:02.0109 1408  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
01:33:02.0140 1408  NDProxy - ok
01:33:02.0156 1408  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
01:33:02.0297 1408  NetBIOS - ok
01:33:02.0312 1408  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
01:33:02.0453 1408  NetBT - ok
01:33:02.0468 1408  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
01:33:02.0609 1408  NetDDE - ok
01:33:02.0625 1408  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
01:33:02.0765 1408  NetDDEdsdm - ok
01:33:02.0812 1408  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
01:33:02.0968 1408  Netlogon - ok
01:33:02.0984 1408  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
01:33:03.0125 1408  Netman - ok
01:33:03.0156 1408  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
01:33:03.0187 1408  Nla - ok
01:33:03.0187 1408  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
01:33:03.0328 1408  Npfs - ok
01:33:03.0343 1408  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
01:33:03.0515 1408  Ntfs - ok
01:33:03.0515 1408  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\System32\lsass.exe
01:33:03.0672 1408  NtLmSsp - ok
01:33:03.0703 1408  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
01:33:03.0875 1408  NtmsSvc - ok
01:33:03.0875 1408  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
01:33:04.0031 1408  Null - ok
01:33:04.0234 1408  [ 9CDA796E6BEC89EFF45EF430651EA74B ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
01:33:04.0547 1408  nv - ok
01:33:04.0578 1408  [ 30CB85790A3C70AE45C88E28BA6397C2 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
01:33:04.0609 1408  NVSvc - ok
01:33:04.0703 1408  [ 37C8EC2860DF210ED93A94BF6525CBC7 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
01:33:04.0765 1408  nvUpdatusService - ok
01:33:04.0797 1408  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
01:33:05.0047 1408  NwlnkFlt - ok
01:33:05.0062 1408  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
01:33:05.0218 1408  NwlnkFwd - ok
01:33:05.0234 1408  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
01:33:05.0375 1408  Parport - ok
01:33:05.0375 1408  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
01:33:05.0531 1408  PartMgr - ok
01:33:05.0562 1408  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
01:33:05.0718 1408  ParVdm - ok
01:33:05.0718 1408  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
01:33:05.0859 1408  PCI - ok
01:33:05.0875 1408  PCIDump - ok
01:33:05.0875 1408  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
01:33:06.0031 1408  PCIIde - ok
01:33:06.0078 1408  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
01:33:06.0218 1408  Pcmcia - ok
01:33:06.0234 1408  PDCOMP - ok
01:33:06.0234 1408  PDFRAME - ok
01:33:06.0250 1408  PDRELI - ok
01:33:06.0250 1408  PDRFRAME - ok
01:33:06.0265 1408  perc2 - ok
01:33:06.0265 1408  perc2hib - ok
01:33:06.0297 1408  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
01:33:06.0343 1408  PlugPlay - ok
01:33:06.0343 1408  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
01:33:06.0500 1408  PolicyAgent - ok
01:33:06.0515 1408  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
01:33:06.0687 1408  PptpMiniport - ok
01:33:06.0703 1408  [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
01:33:06.0906 1408  Processor - ok
01:33:06.0922 1408  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
01:33:07.0078 1408  ProtectedStorage - ok
01:33:07.0093 1408  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
01:33:07.0250 1408  PSched - ok
01:33:07.0265 1408  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
01:33:07.0422 1408  Ptilink - ok
01:33:07.0422 1408  ql1080 - ok
01:33:07.0422 1408  Ql10wnt - ok
01:33:07.0437 1408  ql12160 - ok
01:33:07.0453 1408  ql1240 - ok
01:33:07.0453 1408  ql1280 - ok
01:33:07.0468 1408  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
01:33:07.0625 1408  RasAcd - ok
01:33:07.0656 1408  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
01:33:07.0828 1408  RasAuto - ok
01:33:07.0859 1408  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
01:33:08.0015 1408  Rasl2tp - ok
01:33:08.0062 1408  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
01:33:08.0218 1408  RasMan - ok
01:33:08.0218 1408  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
01:33:08.0390 1408  RasPppoe - ok
01:33:08.0390 1408  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
01:33:08.0547 1408  Raspti - ok
01:33:08.0578 1408  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
01:33:08.0718 1408  Rdbss - ok
01:33:08.0718 1408  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
01:33:08.0875 1408  RDPCDD - ok
01:33:08.0890 1408  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
01:33:09.0047 1408  rdpdr - ok
01:33:09.0062 1408  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
01:33:09.0109 1408  RDPWD - ok
01:33:09.0140 1408  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
01:33:09.0312 1408  RDSessMgr - ok
01:33:09.0312 1408  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
01:33:09.0468 1408  redbook - ok
01:33:09.0515 1408  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
01:33:09.0672 1408  RemoteAccess - ok
01:33:09.0703 1408  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
01:33:09.0875 1408  RemoteRegistry - ok
01:33:09.0890 1408  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\System32\locator.exe
01:33:10.0031 1408  RpcLocator - ok
01:33:10.0062 1408  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
01:33:10.0109 1408  RpcSs - ok
01:33:10.0140 1408  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\System32\rsvp.exe
01:33:10.0297 1408  RSVP - ok
01:33:10.0328 1408  [ D507C1400284176573224903819FFDA3 ] rtl8139         C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
01:33:10.0453 1408  rtl8139 - ok
01:33:10.0453 1408  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
01:33:10.0609 1408  SamSs - ok
01:33:10.0609 1408  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
01:33:10.0765 1408  SCardSvr - ok
01:33:10.0797 1408  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
01:33:10.0937 1408  Schedule - ok
01:33:10.0968 1408  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
01:33:11.0125 1408  Secdrv - ok
01:33:11.0125 1408  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
01:33:11.0281 1408  seclogon - ok
01:33:11.0281 1408  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
01:33:11.0437 1408  SENS - ok
01:33:11.0453 1408  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
01:33:11.0593 1408  serenum - ok
01:33:11.0593 1408  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
01:33:11.0750 1408  Serial - ok
01:33:11.0765 1408  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
01:33:11.0922 1408  Sfloppy - ok
01:33:11.0937 1408  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
01:33:12.0093 1408  SharedAccess - ok
01:33:12.0109 1408  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
01:33:12.0156 1408  ShellHWDetection - ok
01:33:12.0156 1408  Simbad - ok
01:33:12.0187 1408  [ 86D17B6760DD2B09E932FF101714E0DC ] smwdm           C:\WINDOWS\system32\drivers\smwdm.sys
01:33:12.0234 1408  smwdm - ok
01:33:12.0234 1408  Sparrow - ok
01:33:12.0281 1408  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
01:33:12.0437 1408  splitter - ok
01:33:12.0453 1408  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
01:33:12.0484 1408  Spooler - ok
01:33:12.0515 1408  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
01:33:12.0656 1408  sr - ok
01:33:12.0672 1408  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
01:33:12.0812 1408  srservice - ok
01:33:12.0843 1408  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
01:33:12.0875 1408  Srv - ok
01:33:12.0890 1408  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
01:33:13.0047 1408  SSDPSRV - ok
01:33:13.0078 1408  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
01:33:13.0265 1408  stisvc - ok
01:33:13.0281 1408  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
01:33:13.0422 1408  swenum - ok
01:33:13.0437 1408  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
01:33:13.0593 1408  swmidi - ok
01:33:13.0593 1408  SwPrv - ok
01:33:13.0609 1408  symc810 - ok
01:33:13.0625 1408  symc8xx - ok
01:33:13.0625 1408  sym_hi - ok
01:33:13.0625 1408  sym_u3 - ok
01:33:13.0656 1408  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
01:33:13.0812 1408  sysaudio - ok
01:33:13.0828 1408  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
01:33:13.0968 1408  SysmonLog - ok
01:33:14.0015 1408  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
01:33:14.0156 1408  TapiSrv - ok
01:33:14.0172 1408  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
01:33:14.0203 1408  Tcpip - ok
01:33:14.0234 1408  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
01:33:14.0390 1408  TDPIPE - ok
01:33:14.0406 1408  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
01:33:14.0547 1408  TDTCP - ok
01:33:14.0562 1408  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
01:33:14.0703 1408  TermDD - ok
01:33:14.0718 1408  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
01:33:14.0890 1408  TermService - ok
01:33:14.0890 1408  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
01:33:14.0937 1408  Themes - ok
01:33:14.0937 1408  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\System32\tlntsvr.exe
01:33:15.0093 1408  TlntSvr - ok
01:33:15.0109 1408  TosIde - ok
01:33:15.0125 1408  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
01:33:15.0297 1408  TrkWks - ok
01:33:15.0328 1408  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
01:33:15.0468 1408  Udfs - ok
01:33:15.0468 1408  ultra - ok
01:33:15.0484 1408  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
01:33:15.0640 1408  Update - ok
01:33:15.0672 1408  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
01:33:15.0843 1408  upnphost - ok
01:33:15.0843 1408  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
01:33:16.0000 1408  UPS - ok
01:33:16.0031 1408  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
01:33:16.0203 1408  usbaudio - ok
01:33:16.0265 1408  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
01:33:16.0484 1408  usbccgp - ok
01:33:16.0531 1408  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
01:33:16.0703 1408  usbehci - ok
01:33:16.0703 1408  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
01:33:16.0890 1408  usbhub - ok
01:33:16.0890 1408  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
01:33:17.0047 1408  usbprint - ok
01:33:17.0062 1408  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
01:33:17.0203 1408  USBSTOR - ok
01:33:17.0234 1408  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
01:33:17.0422 1408  usbuhci - ok
01:33:17.0437 1408  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
01:33:17.0609 1408  VgaSave - ok
01:33:17.0609 1408  ViaIde - ok
01:33:17.0640 1408  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
01:33:17.0797 1408  VolSnap - ok
01:33:17.0828 1408  [ B96ECAE46A68F57862BACF59EEC24FEF ] Vsdatant        C:\WINDOWS\system32\vsdatant.sys
01:33:17.0875 1408  Vsdatant - ok
01:33:17.0906 1408  vsmon - ok
01:33:17.0953 1408  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
01:33:18.0109 1408  VSS - ok
01:33:18.0140 1408  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
01:33:18.0297 1408  W32Time - ok
01:33:18.0312 1408  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
01:33:18.0484 1408  Wanarp - ok
01:33:18.0500 1408  WDICA - ok
01:33:18.0531 1408  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
01:33:18.0687 1408  wdmaud - ok
01:33:18.0703 1408  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
01:33:18.0859 1408  WebClient - ok
01:33:18.0890 1408  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
01:33:19.0047 1408  winmgmt - ok
01:33:19.0078 1408  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
01:33:19.0109 1408  WmdmPmSN - ok
01:33:19.0140 1408  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
01:33:19.0203 1408  Wmi - ok
01:33:19.0234 1408  [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
01:33:19.0406 1408  WmiAcpi - ok
01:33:19.0406 1408  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\System32\wbem\wmiapsrv.exe
01:33:19.0609 1408  WmiApSrv - ok
01:33:19.0656 1408  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
01:33:19.0718 1408  WMPNetworkSvc - ok
01:33:19.0781 1408  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
01:33:19.0828 1408  WPFFontCache_v0400 - ok
01:33:19.0859 1408  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
01:33:20.0015 1408  WS2IFSL - ok
01:33:20.0062 1408  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
01:33:20.0203 1408  wscsvc - ok
01:33:20.0265 1408  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
01:33:20.0437 1408  wuauserv - ok
01:33:20.0453 1408  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
01:33:20.0484 1408  WudfPf - ok
01:33:20.0500 1408  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
01:33:20.0531 1408  WudfRd - ok
01:33:20.0531 1408  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
01:33:20.0578 1408  WudfSvc - ok
01:33:20.0609 1408  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
01:33:20.0781 1408  WZCSVC - ok
01:33:20.0812 1408  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
01:33:20.0968 1408  xmlprov - ok
01:33:20.0968 1408  ================ Scan global ===============================
01:33:20.0984 1408  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
01:33:21.0015 1408  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
01:33:21.0031 1408  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
01:33:21.0078 1408  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
01:33:21.0078 1408  [Global] - ok
01:33:21.0078 1408  ================ Scan MBR ==================================
01:33:21.0109 1408  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
01:33:21.0312 1408  \Device\Harddisk0\DR0 - ok
01:33:21.0328 1408  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
01:33:21.0765 1408  \Device\Harddisk1\DR1 - ok
01:33:21.0797 1408  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
01:33:21.0797 1408  Suspicious mbr (Forged): \Device\Harddisk2\DR2
01:33:21.0812 1408  \Device\Harddisk2\DR2 ( Rootkit.Boot.Pihar.c ) - infected
01:33:21.0812 1408  \Device\Harddisk2\DR2 - detected Rootkit.Boot.Pihar.c (0)
01:33:21.0843 1408  \Device\Harddisk2\DR2 ( TDSS File System ) - warning
01:33:21.0843 1408  \Device\Harddisk2\DR2 - detected TDSS File System (1)
01:33:21.0843 1408  ================ Scan VBR ==================================
01:33:21.0859 1408  [ 47A702D62AAE34883DEF75E6C047BEAB ] \Device\Harddisk0\DR0\Partition1
01:33:21.0875 1408  \Device\Harddisk0\DR0\Partition1 - ok
01:33:21.0875 1408  [ 0F6BCD4AD7CE8DAE93FE1E4F73AB3925 ] \Device\Harddisk1\DR1\Partition1
01:33:21.0875 1408  \Device\Harddisk1\DR1\Partition1 - ok
01:33:21.0875 1408  [ 9E8FB67089CEE9CE81C1B3994C07F1CC ] \Device\Harddisk2\DR2\Partition1
01:33:21.0890 1408  \Device\Harddisk2\DR2\Partition1 - ok
01:33:21.0890 1408  ================ Scan active images ========================
01:33:21.0890 1408  [ 9CDA796E6BEC89EFF45EF430651EA74B ] C:\WINDOWS\system32\drivers\nv4_mini.sys
01:33:21.0890 1408  C:\WINDOWS\system32\drivers\nv4_mini.sys - ok
01:33:21.0890 1408  [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
01:33:21.0890 1408  C:\WINDOWS\system32\drivers\videoprt.sys - ok
01:33:21.0890 1408  [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys
01:33:21.0890 1408  C:\WINDOWS\system32\drivers\usbport.sys - ok
01:33:21.0906 1408  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] C:\WINDOWS\system32\drivers\usbuhci.sys
01:33:21.0906 1408  C:\WINDOWS\system32\drivers\usbuhci.sys - ok
01:33:21.0906 1408  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
01:33:21.0906 1408  C:\WINDOWS\system32\drivers\usbehci.sys - ok
01:33:21.0922 1408  [ D507C1400284176573224903819FFDA3 ] C:\WINDOWS\system32\drivers\rtl8139.sys
01:33:21.0922 1408  C:\WINDOWS\system32\drivers\rtl8139.sys - ok
01:33:21.0922 1408  [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
01:33:21.0922 1408  C:\WINDOWS\system32\drivers\drmk.sys - ok
01:33:21.0922 1408  [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
01:33:21.0922 1408  C:\WINDOWS\system32\drivers\ks.sys - ok
01:33:21.0937 1408  [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys
01:33:21.0937 1408  C:\WINDOWS\system32\drivers\portcls.sys - ok
01:33:21.0937 1408  [ 86D17B6760DD2B09E932FF101714E0DC ] C:\WINDOWS\system32\drivers\smwdm.sys
01:33:21.0937 1408  C:\WINDOWS\system32\drivers\smwdm.sys - ok
01:33:21.0937 1408  [ 3CB6AE5435987B1F8C83FD2730479878 ] C:\WINDOWS\system32\drivers\aeaudio.sys
01:33:21.0937 1408  C:\WINDOWS\system32\drivers\aeaudio.sys - ok
01:33:21.0953 1408  [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys
01:33:21.0953 1408  C:\WINDOWS\system32\drivers\i8042prt.sys - ok
01:33:21.0953 1408  [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
01:33:21.0953 1408  C:\WINDOWS\system32\drivers\kbdclass.sys - ok
01:33:21.0968 1408  [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
01:33:21.0968 1408  C:\WINDOWS\system32\drivers\mouclass.sys - ok
01:33:21.0968 1408  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys
01:33:21.0968 1408  C:\WINDOWS\system32\drivers\fdc.sys - ok
01:33:21.0968 1408  [ 8C953733D8F36EB2133F5BB58808B66B ] C:\WINDOWS\system32\drivers\intelppm.sys
01:33:21.0968 1408  C:\WINDOWS\system32\drivers\intelppm.sys - ok
01:33:21.0984 1408  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] C:\WINDOWS\system32\drivers\parport.sys
01:33:21.0984 1408  C:\WINDOWS\system32\drivers\parport.sys - ok
01:33:21.0984 1408  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] C:\WINDOWS\system32\drivers\serenum.sys
01:33:21.0984 1408  C:\WINDOWS\system32\drivers\serenum.sys - ok
01:33:21.0984 1408  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\system32\drivers\serial.sys
01:33:21.0984 1408  C:\WINDOWS\system32\drivers\serial.sys - ok
01:33:22.0000 1408  [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
01:33:22.0000 1408  C:\WINDOWS\system32\drivers\audstub.sys - ok
01:33:22.0000 1408  [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys
01:33:22.0000 1408  C:\WINDOWS\system32\drivers\ndistapi.sys - ok
01:33:22.0015 1408  [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
01:33:22.0015 1408  C:\WINDOWS\system32\drivers\ndiswan.sys - ok
01:33:22.0015 1408  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
01:33:22.0015 1408  C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
01:33:22.0015 1408  [ C42584FD66CE9E17403AEBCA199F7BDB ] C:\WINDOWS\system32\drivers\wmiacpi.sys
01:33:22.0015 1408  C:\WINDOWS\system32\drivers\wmiacpi.sys - ok
01:33:22.0031 1408  [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys
01:33:22.0031 1408  C:\WINDOWS\system32\drivers\psched.sys - ok
01:33:22.0031 1408  [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
01:33:22.0031 1408  C:\WINDOWS\system32\drivers\raspppoe.sys - ok
01:33:22.0031 1408  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
01:33:22.0031 1408  C:\WINDOWS\system32\drivers\raspptp.sys - ok
01:33:22.0047 1408  [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
01:33:22.0047 1408  C:\WINDOWS\system32\drivers\tdi.sys - ok
01:33:22.0047 1408  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
01:33:22.0047 1408  C:\WINDOWS\system32\drivers\msgpc.sys - ok
01:33:22.0047 1408  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
01:33:22.0047 1408  C:\WINDOWS\system32\drivers\ptilink.sys - ok
01:33:22.0062 1408  [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
01:33:22.0062 1408  C:\WINDOWS\system32\drivers\raspti.sys - ok
01:33:22.0062 1408  [ 15CABD0F7C00C47C70124907916AF3F1 ] C:\WINDOWS\system32\drivers\rdpdr.sys
01:33:22.0062 1408  C:\WINDOWS\system32\drivers\rdpdr.sys - ok
01:33:22.0062 1408  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
01:33:22.0062 1408  C:\WINDOWS\system32\drivers\swenum.sys - ok
01:33:22.0078 1408  [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
01:33:22.0078 1408  C:\WINDOWS\system32\drivers\termdd.sys - ok
01:33:22.0078 1408  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
01:33:22.0078 1408  C:\WINDOWS\system32\drivers\mssmbios.sys - ok
01:33:22.0078 1408  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
01:33:22.0093 1408  C:\WINDOWS\system32\drivers\update.sys - ok
01:33:22.0093 1408  [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys
01:33:22.0093 1408  C:\WINDOWS\system32\drivers\ndproxy.sys - ok
01:33:22.0093 1408  [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
01:33:22.0093 1408  C:\WINDOWS\system32\drivers\usbd.sys - ok
01:33:22.0109 1408  [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
01:33:22.0109 1408  C:\WINDOWS\system32\drivers\usbhub.sys - ok
01:33:22.0109 1408  [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys
01:33:22.0109 1408  C:\WINDOWS\system32\drivers\cdrom.sys - ok
01:33:22.0109 1408  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys
01:33:22.0109 1408  C:\WINDOWS\system32\drivers\flpydisk.sys - ok
01:33:22.0125 1408  [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
01:33:22.0125 1408  C:\WINDOWS\system32\drivers\sfloppy.sys - ok
01:33:22.0125 1408  [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
01:33:22.0125 1408  C:\WINDOWS\system32\drivers\beep.sys - ok
01:33:22.0125 1408  [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
01:33:22.0125 1408  C:\WINDOWS\system32\drivers\cdaudio.sys - ok
01:33:22.0140 1408  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
01:33:22.0140 1408  C:\WINDOWS\system32\drivers\fs_rec.sys - ok
01:33:22.0140 1408  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
01:33:22.0140 1408  C:\WINDOWS\system32\drivers\null.sys - ok
01:33:22.0156 1408  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
01:33:22.0156 1408  C:\WINDOWS\system32\drivers\vga.sys - ok
01:33:22.0156 1408  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
01:33:22.0156 1408  C:\WINDOWS\system32\drivers\mnmdd.sys - ok
01:33:22.0156 1408  [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
01:33:22.0156 1408  C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
01:33:22.0172 1408  [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
01:33:22.0172 1408  C:\WINDOWS\system32\drivers\ipsec.sys - ok
01:33:22.0172 1408  [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
01:33:22.0172 1408  C:\WINDOWS\system32\drivers\msfs.sys - ok
01:33:22.0172 1408  [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
01:33:22.0172 1408  C:\WINDOWS\system32\drivers\npfs.sys - ok
01:33:22.0187 1408  [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
01:33:22.0187 1408  C:\WINDOWS\system32\drivers\rasacd.sys - ok
01:33:22.0187 1408  [ 33E21FFB063CA6C7E00D568467DC72E4 ] C:\WINDOWS\system32\drivers\aswTdi.sys
01:33:22.0187 1408  C:\WINDOWS\system32\drivers\aswTdi.sys - ok
01:33:22.0203 1408  [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys
01:33:22.0203 1408  C:\WINDOWS\system32\drivers\ipnat.sys - ok
01:33:22.0203 1408  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
01:33:22.0203 1408  C:\WINDOWS\system32\drivers\netbt.sys - ok
01:33:22.0203 1408  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys
01:33:22.0203 1408  C:\WINDOWS\system32\drivers\tcpip.sys - ok
01:33:22.0218 1408  [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
01:33:22.0218 1408  C:\WINDOWS\system32\drivers\wanarp.sys - ok
01:33:22.0218 1408  [ C1A411B7CCD604554D96EFDAC2F83617 ] C:\WINDOWS\system32\drivers\aswRdr.sys
01:33:22.0218 1408  C:\WINDOWS\system32\drivers\aswRdr.sys - ok
01:33:22.0218 1408  [ A717C8721046828520C9EDF31288FC00 ] C:\WINDOWS\system32\drivers\usbprint.sys
01:33:22.0218 1408  C:\WINDOWS\system32\drivers\usbprint.sys - ok
01:33:22.0234 1408  [ B96ECAE46A68F57862BACF59EEC24FEF ] C:\WINDOWS\system32\vsdatant.sys
01:33:22.0234 1408  C:\WINDOWS\system32\vsdatant.sys - ok
01:33:22.0234 1408  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] C:\WINDOWS\system32\drivers\ws2ifsl.sys
01:33:22.0234 1408  C:\WINDOWS\system32\drivers\ws2ifsl.sys - ok
01:33:22.0234 1408  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys
01:33:22.0234 1408  C:\WINDOWS\system32\drivers\afd.sys - ok
01:33:22.0250 1408  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
01:33:22.0250 1408  C:\WINDOWS\system32\drivers\netbios.sys - ok
01:33:22.0250 1408  [ A32BEBAF723557681BFC6BD93E98BD26 ] C:\WINDOWS\system32\drivers\processr.sys
01:33:22.0250 1408  C:\WINDOWS\system32\drivers\processr.sys - ok
01:33:22.0265 1408  [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
01:33:22.0265 1408  C:\WINDOWS\system32\drivers\redbook.sys - ok
01:33:22.0265 1408  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
01:33:22.0265 1408  C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
01:33:22.0265 1408  [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
01:33:22.0265 1408  C:\WINDOWS\system32\drivers\rdbss.sys - ok
01:33:22.0281 1408  [ 6FC4AA106AA505394C908D37CCCB9148 ] C:\WINDOWS\system32\drivers\aswSP.sys
01:33:22.0281 1408  C:\WINDOWS\system32\drivers\aswSP.sys - ok
01:33:22.0281 1408  [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
01:33:22.0281 1408  C:\WINDOWS\system32\drivers\fips.sys - ok
01:33:22.0281 1408  [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
01:33:22.0281 1408  C:\WINDOWS\system32\drivers\imapi.sys - ok
01:33:22.0297 1408  [ 0E604867FC28F00D91CB0B00D2EC830D ] C:\WINDOWS\system32\drivers\aswSnx.sys
01:33:22.0297 1408  C:\WINDOWS\system32\drivers\aswSnx.sys - ok
01:33:22.0297 1408  [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
01:33:22.0297 1408  C:\WINDOWS\system32\smss.exe - ok
01:33:22.0297 1408  [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll
01:33:22.0297 1408  C:\WINDOWS\system32\ntdll.dll - ok
01:33:22.0312 1408  [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe
01:33:22.0312 1408  C:\WINDOWS\system32\autochk.exe - ok
01:33:22.0312 1408  [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll
01:33:22.0312 1408  C:\WINDOWS\system32\sfcfiles.dll - ok
01:33:22.0312 1408  [ 2F31B7F954BED437F2C75026C65CAF7B ] C:\WINDOWS\system32\drivers\wmilib.sys
01:33:22.0312 1408  C:\WINDOWS\system32\drivers\wmilib.sys - ok
01:33:22.0328 1408  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] C:\WINDOWS\system32\drivers\atapi.sys
01:33:22.0328 1408  C:\WINDOWS\system32\drivers\atapi.sys - ok
01:33:22.0328 1408  [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
01:33:22.0328 1408  C:\WINDOWS\system32\drivers\dxapi.sys - ok
01:33:22.0343 1408  [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\system32\csrsrv.dll
01:33:22.0343 1408  C:\WINDOWS\system32\csrsrv.dll - ok
01:33:22.0343 1408  [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
01:33:22.0343 1408  C:\WINDOWS\system32\csrss.exe - ok
01:33:22.0343 1408  [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
01:33:22.0343 1408  C:\WINDOWS\system32\watchdog.sys - ok
01:33:22.0359 1408  [ 860AC2E4711D2DACF12D98A42105A611 ] C:\WINDOWS\system32\win32k.sys
01:33:22.0359 1408  C:\WINDOWS\system32\win32k.sys - ok
01:33:22.0359 1408  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
01:33:22.0359 1408  C:\WINDOWS\system32\basesrv.dll - ok
01:33:22.0359 1408  [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll
01:33:22.0359 1408  C:\WINDOWS\system32\gdi32.dll - ok
01:33:22.0375 1408  [ 6FE42512AB1B89F32A7407F261B1D2D0 ] C:\WINDOWS\system32\kernel32.dll
01:33:22.0375 1408  C:\WINDOWS\system32\kernel32.dll - ok
01:33:22.0375 1408  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
01:33:22.0375 1408  C:\WINDOWS\system32\winsrv.dll - ok
01:33:22.0390 1408  [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
01:33:22.0390 1408  C:\WINDOWS\system32\user32.dll - ok
01:33:22.0390 1408  [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
01:33:22.0390 1408  C:\WINDOWS\system32\drivers\dxg.sys - ok
01:33:22.0390 1408  [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
01:33:22.0390 1408  C:\WINDOWS\system32\drivers\dxgthk.sys - ok
01:33:22.0406 1408  [ 433A669BD4920F10E3AA9EED7A21515C ] C:\WINDOWS\system32\nv4_disp.dll
01:33:22.0406 1408  C:\WINDOWS\system32\nv4_disp.dll - ok
01:33:22.0406 1408  [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
01:33:22.0406 1408  C:\WINDOWS\system32\vga.dll - ok
01:33:22.0406 1408  [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe
01:33:22.0406 1408  C:\WINDOWS\system32\winlogon.exe - ok
01:33:22.0422 1408  [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll
01:33:22.0422 1408  C:\WINDOWS\system32\advapi32.dll - ok
01:33:22.0422 1408  [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll
01:33:22.0422 1408  C:\WINDOWS\system32\rpcrt4.dll - ok
01:33:22.0422 1408  [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll
01:33:22.0422 1408  C:\WINDOWS\system32\secur32.dll - ok
01:33:22.0437 1408  [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
01:33:22.0437 1408  C:\WINDOWS\system32\authz.dll - ok
01:33:22.0437 1408  [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll
01:33:22.0437 1408  C:\WINDOWS\system32\msvcrt.dll - ok
01:33:22.0453 1408  [ 6BEE5D4EFF0A0341BCC4A462D81CCFC1 ] C:\WINDOWS\system32\crypt32.dll
01:33:22.0453 1408  C:\WINDOWS\system32\crypt32.dll - ok
01:33:22.0453 1408  [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll
01:33:22.0453 1408  C:\WINDOWS\system32\msasn1.dll - ok
01:33:22.0453 1408  [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll
01:33:22.0453 1408  C:\WINDOWS\system32\nddeapi.dll - ok
01:33:22.0468 1408  [ CAC752BF84DB4666ED3CE0948E6EA937 ] C:\WINDOWS\system32\netapi32.dll
01:33:22.0468 1408  C:\WINDOWS\system32\netapi32.dll - ok
01:33:22.0468 1408  [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll
01:33:22.0468 1408  C:\WINDOWS\system32\profmap.dll - ok
01:33:22.0468 1408  [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll
01:33:22.0468 1408  C:\WINDOWS\system32\userenv.dll - ok
01:33:22.0484 1408  [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll
01:33:22.0484 1408  C:\WINDOWS\system32\psapi.dll - ok
01:33:22.0484 1408  [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll
01:33:22.0484 1408  C:\WINDOWS\system32\regapi.dll - ok
01:33:22.0484 1408  [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll
01:33:22.0484 1408  C:\WINDOWS\system32\setupapi.dll - ok
01:33:22.0500 1408  [ FFC01A72D1C25CCB39F61B202CE60819 ] C:\WINDOWS\system32\imagehlp.dll
01:33:22.0500 1408  C:\WINDOWS\system32\imagehlp.dll - ok
01:33:22.0500 1408  [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll
01:33:22.0500 1408  C:\WINDOWS\system32\version.dll - ok
01:33:22.0515 1408  [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll
01:33:22.0515 1408  C:\WINDOWS\system32\winsta.dll - ok
01:33:22.0515 1408  [ D458B738B4C2CE33174CFB2CE12412DB ] C:\WINDOWS\system32\wintrust.dll
01:33:22.0515 1408  C:\WINDOWS\system32\wintrust.dll - ok
01:33:22.0515 1408  [ A9D17E2AFAB5EB5C4920D8E07505D3CA ] C:\WINDOWS\system32\urlmon.dll
01:33:22.0515 1408  C:\WINDOWS\system32\urlmon.dll - ok
01:33:22.0531 1408  [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll
01:33:22.0531 1408  C:\WINDOWS\system32\ws2help.dll - ok
01:33:22.0531 1408  [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll
01:33:22.0531 1408  C:\WINDOWS\system32\ws2_32.dll - ok
01:33:22.0531 1408  [ 6BAD1BED9872E62049E487FB91AE2F3A ] C:\WINDOWS\system32\ole32.dll
01:33:22.0531 1408  C:\WINDOWS\system32\ole32.dll - ok
01:33:22.0547 1408  [ EFF03460E542EEA6B0ABDEC6BF19C897 ] C:\WINDOWS\system32\oleaut32.dll
01:33:22.0547 1408  C:\WINDOWS\system32\oleaut32.dll - ok
01:33:22.0547 1408  [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll
01:33:22.0547 1408  C:\WINDOWS\system32\shlwapi.dll - ok
01:33:22.0547 1408  [ BD485DBD15FFA3286A75906E4C4DD914 ] C:\WINDOWS\system32\iertutil.dll
01:33:22.0547 1408  C:\WINDOWS\system32\iertutil.dll - ok
01:33:22.0562 1408  [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll
01:33:22.0562 1408  C:\WINDOWS\system32\sxs.dll - ok
01:33:22.0562 1408  [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
01:33:22.0562 1408  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
01:33:22.0562 1408  [ 224FB925C641DA16CEB6D60F40CA4C75 ] C:\WINDOWS\system32\atl.dll
01:33:22.0562 1408  C:\WINDOWS\system32\atl.dll - ok
01:33:22.0578 1408  [ DA5B96A293B006572209E5EAC9F3A045 ] C:\WINDOWS\system32\wininet.dll
01:33:22.0578 1408  C:\WINDOWS\system32\wininet.dll - ok
01:33:22.0578 1408  [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
01:33:22.0578 1408  C:\WINDOWS\system32\normaliz.dll - ok
01:33:22.0593 1408  [ 6843D54BC4A40CC8C5741AF750233D10 ] C:\WINDOWS\system32\shell32.dll
01:33:22.0593 1408  C:\WINDOWS\system32\shell32.dll - ok
01:33:22.0593 1408  [ 4A953F13942867BA8FB41F141EC1B80C ] C:\WINDOWS\system32\winmm.dll
01:33:22.0593 1408  C:\WINDOWS\system32\winmm.dll - ok
01:33:22.0593 1408  [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll
01:33:22.0593 1408  C:\WINDOWS\system32\comctl32.dll - ok
01:33:22.0609 1408  [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
01:33:22.0609 1408  C:\WINDOWS\system32\kbdus.dll - ok
01:33:22.0609 1408  [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll
01:33:22.0609 1408  C:\WINDOWS\system32\msgina.dll - ok
01:33:22.0609 1408  [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] C:\WINDOWS\system32\odbc32.dll
01:33:22.0609 1408  C:\WINDOWS\system32\odbc32.dll - ok
01:33:22.0625 1408  [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll
01:33:22.0625 1408  C:\WINDOWS\system32\comdlg32.dll - ok
01:33:22.0625 1408  [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll
01:33:22.0625 1408  C:\WINDOWS\system32\odbcint.dll - ok
01:33:22.0625 1408  [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll
01:33:22.0625 1408  C:\WINDOWS\system32\sfc.dll - ok
01:33:22.0640 1408  [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll
01:33:22.0640 1408  C:\WINDOWS\system32\sfc_os.dll - ok
01:33:22.0640 1408  [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\system32\shsvcs.dll
01:33:22.0640 1408  C:\WINDOWS\system32\shsvcs.dll - ok
01:33:22.0656 1408  [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll
01:33:22.0656 1408  C:\WINDOWS\system32\apphelp.dll - ok
01:33:22.0656 1408  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
01:33:22.0656 1408  C:\WINDOWS\system32\services.exe - ok
01:33:22.0656 1408  [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe
01:33:22.0656 1408  C:\WINDOWS\system32\lsass.exe - ok
01:33:22.0672 1408  [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll
01:33:22.0672 1408  C:\WINDOWS\system32\ncobjapi.dll - ok
01:33:22.0672 1408  [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] C:\WINDOWS\system32\lsasrv.dll
01:33:22.0672 1408  C:\WINDOWS\system32\lsasrv.dll - ok
01:33:22.0672 1408  [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll
01:33:22.0672 1408  C:\WINDOWS\system32\msvcp60.dll - ok
01:33:22.0687 1408  [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll
01:33:22.0687 1408  C:\WINDOWS\system32\scesrv.dll - ok
01:33:22.0687 1408  [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll
01:33:22.0687 1408  C:\WINDOWS\system32\umpnpmgr.dll - ok
01:33:22.0703 1408  [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\acadproc.dll
01:33:22.0703 1408  C:\WINDOWS\AppPatch\acadproc.dll - ok
01:33:22.0703 1408  [ 389496118B3B03C2328024AF320132AC ] C:\WINDOWS\system32\dnsapi.dll
01:33:22.0703 1408  C:\WINDOWS\system32\dnsapi.dll - ok
01:33:22.0703 1408  [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll
01:33:22.0703 1408  C:\WINDOWS\system32\mpr.dll - ok
01:33:22.0718 1408  [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll
01:33:22.0718 1408  C:\WINDOWS\system32\ntdsapi.dll - ok
01:33:22.0718 1408  [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll
01:33:22.0718 1408  C:\WINDOWS\system32\samlib.dll - ok
01:33:22.0718 1408  [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll
01:33:22.0718 1408  C:\WINDOWS\system32\samsrv.dll - ok
01:33:22.0734 1408  [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll
01:33:22.0734 1408  C:\WINDOWS\system32\shimeng.dll - ok
01:33:22.0734 1408  [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll
01:33:22.0734 1408  C:\WINDOWS\system32\wldap32.dll - ok
01:33:22.0734 1408  [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\acgenral.dll
01:33:22.0734 1408  C:\WINDOWS\AppPatch\acgenral.dll - ok
01:33:22.0750 1408  [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll
01:33:22.0750 1408  C:\WINDOWS\system32\cryptdll.dll - ok
01:33:22.0750 1408  [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll
01:33:22.0750 1408  C:\WINDOWS\system32\msacm32.dll - ok
01:33:22.0765 1408  [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll
01:33:22.0765 1408  C:\WINDOWS\system32\uxtheme.dll - ok
01:33:22.0765 1408  [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll
01:33:22.0765 1408  C:\WINDOWS\system32\digest.dll - ok
01:33:22.0765 1408  [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll
01:33:22.0765 1408  C:\WINDOWS\system32\msapsspc.dll - ok
01:33:22.0781 1408  [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll
01:33:22.0781 1408  C:\WINDOWS\system32\msvcrt40.dll - ok
01:33:22.0781 1408  [ 0F64207B49390C8063C36AE7CBF9C2DB ] C:\WINDOWS\system32\schannel.dll
01:33:22.0781 1408  C:\WINDOWS\system32\schannel.dll - ok
01:33:22.0781 1408  [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll
01:33:22.0781 1408  C:\WINDOWS\system32\msnsspc.dll - ok
01:33:22.0797 1408  [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
01:33:22.0797 1408  C:\WINDOWS\system32\msprivs.dll - ok
01:33:22.0797 1408  [ A525C96C51D55111FDF3BEA9FFFFC7AE ] C:\WINDOWS\system32\kerberos.dll
01:33:22.0797 1408  C:\WINDOWS\system32\kerberos.dll - ok
01:33:22.0797 1408  [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll
01:33:22.0797 1408  C:\WINDOWS\system32\iphlpapi.dll - ok
01:33:22.0812 1408  [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\system32\msv1_0.dll
01:33:22.0812 1408  C:\WINDOWS\system32\msv1_0.dll - ok
01:33:22.0812 1408  [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll
01:33:22.0812 1408  C:\WINDOWS\system32\netlogon.dll - ok
01:33:22.0812 1408  [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll
01:33:22.0812 1408  C:\WINDOWS\system32\w32time.dll - ok
01:33:22.0828 1408  [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
01:33:22.0828 1408  C:\WINDOWS\system32\rsaenh.dll - ok
01:33:22.0828 1408  [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\system32\wdigest.dll
01:33:22.0828 1408  C:\WINDOWS\system32\wdigest.dll - ok
01:33:22.0843 1408  [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll
01:33:22.0843 1408  C:\WINDOWS\system32\winscard.dll - ok
01:33:22.0843 1408  [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll
01:33:22.0843 1408  C:\WINDOWS\system32\wtsapi32.dll - ok
01:33:22.0843 1408  [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll
01:33:22.0843 1408  C:\WINDOWS\system32\scecli.dll - ok
01:33:22.0859 1408  [ CCDA8D84FD02AEC52E62F296433AE9DC ] C:\WINDOWS\system32\drivers\aswFsBlk.sys
01:33:22.0859 1408  C:\WINDOWS\system32\drivers\aswFsBlk.sys - ok
01:33:22.0859 1408  [ A6E20E62871A28A0F1C05B1681848FA7 ] C:\WINDOWS\system32\drivers\aswMonFlt.sys
01:33:22.0859 1408  C:\WINDOWS\system32\drivers\aswMonFlt.sys - ok
01:33:22.0859 1408  [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe
01:33:22.0859 1408  C:\WINDOWS\system32\svchost.exe - ok
01:33:22.0875 1408  [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll
01:33:22.0875 1408  C:\WINDOWS\system32\ntmarta.dll - ok
01:33:22.0875 1408  [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\system32\rpcss.dll
01:33:22.0875 1408  C:\WINDOWS\system32\rpcss.dll - ok
01:33:22.0875 1408  [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll
01:33:22.0875 1408  C:\WINDOWS\system32\xpsp2res.dll - ok
01:33:22.0890 1408  [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll
01:33:22.0890 1408  C:\WINDOWS\system32\eventlog.dll - ok
01:33:22.0890 1408  [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll
01:33:22.0890 1408  C:\WINDOWS\system32\hnetcfg.dll - ok
01:33:22.0906 1408  [ 943337D786A56729263071623BBB9DE5 ] C:\WINDOWS\system32\mswsock.dll
01:33:22.0906 1408  C:\WINDOWS\system32\mswsock.dll - ok
01:33:22.0906 1408  [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll
01:33:22.0906 1408  C:\WINDOWS\system32\wshtcpip.dll - ok
01:33:22.0906 1408  [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll
01:33:22.0906 1408  C:\WINDOWS\system32\rasadhlp.dll - ok
01:33:22.0922 1408  [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll
01:33:22.0922 1408  C:\WINDOWS\system32\winrnr.dll - ok
01:33:22.0922 1408  [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys
01:33:22.0922 1408  C:\WINDOWS\system32\drivers\ndisuio.sys - ok
01:33:22.0922 1408  [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll
01:33:22.0922 1408  C:\WINDOWS\system32\dhcpcsvc.dll - ok
01:33:22.0937 1408  [ 4D83ED8BDDEC431FC8AD907B47CFB6E3 ] C:\WINDOWS\system32\dsound.dll
01:33:22.0937 1408  C:\WINDOWS\system32\dsound.dll - ok
01:33:22.0937 1408  [ 5F7E24FA9EAB896051FFB87F840730D2 ] C:\WINDOWS\system32\dnsrslvr.dll
01:33:22.0937 1408  C:\WINDOWS\system32\dnsrslvr.dll - ok
01:33:22.0937 1408  [ A7DB739AE99A796D91580147E919CC59 ] C:\WINDOWS\system32\lmhsvc.dll
01:33:22.0937 1408  C:\WINDOWS\system32\lmhsvc.dll - ok
01:33:22.0953 1408  [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll
01:33:22.0953 1408  C:\WINDOWS\system32\rtutils.dll - ok
01:33:22.0953 1408  [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll
01:33:22.0953 1408  C:\WINDOWS\system32\wmi.dll - ok
01:33:22.0968 1408  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll
01:33:22.0968 1408  C:\WINDOWS\system32\wzcsvc.dll - ok
01:33:22.0968 1408  [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll
01:33:22.0968 1408  C:\WINDOWS\system32\dot3api.dll - ok
01:33:22.0968 1408  [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll
01:33:22.0968 1408  C:\WINDOWS\system32\eapolqec.dll - ok
01:33:22.0984 1408  [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll
01:33:22.0984 1408  C:\WINDOWS\system32\esent.dll - ok
01:33:22.0984 1408  [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll
01:33:22.0984 1408  C:\WINDOWS\system32\qutil.dll - ok
01:33:22.0984 1408  [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll
01:33:22.0984 1408  C:\WINDOWS\system32\certcli.dll - ok
01:33:23.0000 1408  [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll
01:33:23.0000 1408  C:\WINDOWS\system32\cryptsvc.dll - ok
01:33:23.0000 1408  [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll
01:33:23.0000 1408  C:\WINDOWS\system32\cryptui.dll - ok
01:33:23.0015 1408  [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll
01:33:23.0015 1408  C:\WINDOWS\system32\riched20.dll - ok
01:33:23.0015 1408  [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll
01:33:23.0015 1408  C:\WINDOWS\system32\clbcatq.dll - ok
01:33:23.0015 1408  [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll
01:33:23.0015 1408  C:\WINDOWS\system32\cscdll.dll - ok
01:33:23.0031 1408  [ 2081A5B5E4ABA206A0A8A1A97DF0FB23 ] C:\WINDOWS\system32\logonui.exe
01:33:23.0031 1408  C:\WINDOWS\system32\logonui.exe - ok
01:33:23.0031 1408  [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll
01:33:23.0031 1408  C:\WINDOWS\system32\dimsntfy.dll - ok
01:33:23.0031 1408  [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll
01:33:23.0031 1408  C:\WINDOWS\system32\wlnotify.dll - ok
01:33:23.0047 1408  [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll
01:33:23.0047 1408  C:\WINDOWS\system32\comres.dll - ok
01:33:23.0047 1408  [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv
01:33:23.0047 1408  C:\WINDOWS\system32\winspool.drv - ok
01:33:23.0047 1408  [ A39BE37C9237DB5F1990D61B268EA555 ] C:\WINDOWS\system32\rastls.dll
01:33:23.0047 1408  C:\WINDOWS\system32\rastls.dll - ok
01:33:23.0062 1408  [ 02CF580510234E519736559A7F19EA20 ] C:\WINDOWS\system32\WgaLogon.dll
01:33:23.0062 1408  C:\WINDOWS\system32\WgaLogon.dll - ok
01:33:23.0062 1408  [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll
01:33:23.0062 1408  C:\WINDOWS\system32\mprapi.dll - ok
01:33:23.0078 1408  [ 2313A18382B038AAF6EB5DD750CC65E5 ] C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
01:33:23.0078 1408  C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe - ok
01:33:23.0078 1408  [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll
01:33:23.0078 1408  C:\WINDOWS\system32\activeds.dll - ok
01:33:23.0078 1408  [ ACFEE2392503DD5E457363A0510B8BCB ] C:\WINDOWS\system32\msxml3.dll
01:33:23.0078 1408  C:\WINDOWS\system32\msxml3.dll - ok
01:33:23.0093 1408  [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll
01:33:23.0093 1408  C:\WINDOWS\system32\adsldpc.dll - ok
01:33:23.0093 1408  [ 3D41A9326F0376FC73AF961DD23B1FB1 ] C:\WINDOWS\system32\duser.dll
01:33:23.0093 1408  C:\WINDOWS\system32\duser.dll - ok
01:33:23.0093 1408  [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll
01:33:23.0093 1408  C:\WINDOWS\system32\msimg32.dll - ok
01:33:23.0109 1408  [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\system32\oleacc.dll
01:33:23.0109 1408  C:\WINDOWS\system32\oleacc.dll - ok
01:33:23.0109 1408  [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll
01:33:23.0109 1408  C:\WINDOWS\system32\rasapi32.dll - ok
01:33:23.0109 1408  [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll
01:33:23.0109 1408  C:\WINDOWS\system32\rasman.dll - ok
01:33:23.0125 1408  [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll
01:33:23.0125 1408  C:\WINDOWS\system32\tapi32.dll - ok
01:33:23.0125 1408  [ 56CE97FF94B7662A300D359CD6F4D601 ] C:\WINDOWS\system32\raschap.dll
01:33:23.0125 1408  C:\WINDOWS\system32\raschap.dll - ok
01:33:23.0140 1408  [ 891B7D36F862050394A2AC4FA56B1E2D ] C:\Program Files\CheckPoint\ZoneAlarm\vsdata.dll
01:33:23.0140 1408  C:\Program Files\CheckPoint\ZoneAlarm\vsdata.dll - ok
01:33:23.0140 1408  [ 900BC68BB9EDB22CCBE3B4A99E80B644 ] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll
01:33:23.0140 1408  C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll - ok
01:33:23.0140 1408  [ E5EDBD51476DB5001ABF5C82AE5C3DD1 ] C:\WINDOWS\system32\shgina.dll
01:33:23.0140 1408  C:\WINDOWS\system32\shgina.dll - ok
01:33:23.0156 1408  [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
01:33:23.0156 1408  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll - ok
01:33:23.0156 1408  [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
01:33:23.0156 1408  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll - ok
01:33:23.0156 1408  [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll
01:33:23.0156 1408  C:\WINDOWS\system32\wsock32.dll - ok
01:33:23.0172 1408  [ 68981C522DFA676E4DFB062232F4BC40 ] C:\Program Files\CheckPoint\ZoneAlarm\vsutil.dll
01:33:23.0172 1408  C:\Program Files\CheckPoint\ZoneAlarm\vsutil.dll - ok
01:33:23.0172 1408  [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll
01:33:23.0172 1408  C:\WINDOWS\system32\cscui.dll - ok
01:33:23.0187 1408  [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll
01:33:23.0187 1408  C:\WINDOWS\system32\powrprof.dll - ok
01:33:23.0187 1408  [ 6C26DCF01E2A92F183B97D434017268A ] C:\WINDOWS\system32\dpcdll.dll
01:33:23.0187 1408  C:\WINDOWS\system32\dpcdll.dll - ok
01:33:23.0187 1408  [ DD072705435259D5ABB5D7E0C348EB35 ] C:\Program Files\CheckPoint\ZoneAlarm\dbghelp.dll
01:33:23.0187 1408  C:\Program Files\CheckPoint\ZoneAlarm\dbghelp.dll - ok
01:33:23.0203 1408  [ 66F67AA5A830BAED4CBBB00032AB0514 ] C:\Program Files\CheckPoint\ZoneAlarm\icslta.dll
01:33:23.0203 1408  C:\Program Files\CheckPoint\ZoneAlarm\icslta.dll - ok
01:33:23.0203 1408  [ ADCC01C3D23BEAA3932239A541122F13 ] C:\Program Files\CheckPoint\ZoneAlarm\ssleay32.dll
01:33:23.0203 1408  C:\Program Files\CheckPoint\ZoneAlarm\ssleay32.dll - ok
01:33:23.0203 1408  [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe
01:33:23.0203 1408  C:\WINDOWS\system32\userinit.exe - ok
01:33:23.0218 1408  [ C84F844481A4C62C3FEF079A93DFC2D6 ] C:\Program Files\CheckPoint\ZoneAlarm\vsdb.dll
01:33:23.0218 1408  C:\Program Files\CheckPoint\ZoneAlarm\vsdb.dll - ok
01:33:23.0218 1408  [ B1296D52B0D2096EC4759EEEB806D759 ] C:\WINDOWS\system32\WgaTray.exe
01:33:23.0218 1408  C:\WINDOWS\system32\WgaTray.exe - ok
01:33:23.0218 1408  [ 60DF97F197BE61E3139CF9A943D89D81 ] C:\Program Files\CheckPoint\ZoneAlarm\vsxml.dll
01:33:23.0218 1408  C:\Program Files\CheckPoint\ZoneAlarm\vsxml.dll - ok
01:33:23.0234 1408  [ C839E53BC6B8B660440488C2D8994B93 ] C:\Program Files\CheckPoint\ZoneAlarm\fbl.dll
01:33:23.0234 1408  C:\Program Files\CheckPoint\ZoneAlarm\fbl.dll - ok
01:33:23.0234 1408  [ 80C6A96E90CCB1D6FEFB54AF7BD46B3E ] C:\Program Files\CheckPoint\ZoneAlarm\featuremap.dll
01:33:23.0234 1408  C:\Program Files\CheckPoint\ZoneAlarm\featuremap.dll - ok
01:33:23.0250 1408  [ 3BC40BF58D43DF4C76117358EFC9EEB3 ] C:\Program Files\CheckPoint\ZoneAlarm\vswmi.dll
01:33:23.0250 1408  C:\Program Files\CheckPoint\ZoneAlarm\vswmi.dll - ok
01:33:23.0250 1408  [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe
01:33:23.0250 1408  C:\WINDOWS\explorer.exe - ok
01:33:23.0250 1408  [ 9B2B37C7512C7FCCBDA0E6A4106305E7 ] C:\Program Files\CheckPoint\ZoneAlarm\zlcomm.dll
01:33:23.0250 1408  C:\Program Files\CheckPoint\ZoneAlarm\zlcomm.dll - ok
01:33:23.0265 1408  [ B14E6ED4CBAAF91A50C11807C55B6258 ] C:\WINDOWS\system32\browseui.dll
01:33:23.0265 1408  C:\WINDOWS\system32\browseui.dll - ok
01:33:23.0265 1408  [ 616B0126D3C499F5B7EAE5B198F6F6F5 ] C:\WINDOWS\system32\shdocvw.dll
01:33:23.0265 1408  C:\WINDOWS\system32\shdocvw.dll - ok
01:33:23.0265 1408  [ F12AADE27EBA7C4207E7CFC7F70A624C ] C:\Program Files\CheckPoint\ZoneAlarm\zlcommdb.dll
01:33:23.0265 1408  C:\Program Files\CheckPoint\ZoneAlarm\zlcommdb.dll - ok
01:33:23.0281 1408  [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll
01:33:23.0281 1408  C:\WINDOWS\system32\cryptnet.dll - ok
01:33:23.0281 1408  [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll
01:33:23.0281 1408  C:\WINDOWS\system32\sensapi.dll - ok
01:33:23.0281 1408  [ 684559A03CBC1D05BA120A18B0D8BA5D ] C:\WINDOWS\system32\winhttp.dll
01:33:23.0297 1408  C:\WINDOWS\system32\winhttp.dll - ok
01:33:23.0297 1408  [ CC26451A90025F6C55F64146C333DEA5 ] C:\WINDOWS\system32\LegitCheckControl.dll
01:33:23.0297 1408  C:\WINDOWS\system32\LegitCheckControl.dll - ok
01:33:23.0297 1408  [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll
01:33:23.0297 1408  C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
01:33:23.0312 1408  [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll
01:33:23.0312 1408  C:\WINDOWS\system32\wbem\wbemprox.dll - ok
01:33:23.0312 1408  [ 56DEC67E273BA88A630C4B7B29D9D7BB ] C:\Program Files\AVAST Software\Avast\ashShell.dll
01:33:23.0312 1408  C:\Program Files\AVAST Software\Avast\ashShell.dll - ok
01:33:23.0312 1408  [ 0127F0E5C76C1C02842952DD7B38157A ] C:\Program Files\AVAST Software\Avast\1033\Base.dll
01:33:23.0312 1408  C:\Program Files\AVAST Software\Avast\1033\Base.dll - ok
01:33:23.0328 1408  [ ABF1962C902E85AD36761956BDE72325 ] C:\WINDOWS\system32\msi.dll
01:33:23.0328 1408  C:\WINDOWS\system32\msi.dll - ok
01:33:23.0328 1408  [ E9365427EAE2BB2EAD877E513751C341 ] C:\Program Files\CheckPoint\ZoneAlarm\vsruledb.dll
01:33:23.0328 1408  C:\Program Files\CheckPoint\ZoneAlarm\vsruledb.dll - ok
01:33:23.0328 1408  [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl
01:33:23.0328 1408  C:\WINDOWS\system32\desk.cpl - ok
01:33:23.0343 1408  [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll
01:33:23.0343 1408  C:\WINDOWS\system32\themeui.dll - ok
01:33:23.0343 1408  [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe
01:33:23.0343 1408  C:\WINDOWS\system32\cmd.exe - ok
01:33:23.0359 1408  [ A2180B455AE266D66F38634DE018E7CE ] C:\WINDOWS\system32\ieframe.dll
01:33:23.0359 1408  C:\WINDOWS\system32\ieframe.dll - ok
01:33:23.0359 1408  [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll
01:33:23.0359 1408  C:\WINDOWS\system32\cabinet.dll - ok
01:33:23.0359 1408  [ 9EF8A0E1A9E3C66D074025D013224551 ] C:\Program Files\CheckPoint\ZoneAlarm\vsvault.dll
01:33:23.0359 1408  C:\Program Files\CheckPoint\ZoneAlarm\vsvault.dll - ok
01:33:23.0375 1408  [ 930A325A05E0508D33551E4CFCB78C4D ] C:\Program Files\CheckPoint\ZoneAlarm\scheduler.dll
01:33:23.0375 1408  C:\Program Files\CheckPoint\ZoneAlarm\scheduler.dll - ok
01:33:23.0375 1408  [ 8638F39A610B6ECBB91BD9045E147DF7 ] C:\Program Files\CheckPoint\ZoneAlarm\zlupdate.dll
01:33:23.0375 1408  C:\Program Files\CheckPoint\ZoneAlarm\zlupdate.dll - ok
01:33:23.0375 1408  [ 0F1775EC301CC26AC1713B2F2AD474B8 ] C:\Program Files\CheckPoint\ZoneAlarm\zdx.dll
01:33:23.0375 1408  C:\Program Files\CheckPoint\ZoneAlarm\zdx.dll - ok
01:33:23.0390 1408  [ 41735B82DB57E4EBE9504EC400FD120E ] C:\Program Files\AVAST Software\Avast\AvastSvc.exe
01:33:23.0390 1408  C:\Program Files\AVAST Software\Avast\AvastSvc.exe - ok
01:33:23.0390 1408  [ 81BC2B7B6C5C46EB31DEDAC66548053E ] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll
01:33:23.0390 1408  C:\Program Files\AVAST Software\Avast\aswCmnBS.dll - ok
01:33:23.0406 1408  [ 4021AEBD765FBFD22E5E7B21FB0E9549 ] C:\Program Files\AVAST Software\Avast\aswCmnOS.dll
01:33:23.0406 1408  C:\Program Files\AVAST Software\Avast\aswCmnOS.dll - ok
01:33:23.0406 1408  [ 35868C1F8B1BFF5CA1F957E3548A96FC ] C:\Program Files\AVAST Software\Avast\aswCmnIS.dll
01:33:23.0406 1408  C:\Program Files\AVAST Software\Avast\aswCmnIS.dll - ok
01:33:23.0406 1408  [ E9CE9F8CD76B81B1CE5C9F3F58D0591A ] C:\Program Files\AVAST Software\Avast\ashBase.dll
01:33:23.0406 1408  C:\Program Files\AVAST Software\Avast\ashBase.dll - ok
01:33:23.0422 1408  [ FFF65CA2746E1FA5673D2BF2CC706955 ] C:\Program Files\AVAST Software\Avast\aswEngLdr.dll
01:33:23.0422 1408  C:\Program Files\AVAST Software\Avast\aswEngLdr.dll - ok
01:33:23.0422 1408  [ 47742160BBC1B66D0CB09AA45F907540 ] C:\Program Files\AVAST Software\Avast\avBugReport.exe
01:33:23.0422 1408  C:\Program Files\AVAST Software\Avast\avBugReport.exe - ok
01:33:23.0422 1408  [ B6E6F3F5B63053D5DC1F4EE32992492F ] C:\WINDOWS\system32\dbghelp.dll
01:33:23.0422 1408  C:\WINDOWS\system32\dbghelp.dll - ok
01:33:23.0437 1408  [ 1BE8D8DCCEBD1174BCC22D0BC575C237 ] C:\Program Files\AVAST Software\Avast\ashServ.dll
01:33:23.0437 1408  C:\Program Files\AVAST Software\Avast\ashServ.dll - ok
01:33:23.0437 1408  [ FD639FEEE160F399DB58A3FDB2E0DF4D ] C:\Program Files\AVAST Software\Avast\aswAux.dll
01:33:23.0437 1408  C:\Program Files\AVAST Software\Avast\aswAux.dll - ok
01:33:23.0437 1408  [ 724A6A9AB5E1807665C5DB71C30BFC5F ] C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
01:33:23.0437 1408  C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys - ok
01:33:23.0453 1408  [ 3B8707AC8BB05CD0D4D96333D4411EE7 ] C:\Program Files\AVAST Software\Avast\ashTask.dll
01:33:23.0453 1408  C:\Program Files\AVAST Software\Avast\ashTask.dll - ok
01:33:23.0453 1408  [ 8588D68F3A51C147EA8019E496F805EB ] C:\Program Files\AVAST Software\Avast\ashTaskEx.dll
01:33:23.0453 1408  C:\Program Files\AVAST Software\Avast\ashTaskEx.dll - ok
01:33:23.0468 1408  [ 720B5083FC3037150801504F9ECA1591 ] C:\Program Files\AVAST Software\Avast\aswLog.dll
01:33:23.0468 1408  C:\Program Files\AVAST Software\Avast\aswLog.dll - ok
01:33:23.0468 1408  [ F5FEDB7D35E030A2DACD40FB3245C765 ] C:\Program Files\AVAST Software\Avast\aswSqLt.dll
01:33:23.0468 1408  C:\Program Files\AVAST Software\Avast\aswSqLt.dll - ok
01:33:23.0468 1408  [ 129D3C6FF2E0C60FBD757C63C72F15B8 ] C:\Program Files\AVAST Software\Avast\aswProperty.dll
01:33:23.0468 1408  C:\Program Files\AVAST Software\Avast\aswProperty.dll - ok
01:33:23.0484 1408  [ 31472162FB12CFE31226343FDEE94318 ] C:\Program Files\AVAST Software\Avast\AavmRpch.dll
01:33:23.0484 1408  C:\Program Files\AVAST Software\Avast\AavmRpch.dll - ok
01:33:23.0484 1408  [ 482310DD75538EB321210FF1E2538C72 ] C:\Program Files\AVAST Software\Avast\Aavm4h.dll
01:33:23.0484 1408  C:\Program Files\AVAST Software\Avast\Aavm4h.dll - ok
01:33:23.0484 1408  [ 1650A06EB48C18969057761AFCCBF001 ] C:\Program Files\AVAST Software\Avast\avastIP.dll
01:33:23.0484 1408  C:\Program Files\AVAST Software\Avast\avastIP.dll - ok
01:33:23.0500 1408  [ 682F67B86B4F586D813BACA7A0AA06A7 ] C:\Program Files\AVAST Software\Avast\aswIdle.dll
01:33:23.0500 1408  C:\Program Files\AVAST Software\Avast\aswIdle.dll - ok
01:33:23.0500 1408  [ EB6613261E287A8B9783C9C8B7F118F8 ] C:\Program Files\AVAST Software\Avast\aswDld.dll
01:33:23.0500 1408  C:\Program Files\AVAST Software\Avast\aswDld.dll - ok
01:33:23.0515 1408  [ 57FE873B8246DEF1372503CBC57A7499 ] C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
01:33:23.0515 1408  C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe - ok
01:33:23.0515 1408  [ 20EEC2605DC89048E9989FE8D73E26BD ] C:\Program Files\AVAST Software\Avast\aswStrm.dll
01:33:23.0515 1408  C:\Program Files\AVAST Software\Avast\aswStrm.dll - ok
01:33:23.0515 1408  [ E4FECE18310E23B1D8FEE993E35E7A6F ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
01:33:23.0515 1408  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll - ok
01:33:23.0531 1408  [ 4C8A880EABC0B4D462CC4B2472116EA1 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
01:33:23.0531 1408  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll - ok
01:33:23.0531 1408  [ 73A720073843EDB55D7E67C42E846BE8 ] C:\Program Files\AVAST Software\Avast\defs\13050601\aswEngin.dll
01:33:23.0531 1408  C:\Program Files\AVAST Software\Avast\defs\13050601\aswEngin.dll - ok
01:33:23.0531 1408  [ 64790077F7574E0EB97F3CD2C7B46796 ] C:\Program Files\AVAST Software\Avast\defs\13050601\aswCmnIS.dll
01:33:23.0531 1408  C:\Program Files\AVAST Software\Avast\defs\13050601\aswCmnIS.dll - ok
01:33:23.0547 1408  [ 09C5CB1DEEFFB23C29FDF135C70E506E ] C:\Program Files\AVAST Software\Avast\defs\13050601\aswCmnOS.dll
01:33:23.0547 1408  C:\Program Files\AVAST Software\Avast\defs\13050601\aswCmnOS.dll - ok
01:33:23.0547 1408  [ 3E573496112D62DFCCE4E0D745E6D1DD ] C:\Program Files\AVAST Software\Avast\defs\13050601\aswCmnBS.dll
01:33:23.0547 1408  C:\Program Files\AVAST Software\Avast\defs\13050601\aswCmnBS.dll - ok
01:33:23.0547 1408  [ F4B53E84EBD4EDC4938E9B40B583D6FE ] C:\Program Files\AVAST Software\Avast\defs\13050601\aswScan.dll
01:33:23.0547 1408  C:\Program Files\AVAST Software\Avast\defs\13050601\aswScan.dll - ok
01:33:23.0562 1408  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll
01:33:23.0562 1408  C:\WINDOWS\system32\schedsvc.dll - ok
01:33:23.0562 1408  [ 631EAABB9F82ACEDF8DE3DD20FD5ACC6 ] C:\Program Files\AVAST Software\Avast\defs\13050601\aswRep.dll
01:33:23.0562 1408  C:\Program Files\AVAST Software\Avast\defs\13050601\aswRep.dll - ok
01:33:23.0562 1408  [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll
01:33:23.0562 1408  C:\WINDOWS\system32\msidle.dll - ok
01:33:23.0578 1408  [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\system32\spoolsv.exe
01:33:23.0578 1408  C:\WINDOWS\system32\spoolsv.exe - ok
01:33:23.0578 1408  [ 2399F8068E969D9C25A05B6F779A790A ] C:\Program Files\AVAST Software\Avast\defs\13050601\aswFiDb.dll
01:33:23.0578 1408  C:\Program Files\AVAST Software\Avast\defs\13050601\aswFiDb.dll - ok
01:33:23.0593 1408  [ 746989EB81B6050163F86EBBBE44F260 ] C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll
01:33:23.0593 1408  C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll - ok
01:33:23.0593 1408  [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll
01:33:23.0593 1408  C:\WINDOWS\system32\audiosrv.dll - ok
01:33:23.0593 1408  [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\system32\wkssvc.dll
01:33:23.0593 1408  C:\WINDOWS\system32\wkssvc.dll - ok
01:33:23.0609 1408  [ C23613BCD5B1065D2F9C7AA867B1EE0B ] C:\Program Files\AVAST Software\Avast\defs\13050601\algo.dll
01:33:23.0609 1408  C:\Program Files\AVAST Software\Avast\defs\13050601\algo.dll - ok
01:33:23.0609 1408  [ 6FE42512AB1B89F32A7407F261B1D2D0 ] C:\WINDOWS\Temp\IswTmp\WH\0
01:33:23.0609 1408  C:\WINDOWS\Temp\IswTmp\WH\0 - ok
01:33:23.0609 1408  [ 71F503BAD4C1141067AECA573908B4E9 ] C:\Program Files\CheckPoint\ZAForceField\ZDXUI.dll
01:33:23.0609 1408  C:\Program Files\CheckPoint\ZAForceField\ZDXUI.dll - ok
01:33:23.0625 1408  [ 258444AC2AAD2A51820E6975D5A1F556 ] C:\Program Files\CheckPoint\ZAForceField\FFApi.dll
01:33:23.0625 1408  C:\Program Files\CheckPoint\ZAForceField\FFApi.dll - ok
01:33:23.0625 1408  [ 903FF9BA73E379237C0EDDDA8F17168C ] C:\Program Files\AVAST Software\Avast\Setup\setiface.dll
01:33:23.0625 1408  C:\Program Files\AVAST Software\Avast\Setup\setiface.dll - ok
01:33:23.0640 1408  [ 004650072EDF6B11BED995E18A898BD5 ] C:\Program Files\CheckPoint\ZAForceField\iswrcs.dll
01:33:23.0640 1408  C:\Program Files\CheckPoint\ZAForceField\iswrcs.dll - ok
01:33:23.0640 1408  [ C9DF1AA04B09228D746536A90F01C73C ] C:\Program Files\CheckPoint\ZAForceField\ISWUILib.dll
01:33:23.0640 1408  C:\Program Files\CheckPoint\ZAForceField\ISWUILib.dll - ok
01:33:23.0640 1408  [ 80776884E7A05D6DA5040926F82B0273 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
01:33:23.0640 1408  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll - ok
01:33:23.0656 1408  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] C:\WINDOWS\system32\rasmans.dll
01:33:23.0656 1408  C:\WINDOWS\system32\rasmans.dll - ok
01:33:23.0656 1408  [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv
01:33:23.0656 1408  C:\WINDOWS\system32\wdmaud.drv - ok
01:33:23.0656 1408  [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys
01:33:23.0656 1408  C:\WINDOWS\system32\drivers\wdmaud.sys - ok
01:33:23.0672 1408  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys
01:33:23.0672 1408  C:\WINDOWS\system32\drivers\sysaudio.sys - ok
01:33:23.0672 1408  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll
01:33:23.0672 1408  C:\WINDOWS\system32\sens.dll - ok
01:33:23.0672 1408  [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll
01:33:23.0672 1408  C:\WINDOWS\system32\winipsec.dll - ok
01:33:23.0687 1408  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys
01:33:23.0687 1408  C:\WINDOWS\system32\drivers\splitter.sys - ok
01:33:23.0687 1408  [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys
01:33:23.0687 1408  C:\WINDOWS\system32\drivers\aec.sys - ok
01:33:23.0703 1408  [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll
01:33:23.0703 1408  C:\WINDOWS\system32\netcfgx.dll - ok
01:33:23.0703 1408  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys
01:33:23.0703 1408  C:\WINDOWS\system32\drivers\swmidi.sys - ok
01:33:23.0703 1408  [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll
01:33:23.0703 1408  C:\WINDOWS\system32\clusapi.dll - ok
01:33:23.0718 1408  [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\DMusic.sys
01:33:23.0718 1408  C:\WINDOWS\system32\drivers\DMusic.sys - ok
01:33:23.0718 1408  [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys
01:33:23.0718 1408  C:\WINDOWS\system32\drivers\kmixer.sys - ok
01:33:23.0718 1408  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys
01:33:23.0718 1408  C:\WINDOWS\system32\drivers\drmkaud.sys - ok
01:33:23.0734 1408  [ 9A7803D33692D1F373A99F7594D3145F ] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll
01:33:23.0734 1408  C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll - ok
01:33:23.0734 1408  [ 1A3FB4E84D8FE3801BE6B2220F1E38C4 ] C:\Program Files\CheckPoint\ZAForceField\Zdx.dll
01:33:23.0734 1408  C:\Program Files\CheckPoint\ZAForceField\Zdx.dll - ok
01:33:23.0750 1408  [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
01:33:23.0750 1408  C:\WINDOWS\system32\msacm32.drv - ok
01:33:23.0750 1408  [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll
01:33:23.0750 1408  C:\WINDOWS\system32\midimap.dll - ok
01:33:23.0750 1408  [ AEDE14835589701A3BE1CC2BD7470364 ] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWMENUS.dll
01:33:23.0750 1408  C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWMENUS.dll - ok
01:33:23.0765 1408  [ 59292F5B1A88218F442B4485D0FD5C41 ] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSTATS.dll
01:33:23.0765 1408  C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSTATS.dll - ok
01:33:23.0765 1408  [ 662D13021A8E793615D55B1F7E741655 ] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll
01:33:23.0765 1408  C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll - ok
01:33:23.0765 1408  [ 7C7AB513C5D9920ACAFFFF698C3E9529 ] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWUPD.dll
01:33:23.0765 1408  C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWUPD.dll - ok
01:33:23.0781 1408  [ 9F9D928F2004559247E8DEA4D1361D9B ] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
01:33:23.0781 1408  C:\Program Files\CheckPoint\ZAForceField\ForceField.exe - ok
01:33:23.0781 1408  [ 92143F1CE33835A2CD48E73A8169D083 ] C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustChecker.dll
01:33:23.0781 1408  C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustChecker.dll - ok
01:33:23.0797 1408  [ 6FE42512AB1B89F32A7407F261B1D2D0 ] C:\Documents and Settings\Nick\Local Settings\Temp\IswTmp\WH\0
01:33:23.0797 1408  C:\Documents and Settings\Nick\Local Settings\Temp\IswTmp\WH\0 - ok
01:33:23.0797 1408  [ 6203F47638198F7AA60B827E60BF36F0 ] C:\Program Files\CheckPoint\ZAForceField\ISWUL_MIN\ISWUL.dll
01:33:23.0797 1408  C:\Program Files\CheckPoint\ZAForceField\ISWUL_MIN\ISWUL.dll - ok
01:33:23.0797 1408  [ AB3C4A3667AEAD147F175721D8719B78 ] C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
01:33:23.0797 1408  C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe - ok
01:33:23.0797 1408  [ 5D43C9A33F18C707BA169AFDA88BDF30 ] C:\WINDOWS\system32\fltlib.dll
01:33:23.0797 1408  C:\WINDOWS\system32\fltlib.dll - ok
01:33:23.0812 1408  [ 4AE04D9608F272F3F468B34F2F1329E5 ] C:\Program Files\AVAST Software\Avast\AhResBhv.dll
01:33:23.0812 1408  C:\Program Files\AVAST Software\Avast\AhResBhv.dll - ok
01:33:23.0812 1408  [ 94868FC1295C8B76B8D45C1F44D9F653 ] C:\Program Files\AVAST Software\Avast\AhResJs.dll
01:33:23.0812 1408  C:\Program Files\AVAST Software\Avast\AhResJs.dll - ok
01:33:23.0828 1408  [ DEA9DFD3E83F48D7005E066011D340F7 ] C:\Program Files\AVAST Software\Avast\AhResMai.dll
01:33:23.0828 1408  C:\Program Files\AVAST Software\Avast\AhResMai.dll - ok
01:33:23.0828 1408  [ C03EC02F6C9F492293D78F850E2E48FC ] C:\Program Files\AVAST Software\Avast\AhResMes.dll
01:33:23.0828 1408  C:\Program Files\AVAST Software\Avast\AhResMes.dll - ok
01:33:23.0828 1408  [ 15D7A4070D2B52D2EEA8D99E551E9E53 ] C:\Program Files\AVAST Software\Avast\AhResNS.dll
01:33:23.0828 1408  C:\Program Files\AVAST Software\Avast\AhResNS.dll - ok
01:33:23.0843 1408  [ A46789AD5F3A85470F898B15D5C056BD ] C:\Program Files\AVAST Software\Avast\AhResP2P.dll
01:33:23.0843 1408  C:\Program Files\AVAST Software\Avast\AhResP2P.dll - ok
01:33:23.0843 1408  [ B2D91A72C78D27D9A25FFF8BAF6EB2F4 ] C:\Program Files\AVAST Software\Avast\AhResStd.dll
01:33:23.0843 1408  C:\Program Files\AVAST Software\Avast\AhResStd.dll - ok
01:33:23.0843 1408  [ 39F39B23969512842F6A6D259E68FF11 ] C:\Program Files\AVAST Software\Avast\AhResWS.dll
01:33:23.0843 1408  C:\Program Files\AVAST Software\Avast\AhResWS.dll - ok
01:33:23.0859 1408  [ AAC3C0194EEBA939E18590411130CF43 ] C:\Program Files\AVAST Software\Avast\defs\13050601\ArPot.dll
01:33:23.0859 1408  C:\Program Files\AVAST Software\Avast\defs\13050601\ArPot.dll - ok
01:33:23.0859 1408  [ 2C8F7A0B6D023C6DD817E999528F2F98 ] C:\Program Files\AVAST Software\Avast\ashMaiSv.dll
01:33:23.0859 1408  C:\Program Files\AVAST Software\Avast\ashMaiSv.dll - ok
01:33:23.0875 1408  [ AF718FFE60D958E590AF49C4FC3BD6A6 ] C:\Program Files\AVAST Software\Avast\ssleay32.dll
01:33:23.0875 1408  C:\Program Files\AVAST Software\Avast\ssleay32.dll - ok
01:33:23.0875 1408  [ 9C70887708A7C88D20DD215AC5AA757F ] C:\Program Files\AVAST Software\Avast\libeay32.dll
01:33:23.0875 1408  C:\Program Files\AVAST Software\Avast\libeay32.dll - ok
01:33:23.0875 1408  [ E5ED703E2B284FDB48EA5485A052318D ] C:\Program Files\CheckPoint\ZAForceField\Plugins\updating.dll
01:33:23.0875 1408  C:\Program Files\CheckPoint\ZAForceField\Plugins\updating.dll - ok
01:33:23.0890 1408  [ E7E25D10B83264F67D5D2120ECE42FDB ] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
01:33:23.0890 1408  C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll - ok
01:33:23.0890 1408  [ B6D90C99A72044AEF85A2B7D78FEBEF4 ] C:\Program Files\AVAST Software\Avast\defs\13050601\exts.dll
01:33:23.0890 1408  C:\Program Files\AVAST Software\Avast\defs\13050601\exts.dll - ok
01:33:23.0890 1408  [ C339473B25526F866DBB21425F3D8F3A ] C:\Program Files\AVAST Software\Avast\ashWebSv.dll
01:33:23.0890 1408  C:\Program Files\AVAST Software\Avast\ashWebSv.dll - ok
01:33:23.0906 1408  [ 8BCD11D38FCE43A519246A91CC40DE6A ] C:\WINDOWS\system32\security.dll
01:33:23.0906 1408  C:\WINDOWS\system32\security.dll - ok
01:33:23.0906 1408  [ DF7A5058504EE982914A3C24676F4485 ] C:\Program Files\AVAST Software\Avast\ashWsFtr.dll
01:33:23.0906 1408  C:\Program Files\AVAST Software\Avast\ashWsFtr.dll - ok
01:33:23.0906 1408  [ 9EEFE69139FDBB4A3C327630F8EB993A ] C:\WINDOWS\system32\wlanapi.dll
01:33:23.0906 1408  C:\WINDOWS\system32\wlanapi.dll - ok
01:33:23.0922 1408  [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll
01:33:23.0922 1408  C:\WINDOWS\system32\wzcsapi.dll - ok
01:33:23.0922 1408  [ 2FFBCD4394E60013EAF45427EC4E6A1E ] C:\Program Files\AVAST Software\Avast\defs\13050601\aswAR.dll
01:33:23.0922 1408  C:\Program Files\AVAST Software\Avast\defs\13050601\aswAR.dll - ok
01:33:23.0937 1408  [ 9EC1D983086E5FA14FFB3518B7E3B596 ] C:\Program Files\AVAST Software\Avast\defs\13050601\aswRawFS.dll
01:33:23.0937 1408  C:\Program Files\AVAST Software\Avast\defs\13050601\aswRawFS.dll - ok
01:33:23.0937 1408  [ 899C7993A7DE3061C74623F5523BC21D ] C:\Program Files\AVAST Software\Avast\Setup\avast.setup
01:33:23.0937 1408  C:\Program Files\AVAST Software\Avast\Setup\avast.setup - ok
01:33:23.0937 1408  [ 0B467F470CC9918FDCEEDCFD7DC4D697 ] C:\WINDOWS\system32\oledlg.dll
01:33:23.0937 1408  C:\WINDOWS\system32\oledlg.dll - ok
01:33:23.0953 1408  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] C:\WINDOWS\system32\drivers\mrxdav.sys
01:33:23.0953 1408  C:\WINDOWS\system32\drivers\mrxdav.sys - ok
01:33:23.0953 1408  [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll
01:33:23.0953 1408  C:\WINDOWS\system32\imm32.dll - ok
01:33:23.0953 1408  [ 5C5E3AFD499E5146FEF1DA5EF8A23205 ] C:\Program Files\AVAST Software\Avast\dbghelp.dll
01:33:23.0953 1408  C:\Program Files\AVAST Software\Avast\dbghelp.dll - ok
01:33:23.0968 1408  [ 44B1C057B30890C55FB6F4C1582E8522 ] C:\Program Files\AVAST Software\Avast\snxhk.dll
01:33:23.0968 1408  C:\Program Files\AVAST Software\Avast\snxhk.dll - ok
01:33:23.0968 1408  [ 77A354E28153AD2D5E120A5A8687BC06 ] C:\WINDOWS\system32\webclnt.dll
01:33:23.0968 1408  C:\WINDOWS\system32\webclnt.dll - ok
01:33:23.0984 1408  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] C:\WINDOWS\system32\drivers\parvdm.sys
01:33:23.0984 1408  C:\WINDOWS\system32\drivers\parvdm.sys - ok
01:33:23.0984 1408  [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:33:23.0984 1408  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
01:33:23.0984 1408  [ E5F7C30EDF0892667933BE879F067D67 ] C:\WINDOWS\system32\msvcr100_clr0400.dll
01:33:23.0984 1408  C:\WINDOWS\system32\msvcr100_clr0400.dll - ok
01:33:24.0000 1408  [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll
01:33:24.0000 1408  C:\WINDOWS\system32\spoolss.dll - ok
01:33:24.0000 1408  [ B04DB1F0B2652FCBCCC5FD0C46579F0F ] C:\WINDOWS\system32\mscoree.dll
01:33:24.0000 1408  C:\WINDOWS\system32\mscoree.dll - ok
01:33:24.0000 1408  [ 5677DFE438EC1F009273FC84FEED6B10 ] C:\WINDOWS\system32\localspl.dll
01:33:24.0000 1408  C:\WINDOWS\system32\localspl.dll - ok
01:33:24.0015 1408  [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll
01:33:24.0015 1408  C:\WINDOWS\system32\cnbjmon.dll - ok
01:33:24.0015 1408  [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll
01:33:24.0015 1408  C:\WINDOWS\system32\pjlmon.dll - ok
01:33:24.0031 1408  [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll
01:33:24.0031 1408  C:\WINDOWS\system32\tcpmon.dll - ok
01:33:24.0031 1408  [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll
01:33:24.0031 1408  C:\WINDOWS\system32\usbmon.dll - ok
01:33:24.0031 1408  [ 57EDEC2E5F59F0335E92F35184BC8631 ] C:\WINDOWS\system32\dmserver.dll
01:33:24.0031 1408  C:\WINDOWS\system32\dmserver.dll - ok
01:33:24.0047 1408  [ BC93B4A066477954555966D77FEC9ECB ] C:\WINDOWS\system32\ersvc.dll
01:33:24.0047 1408  C:\WINDOWS\system32\ersvc.dll - ok
01:33:24.0047 1408  [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\system32\es.dll
01:33:24.0047 1408  C:\WINDOWS\system32\es.dll - ok
01:33:24.0047 1408  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
01:33:24.0047 1408  C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll - ok
01:33:24.0062 1408  [ DEB04DA35CC871B6D309B77E1443C796 ] C:\WINDOWS\system32\hidserv.dll
01:33:24.0062 1408  C:\WINDOWS\system32\hidserv.dll - ok
01:33:24.0062 1408  [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll
01:33:24.0062 1408  C:\WINDOWS\system32\netrap.dll - ok
01:33:24.0062 1408  [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll
01:33:24.0062 1408  C:\WINDOWS\system32\win32spl.dll - ok
01:33:24.0078 1408  [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll
01:33:24.0078 1408  C:\WINDOWS\system32\hid.dll - ok
01:33:24.0078 1408  [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll
01:33:24.0078 1408  C:\WINDOWS\system32\inetpp.dll - ok
01:33:24.0078 1408  [ A1509BA3A5FDC5366146E92B3D130EB5 ] C:\Program Files\Java\jre7\bin\jqs.exe
01:33:24.0078 1408  C:\Program Files\Java\jre7\bin\jqs.exe - ok
01:33:24.0093 1408  [ 67EC459E42D3081DD8FD34356F7CAFC1 ] C:\Program Files\Java\jre7\bin\msvcr100.dll
01:33:24.0093 1408  C:\Program Files\Java\jre7\bin\msvcr100.dll - ok
01:33:24.0093 1408  [ 62CF83A6989312A0DD39BBFFB3D1C166 ] C:\WINDOWS\system32\pdh.dll
01:33:24.0093 1408  C:\WINDOWS\system32\pdh.dll - ok
01:33:24.0093 1408  [ 369F7B1A4F358B976176556A1A331F36 ] C:\WINDOWS\system32\odbcbcp.dll
01:33:24.0093 1408  C:\WINDOWS\system32\odbcbcp.dll - ok
01:33:24.0109 1408  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] C:\WINDOWS\system32\srvsvc.dll
01:33:24.0109 1408  C:\WINDOWS\system32\srvsvc.dll - ok
01:33:24.0109 1408  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll
01:33:24.0109 1408  C:\WINDOWS\system32\netman.dll - ok
01:33:24.0125 1408  [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll
01:33:24.0125 1408  C:\WINDOWS\system32\netshell.dll - ok
01:33:24.0125 1408  [ ACDAFCD14EC0ECE89198503746A5C147 ] C:\WINDOWS\system32\perfos.dll
01:33:24.0125 1408  C:\WINDOWS\system32\perfos.dll - ok
01:33:24.0125 1408  [ ABFB673B24A9B3287761D497529FB5B9 ] C:\WINDOWS\system32\perfdisk.dll
01:33:24.0125 1408  C:\WINDOWS\system32\perfdisk.dll - ok
01:33:24.0140 1408  [ 30CB85790A3C70AE45C88E28BA6397C2 ] C:\WINDOWS\system32\nvsvc32.exe
01:33:24.0140 1408  C:\WINDOWS\system32\nvsvc32.exe - ok
01:33:24.0140 1408  [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll
01:33:24.0140 1408  C:\WINDOWS\system32\credui.dll - ok
01:33:24.0140 1408  [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll
01:33:24.0140 1408  C:\WINDOWS\system32\dot3dlg.dll - ok
01:33:24.0156 1408  [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll
01:33:24.0156 1408  C:\WINDOWS\system32\eappcfg.dll - ok
01:33:24.0156 1408  [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll
01:33:24.0187 1408  C:\WINDOWS\system32\onex.dll - ok
01:33:24.0187 1408  [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll
01:33:24.0187 1408  C:\WINDOWS\system32\eappprxy.dll - ok
01:33:24.0203 1408  [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
01:33:24.0203 1408  C:\WINDOWS\system32\netmsg.dll - ok
01:33:24.0203 1408  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] C:\WINDOWS\system32\drivers\srv.sys
01:33:24.0203 1408  C:\WINDOWS\system32\drivers\srv.sys - ok
01:33:24.0203 1408  [ 37C8EC2860DF210ED93A94BF6525CBC7 ] C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
01:33:24.0203 1408  C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe - ok
01:33:24.0218 1408  [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll
01:33:24.0218 1408  C:\WINDOWS\system32\ipsecsvc.dll - ok
01:33:24.0218 1408  [ C5FF8682EADA5B3B27A865F1C3EF9270 ] C:\WINDOWS\system32\oakley.dll
01:33:24.0218 1408  C:\WINDOWS\system32\oakley.dll - ok
01:33:24.0218 1408  [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll
01:33:24.0218 1408  C:\WINDOWS\system32\pstorsvc.dll - ok
01:33:24.0234 1408  [ 5B19B557B0C188210A56A6B699D90B8F ] C:\WINDOWS\system32\regsvc.dll
01:33:24.0234 1408  C:\WINDOWS\system32\regsvc.dll - ok
01:33:24.0234 1408  [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll
01:33:24.0234 1408  C:\WINDOWS\system32\seclogon.dll - ok
01:33:24.0250 1408  [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll
01:33:24.0250 1408  C:\WINDOWS\system32\wbem\wmisvc.dll - ok
01:33:24.0250 1408  [ C39B824A30118E308D575D6507467D10 ] C:\WINDOWS\system32\nvcpl.dll
01:33:24.0250 1408  C:\WINDOWS\system32\nvcpl.dll - ok
01:33:24.0250 1408  [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll
01:33:24.0250 1408  C:\WINDOWS\system32\psbase.dll - ok
01:33:24.0265 1408  [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll
01:33:24.0265 1408  C:\WINDOWS\system32\vssapi.dll - ok
01:33:24.0265 1408  [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll
01:33:24.0265 1408  C:\WINDOWS\system32\dssenh.dll - ok
01:33:24.0265 1408  [ CFD4E51402DA9838B5A04AE680AF54A0 ] C:\WINDOWS\system32\browser.dll
01:33:24.0265 1408  C:\WINDOWS\system32\browser.dll - ok
01:33:24.0281 1408  [ 55BCA12F7F523D35CA3CB833C725F54E ] C:\WINDOWS\system32\trkwks.dll
01:33:24.0281 1408  C:\WINDOWS\system32\trkwks.dll - ok
01:33:24.0281 1408  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] C:\WINDOWS\system32\wuauserv.dll
01:33:24.0281 1408  C:\WINDOWS\system32\wuauserv.dll - ok
01:33:24.0281 1408  [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll
01:33:24.0281 1408  C:\WINDOWS\system32\srsvc.dll - ok
01:33:24.0297 1408  [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\WINDOWS\system32\wuaueng.dll
01:33:24.0297 1408  C:\WINDOWS\system32\wuaueng.dll - ok
01:33:24.0297 1408  [ B85E95679B5ADC12311BCD3F5385D623 ] C:\WINDOWS\system32\mspatcha.dll
01:33:24.0297 1408  C:\WINDOWS\system32\mspatcha.dll - ok
01:33:24.0312 1408  [ 7C278E6408D1DCE642230C0585A854D5 ] C:\WINDOWS\system32\wscsvc.dll
01:33:24.0312 1408  C:\WINDOWS\system32\wscsvc.dll - ok
01:33:24.0312 1408  [ 83F41D0D89645D7235C051AB1D9523AC ] C:\WINDOWS\system32\ipnathlp.dll
01:33:24.0312 1408  C:\WINDOWS\system32\ipnathlp.dll - ok
01:33:24.0312 1408  [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll
01:33:24.0312 1408  C:\WINDOWS\system32\comsvcs.dll - ok
01:33:24.0328 1408  [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll
01:33:24.0328 1408  C:\WINDOWS\system32\colbact.dll - ok
01:33:24.0328 1408  [ 36795A645EAA47FE31D2A8F136A2C69B ] C:\WINDOWS\system32\mtxclu.dll
01:33:24.0328 1408  C:\WINDOWS\system32\mtxclu.dll - ok
01:33:24.0328 1408  [ D6B5A2966A6CE9ED29C58B56A51839F0 ] C:\WINDOWS\system32\nvapi.dll
01:33:24.0328 1408  C:\WINDOWS\system32\nvapi.dll - ok
01:33:24.0343 1408  [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll
01:33:24.0343 1408  C:\WINDOWS\system32\resutils.dll - ok
01:33:24.0343 1408  [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll
01:33:24.0343 1408  C:\WINDOWS\system32\wbem\wbemcore.dll - ok
01:33:24.0343 1408  [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll
01:33:24.0359 1408  C:\WINDOWS\system32\wbem\esscli.dll - ok
01:33:24.0359 1408  [ 378A0AEFB11D8B0DC8C27B9F7604B88D ] C:\WINDOWS\system32\wbem\fastprox.dll
01:33:24.0359 1408  C:\WINDOWS\system32\wbem\fastprox.dll - ok
01:33:24.0359 1408  [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
01:33:24.0359 1408  C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
01:33:24.0375 1408  [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll
01:33:24.0375 1408  C:\WINDOWS\system32\wbem\wmiutils.dll - ok
01:33:24.0375 1408  [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\WINDOWS\system32\wups.dll
01:33:24.0375 1408  C:\WINDOWS\system32\wups.dll - ok
01:33:24.0375 1408  [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll
01:33:24.0375 1408  C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
01:33:24.0390 1408  [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\WINDOWS\system32\wups2.dll
01:33:24.0390 1408  C:\WINDOWS\system32\wups2.dll - ok
01:33:24.0390 1408  [ 2E0B0A051FFAA86E358465BB0880D453 ] C:\WINDOWS\system32\wuauclt.exe
01:33:24.0390 1408  C:\WINDOWS\system32\wuauclt.exe - ok
01:33:24.0406 1408  [ 071143F687B4F887E21461CA6CC7EB29 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
01:33:24.0406 1408  C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
01:33:24.0406 1408  [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll
01:33:24.0406 1408  C:\WINDOWS\system32\wbem\wbemess.dll - ok
01:33:24.0406 1408  [ 1A617835452EEE5060976C9B9F5FE635 ] C:\WINDOWS\system32\wuapi.dll
01:33:24.0406 1408  C:\WINDOWS\system32\wuapi.dll - ok
01:33:24.0422 1408  [ D26451B540720A7313A9BCBE794DAF62 ] C:\WINDOWS\system32\wbem\ncprov.dll
01:33:24.0422 1408  C:\WINDOWS\system32\wbem\ncprov.dll - ok
01:33:24.0422 1408  [ BF1893E2B1B886161FD4BB7B3163E40F ] C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll
01:33:24.0422 1408  C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll - ok
01:33:24.0422 1408  [ 037B1E7798960E0420003D05BB577EE6 ] C:\WINDOWS\system32\rundll32.exe
01:33:24.0422 1408  C:\WINDOWS\system32\rundll32.exe - ok
01:33:24.0437 1408  [ FF3477C03BE7201C294C35F684B3479F ] C:\WINDOWS\system32\termsrv.dll
01:33:24.0437 1408  C:\WINDOWS\system32\termsrv.dll - ok
01:33:24.0437 1408  [ DF6551E4C4C46655A0C76194F1FCEA5D ] C:\WINDOWS\system32\icaapi.dll
01:33:24.0437 1408  C:\WINDOWS\system32\icaapi.dll - ok
01:33:24.0453 1408  [ 2D65D56C2F8B6CC5EBFF8E7200C30304 ] C:\WINDOWS\system32\mstlsapi.dll
01:33:24.0453 1408  C:\WINDOWS\system32\mstlsapi.dll - ok
01:33:24.0453 1408  [ 3CB78C17BB664637787C9A1C98F79C38 ] C:\WINDOWS\system32\tapisrv.dll
01:33:24.0453 1408  C:\WINDOWS\system32\tapisrv.dll - ok
01:33:24.0453 1408  [ 6404807ABC7AF52FA3792697AE638B50 ] C:\WINDOWS\system32\wbem\wbemcons.dll
01:33:24.0453 1408  C:\WINDOWS\system32\wbem\wbemcons.dll - ok
01:33:24.0468 1408  [ 401A8C0BE0BAA7D7A470F0942244152D ] C:\WINDOWS\system32\rasdlg.dll
01:33:24.0468 1408  C:\WINDOWS\system32\rasdlg.dll - ok
01:33:24.0468 1408  [ 798A9E6828997EEF4517ADA8A2259831 ] C:\WINDOWS\system32\wbem\wmiprvse.exe
01:33:24.0468 1408  C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
01:33:24.0468 1408  [ 5F7692CEC90E2E9AA32CD58321E234B8 ] C:\WINDOWS\system32\rastapi.dll
01:33:24.0468 1408  C:\WINDOWS\system32\rastapi.dll - ok
01:33:24.0484 1408  [ 567D46179E7A673711CD9FEA512C5364 ] C:\Program Files\Java\jre7\bin\awt.dll
01:33:24.0484 1408  C:\Program Files\Java\jre7\bin\awt.dll - ok
01:33:24.0484 1408  [ AACE07FE34FADDDF973CE068A6424957 ] C:\WINDOWS\system32\unimdm.tsp
01:33:24.0484 1408  C:\WINDOWS\system32\unimdm.tsp - ok
01:33:24.0484 1408  [ 995252FCC4692B5B97EE17D596C9386E ] C:\WINDOWS\system32\uniplat.dll
01:33:24.0484 1408  C:\WINDOWS\system32\uniplat.dll - ok
01:33:24.0500 1408  [ F92E1076C42FCD6DB3D72D8CFE9816D5 ] C:\WINDOWS\system32\wscntfy.exe
01:33:24.0500 1408  C:\WINDOWS\system32\wscntfy.exe - ok
01:33:24.0500 1408  [ 76EC97C5068D3D9FAA7774B0F659D31A ] C:\WINDOWS\system32\kmddsp.tsp
01:33:24.0500 1408  C:\WINDOWS\system32\kmddsp.tsp - ok
01:33:24.0515 1408  [ 4589963D84F2984FA5949A72162BA4F4 ] C:\WINDOWS\system32\ndptsp.tsp
01:33:24.0515 1408  C:\WINDOWS\system32\ndptsp.tsp - ok
01:33:24.0515 1408  [ 8B8A45DF7CEF36D93C7BD3E4C84003B8 ] C:\WINDOWS\system32\ipconf.tsp
01:33:24.0515 1408  C:\WINDOWS\system32\ipconf.tsp - ok
01:33:24.0515 1408  [ 8BC2B02DC11C98D14CEE43B8E8393FF3 ] C:\WINDOWS\system32\h323.tsp
01:33:24.0515 1408  C:\WINDOWS\system32\h323.tsp - ok
01:33:24.0531 1408  [ 6B552ED3BEE5AA3C4560478FF779BA98 ] C:\WINDOWS\system32\hidphone.tsp
01:33:24.0531 1408  C:\WINDOWS\system32\hidphone.tsp - ok
01:33:24.0531 1408  [ D0545A010ED2259A740C8414899A938F ] C:\WINDOWS\system32\rasppp.dll
01:33:24.0531 1408  C:\WINDOWS\system32\rasppp.dll - ok
01:33:24.0531 1408  [ B464BD425D5D09ABE4192234D1577B22 ] C:\WINDOWS\system32\ntlsapi.dll
01:33:24.0531 1408  C:\WINDOWS\system32\ntlsapi.dll - ok
01:33:24.0547 1408  [ A655C88AA555BB8EF8957BD29408827F ] C:\WINDOWS\system32\rasqec.dll
01:33:24.0547 1408  C:\WINDOWS\system32\rasqec.dll - ok
01:33:24.0547 1408  [ 6895427873D6C37A6D6DA7C3DB37DA14 ] C:\WINDOWS\system32\licwmi.dll
01:33:24.0547 1408  C:\WINDOWS\system32\licwmi.dll - ok
01:33:24.0562 1408  [ 4306FA2F1099D7C606139255FDB62B19 ] C:\WINDOWS\system32\wbem\framedyn.dll
01:33:24.0562 1408  C:\WINDOWS\system32\wbem\framedyn.dll - ok
01:33:24.0562 1408  [ A693A49A67673F2C8D76797EA9A628D0 ] C:\WINDOWS\system32\licdll.dll
01:33:24.0562 1408  C:\WINDOWS\system32\licdll.dll - ok
01:33:24.0562 1408  [ 917E65F71F14DE6891BAA8CDA2957DDB ] C:\Program Files\CheckPoint\ZAForceField\Plugins\SiteChecker.dll
01:33:24.0562 1408  C:\Program Files\CheckPoint\ZAForceField\Plugins\SiteChecker.dll - ok
01:33:24.0578 1408  [ 8C515081584A38AA007909CD02020B3D ] C:\WINDOWS\system32\alg.exe
01:33:24.0578 1408  C:\WINDOWS\system32\alg.exe - ok
01:33:24.0578 1408  [ 9EFBB3055B3EECE5B0FC7BAED07A6EE9 ] C:\WINDOWS\system32\msxml6.dll
01:33:24.0578 1408  C:\WINDOWS\system32\msxml6.dll - ok
01:33:24.0578 1408  [ 85FE43A44239E406D7BB9513569D4D00 ] C:\WINDOWS\system32\mshtml.dll
01:33:24.0578 1408  C:\WINDOWS\system32\mshtml.dll - ok
01:33:24.0593 1408  [ 84E2A7194C6771AEC66AD86DC63C1E2F ] C:\Program Files\Java\jre7\bin\client\jvm.dll
01:33:24.0593 1408  C:\Program Files\Java\jre7\bin\client\jvm.dll - ok
01:33:24.0593 1408  [ 71418CC50746FC2CB3F517CB3F5A022E ] C:\Program Files\Java\jre7\bin\dcpr.dll
01:33:24.0593 1408  C:\Program Files\Java\jre7\bin\dcpr.dll - ok
01:33:24.0609 1408  [ C7D789DF7DA3813DD70D8B19D5A308B5 ] C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\samplesites.dll
01:33:24.0609 1408  C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\samplesites.dll - ok
01:33:24.0609 1408  [ 2ACCD352451EC0F99AF2AD9DB6DB4439 ] C:\WINDOWS\system32\msls31.dll
01:33:24.0609 1408  C:\WINDOWS\system32\msls31.dll - ok
01:33:24.0609 1408  [ 178A34E5554DCE485E1262DDF027960C ] C:\DOCUME~1\Nick\LOCALS~1\Temp\BDC39BD6-71F1-4F6E-B369-E9B69F914FCC.exe
01:33:24.0609 1408  C:\DOCUME~1\Nick\LOCALS~1\Temp\BDC39BD6-71F1-4F6E-B369-E9B69F914FCC.exe - ok
01:33:24.0625 1408  [ E837FDBB92E9873E538395B623F45462 ] C:\WINDOWS\system32\wbem\cimwin32.dll
01:33:24.0625 1408  C:\WINDOWS\system32\wbem\cimwin32.dll - ok
01:33:24.0625 1408  [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll
01:33:24.0625 1408  C:\WINDOWS\system32\actxprxy.dll - ok
01:33:24.0625 1408  [ A958D75082496FBD6D27D290C41F1231 ] C:\Program Files\Java\jre7\bin\deploy.dll
01:33:24.0625 1408  C:\Program Files\Java\jre7\bin\deploy.dll - ok
01:33:24.0640 1408  [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll
01:33:24.0640 1408  C:\WINDOWS\system32\cfgmgr32.dll - ok
01:33:24.0640 1408  [ D1E18F4AE94FFEC7270BE0A10C0B295E ] C:\WINDOWS\system32\xmllite.dll
01:33:24.0640 1408  C:\WINDOWS\system32\xmllite.dll - ok
01:33:24.0640 1408  [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll
01:33:24.0640 1408  C:\WINDOWS\system32\ntshrui.dll - ok
01:33:24.0656 1408  [ D46A9EAEAEF4A9B7022CAB6464CF3F2F ] C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\liblua.dll
01:33:24.0656 1408  C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\liblua.dll - ok
01:33:24.0656 1408  [ A019A1830C6A3633F87CD1097D57CB9E ] C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\libtextcat.dll
01:33:24.0656 1408  C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\libtextcat.dll - ok
01:33:24.0672 1408  [ 559158445537BE7126C6D1B6C5627205 ] C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TCData.dll
01:33:24.0672 1408  C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TCData.dll - ok
01:33:24.0672 1408  [ 91790D6749EBED90E2C40479C0A91879 ] C:\WINDOWS\system32\verclsid.exe
01:33:24.0672 1408  C:\WINDOWS\system32\verclsid.exe - ok
01:33:24.0672 1408  [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll
01:33:24.0672 1408  C:\WINDOWS\system32\linkinfo.dll - ok
01:33:24.0687 1408  [ 81E5FA9746A38DC190698F917ED821E7 ] C:\Program Files\Java\jre7\bin\fontmanager.dll
01:33:24.0687 1408  C:\Program Files\Java\jre7\bin\fontmanager.dll - ok
01:33:24.0687 1408  [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll
01:33:24.0687 1408  C:\WINDOWS\system32\mlang.dll - ok
01:33:24.0687 1408  [ 003B1DEC8FC93671E793C24E06907DD3 ] C:\Program Files\Java\jre7\bin\java.dll
01:33:24.0687 1408  C:\Program Files\Java\jre7\bin\java.dll - ok
01:33:24.0703 1408  [ BADA7311D82CFA73A7DB1D1EEC9214E1 ] C:\Program Files\Java\jre7\bin\javaw.exe
01:33:24.0703 1408  C:\Program Files\Java\jre7\bin\javaw.exe - ok
01:33:24.0703 1408  [ 955C10E1BF9C814FCCA6E1DC7E25C0F6 ] C:\Program Files\Java\jre7\bin\jp2native.dll
01:33:24.0703 1408  C:\Program Files\Java\jre7\bin\jp2native.dll - ok
01:33:24.0718 1408  [ 7FF6E93568EF6B6401E254B407051750 ] C:\Program Files\Java\jre7\bin\jpeg.dll
01:33:24.0718 1408  C:\Program Files\Java\jre7\bin\jpeg.dll - ok
01:33:24.0718 1408  [ 91F7D4D415B0F0BD77D229D6D6F7EB52 ] C:\Program Files\Java\jre7\bin\net.dll
01:33:24.0718 1408  C:\Program Files\Java\jre7\bin\net.dll - ok
01:33:24.0718 1408  [ E11457C66FDD966EE415FBBC6D9BE643 ] C:\WINDOWS\system32\msimtf.dll
01:33:24.0718 1408  C:\WINDOWS\system32\msimtf.dll - ok
01:33:24.0734 1408  [ E40FCF943127DDC8FD60554B722D762B ] C:\WINDOWS\system32\msctf.dll
01:33:24.0734 1408  C:\WINDOWS\system32\msctf.dll - ok
01:33:24.0734 1408  [ A20DA288DCDC0E1396FDC61F2AA656CE ] C:\Program Files\Java\jre7\bin\nio.dll
01:33:24.0734 1408  C:\Program Files\Java\jre7\bin\nio.dll - ok
01:33:24.0734 1408  [ D474AACD8E14692450E98B258D30B6CE ] C:\Program Files\Java\jre7\bin\verify.dll
01:33:24.0734 1408  C:\Program Files\Java\jre7\bin\verify.dll - ok
01:33:24.0750 1408  [ 1E6C47B63CD2F812DE0F4A9F610FABB4 ] C:\WINDOWS\system32\jscript.dll
01:33:24.0750 1408  C:\WINDOWS\system32\jscript.dll - ok
01:33:24.0750 1408  [ 66A841AFCC52DA7B6AF694E79E1326E2 ] C:\Program Files\Java\jre7\bin\zip.dll
01:33:24.0750 1408  C:\Program Files\Java\jre7\bin\zip.dll - ok
01:33:24.0765 1408  [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll
01:33:24.0765 1408  C:\WINDOWS\system32\upnp.dll - ok
01:33:24.0765 1408  [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll
01:33:24.0765 1408  C:\WINDOWS\system32\ssdpapi.dll - ok
01:33:24.0765 1408  [ F80A415EF82CD06FFAF0D971528EAD38 ] C:\WINDOWS\system32\drivers\http.sys
01:33:24.0765 1408  C:\WINDOWS\system32\drivers\http.sys - ok
01:33:24.0781 1408  [ 0A5679B3714EDAB99E357057EE88FCA6 ] C:\WINDOWS\system32\ssdpsrv.dll
01:33:24.0781 1408  C:\WINDOWS\system32\ssdpsrv.dll - ok
01:33:24.0781 1408  [ 6E0F29BD0E792618FF285AB094F4DCEF ] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe
01:33:24.0781 1408  C:\Program Files\NVIDIA Corporation\nview\nwiz.exe - ok
01:33:24.0781 1408  [ 3B556A0DD75EE786F8E1963E9770F760 ] C:\WINDOWS\system32\nvmctray.dll
01:33:24.0781 1408  C:\WINDOWS\system32\nvmctray.dll - ok
01:33:24.0797 1408  [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll
01:33:24.0797 1408  C:\WINDOWS\system32\webcheck.dll - ok
01:33:24.0797 1408  [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll
01:33:24.0797 1408  C:\WINDOWS\system32\stobject.dll - ok
01:33:24.0812 1408  [ C551E83ADB312F0353961267F02D7047 ] C:\Program Files\NVIDIA Corporation\Update Common\NvUpdt.dll
01:33:24.0812 1408  C:\Program Files\NVIDIA Corporation\Update Common\NvUpdt.dll - ok
01:33:24.0812 1408  [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll
01:33:24.0812 1408  C:\WINDOWS\system32\batmeter.dll - ok
01:33:24.0812 1408  [ 045E228F71C31901084B64BE59093499 ] C:\WINDOWS\system32\WPDShServiceObj.dll
01:33:24.0812 1408  C:\WINDOWS\system32\WPDShServiceObj.dll - ok
01:33:24.0828 1408  [ 148C545849C1379A3D4448F5DE768E86 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
01:33:24.0828 1408  C:\Program Files\AVAST Software\Avast\AvastUI.exe - ok
01:33:24.0828 1408  [ 22358578CB321F3325496A3723029409 ] C:\WINDOWS\system32\PortableDeviceTypes.dll
01:33:24.0828 1408  C:\WINDOWS\system32\PortableDeviceTypes.dll - ok
01:33:24.0828 1408  [ 9D45B2201D0ECF9F42136C7B99DEB8B2 ] C:\WINDOWS\system32\PortableDeviceApi.dll
01:33:24.0828 1408  C:\WINDOWS\system32\PortableDeviceApi.dll - ok
01:33:24.0843 1408  [ 1D18C4172C53F3411F80B3A58F1D740B ] C:\Program Files\NVIDIA Corporation\Update Common\EasyDaemonAPIU.dll
01:33:24.0843 1408  C:\Program Files\NVIDIA Corporation\Update Common\EasyDaemonAPIU.dll - ok
01:33:24.0843 1408  [ 8657C4CFF27F0ADA25A2C33F3BBF2955 ] C:\Program Files\NVIDIA Corporation\Update Common\NvUpdtr.dll
01:33:24.0843 1408  C:\Program Files\NVIDIA Corporation\Update Common\NvUpdtr.dll - ok
01:33:24.0843 1408  [ D32584BE69090F06B62339B2D863C24E ] C:\Program Files\NVIDIA Corporation\nview\nView.dll
01:33:24.0843 1408  C:\Program Files\NVIDIA Corporation\nview\nView.dll - ok
01:33:24.0859 1408  [ 3CB07566302BCEEB898DE270A0BEC175 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
01:33:24.0859 1408  C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
01:33:24.0859 1408  [ 112AA56909B693AD665C915C96CF4A99 ] C:\WINDOWS\system32\nvwddi.dll
01:33:24.0859 1408  C:\WINDOWS\system32\nvwddi.dll - ok
01:33:24.0875 1408  [ B2D4A37B12F04736362268FFC5B6F5BF ] C:\Program Files\AVAST Software\Avast\aswUtil.dll
01:33:24.0875 1408  C:\Program Files\AVAST Software\Avast\aswUtil.dll - ok
01:33:24.0875 1408  [ 0D67A518BE3BC74C63423AC5595C7251 ] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
01:33:24.0875 1408  C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe - ok
01:33:24.0875 1408  [ CA6ADE4F7761BB15B3325356DC3B82BB ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll
01:33:24.0875 1408  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll - ok
01:33:24.0890 1408  [ A40432BB46793F3A2AD42E6D23A8290F ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
01:33:24.0890 1408  C:\Program Files\Common Files\Java\Java Update\jusched.exe - ok
01:33:24.0890 1408  [ FBFCA1A574D47EE575448B719CBBF2E4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll
01:33:24.0890 1408  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll - ok
01:33:24.0890 1408  [ 92A9797D368E5952E753CC24321A7A0A ] C:\Program Files\CheckPoint\ZoneAlarm\zpeng25.dll
01:33:24.0890 1408  C:\Program Files\CheckPoint\ZoneAlarm\zpeng25.dll - ok
01:33:24.0906 1408  [ 520C1168F1D8447EFDE7C101CA5E75EC ] C:\Program Files\AVAST Software\Avast\aswData.dll
01:33:24.0906 1408  C:\Program Files\AVAST Software\Avast\aswData.dll - ok
01:33:24.0906 1408  [ 9F0E7FBD08442DDCF856E933D26A296C ] C:\Program Files\AVAST Software\Avast\1033\uiLangRes.dll
01:33:24.0906 1408  C:\Program Files\AVAST Software\Avast\1033\uiLangRes.dll - ok
01:33:24.0922 1408  [ ED13869C11FD522B80EDF712D77251F1 ] C:\Program Files\AVAST Software\Avast\CommonRes.dll
01:33:24.0922 1408  C:\Program Files\AVAST Software\Avast\CommonRes.dll - ok
01:33:24.0922 1408  [ 58B8702C20DE211D1FCB248D2FDD71D1 ] C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe
01:33:24.0922 1408  C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe - ok
01:33:24.0922 1408  [ E3C817F7FE44CC870ECDBCBC3EA36132 ] C:\WINDOWS\system32\msvcp100.dll
01:33:24.0922 1408  C:\WINDOWS\system32\msvcp100.dll - ok
01:33:24.0937 1408  [ BF38660A9125935658CFA3E53FDC7D65 ] C:\WINDOWS\system32\msvcr100.dll
01:33:24.0937 1408  C:\WINDOWS\system32\msvcr100.dll - ok
01:33:24.0937 1408  [ C71F26B6C46AF8C2003524AED21DBD18 ] C:\Program Files\CheckPoint\ZoneAlarm\lib\MainLoop.zip.dll
01:33:24.0937 1408  C:\Program Files\CheckPoint\ZoneAlarm\lib\MainLoop.zip.dll - ok
01:33:24.0937 1408  [ 76BBDFDDBDAF651409D7ECA767D9A81C ] C:\Program Files\CheckPoint\ZoneAlarm\lib\NavBar.zip.dll
01:33:24.0937 1408  C:\Program Files\CheckPoint\ZoneAlarm\lib\NavBar.zip.dll - ok
01:33:24.0953 1408  [ 35460DE2379887F2EF69BEDD7698E013 ] C:\Program Files\CheckPoint\ZoneAlarm\lib\ZAlert.zip.dll
01:33:24.0953 1408  C:\Program Files\CheckPoint\ZoneAlarm\lib\ZAlert.zip.dll - ok
01:33:24.0953 1408  [ CC96587B1C07F84B95271223B19537A8 ] C:\Program Files\AVAST Software\Avast\defs\13050601\uiext.dll
01:33:24.0953 1408  C:\Program Files\AVAST Software\Avast\defs\13050601\uiext.dll - ok
01:33:24.0953 1408  [ 53D225764FBE85BBBA747F6DD4C02A54 ] C:\Program Files\CheckPoint\ZoneAlarm\lib\ZClient.zip.dll
01:33:24.0953 1408  C:\Program Files\CheckPoint\ZoneAlarm\lib\ZClient.zip.dll - ok
01:33:24.0968 1408  [ 4044E880593FE1AC9942190FCE414BE7 ] C:\WINDOWS\system32\mstask.dll
01:33:24.0968 1408  C:\WINDOWS\system32\mstask.dll - ok
01:33:24.0968 1408  [ A7E763DE54F5A3514523E5161DAC780F ] C:\Program Files\CheckPoint\ZoneAlarm\lib\zfde.zip.dll
01:33:24.0968 1408  C:\Program Files\CheckPoint\ZoneAlarm\lib\zfde.zip.dll - ok
01:33:24.0984 1408  [ 4B6341866AB377401CF542C48167A42D ] C:\Program Files\CheckPoint\ZoneAlarm\lib\zmenu.zip.dll
01:33:24.0984 1408  C:\Program Files\CheckPoint\ZoneAlarm\lib\zmenu.zip.dll - ok
01:33:24.0984 1408  [ 624CD4A603105D62E1CFCD4677BE2C82 ] C:\Program Files\CheckPoint\ZoneAlarm\lib\zpy.zip.dll
01:33:24.0984 1408  C:\Program Files\CheckPoint\ZoneAlarm\lib\zpy.zip.dll - ok
01:33:24.0984 1408  [ F188E231B46A90DBB53A3461CE97E850 ] C:\Program Files\CheckPoint\ZoneAlarm\lib\zsys.zip.dll
01:33:24.0984 1408  C:\Program Files\CheckPoint\ZoneAlarm\lib\zsys.zip.dll - ok
01:33:25.0000 1408  [ 738AD6DF5AEA144D0B0AA8F9348DC946 ] C:\Program Files\CheckPoint\ZoneAlarm\lib\ztv.zip.dll
01:33:25.0000 1408  C:\Program Files\CheckPoint\ZoneAlarm\lib\ztv.zip.dll - ok
01:33:25.0000 1408  [ E7382FE735687351D3D0B6A2954A14FA ] C:\Program Files\CheckPoint\ZoneAlarm\lib\zui.zip.dll
01:33:25.0000 1408  C:\Program Files\CheckPoint\ZoneAlarm\lib\zui.zip.dll - ok
01:33:25.0000 1408  [ 3F78C35AE4C322E1C21BA6A59415623E ] C:\Program Files\CheckPoint\ZoneAlarm\lib\pyd\zpui.pyd
01:33:25.0000 1408  C:\Program Files\CheckPoint\ZoneAlarm\lib\pyd\zpui.pyd - ok
01:33:25.0015 1408  [ EF8E5E4FD6C023B1E6F26E947EDD1DD4 ] C:\Program Files\CheckPoint\ZoneAlarm\zhtml.dll
01:33:25.0015 1408  C:\Program Files\CheckPoint\ZoneAlarm\zhtml.dll - ok
01:33:25.0015 1408  [ 9E03DC5AB51CFD0190541CE2038D819D ] C:\WINDOWS\system32\usp10.dll
01:33:25.0015 1408  C:\WINDOWS\system32\usp10.dll - ok
01:33:25.0031 1408  [ B729BA1592ACACB47F2B06DD3D5753FA ] C:\WINDOWS\system32\Macromed\Flash\Flash6.ocx
01:33:25.0031 1408  C:\WINDOWS\system32\Macromed\Flash\Flash6.ocx - ok
01:33:25.0031 1408  [ D18DFBAC909527D5405802EAFBCC0B51 ] C:\Program Files\CheckPoint\ZoneAlarm\lib\pyd\_ctypes.pyd
01:33:25.0031 1408  C:\Program Files\CheckPoint\ZoneAlarm\lib\pyd\_ctypes.pyd - ok
01:33:25.0031 1408  [ 31CF51DCDA1424B813CC97B20F71B431 ] C:\WINDOWS\system32\vbscript.dll
01:33:25.0031 1408  C:\WINDOWS\system32\vbscript.dll - ok
01:33:25.0047 1408  [ 1276B62E3CA847317F5083DEAD342DCA ] C:\Program Files\CheckPoint\ZoneAlarm\lib\pyd\zpdx.pyd
01:33:25.0047 1408  C:\Program Files\CheckPoint\ZoneAlarm\lib\pyd\zpdx.pyd - ok
01:33:25.0047 1408  [ 611E983C8D4F640405CE5DE80EA1F786 ] C:\Program Files\CheckPoint\ZoneAlarm\lib\pyd\pyexpat.pyd
01:33:25.0047 1408  C:\Program Files\CheckPoint\ZoneAlarm\lib\pyd\pyexpat.pyd - ok
01:33:25.0047 1408  [ 151F7343580AFFB4AEC72AD24D075DE2 ] C:\Program Files\CheckPoint\ZoneAlarm\lib\pyd\_socket.pyd
01:33:25.0047 1408  C:\Program Files\CheckPoint\ZoneAlarm\lib\pyd\_socket.pyd - ok
01:33:25.0062 1408  [ 5C600B263C535BA148D87C0CCBC0BFB4 ] C:\Program Files\CheckPoint\ZoneAlarm\lib\pyd\zptv.pyd
01:33:25.0062 1408  C:\Program Files\CheckPoint\ZoneAlarm\lib\pyd\zptv.pyd - ok
01:33:25.0062 1408  [ AC76F190F4E13B171AD059069F5853AF ] C:\Program Files\CheckPoint\ZoneAlarm\vspubapi.dll
01:33:25.0062 1408  C:\Program Files\CheckPoint\ZoneAlarm\vspubapi.dll - ok
01:33:25.0062 1408  [ 8F0322CEA3CEFA07F4F25EB6D73FEC0D ] C:\Program Files\CheckPoint\ZoneAlarm\vsmonapi.dll
01:33:25.0062 1408  C:\Program Files\CheckPoint\ZoneAlarm\vsmonapi.dll - ok
01:33:25.0078 1408  [ F3946B534CC197CBFFD9A2ECFD1F556F ] C:\WINDOWS\system32\l3codeca.acm
01:33:25.0078 1408  C:\WINDOWS\system32\l3codeca.acm - ok
01:33:25.0078 1408  [ 42B928FC8518D793BF7A5EAFC57B1D8B ] C:\WINDOWS\system32\imgutil.dll
01:33:25.0078 1408  C:\WINDOWS\system32\imgutil.dll - ok
01:33:25.0078 1408  [ E5FA1B044DAC5F6F600A1742D73F6936 ] C:\WINDOWS\system32\pngfilt.dll
01:33:25.0078 1408  C:\WINDOWS\system32\pngfilt.dll - ok
01:33:25.0093 1408  [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\67635285.sys
01:33:25.0093 1408  C:\WINDOWS\system32\drivers\67635285.sys - ok
01:33:25.0093 1408  [ C730F70351D950DDA7388C9A9763CF54 ] C:\WINDOWS\system32\wbem\wmipcima.dll
01:33:25.0093 1408  C:\WINDOWS\system32\wbem\wmipcima.dll - ok
01:33:25.0093 1408  ============================================================
01:33:25.0093 1408  Scan finished
01:33:25.0093 1408  ============================================================
01:33:25.0218 2116  Detected object count: 2
01:33:25.0218 2116  Actual detected object count: 2
01:35:21.0343 2116  \Device\Harddisk2\DR2\# - copied to quarantine
01:35:21.0359 2116  \Device\Harddisk2\DR2 - copied to quarantine
01:35:21.0406 2116  \Device\Harddisk2\DR2\TDLFS\ldrm - copied to quarantine
01:35:21.0406 2116  \Device\Harddisk2\DR2\TDLFS\cmd.dll - copied to quarantine
01:35:23.0937 2116  \Device\Harddisk2\DR2\TDLFS\cmd32.dll - copied to quarantine
01:35:23.0968 2116  \Device\Harddisk2\DR2\TDLFS\cmd64.dll - copied to quarantine
01:35:24.0000 2116  \Device\Harddisk2\DR2\TDLFS\drv32 - copied to quarantine
01:35:24.0015 2116  \Device\Harddisk2\DR2\TDLFS\drv64 - copied to quarantine
01:35:26.0125 2116  \Device\Harddisk2\DR2\TDLFS\servers.dat - copied to quarantine
01:35:26.0140 2116  \Device\Harddisk2\DR2\TDLFS\config.ini - copied to quarantine
01:35:26.0140 2116  \Device\Harddisk2\DR2\TDLFS\ldr16 - copied to quarantine
01:35:26.0156 2116  \Device\Harddisk2\DR2\TDLFS\ldr32 - copied to quarantine
01:35:28.0281 2116  \Device\Harddisk2\DR2\TDLFS\ldr64 - copied to quarantine
01:35:28.0375 2116  \Device\Harddisk2\DR2\TDLFS\s - copied to quarantine
01:35:28.0375 2116  \Device\Harddisk2\DR2\TDLFS\u - copied to quarantine
01:35:28.0406 2116  \Device\Harddisk2\DR2 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
01:35:28.0406 2116  \Device\Harddisk2\DR2 - ok
01:35:28.0406 2116  \Device\Harddisk2\DR2 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
01:35:28.0406 2116  \Device\Harddisk2\DR2 ( TDSS File System ) - skipped by user
01:35:28.0406 2116  \Device\Harddisk2\DR2 ( TDSS File System ) - User select action: Skip
01:35:51.0140 3304  Deinitialize success
 

 

 

 

I ran MBAR

nothing was found. No log file to post.

 

I think this has solved the problem. What do you think?

Thank You!

Did Combofix do something so TDSSKiller could find the problem? As I stated in OP I ran TDSSKiller (same way you instructed) and it diddnt find anything.

 

Thank you again. This is my first run in with a rootkit virus.  



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:53 PM

Posted 07 May 2013 - 01:17 AM


Hello

we still have some work to do but yea that did take out the rootkit

I would like you to rerun TDSSKiller and this time when it gets to this part
  • \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
    \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
I want you to select Delete this time instead of skip.


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 tiko8019

tiko8019
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 07 May 2013 - 01:38 AM

Ok I deleted it this time.
Avast popped up with a bunch of virus that were blocked. Here is an image of the file shield.
 

 
02:21:22.0468 3280  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
02:21:24.0468 3280  ============================================================
02:21:24.0468 3280  Current date / time: 2013/05/07 02:21:24.0468
02:21:24.0468 3280  SystemInfo:
02:21:24.0468 3280  
02:21:24.0468 3280  OS Version: 5.1.2600 ServicePack: 3.0
02:21:24.0468 3280  Product type: Workstation
02:21:24.0468 3280  ComputerName: MINE
02:21:24.0468 3280  UserName: Nick
02:21:24.0468 3280  Windows directory: C:\WINDOWS
02:21:24.0468 3280  System windows directory: C:\WINDOWS
02:21:24.0468 3280  Processor architecture: Intel x86
02:21:24.0468 3280  Number of processors: 2
02:21:24.0468 3280  Page size: 0x1000
02:21:24.0468 3280  Boot type: Normal boot
02:21:24.0468 3280  ============================================================
02:21:41.0890 3280  BG loaded
02:21:42.0640 3280  Drive \Device\Harddisk0\DR0 - Size: 0x9516AE000 (37.27 Gb), SectorSize: 0x200, Cylinders: 0x1301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
02:21:42.0640 3280  Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
02:21:42.0671 3280  Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
02:21:42.0687 3280  ============================================================
02:21:42.0687 3280  \Device\Harddisk0\DR0:
02:21:42.0687 3280  MBR partitions:
02:21:42.0687 3280  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A852C1
02:21:42.0687 3280  \Device\Harddisk1\DR1:
02:21:42.0687 3280  MBR partitions:
02:21:42.0687 3280  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
02:21:42.0687 3280  \Device\Harddisk2\DR2:
02:21:42.0687 3280  MBR partitions:
02:21:42.0687 3280  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74701AC1
02:21:42.0687 3280  ============================================================
02:21:42.0734 3280  D: <-> \Device\Harddisk0\DR0\Partition1
02:21:42.0781 3280  C: <-> \Device\Harddisk2\DR2\Partition1
02:21:42.0796 3280  E: <-> \Device\Harddisk1\DR1\Partition1
02:21:42.0796 3280  ============================================================
02:21:42.0796 3280  Initialize success
02:21:42.0796 3280  ============================================================
02:21:51.0062 3924  ============================================================
02:21:51.0062 3924  Scan started
02:21:51.0062 3924  Mode: Manual; SigCheck; TDLFS;
02:21:51.0062 3924  ============================================================
02:21:51.0906 3924  ================ Scan system memory ========================
02:21:51.0906 3924  System memory - ok
02:21:51.0906 3924  ================ Scan services =============================
02:21:52.0015 3924  Abiosdsk - ok
02:21:52.0031 3924  abp480n5 - ok
02:21:52.0062 3924  [ 8FD99680A539792A30E97944FDAECF17 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
02:21:52.0359 3924  ACPI - ok
02:21:52.0375 3924  [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
02:21:52.0515 3924  ACPIEC - ok
02:21:52.0515 3924  adpu160m - ok
02:21:52.0546 3924  [ 3CB6AE5435987B1F8C83FD2730479878 ] aeaudio         C:\WINDOWS\system32\drivers\aeaudio.sys
02:21:52.0578 3924  aeaudio - ok
02:21:52.0609 3924  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
02:21:52.0781 3924  aec - ok
02:21:52.0812 3924  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
02:21:52.0859 3924  AFD - ok
02:21:52.0859 3924  Aha154x - ok
02:21:52.0875 3924  aic78u2 - ok
02:21:52.0875 3924  aic78xx - ok
02:21:52.0890 3924  [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
02:21:53.0046 3924  Alerter - ok
02:21:53.0062 3924  [ 8C515081584A38AA007909CD02020B3D ] ALG             C:\WINDOWS\System32\alg.exe
02:21:53.0234 3924  ALG - ok
02:21:53.0234 3924  AliIde - ok
02:21:53.0250 3924  amsint - ok
02:21:53.0281 3924  [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
02:21:53.0421 3924  AppMgmt - ok
02:21:53.0437 3924  asc - ok
02:21:53.0437 3924  asc3350p - ok
02:21:53.0453 3924  asc3550 - ok
02:21:53.0515 3924  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
02:21:53.0546 3924  aspnet_state - ok
02:21:53.0562 3924  [ CCDA8D84FD02AEC52E62F296433AE9DC ] aswFsBlk        C:\WINDOWS\system32\drivers\aswFsBlk.sys
02:21:53.0625 3924  aswFsBlk - ok
02:21:53.0640 3924  [ A6E20E62871A28A0F1C05B1681848FA7 ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
02:21:53.0656 3924  aswMonFlt - ok
02:21:53.0687 3924  [ C1A411B7CCD604554D96EFDAC2F83617 ] AswRdr          C:\WINDOWS\system32\drivers\AswRdr.sys
02:21:53.0718 3924  AswRdr - ok
02:21:53.0718 3924  [ 657A61979F40D67CA29716149766FFA7 ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
02:21:53.0750 3924  aswRvrt - ok
02:21:53.0765 3924  [ 0E604867FC28F00D91CB0B00D2EC830D ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
02:21:53.0812 3924  aswSnx - ok
02:21:53.0828 3924  [ 6FC4AA106AA505394C908D37CCCB9148 ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
02:21:53.0859 3924  aswSP - ok
02:21:53.0875 3924  [ 33E21FFB063CA6C7E00D568467DC72E4 ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
02:21:53.0906 3924  aswTdi - ok
02:21:53.0921 3924  [ EDB0C9BA44B748E420CCA989FD8B826E ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
02:21:53.0937 3924  aswVmm - ok
02:21:53.0968 3924  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
02:21:54.0125 3924  AsyncMac - ok
02:21:54.0125 3924  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
02:21:54.0281 3924  atapi - ok
02:21:54.0281 3924  Atdisk - ok
02:21:54.0296 3924  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
02:21:54.0453 3924  Atmarpc - ok
02:21:54.0484 3924  [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
02:21:54.0625 3924  AudioSrv - ok
02:21:54.0640 3924  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
02:21:54.0781 3924  audstub - ok
02:21:54.0812 3924  [ 41735B82DB57E4EBE9504EC400FD120E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
02:21:54.0828 3924  avast! Antivirus - ok
02:21:54.0875 3924  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
02:21:55.0015 3924  Beep - ok
02:21:55.0031 3924  [ 574738F61FCA2935F5265DC4E5691314 ] BITS            C:\WINDOWS\system32\qmgr.dll
02:21:55.0218 3924  BITS - ok
02:21:55.0250 3924  [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser         C:\WINDOWS\System32\browser.dll
02:21:55.0312 3924  Browser - ok
02:21:55.0437 3924  catchme - ok
02:21:55.0468 3924  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
02:21:55.0609 3924  cbidf2k - ok
02:21:55.0625 3924  cd20xrnt - ok
02:21:55.0656 3924  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
02:21:55.0812 3924  Cdaudio - ok
02:21:55.0843 3924  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
02:21:55.0984 3924  Cdfs - ok
02:21:56.0015 3924  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
02:21:56.0156 3924  Cdrom - ok
02:21:56.0156 3924  Changer - ok
02:21:56.0171 3924  [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc           C:\WINDOWS\system32\cisvc.exe
02:21:56.0343 3924  CiSvc - ok
02:21:56.0359 3924  [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
02:21:56.0500 3924  ClipSrv - ok
02:21:56.0531 3924  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:21:56.0578 3924  clr_optimization_v4.0.30319_32 - ok
02:21:56.0593 3924  CmdIde - ok
02:21:56.0593 3924  COMSysApp - ok
02:21:56.0609 3924  Cpqarray - ok
02:21:56.0640 3924  [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
02:21:56.0796 3924  CryptSvc - ok
02:21:56.0812 3924  dac2w2k - ok
02:21:56.0812 3924  dac960nt - ok
02:21:56.0859 3924  [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
02:21:56.0890 3924  DcomLaunch - ok
02:21:56.0921 3924  [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
02:21:57.0078 3924  Dhcp - ok
02:21:57.0093 3924  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
02:21:57.0265 3924  Disk - ok
02:21:57.0265 3924  dmadmin - ok
02:21:57.0328 3924  [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
02:21:57.0500 3924  dmboot - ok
02:21:57.0515 3924  [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
02:21:57.0671 3924  dmio - ok
02:21:57.0687 3924  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
02:21:57.0828 3924  dmload - ok
02:21:57.0828 3924  [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver        C:\WINDOWS\System32\dmserver.dll
02:21:57.0984 3924  dmserver - ok
02:21:58.0015 3924  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
02:21:58.0187 3924  DMusic - ok
02:21:58.0218 3924  [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
02:21:58.0234 3924  Dnscache - ok
02:21:58.0281 3924  [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
02:21:58.0437 3924  Dot3svc - ok
02:21:58.0437 3924  dpti2o - ok
02:21:58.0453 3924  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
02:21:58.0593 3924  drmkaud - ok
02:21:58.0640 3924  [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost         C:\WINDOWS\System32\eapsvc.dll
02:21:58.0781 3924  EapHost - ok
02:21:58.0796 3924  [ BC93B4A066477954555966D77FEC9ECB ] ERSvc           C:\WINDOWS\System32\ersvc.dll
02:21:58.0953 3924  ERSvc - ok
02:21:58.0968 3924  [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog        C:\WINDOWS\system32\services.exe
02:21:59.0015 3924  Eventlog - ok
02:21:59.0015 3924  [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem     C:\WINDOWS\System32\es.dll
02:21:59.0046 3924  EventSystem - ok
02:21:59.0078 3924  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
02:21:59.0234 3924  Fastfat - ok
02:21:59.0265 3924  [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
02:21:59.0312 3924  FastUserSwitchingCompatibility - ok
02:21:59.0343 3924  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
02:21:59.0484 3924  Fdc - ok
02:21:59.0531 3924  [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
02:21:59.0671 3924  Fips - ok
02:21:59.0687 3924  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
02:21:59.0843 3924  Flpydisk - ok
02:21:59.0875 3924  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
02:22:00.0015 3924  FltMgr - ok
02:22:00.0015 3924  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
02:22:00.0171 3924  Fs_Rec - ok
02:22:00.0171 3924  [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
02:22:00.0328 3924  Ftdisk - ok
02:22:00.0328 3924  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
02:22:00.0468 3924  Gpc - ok
02:22:00.0531 3924  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
02:22:00.0671 3924  helpsvc - ok
02:22:00.0687 3924  [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ         C:\WINDOWS\System32\hidserv.dll
02:22:00.0843 3924  HidServ - ok
02:22:00.0875 3924  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
02:22:01.0015 3924  HidUsb - ok
02:22:01.0062 3924  [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
02:22:01.0203 3924  hkmsvc - ok
02:22:01.0203 3924  hpn - ok
02:22:01.0234 3924  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
02:22:01.0265 3924  HTTP - ok
02:22:01.0312 3924  [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
02:22:01.0500 3924  HTTPFilter - ok
02:22:01.0500 3924  i2omgmt - ok
02:22:01.0515 3924  i2omp - ok
02:22:01.0531 3924  [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
02:22:01.0671 3924  i8042prt - ok
02:22:01.0703 3924  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
02:22:01.0859 3924  Imapi - ok
02:22:01.0890 3924  [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService    C:\WINDOWS\system32\imapi.exe
02:22:02.0031 3924  ImapiService - ok
02:22:02.0046 3924  ini910u - ok
02:22:02.0062 3924  IntelIde - ok
02:22:02.0062 3924  [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
02:22:02.0218 3924  intelppm - ok
02:22:02.0234 3924  [ 3BB22519A194418D5FEC05D800A19AD0 ] ip6fw           C:\WINDOWS\system32\drivers\ip6fw.sys
02:22:02.0406 3924  ip6fw - ok
02:22:02.0421 3924  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
02:22:02.0562 3924  IpFilterDriver - ok
02:22:02.0593 3924  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
02:22:02.0734 3924  IpInIp - ok
02:22:02.0765 3924  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
02:22:02.0921 3924  IpNat - ok
02:22:02.0953 3924  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
02:22:03.0093 3924  IPSec - ok
02:22:03.0125 3924  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
02:22:03.0281 3924  IRENUM - ok
02:22:03.0281 3924  [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
02:22:03.0421 3924  isapnp - ok
02:22:03.0515 3924  [ 724A6A9AB5E1807665C5DB71C30BFC5F ] ISWKL           C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
02:22:03.0531 3924  ISWKL - ok
02:22:03.0562 3924  [ 57FE873B8246DEF1372503CBC57A7499 ] IswSvc          C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
02:22:03.0593 3924  IswSvc - ok
02:22:03.0687 3924  [ A1509BA3A5FDC5366146E92B3D130EB5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
02:22:03.0718 3924  JavaQuickStarterService - ok
02:22:03.0718 3924  [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
02:22:03.0875 3924  Kbdclass - ok
02:22:03.0906 3924  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
02:22:04.0078 3924  kmixer - ok
02:22:04.0093 3924  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
02:22:04.0125 3924  KSecDD - ok
02:22:04.0140 3924  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
02:22:04.0171 3924  lanmanserver - ok
02:22:04.0203 3924  [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
02:22:04.0250 3924  lanmanworkstation - ok
02:22:04.0250 3924  lbrtfdc - ok
02:22:04.0265 3924  [ A7DB739AE99A796D91580147E919CC59 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
02:22:04.0437 3924  LmHosts - ok
02:22:04.0453 3924  [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
02:22:04.0609 3924  Messenger - ok
02:22:04.0656 3924  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
02:22:04.0796 3924  mnmdd - ok
02:22:04.0812 3924  [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc         C:\WINDOWS\System32\mnmsrvc.exe
02:22:04.0953 3924  mnmsrvc - ok
02:22:04.0968 3924  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
02:22:05.0109 3924  Modem - ok
02:22:05.0125 3924  [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
02:22:05.0265 3924  Mouclass - ok
02:22:05.0265 3924  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
02:22:05.0406 3924  MountMgr - ok
02:22:05.0437 3924  [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
02:22:05.0468 3924  MozillaMaintenance - ok
02:22:05.0468 3924  mraid35x - ok
02:22:05.0484 3924  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
02:22:05.0625 3924  MRxDAV - ok
02:22:05.0640 3924  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
02:22:05.0687 3924  MRxSmb - ok
02:22:05.0718 3924  [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
02:22:05.0875 3924  MSDTC - ok
02:22:05.0890 3924  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
02:22:06.0031 3924  Msfs - ok
02:22:06.0031 3924  MSIServer - ok
02:22:06.0062 3924  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
02:22:06.0234 3924  MSKSSRV - ok
02:22:06.0250 3924  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
02:22:06.0390 3924  MSPCLOCK - ok
02:22:06.0406 3924  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
02:22:06.0562 3924  MSPQM - ok
02:22:06.0593 3924  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
02:22:06.0734 3924  mssmbios - ok
02:22:06.0750 3924  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
02:22:06.0781 3924  Mup - ok
02:22:06.0828 3924  [ 0102140028FAD045756796E1C685D695 ] napagent        C:\WINDOWS\System32\qagentrt.dll
02:22:06.0984 3924  napagent - ok
02:22:07.0000 3924  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
02:22:07.0140 3924  NDIS - ok
02:22:07.0156 3924  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
02:22:07.0187 3924  NdisTapi - ok
02:22:07.0203 3924  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
02:22:07.0343 3924  Ndisuio - ok
02:22:07.0343 3924  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
02:22:07.0500 3924  NdisWan - ok
02:22:07.0515 3924  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
02:22:07.0531 3924  NDProxy - ok
02:22:07.0546 3924  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
02:22:07.0687 3924  NetBIOS - ok
02:22:07.0718 3924  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
02:22:07.0859 3924  NetBT - ok
02:22:07.0875 3924  [ B857BA82860D7FF85AE29B095645563B ] NetDDE          C:\WINDOWS\system32\netdde.exe
02:22:08.0031 3924  NetDDE - ok
02:22:08.0031 3924  [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
02:22:08.0187 3924  NetDDEdsdm - ok
02:22:08.0218 3924  [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon        C:\WINDOWS\system32\lsass.exe
02:22:08.0390 3924  Netlogon - ok
02:22:08.0406 3924  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman          C:\WINDOWS\System32\netman.dll
02:22:08.0546 3924  Netman - ok
02:22:08.0578 3924  [ 943337D786A56729263071623BBB9DE5 ] Nla             C:\WINDOWS\System32\mswsock.dll
02:22:08.0609 3924  Nla - ok
02:22:08.0625 3924  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
02:22:08.0765 3924  Npfs - ok
02:22:08.0796 3924  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
02:22:08.0953 3924  Ntfs - ok
02:22:08.0953 3924  [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp         C:\WINDOWS\System32\lsass.exe
02:22:09.0109 3924  NtLmSsp - ok
02:22:09.0140 3924  [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
02:22:09.0328 3924  NtmsSvc - ok
02:22:09.0328 3924  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
02:22:09.0484 3924  Null - ok
02:22:09.0671 3924  [ 9CDA796E6BEC89EFF45EF430651EA74B ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
02:22:09.0984 3924  nv - ok
02:22:10.0000 3924  [ 30CB85790A3C70AE45C88E28BA6397C2 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
02:22:10.0031 3924  NVSvc - ok
02:22:10.0078 3924  [ 37C8EC2860DF210ED93A94BF6525CBC7 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
02:22:10.0125 3924  nvUpdatusService - ok
02:22:10.0156 3924  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
02:22:10.0312 3924  NwlnkFlt - ok
02:22:10.0312 3924  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
02:22:10.0468 3924  NwlnkFwd - ok
02:22:10.0468 3924  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
02:22:10.0609 3924  Parport - ok
02:22:10.0625 3924  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
02:22:10.0781 3924  PartMgr - ok
02:22:10.0812 3924  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
02:22:10.0953 3924  ParVdm - ok
02:22:10.0953 3924  [ A219903CCF74233761D92BEF471A07B1 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
02:22:11.0125 3924  PCI - ok
02:22:11.0125 3924  PCIDump - ok
02:22:11.0140 3924  [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
02:22:11.0296 3924  PCIIde - ok
02:22:11.0328 3924  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
02:22:11.0484 3924  Pcmcia - ok
02:22:11.0484 3924  PDCOMP - ok
02:22:11.0500 3924  PDFRAME - ok
02:22:11.0500 3924  PDRELI - ok
02:22:11.0515 3924  PDRFRAME - ok
02:22:11.0531 3924  perc2 - ok
02:22:11.0531 3924  perc2hib - ok
02:22:11.0578 3924  [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay        C:\WINDOWS\system32\services.exe
02:22:11.0609 3924  PlugPlay - ok
02:22:11.0609 3924  [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
02:22:11.0765 3924  PolicyAgent - ok
02:22:11.0765 3924  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
02:22:11.0921 3924  PptpMiniport - ok
02:22:11.0921 3924  [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor       C:\WINDOWS\system32\DRIVERS\processr.sys
02:22:12.0078 3924  Processor - ok
02:22:12.0078 3924  [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
02:22:12.0218 3924  ProtectedStorage - ok
02:22:12.0234 3924  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
02:22:12.0375 3924  PSched - ok
02:22:12.0375 3924  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
02:22:12.0515 3924  Ptilink - ok
02:22:12.0531 3924  ql1080 - ok
02:22:12.0531 3924  Ql10wnt - ok
02:22:12.0546 3924  ql12160 - ok
02:22:12.0546 3924  ql1240 - ok
02:22:12.0562 3924  ql1280 - ok
02:22:12.0593 3924  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
02:22:12.0734 3924  RasAcd - ok
02:22:12.0781 3924  [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
02:22:12.0921 3924  RasAuto - ok
02:22:12.0937 3924  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
02:22:13.0078 3924  Rasl2tp - ok
02:22:13.0109 3924  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan          C:\WINDOWS\System32\rasmans.dll
02:22:13.0281 3924  RasMan - ok
02:22:13.0296 3924  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
02:22:13.0437 3924  RasPppoe - ok
02:22:13.0437 3924  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
02:22:13.0593 3924  Raspti - ok
02:22:13.0625 3924  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
02:22:13.0765 3924  Rdbss - ok
02:22:13.0765 3924  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
02:22:13.0921 3924  RDPCDD - ok
02:22:13.0937 3924  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
02:22:14.0078 3924  rdpdr - ok
02:22:14.0109 3924  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
02:22:14.0140 3924  RDPWD - ok
02:22:14.0187 3924  [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
02:22:14.0359 3924  RDSessMgr - ok
02:22:14.0359 3924  [ F828DD7E1419B6653894A8F97A0094C5 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
02:22:14.0515 3924  redbook - ok
02:22:14.0562 3924  [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
02:22:14.0703 3924  RemoteAccess - ok
02:22:14.0718 3924  [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
02:22:14.0890 3924  RemoteRegistry - ok
02:22:14.0906 3924  [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator      C:\WINDOWS\System32\locator.exe
02:22:15.0046 3924  RpcLocator - ok
02:22:15.0078 3924  [ 6B27A5C03DFB94B4245739065431322C ] RpcSs           C:\WINDOWS\System32\rpcss.dll
02:22:15.0125 3924  RpcSs - ok
02:22:15.0156 3924  [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP            C:\WINDOWS\System32\rsvp.exe
02:22:15.0312 3924  RSVP - ok
02:22:15.0359 3924  [ D507C1400284176573224903819FFDA3 ] rtl8139         C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
02:22:15.0468 3924  rtl8139 - ok
02:22:15.0484 3924  [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs           C:\WINDOWS\system32\lsass.exe
02:22:15.0625 3924  SamSs - ok
02:22:15.0640 3924  [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
02:22:15.0781 3924  SCardSvr - ok
02:22:15.0812 3924  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule        C:\WINDOWS\system32\schedsvc.dll
02:22:15.0953 3924  Schedule - ok
02:22:15.0984 3924  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
02:22:16.0125 3924  Secdrv - ok
02:22:16.0140 3924  [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon        C:\WINDOWS\System32\seclogon.dll
02:22:16.0281 3924  seclogon - ok
02:22:16.0296 3924  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS            C:\WINDOWS\system32\sens.dll
02:22:16.0437 3924  SENS - ok
02:22:16.0453 3924  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
02:22:16.0593 3924  serenum - ok
02:22:16.0593 3924  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
02:22:16.0750 3924  Serial - ok
02:22:16.0781 3924  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
02:22:16.0937 3924  Sfloppy - ok
02:22:16.0968 3924  [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
02:22:17.0109 3924  SharedAccess - ok
02:22:17.0140 3924  [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
02:22:17.0187 3924  ShellHWDetection - ok
02:22:17.0187 3924  Simbad - ok
02:22:17.0218 3924  [ 86D17B6760DD2B09E932FF101714E0DC ] smwdm           C:\WINDOWS\system32\drivers\smwdm.sys
02:22:17.0250 3924  smwdm - ok
02:22:17.0265 3924  Sparrow - ok
02:22:17.0296 3924  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
02:22:17.0468 3924  splitter - ok
02:22:17.0500 3924  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
02:22:17.0531 3924  Spooler - ok
02:22:17.0562 3924  [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
02:22:17.0703 3924  sr - ok
02:22:17.0718 3924  [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice       C:\WINDOWS\system32\srsvc.dll
02:22:17.0859 3924  srservice - ok
02:22:17.0890 3924  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
02:22:17.0921 3924  Srv - ok
02:22:17.0937 3924  [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
02:22:18.0093 3924  SSDPSRV - ok
02:22:18.0140 3924  [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
02:22:18.0328 3924  stisvc - ok
02:22:18.0343 3924  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
02:22:18.0500 3924  swenum - ok
02:22:18.0500 3924  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
02:22:18.0656 3924  swmidi - ok
02:22:18.0656 3924  SwPrv - ok
02:22:18.0671 3924  symc810 - ok
02:22:18.0671 3924  symc8xx - ok
02:22:18.0687 3924  sym_hi - ok
02:22:18.0687 3924  sym_u3 - ok
02:22:18.0718 3924  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
02:22:18.0859 3924  sysaudio - ok
02:22:18.0875 3924  [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
02:22:19.0015 3924  SysmonLog - ok
02:22:19.0062 3924  [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
02:22:19.0218 3924  TapiSrv - ok
02:22:19.0250 3924  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
02:22:19.0281 3924  Tcpip - ok
02:22:19.0312 3924  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
02:22:19.0453 3924  TDPIPE - ok
02:22:19.0468 3924  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
02:22:19.0609 3924  TDTCP - ok
02:22:19.0609 3924  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
02:22:19.0750 3924  TermDD - ok
02:22:19.0781 3924  [ FF3477C03BE7201C294C35F684B3479F ] TermService     C:\WINDOWS\System32\termsrv.dll
02:22:19.0937 3924  TermService - ok
02:22:19.0953 3924  [ 99BC0B50F511924348BE19C7C7313BBF ] Themes          C:\WINDOWS\System32\shsvcs.dll
02:22:19.0984 3924  Themes - ok
02:22:20.0000 3924  [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr         C:\WINDOWS\System32\tlntsvr.exe
02:22:20.0156 3924  TlntSvr - ok
02:22:20.0171 3924  TosIde - ok
02:22:20.0187 3924  [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
02:22:20.0359 3924  TrkWks - ok
02:22:20.0406 3924  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
02:22:20.0546 3924  Udfs - ok
02:22:20.0546 3924  ultra - ok
02:22:20.0562 3924  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
02:22:20.0703 3924  Update - ok
02:22:20.0734 3924  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost        C:\WINDOWS\System32\upnphost.dll
02:22:20.0890 3924  upnphost - ok
02:22:20.0890 3924  [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS             C:\WINDOWS\System32\ups.exe
02:22:21.0062 3924  UPS - ok
02:22:21.0093 3924  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
02:22:21.0234 3924  usbaudio - ok
02:22:21.0281 3924  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
02:22:21.0437 3924  usbccgp - ok
02:22:21.0468 3924  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
02:22:21.0625 3924  usbehci - ok
02:22:21.0625 3924  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
02:22:21.0781 3924  usbhub - ok
02:22:21.0796 3924  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
02:22:21.0937 3924  usbprint - ok
02:22:21.0953 3924  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
02:22:22.0109 3924  USBSTOR - ok
02:22:22.0156 3924  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
02:22:22.0296 3924  usbuhci - ok
02:22:22.0312 3924  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
02:22:22.0453 3924  VgaSave - ok
02:22:22.0453 3924  ViaIde - ok
02:22:22.0468 3924  [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
02:22:22.0609 3924  VolSnap - ok
02:22:22.0640 3924  [ B96ECAE46A68F57862BACF59EEC24FEF ] Vsdatant        C:\WINDOWS\system32\vsdatant.sys
02:22:22.0687 3924  Vsdatant - ok
02:22:22.0718 3924  vsmon - ok
02:22:22.0765 3924  [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS             C:\WINDOWS\System32\vssvc.exe
02:22:22.0921 3924  VSS - ok
02:22:22.0953 3924  [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time         C:\WINDOWS\system32\w32time.dll
02:22:23.0109 3924  W32Time - ok
02:22:23.0140 3924  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
02:22:23.0281 3924  Wanarp - ok
02:22:23.0296 3924  WDICA - ok
02:22:23.0312 3924  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
02:22:23.0453 3924  wdmaud - ok
02:22:23.0468 3924  [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient       C:\WINDOWS\System32\webclnt.dll
02:22:23.0625 3924  WebClient - ok
02:22:23.0703 3924  [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
02:22:23.0859 3924  winmgmt - ok
02:22:23.0890 3924  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
02:22:23.0937 3924  WmdmPmSN - ok
02:22:24.0125 3924  [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi             C:\WINDOWS\System32\advapi32.dll
02:22:24.0187 3924  Wmi - ok
02:22:24.0218 3924  [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
02:22:24.0375 3924  WmiAcpi - ok
02:22:24.0390 3924  [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv        C:\WINDOWS\System32\wbem\wmiapsrv.exe
02:22:24.0578 3924  WmiApSrv - ok
02:22:24.0765 3924  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
02:22:24.0828 3924  WMPNetworkSvc - ok
02:22:24.0906 3924  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
02:22:24.0968 3924  WPFFontCache_v0400 - ok
02:22:24.0984 3924  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
02:22:25.0156 3924  WS2IFSL - ok
02:22:25.0203 3924  [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
02:22:25.0375 3924  wscsvc - ok
02:22:25.0406 3924  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
02:22:25.0578 3924  wuauserv - ok
02:22:25.0593 3924  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
02:22:25.0625 3924  WudfPf - ok
02:22:25.0640 3924  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
02:22:25.0656 3924  WudfRd - ok
02:22:25.0687 3924  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
02:22:25.0718 3924  WudfSvc - ok
02:22:25.0750 3924  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
02:22:25.0906 3924  WZCSVC - ok
02:22:25.0953 3924  [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
02:22:26.0125 3924  xmlprov - ok
02:22:26.0125 3924  ================ Scan global ===============================
02:22:26.0171 3924  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
02:22:26.0187 3924  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
02:22:26.0203 3924  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
02:22:26.0250 3924  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
02:22:26.0250 3924  [Global] - ok
02:22:26.0250 3924  ================ Scan MBR ==================================
02:22:26.0265 3924  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
02:22:26.0484 3924  \Device\Harddisk0\DR0 - ok
02:22:26.0500 3924  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
02:22:26.0921 3924  \Device\Harddisk1\DR1 - ok
02:22:26.0953 3924  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
02:22:27.0187 3924  \Device\Harddisk2\DR2 ( TDSS File System ) - warning
02:22:27.0187 3924  \Device\Harddisk2\DR2 - detected TDSS File System (1)
02:22:27.0187 3924  ================ Scan VBR ==================================
02:22:27.0218 3924  [ 47A702D62AAE34883DEF75E6C047BEAB ] \Device\Harddisk0\DR0\Partition1
02:22:27.0218 3924  \Device\Harddisk0\DR0\Partition1 - ok
02:22:27.0218 3924  [ 0F6BCD4AD7CE8DAE93FE1E4F73AB3925 ] \Device\Harddisk1\DR1\Partition1
02:22:27.0218 3924  \Device\Harddisk1\DR1\Partition1 - ok
02:22:27.0218 3924  [ 9E8FB67089CEE9CE81C1B3994C07F1CC ] \Device\Harddisk2\DR2\Partition1
02:22:27.0234 3924  \Device\Harddisk2\DR2\Partition1 - ok
02:22:27.0234 3924  ================ Scan active images ========================
02:22:27.0234 3924  [ 9CDA796E6BEC89EFF45EF430651EA74B ] C:\WINDOWS\system32\drivers\nv4_mini.sys
02:22:27.0234 3924  C:\WINDOWS\system32\drivers\nv4_mini.sys - ok
02:22:27.0234 3924  [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
02:22:27.0234 3924  C:\WINDOWS\system32\drivers\videoprt.sys - ok
02:22:27.0250 3924  [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys
02:22:27.0250 3924  C:\WINDOWS\system32\drivers\usbport.sys - ok
02:22:27.0250 3924  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] C:\WINDOWS\system32\drivers\usbuhci.sys
02:22:27.0250 3924  C:\WINDOWS\system32\drivers\usbuhci.sys - ok
02:22:27.0250 3924  [ D507C1400284176573224903819FFDA3 ] C:\WINDOWS\system32\drivers\rtl8139.sys
02:22:27.0250 3924  C:\WINDOWS\system32\drivers\rtl8139.sys - ok
02:22:27.0265 3924  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
02:22:27.0265 3924  C:\WINDOWS\system32\drivers\usbehci.sys - ok
02:22:27.0265 3924  [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
02:22:27.0265 3924  C:\WINDOWS\system32\drivers\drmk.sys - ok
02:22:27.0265 3924  [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
02:22:27.0265 3924  C:\WINDOWS\system32\drivers\ks.sys - ok
02:22:27.0281 3924  [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys
02:22:27.0281 3924  C:\WINDOWS\system32\drivers\portcls.sys - ok
02:22:27.0281 3924  [ 86D17B6760DD2B09E932FF101714E0DC ] C:\WINDOWS\system32\drivers\smwdm.sys
02:22:27.0281 3924  C:\WINDOWS\system32\drivers\smwdm.sys - ok
02:22:27.0281 3924  [ 3CB6AE5435987B1F8C83FD2730479878 ] C:\WINDOWS\system32\drivers\aeaudio.sys
02:22:27.0281 3924  C:\WINDOWS\system32\drivers\aeaudio.sys - ok
02:22:27.0296 3924  [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys
02:22:27.0296 3924  C:\WINDOWS\system32\drivers\i8042prt.sys - ok
02:22:27.0296 3924  [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
02:22:27.0296 3924  C:\WINDOWS\system32\drivers\kbdclass.sys - ok
02:22:27.0296 3924  [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
02:22:27.0296 3924  C:\WINDOWS\system32\drivers\mouclass.sys - ok
02:22:27.0312 3924  [ 5575FAF8F97CE5E713D108C2A58D7C7C ] C:\WINDOWS\system32\drivers\parport.sys
02:22:27.0312 3924  C:\WINDOWS\system32\drivers\parport.sys - ok
02:22:27.0312 3924  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys
02:22:27.0312 3924  C:\WINDOWS\system32\drivers\fdc.sys - ok
02:22:27.0328 3924  [ 8C953733D8F36EB2133F5BB58808B66B ] C:\WINDOWS\system32\drivers\intelppm.sys
02:22:27.0328 3924  C:\WINDOWS\system32\drivers\intelppm.sys - ok
02:22:27.0328 3924  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] C:\WINDOWS\system32\drivers\serenum.sys
02:22:27.0328 3924  C:\WINDOWS\system32\drivers\serenum.sys - ok
02:22:27.0328 3924  [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\system32\drivers\serial.sys
02:22:27.0328 3924  C:\WINDOWS\system32\drivers\serial.sys - ok
02:22:27.0343 3924  [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
02:22:27.0343 3924  C:\WINDOWS\system32\drivers\audstub.sys - ok
02:22:27.0343 3924  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
02:22:27.0343 3924  C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
02:22:27.0343 3924  [ C42584FD66CE9E17403AEBCA199F7BDB ] C:\WINDOWS\system32\drivers\wmiacpi.sys
02:22:27.0343 3924  C:\WINDOWS\system32\drivers\wmiacpi.sys - ok
02:22:27.0359 3924  [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys
02:22:27.0359 3924  C:\WINDOWS\system32\drivers\ndistapi.sys - ok
02:22:27.0359 3924  [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
02:22:27.0359 3924  C:\WINDOWS\system32\drivers\ndiswan.sys - ok
02:22:27.0359 3924  [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
02:22:27.0359 3924  C:\WINDOWS\system32\drivers\raspppoe.sys - ok
02:22:27.0375 3924  [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
02:22:27.0375 3924  C:\WINDOWS\system32\drivers\tdi.sys - ok
02:22:27.0375 3924  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
02:22:27.0375 3924  C:\WINDOWS\system32\drivers\msgpc.sys - ok
02:22:27.0390 3924  [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys
02:22:27.0390 3924  C:\WINDOWS\system32\drivers\psched.sys - ok
02:22:27.0390 3924  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
02:22:27.0390 3924  C:\WINDOWS\system32\drivers\raspptp.sys - ok
02:22:27.0390 3924  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
02:22:27.0390 3924  C:\WINDOWS\system32\drivers\ptilink.sys - ok
02:22:27.0406 3924  [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
02:22:27.0406 3924  C:\WINDOWS\system32\drivers\raspti.sys - ok
02:22:27.0406 3924  [ 15CABD0F7C00C47C70124907916AF3F1 ] C:\WINDOWS\system32\drivers\rdpdr.sys
02:22:27.0406 3924  C:\WINDOWS\system32\drivers\rdpdr.sys - ok
02:22:27.0406 3924  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
02:22:27.0406 3924  C:\WINDOWS\system32\drivers\swenum.sys - ok
02:22:27.0421 3924  [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
02:22:27.0421 3924  C:\WINDOWS\system32\drivers\termdd.sys - ok
02:22:27.0421 3924  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
02:22:27.0421 3924  C:\WINDOWS\system32\drivers\update.sys - ok
02:22:27.0421 3924  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
02:22:27.0421 3924  C:\WINDOWS\system32\drivers\mssmbios.sys - ok
02:22:27.0437 3924  [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys
02:22:27.0437 3924  C:\WINDOWS\system32\drivers\ndproxy.sys - ok
02:22:27.0437 3924  [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
02:22:27.0437 3924  C:\WINDOWS\system32\drivers\usbd.sys - ok
02:22:27.0453 3924  [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
02:22:27.0453 3924  C:\WINDOWS\system32\drivers\usbhub.sys - ok
02:22:27.0453 3924  [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys
02:22:27.0453 3924  C:\WINDOWS\system32\drivers\cdrom.sys - ok
02:22:27.0453 3924  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys
02:22:27.0453 3924  C:\WINDOWS\system32\drivers\flpydisk.sys - ok
02:22:27.0468 3924  [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
02:22:27.0468 3924  C:\WINDOWS\system32\drivers\sfloppy.sys - ok
02:22:27.0468 3924  [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
02:22:27.0468 3924  C:\WINDOWS\system32\drivers\beep.sys - ok
02:22:27.0468 3924  [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
02:22:27.0468 3924  C:\WINDOWS\system32\drivers\cdaudio.sys - ok
02:22:27.0484 3924  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
02:22:27.0484 3924  C:\WINDOWS\system32\drivers\fs_rec.sys - ok
02:22:27.0484 3924  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
02:22:27.0484 3924  C:\WINDOWS\system32\drivers\null.sys - ok
02:22:27.0484 3924  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
02:22:27.0484 3924  C:\WINDOWS\system32\drivers\vga.sys - ok
02:22:27.0500 3924  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
02:22:27.0500 3924  C:\WINDOWS\system32\drivers\mnmdd.sys - ok
02:22:27.0500 3924  [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
02:22:27.0500 3924  C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
02:22:27.0500 3924  [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
02:22:27.0500 3924  C:\WINDOWS\system32\drivers\ipsec.sys - ok
02:22:27.0515 3924  [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
02:22:27.0515 3924  C:\WINDOWS\system32\drivers\msfs.sys - ok
02:22:27.0515 3924  [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
02:22:27.0515 3924  C:\WINDOWS\system32\drivers\npfs.sys - ok
02:22:27.0531 3924  [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
02:22:27.0531 3924  C:\WINDOWS\system32\drivers\rasacd.sys - ok
02:22:27.0531 3924  [ 33E21FFB063CA6C7E00D568467DC72E4 ] C:\WINDOWS\system32\drivers\aswTdi.sys
02:22:27.0531 3924  C:\WINDOWS\system32\drivers\aswTdi.sys - ok
02:22:27.0531 3924  [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys
02:22:27.0531 3924  C:\WINDOWS\system32\drivers\ipnat.sys - ok
02:22:27.0546 3924  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys
02:22:27.0546 3924  C:\WINDOWS\system32\drivers\tcpip.sys - ok
02:22:27.0546 3924  [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
02:22:27.0546 3924  C:\WINDOWS\system32\drivers\wanarp.sys - ok
02:22:27.0546 3924  [ C1A411B7CCD604554D96EFDAC2F83617 ] C:\WINDOWS\system32\drivers\aswRdr.sys
02:22:27.0546 3924  C:\WINDOWS\system32\drivers\aswRdr.sys - ok
02:22:27.0562 3924  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
02:22:27.0562 3924  C:\WINDOWS\system32\drivers\netbt.sys - ok
02:22:27.0562 3924  [ A717C8721046828520C9EDF31288FC00 ] C:\WINDOWS\system32\drivers\usbprint.sys
02:22:27.0562 3924  C:\WINDOWS\system32\drivers\usbprint.sys - ok
02:22:27.0562 3924  [ B96ECAE46A68F57862BACF59EEC24FEF ] C:\WINDOWS\system32\vsdatant.sys
02:22:27.0562 3924  C:\WINDOWS\system32\vsdatant.sys - ok
02:22:27.0578 3924  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys
02:22:27.0578 3924  C:\WINDOWS\system32\drivers\afd.sys - ok
02:22:27.0578 3924  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
02:22:27.0578 3924  C:\WINDOWS\system32\drivers\netbios.sys - ok
02:22:27.0578 3924  [ A32BEBAF723557681BFC6BD93E98BD26 ] C:\WINDOWS\system32\drivers\processr.sys
02:22:27.0578 3924  C:\WINDOWS\system32\drivers\processr.sys - ok
02:22:27.0593 3924  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] C:\WINDOWS\system32\drivers\ws2ifsl.sys
02:22:27.0593 3924  C:\WINDOWS\system32\drivers\ws2ifsl.sys - ok
02:22:27.0593 3924  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
02:22:27.0593 3924  C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
02:22:27.0593 3924  [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
02:22:27.0593 3924  C:\WINDOWS\system32\drivers\rdbss.sys - ok
02:22:27.0609 3924  [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
02:22:27.0609 3924  C:\WINDOWS\system32\drivers\redbook.sys - ok
02:22:27.0609 3924  [ 6FC4AA106AA505394C908D37CCCB9148 ] C:\WINDOWS\system32\drivers\aswSP.sys
02:22:27.0609 3924  C:\WINDOWS\system32\drivers\aswSP.sys - ok
02:22:27.0625 3924  [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
02:22:27.0625 3924  C:\WINDOWS\system32\drivers\fips.sys - ok
02:22:27.0625 3924  [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
02:22:27.0625 3924  C:\WINDOWS\system32\drivers\imapi.sys - ok
02:22:27.0625 3924  [ 0E604867FC28F00D91CB0B00D2EC830D ] C:\WINDOWS\system32\drivers\aswSnx.sys
02:22:27.0625 3924  C:\WINDOWS\system32\drivers\aswSnx.sys - ok
02:22:27.0640 3924  [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
02:22:27.0640 3924  C:\WINDOWS\system32\smss.exe - ok
02:22:27.0640 3924  [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll
02:22:27.0640 3924  C:\WINDOWS\system32\ntdll.dll - ok
02:22:27.0640 3924  [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe
02:22:27.0640 3924  C:\WINDOWS\system32\autochk.exe - ok
02:22:27.0656 3924  [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll
02:22:27.0656 3924  C:\WINDOWS\system32\sfcfiles.dll - ok
02:22:27.0656 3924  [ 2F31B7F954BED437F2C75026C65CAF7B ] C:\WINDOWS\system32\drivers\wmilib.sys
02:22:27.0656 3924  C:\WINDOWS\system32\drivers\wmilib.sys - ok
02:22:27.0656 3924  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] C:\WINDOWS\system32\drivers\atapi.sys
02:22:27.0656 3924  C:\WINDOWS\system32\drivers\atapi.sys - ok
02:22:27.0671 3924  [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
02:22:27.0671 3924  C:\WINDOWS\system32\drivers\dxapi.sys - ok
02:22:27.0671 3924  [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
02:22:27.0671 3924  C:\WINDOWS\system32\watchdog.sys - ok
02:22:27.0671 3924  [ 860AC2E4711D2DACF12D98A42105A611 ] C:\WINDOWS\system32\win32k.sys
02:22:27.0671 3924  C:\WINDOWS\system32\win32k.sys - ok
02:22:27.0687 3924  [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
02:22:27.0687 3924  C:\WINDOWS\system32\basesrv.dll - ok
02:22:27.0687 3924  [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\system32\csrsrv.dll
02:22:27.0687 3924  C:\WINDOWS\system32\csrsrv.dll - ok
02:22:27.0703 3924  [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
02:22:27.0703 3924  C:\WINDOWS\system32\csrss.exe - ok
02:22:27.0703 3924  [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll
02:22:27.0703 3924  C:\WINDOWS\system32\gdi32.dll - ok
02:22:27.0703 3924  [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
02:22:27.0703 3924  C:\WINDOWS\system32\winsrv.dll - ok
02:22:27.0718 3924  [ 6FE42512AB1B89F32A7407F261B1D2D0 ] C:\WINDOWS\system32\kernel32.dll
02:22:27.0718 3924  C:\WINDOWS\system32\kernel32.dll - ok
02:22:27.0718 3924  [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
02:22:27.0718 3924  C:\WINDOWS\system32\user32.dll - ok
02:22:27.0718 3924  [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
02:22:27.0718 3924  C:\WINDOWS\system32\drivers\dxg.sys - ok
02:22:27.0734 3924  [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
02:22:27.0734 3924  C:\WINDOWS\system32\drivers\dxgthk.sys - ok
02:22:27.0734 3924  [ 433A669BD4920F10E3AA9EED7A21515C ] C:\WINDOWS\system32\nv4_disp.dll
02:22:27.0734 3924  C:\WINDOWS\system32\nv4_disp.dll - ok
02:22:27.0734 3924  [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
02:22:27.0734 3924  C:\WINDOWS\system32\vga.dll - ok
02:22:27.0750 3924  [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe
02:22:27.0750 3924  C:\WINDOWS\system32\winlogon.exe - ok
02:22:27.0750 3924  [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll
02:22:27.0750 3924  C:\WINDOWS\system32\advapi32.dll - ok
02:22:27.0765 3924  [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll
02:22:27.0765 3924  C:\WINDOWS\system32\rpcrt4.dll - ok
02:22:27.0765 3924  [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll
02:22:27.0765 3924  C:\WINDOWS\system32\secur32.dll - ok
02:22:27.0765 3924  [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
02:22:27.0765 3924  C:\WINDOWS\system32\authz.dll - ok
02:22:27.0781 3924  [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll
02:22:27.0781 3924  C:\WINDOWS\system32\msvcrt.dll - ok
02:22:27.0781 3924  [ 6BEE5D4EFF0A0341BCC4A462D81CCFC1 ] C:\WINDOWS\system32\crypt32.dll
02:22:27.0781 3924  C:\WINDOWS\system32\crypt32.dll - ok
02:22:27.0781 3924  [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll
02:22:27.0781 3924  C:\WINDOWS\system32\msasn1.dll - ok
02:22:27.0796 3924  [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll
02:22:27.0796 3924  C:\WINDOWS\system32\nddeapi.dll - ok
02:22:27.0796 3924  [ CAC752BF84DB4666ED3CE0948E6EA937 ] C:\WINDOWS\system32\netapi32.dll
02:22:27.0796 3924  C:\WINDOWS\system32\netapi32.dll - ok
02:22:27.0796 3924  [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll
02:22:27.0796 3924  C:\WINDOWS\system32\profmap.dll - ok
02:22:27.0812 3924  [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll
02:22:27.0812 3924  C:\WINDOWS\system32\userenv.dll - ok
02:22:27.0812 3924  [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll
02:22:27.0812 3924  C:\WINDOWS\system32\psapi.dll - ok
02:22:27.0812 3924  [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll
02:22:27.0812 3924  C:\WINDOWS\system32\regapi.dll - ok
02:22:27.0828 3924  [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll
02:22:27.0828 3924  C:\WINDOWS\system32\setupapi.dll - ok
02:22:27.0828 3924  [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll
02:22:27.0828 3924  C:\WINDOWS\system32\version.dll - ok
02:22:27.0828 3924  [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll
02:22:27.0828 3924  C:\WINDOWS\system32\winsta.dll - ok
02:22:27.0843 3924  [ D458B738B4C2CE33174CFB2CE12412DB ] C:\WINDOWS\system32\wintrust.dll
02:22:27.0843 3924  C:\WINDOWS\system32\wintrust.dll - ok
02:22:27.0843 3924  [ FFC01A72D1C25CCB39F61B202CE60819 ] C:\WINDOWS\system32\imagehlp.dll
02:22:27.0843 3924  C:\WINDOWS\system32\imagehlp.dll - ok
02:22:27.0843 3924  [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
02:22:27.0843 3924  C:\WINDOWS\system32\kbdus.dll - ok
02:22:27.0859 3924  [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll
02:22:27.0859 3924  C:\WINDOWS\system32\ws2help.dll - ok
02:22:27.0859 3924  [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll
02:22:27.0859 3924  C:\WINDOWS\system32\ws2_32.dll - ok
02:22:27.0875 3924  [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll
02:22:27.0875 3924  C:\WINDOWS\system32\comctl32.dll - ok
02:22:27.0875 3924  [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll
02:22:27.0875 3924  C:\WINDOWS\system32\msgina.dll - ok
02:22:27.0875 3924  [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll
02:22:27.0875 3924  C:\WINDOWS\system32\comdlg32.dll - ok
02:22:27.0890 3924  [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] C:\WINDOWS\system32\odbc32.dll
02:22:27.0890 3924  C:\WINDOWS\system32\odbc32.dll - ok
02:22:27.0890 3924  [ 6843D54BC4A40CC8C5741AF750233D10 ] C:\WINDOWS\system32\shell32.dll
02:22:27.0890 3924  C:\WINDOWS\system32\shell32.dll - ok
02:22:27.0890 3924  [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll
02:22:27.0890 3924  C:\WINDOWS\system32\shlwapi.dll - ok
02:22:27.0906 3924  [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll
02:22:27.0906 3924  C:\WINDOWS\system32\sxs.dll - ok
02:22:27.0906 3924  [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
02:22:27.0906 3924  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
02:22:27.0906 3924  [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll
02:22:27.0906 3924  C:\WINDOWS\system32\odbcint.dll - ok
02:22:27.0921 3924  [ 6BAD1BED9872E62049E487FB91AE2F3A ] C:\WINDOWS\system32\ole32.dll
02:22:27.0921 3924  C:\WINDOWS\system32\ole32.dll - ok
02:22:27.0921 3924  [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll
02:22:27.0921 3924  C:\WINDOWS\system32\sfc.dll - ok
02:22:27.0937 3924  [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll
02:22:27.0937 3924  C:\WINDOWS\system32\sfc_os.dll - ok
02:22:27.0937 3924  [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\system32\shsvcs.dll
02:22:27.0937 3924  C:\WINDOWS\system32\shsvcs.dll - ok
02:22:27.0937 3924  [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll
02:22:27.0937 3924  C:\WINDOWS\system32\apphelp.dll - ok
02:22:27.0953 3924  [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] C:\WINDOWS\system32\lsasrv.dll
02:22:27.0953 3924  C:\WINDOWS\system32\lsasrv.dll - ok
02:22:27.0953 3924  [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe
02:22:27.0953 3924  C:\WINDOWS\system32\lsass.exe - ok
02:22:27.0953 3924  [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll
02:22:27.0953 3924  C:\WINDOWS\system32\msvcp60.dll - ok
02:22:27.0968 3924  [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll
02:22:27.0968 3924  C:\WINDOWS\system32\ncobjapi.dll - ok
02:22:27.0968 3924  [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
02:22:27.0968 3924  C:\WINDOWS\system32\services.exe - ok
02:22:27.0968 3924  [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll
02:22:27.0968 3924  C:\WINDOWS\system32\scesrv.dll - ok
02:22:27.0984 3924  [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll
02:22:27.0984 3924  C:\WINDOWS\system32\mpr.dll - ok
02:22:27.0984 3924  [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll
02:22:27.0984 3924  C:\WINDOWS\system32\ntdsapi.dll - ok
02:22:27.0984 3924  [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll
02:22:28.0000 3924  C:\WINDOWS\system32\shimeng.dll - ok
02:22:28.0000 3924  [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll
02:22:28.0000 3924  C:\WINDOWS\system32\umpnpmgr.dll - ok
02:22:28.0000 3924  [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\acadproc.dll
02:22:28.0000 3924  C:\WINDOWS\AppPatch\acadproc.dll - ok
02:22:28.0015 3924  [ 389496118B3B03C2328024AF320132AC ] C:\WINDOWS\system32\dnsapi.dll
02:22:28.0015 3924  C:\WINDOWS\system32\dnsapi.dll - ok
02:22:28.0015 3924  [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll
02:22:28.0015 3924  C:\WINDOWS\system32\samlib.dll - ok
02:22:28.0015 3924  [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll
02:22:28.0015 3924  C:\WINDOWS\system32\samsrv.dll - ok
02:22:28.0031 3924  [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll
02:22:28.0031 3924  C:\WINDOWS\system32\wldap32.dll - ok
02:22:28.0031 3924  [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll
02:22:28.0031 3924  C:\WINDOWS\system32\cryptdll.dll - ok
02:22:28.0031 3924  [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\acgenral.dll
02:22:28.0031 3924  C:\WINDOWS\AppPatch\acgenral.dll - ok
02:22:28.0046 3924  [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll
02:22:28.0046 3924  C:\WINDOWS\system32\msacm32.dll - ok
02:22:28.0046 3924  [ EFF03460E542EEA6B0ABDEC6BF19C897 ] C:\WINDOWS\system32\oleaut32.dll
02:22:28.0046 3924  C:\WINDOWS\system32\oleaut32.dll - ok
02:22:28.0046 3924  [ 4A953F13942867BA8FB41F141EC1B80C ] C:\WINDOWS\system32\winmm.dll
02:22:28.0046 3924  C:\WINDOWS\system32\winmm.dll - ok
02:22:28.0062 3924  [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll
02:22:28.0062 3924  C:\WINDOWS\system32\uxtheme.dll - ok
02:22:28.0062 3924  [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll
02:22:28.0062 3924  C:\WINDOWS\system32\msapsspc.dll - ok
02:22:28.0062 3924  [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll
02:22:28.0062 3924  C:\WINDOWS\system32\msvcrt40.dll - ok
02:22:28.0078 3924  [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll
02:22:28.0078 3924  C:\WINDOWS\system32\digest.dll - ok
02:22:28.0078 3924  [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll
02:22:28.0078 3924  C:\WINDOWS\system32\msnsspc.dll - ok
02:22:28.0078 3924  [ 0F64207B49390C8063C36AE7CBF9C2DB ] C:\WINDOWS\system32\schannel.dll
02:22:28.0078 3924  C:\WINDOWS\system32\schannel.dll - ok
02:22:28.0093 3924  [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
02:22:28.0093 3924  C:\WINDOWS\system32\msprivs.dll - ok
02:22:28.0093 3924  [ A525C96C51D55111FDF3BEA9FFFFC7AE ] C:\WINDOWS\system32\kerberos.dll
02:22:28.0093 3924  C:\WINDOWS\system32\kerberos.dll - ok
02:22:28.0109 3924  [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll
02:22:28.0109 3924  C:\WINDOWS\system32\iphlpapi.dll - ok
02:22:28.0109 3924  [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\system32\msv1_0.dll
02:22:28.0109 3924  C:\WINDOWS\system32\msv1_0.dll - ok
02:22:28.0109 3924  [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll
02:22:28.0109 3924  C:\WINDOWS\system32\netlogon.dll - ok
02:22:28.0125 3924  [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll
02:22:28.0125 3924  C:\WINDOWS\system32\w32time.dll - ok
02:22:28.0125 3924  [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
02:22:28.0125 3924  C:\WINDOWS\system32\rsaenh.dll - ok
02:22:28.0125 3924  [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\system32\wdigest.dll
02:22:28.0125 3924  C:\WINDOWS\system32\wdigest.dll - ok
02:22:28.0140 3924  [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll
02:22:28.0140 3924  C:\WINDOWS\system32\winscard.dll - ok
02:22:28.0140 3924  [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll
02:22:28.0140 3924  C:\WINDOWS\system32\wtsapi32.dll - ok
02:22:28.0140 3924  [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll
02:22:28.0140 3924  C:\WINDOWS\system32\scecli.dll - ok
02:22:28.0156 3924  [ A6E20E62871A28A0F1C05B1681848FA7 ] C:\WINDOWS\system32\drivers\aswMonFlt.sys
02:22:28.0156 3924  C:\WINDOWS\system32\drivers\aswMonFlt.sys - ok
02:22:28.0156 3924  [ CCDA8D84FD02AEC52E62F296433AE9DC ] C:\WINDOWS\system32\drivers\aswFsBlk.sys
02:22:28.0156 3924  C:\WINDOWS\system32\drivers\aswFsBlk.sys - ok
02:22:28.0171 3924  [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe
02:22:28.0171 3924  C:\WINDOWS\system32\svchost.exe - ok
02:22:28.0171 3924  [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll
02:22:28.0171 3924  C:\WINDOWS\system32\ntmarta.dll - ok
02:22:28.0171 3924  [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\system32\rpcss.dll
02:22:28.0171 3924  C:\WINDOWS\system32\rpcss.dll - ok
02:22:28.0187 3924  [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll
02:22:28.0187 3924  C:\WINDOWS\system32\xpsp2res.dll - ok
02:22:28.0187 3924  [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll
02:22:28.0187 3924  C:\WINDOWS\system32\eventlog.dll - ok
02:22:28.0187 3924  [ 943337D786A56729263071623BBB9DE5 ] C:\WINDOWS\system32\mswsock.dll
02:22:28.0187 3924  C:\WINDOWS\system32\mswsock.dll - ok
02:22:28.0203 3924  [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll
02:22:28.0203 3924  C:\WINDOWS\system32\hnetcfg.dll - ok
02:22:28.0203 3924  [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll
02:22:28.0203 3924  C:\WINDOWS\system32\wshtcpip.dll - ok
02:22:28.0203 3924  [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll
02:22:28.0203 3924  C:\WINDOWS\system32\winrnr.dll - ok
02:22:28.0218 3924  [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll
02:22:28.0218 3924  C:\WINDOWS\system32\rasadhlp.dll - ok
02:22:28.0218 3924  [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys
02:22:28.0218 3924  C:\WINDOWS\system32\drivers\ndisuio.sys - ok
02:22:28.0218 3924  [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll
02:22:28.0218 3924  C:\WINDOWS\system32\dhcpcsvc.dll - ok
02:22:28.0234 3924  [ 5F7E24FA9EAB896051FFB87F840730D2 ] C:\WINDOWS\system32\dnsrslvr.dll
02:22:28.0234 3924  C:\WINDOWS\system32\dnsrslvr.dll - ok
02:22:28.0234 3924  [ A7DB739AE99A796D91580147E919CC59 ] C:\WINDOWS\system32\lmhsvc.dll
02:22:28.0234 3924  C:\WINDOWS\system32\lmhsvc.dll - ok
02:22:28.0250 3924  [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll
02:22:28.0250 3924  C:\WINDOWS\system32\wzcsvc.dll - ok
02:22:28.0250 3924  [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll
02:22:28.0250 3924  C:\WINDOWS\system32\rtutils.dll - ok
02:22:28.0250 3924  [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll
02:22:28.0250 3924  C:\WINDOWS\system32\wmi.dll - ok
02:22:28.0265 3924  [ 224FB925C641DA16CEB6D60F40CA4C75 ] C:\WINDOWS\system32\atl.dll
02:22:28.0265 3924  C:\WINDOWS\system32\atl.dll - ok
02:22:28.0265 3924  [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll
02:22:28.0265 3924  C:\WINDOWS\system32\dot3api.dll - ok
02:22:28.0265 3924  [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll
02:22:28.0265 3924  C:\WINDOWS\system32\eapolqec.dll - ok
02:22:28.0281 3924  [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll
02:22:28.0281 3924  C:\WINDOWS\system32\qutil.dll - ok
02:22:28.0281 3924  [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll
02:22:28.0281 3924  C:\WINDOWS\system32\esent.dll - ok
02:22:28.0281 3924  [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll
02:22:28.0281 3924  C:\WINDOWS\system32\cryptsvc.dll - ok
02:22:28.0296 3924  [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll
02:22:28.0296 3924  C:\WINDOWS\system32\certcli.dll - ok
02:22:28.0296 3924  [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll
02:22:28.0296 3924  C:\WINDOWS\system32\cryptui.dll - ok
02:22:28.0312 3924  [ DA5B96A293B006572209E5EAC9F3A045 ] C:\WINDOWS\system32\wininet.dll
02:22:28.0312 3924  C:\WINDOWS\system32\wininet.dll - ok
02:22:28.0312 3924  [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
02:22:28.0312 3924  C:\WINDOWS\system32\normaliz.dll - ok
02:22:28.0312 3924  [ A9D17E2AFAB5EB5C4920D8E07505D3CA ] C:\WINDOWS\system32\urlmon.dll
02:22:28.0312 3924  C:\WINDOWS\system32\urlmon.dll - ok
02:22:28.0328 3924  [ BD485DBD15FFA3286A75906E4C4DD914 ] C:\WINDOWS\system32\iertutil.dll
02:22:28.0328 3924  C:\WINDOWS\system32\iertutil.dll - ok
02:22:28.0328 3924  [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll
02:22:28.0328 3924  C:\WINDOWS\system32\riched20.dll - ok
02:22:28.0328 3924  [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll
02:22:28.0328 3924  C:\WINDOWS\system32\clbcatq.dll - ok
02:22:28.0343 3924  [ 2081A5B5E4ABA206A0A8A1A97DF0FB23 ] C:\WINDOWS\system32\logonui.exe
02:22:28.0343 3924  C:\WINDOWS\system32\logonui.exe - ok
02:22:28.0343 3924  [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll
02:22:28.0343 3924  C:\WINDOWS\system32\comres.dll - ok
02:22:28.0343 3924  [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll
02:22:28.0343 3924  C:\WINDOWS\system32\cscdll.dll - ok
02:22:28.0359 3924  [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll
02:22:28.0359 3924  C:\WINDOWS\system32\dimsntfy.dll - ok
02:22:28.0359 3924  [ 2313A18382B038AAF6EB5DD750CC65E5 ] C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
02:22:28.0359 3924  C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe - ok
02:22:28.0359 3924  [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll
02:22:28.0359 3924  C:\WINDOWS\system32\wlnotify.dll - ok
02:22:28.0375 3924  [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv
02:22:28.0375 3924  C:\WINDOWS\system32\winspool.drv - ok
02:22:28.0375 3924  [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll
02:22:28.0375 3924  C:\WINDOWS\system32\mprapi.dll - ok
02:22:28.0390 3924  [ A39BE37C9237DB5F1990D61B268EA555 ] C:\WINDOWS\system32\rastls.dll
02:22:28.0390 3924  C:\WINDOWS\system32\rastls.dll - ok
02:22:28.0390 3924  [ 891B7D36F862050394A2AC4FA56B1E2D ] C:\Program Files\CheckPoint\ZoneAlarm\vsdata.dll
02:22:28.0390 3924  C:\Program Files\CheckPoint\ZoneAlarm\vsdata.dll - ok
02:22:28.0390 3924  [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll
02:22:28.0390 3924  C:\WINDOWS\system32\activeds.dll - ok
02:22:28.0406 3924  [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll
02:22:28.0406 3924  C:\WINDOWS\system32\adsldpc.dll - ok
02:22:28.0406 3924  [ 3D41A9326F0376FC73AF961DD23B1FB1 ] C:\WINDOWS\system32\duser.dll
02:22:28.0406 3924  C:\WINDOWS\system32\duser.dll - ok
02:22:28.0406 3924  [ 900BC68BB9EDB22CCBE3B4A99E80B644 ] C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll
02:22:28.0406 3924  C:\Program Files\CheckPoint\ZoneAlarm\vsinit.dll - ok
02:22:28.0421 3924  [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll
02:22:28.0421 3924  C:\WINDOWS\system32\msimg32.dll - ok
02:22:28.0421 3924  [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll
02:22:28.0421 3924  C:\WINDOWS\system32\rasapi32.dll - ok
02:22:28.0421 3924  [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\system32\oleacc.dll
02:22:28.0421 3924  C:\WINDOWS\system32\oleacc.dll - ok
02:22:28.0437 3924  [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll
02:22:28.0437 3924  C:\WINDOWS\system32\rasman.dll - ok
02:22:28.0437 3924  [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll
02:22:28.0437 3924  C:\WINDOWS\system32\tapi32.dll - ok
02:22:28.0453 3924  [ 56CE97FF94B7662A300D359CD6F4D601 ] C:\WINDOWS\system32\raschap.dll
02:22:28.0453 3924  C:\WINDOWS\system32\raschap.dll - ok
02:22:28.0453 3924  [ 02CF580510234E519736559A7F19EA20 ] C:\WINDOWS\system32\WgaLogon.dll
02:22:28.0453 3924  C:\WINDOWS\system32\WgaLogon.dll - ok
02:22:28.0453 3924  [ ACFEE2392503DD5E457363A0510B8BCB ] C:\WINDOWS\system32\msxml3.dll
02:22:28.0453 3924  C:\WINDOWS\system32\msxml3.dll - ok
02:22:28.0468 3924  [ 4C39358EBDD2FFCD9132A30E1EC31E16 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll
02:22:28.0468 3924  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcp90.dll - ok
02:22:28.0468 3924  [ E5EDBD51476DB5001ABF5C82AE5C3DD1 ] C:\WINDOWS\system32\shgina.dll
02:22:28.0468 3924  C:\WINDOWS\system32\shgina.dll - ok
02:22:28.0468 3924  [ CDBE9690CF2B8409FACAD94FAC9479C9 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll
02:22:28.0468 3924  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\msvcr90.dll - ok
02:22:28.0484 3924  [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll
02:22:28.0484 3924  C:\WINDOWS\system32\wsock32.dll - ok
02:22:28.0484 3924  [ 68981C522DFA676E4DFB062232F4BC40 ] C:\Program Files\CheckPoint\ZoneAlarm\vsutil.dll
02:22:28.0484 3924  C:\Program Files\CheckPoint\ZoneAlarm\vsutil.dll - ok
02:22:28.0484 3924  [ DD072705435259D5ABB5D7E0C348EB35 ] C:\Program Files\CheckPoint\ZoneAlarm\dbghelp.dll
02:22:28.0484 3924  C:\Program Files\CheckPoint\ZoneAlarm\dbghelp.dll - ok
02:22:28.0500 3924  [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll
02:22:28.0500 3924  C:\WINDOWS\system32\cscui.dll - ok
02:22:28.0500 3924  [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll
02:22:28.0500 3924  C:\WINDOWS\system32\powrprof.dll - ok
02:22:28.0500 3924  [ 66F67AA5A830BAED4CBBB00032AB0514 ] C:\Program Files\CheckPoint\ZoneAlarm\icslta.dll
02:22:28.0500 3924  C:\Program Files\CheckPoint\ZoneAlarm\icslta.dll - ok
02:22:28.0515 3924  [ 6C26DCF01E2A92F183B97D434017268A ] C:\WINDOWS\system32\dpcdll.dll
02:22:28.0515 3924  C:\WINDOWS\system32\dpcdll.dll - ok
02:22:28.0515 3924  [ ADCC01C3D23BEAA3932239A541122F13 ] C:\Program Files\CheckPoint\ZoneAlarm\ssleay32.dll
02:22:28.0515 3924  C:\Program Files\CheckPoint\ZoneAlarm\ssleay32.dll - ok
02:22:28.0531 3924  [ C84F844481A4C62C3FEF079A93DFC2D6 ] C:\Program Files\CheckPoint\ZoneAlarm\vsdb.dll
02:22:28.0531 3924  C:\Program Files\CheckPoint\ZoneAlarm\vsdb.dll - ok
02:22:28.0531 3924  [ 60DF97F197BE61E3139CF9A943D89D81 ] C:\Program Files\CheckPoint\ZoneAlarm\vsxml.dll
02:22:28.0531 3924  C:\Program Files\CheckPoint\ZoneAlarm\vsxml.dll - ok
02:22:28.0531 3924  [ C839E53BC6B8B660440488C2D8994B93 ] C:\Program Files\CheckPoint\ZoneAlarm\fbl.dll
02:22:28.0531 3924  C:\Program Files\CheckPoint\ZoneAlarm\fbl.dll - ok
02:22:28.0546 3924  [ 80C6A96E90CCB1D6FEFB54AF7BD46B3E ] C:\Program Files\CheckPoint\ZoneAlarm\featuremap.dll
02:22:28.0546 3924  C:\Program Files\CheckPoint\ZoneAlarm\featuremap.dll - ok
02:22:28.0546 3924  [ 3BC40BF58D43DF4C76117358EFC9EEB3 ] C:\Program Files\CheckPoint\ZoneAlarm\vswmi.dll
02:22:28.0546 3924  C:\Program Files\CheckPoint\ZoneAlarm\vswmi.dll - ok
02:22:28.0546 3924  [ 9B2B37C7512C7FCCBDA0E6A4106305E7 ] C:\Program Files\CheckPoint\ZoneAlarm\zlcomm.dll
02:22:28.0546 3924  C:\Program Files\CheckPoint\ZoneAlarm\zlcomm.dll - ok
02:22:28.0562 3924  [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe
02:22:28.0562 3924  C:\WINDOWS\system32\userinit.exe - ok
02:22:28.0562 3924  [ F12AADE27EBA7C4207E7CFC7F70A624C ] C:\Program Files\CheckPoint\ZoneAlarm\zlcommdb.dll
02:22:28.0562 3924  C:\Program Files\CheckPoint\ZoneAlarm\zlcommdb.dll - ok
02:22:28.0562 3924  [ B1296D52B0D2096EC4759EEEB806D759 ] C:\WINDOWS\system32\WgaTray.exe
02:22:28.0562 3924  C:\WINDOWS\system32\WgaTray.exe - ok
02:22:28.0578 3924  [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe
02:22:28.0578 3924  C:\WINDOWS\explorer.exe - ok
02:22:28.0578 3924  [ B14E6ED4CBAAF91A50C11807C55B6258 ] C:\WINDOWS\system32\browseui.dll
02:22:28.0578 3924  C:\WINDOWS\system32\browseui.dll - ok
02:22:28.0578 3924  [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll
02:22:28.0578 3924  C:\WINDOWS\system32\cryptnet.dll - ok
02:22:28.0593 3924  [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll
02:22:28.0593 3924  C:\WINDOWS\system32\sensapi.dll - ok
02:22:28.0593 3924  [ 684559A03CBC1D05BA120A18B0D8BA5D ] C:\WINDOWS\system32\winhttp.dll
02:22:28.0593 3924  C:\WINDOWS\system32\winhttp.dll - ok
02:22:28.0593 3924  [ 616B0126D3C499F5B7EAE5B198F6F6F5 ] C:\WINDOWS\system32\shdocvw.dll
02:22:28.0593 3924  C:\WINDOWS\system32\shdocvw.dll - ok
02:22:28.0609 3924  [ CC26451A90025F6C55F64146C333DEA5 ] C:\WINDOWS\system32\LegitCheckControl.dll
02:22:28.0609 3924  C:\WINDOWS\system32\LegitCheckControl.dll - ok
02:22:28.0609 3924  [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll
02:22:28.0609 3924  C:\WINDOWS\system32\wbem\wbemprox.dll - ok
02:22:28.0625 3924  [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll
02:22:28.0625 3924  C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
02:22:28.0625 3924  [ E9365427EAE2BB2EAD877E513751C341 ] C:\Program Files\CheckPoint\ZoneAlarm\vsruledb.dll
02:22:28.0625 3924  C:\Program Files\CheckPoint\ZoneAlarm\vsruledb.dll - ok
02:22:28.0625 3924  [ 56DEC67E273BA88A630C4B7B29D9D7BB ] C:\Program Files\AVAST Software\Avast\ashShell.dll
02:22:28.0625 3924  C:\Program Files\AVAST Software\Avast\ashShell.dll - ok
02:22:28.0640 3924  [ 0127F0E5C76C1C02842952DD7B38157A ] C:\Program Files\AVAST Software\Avast\1033\Base.dll
02:22:28.0640 3924  C:\Program Files\AVAST Software\Avast\1033\Base.dll - ok
02:22:28.0640 3924  [ ABF1962C902E85AD36761956BDE72325 ] C:\WINDOWS\system32\msi.dll
02:22:28.0640 3924  C:\WINDOWS\system32\msi.dll - ok
02:22:28.0640 3924  [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl
02:22:28.0640 3924  C:\WINDOWS\system32\desk.cpl - ok
02:22:28.0656 3924  [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll
02:22:28.0656 3924  C:\WINDOWS\system32\themeui.dll - ok
02:22:28.0656 3924  [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe
02:22:28.0656 3924  C:\WINDOWS\system32\cmd.exe - ok
02:22:28.0656 3924  [ A2180B455AE266D66F38634DE018E7CE ] C:\WINDOWS\system32\ieframe.dll
02:22:28.0656 3924  C:\WINDOWS\system32\ieframe.dll - ok
02:22:28.0671 3924  [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll
02:22:28.0671 3924  C:\WINDOWS\system32\cabinet.dll - ok
02:22:28.0671 3924  [ 9EF8A0E1A9E3C66D074025D013224551 ] C:\Program Files\CheckPoint\ZoneAlarm\vsvault.dll
02:22:28.0671 3924  C:\Program Files\CheckPoint\ZoneAlarm\vsvault.dll - ok
02:22:28.0687 3924  [ 930A325A05E0508D33551E4CFCB78C4D ] C:\Program Files\CheckPoint\ZoneAlarm\scheduler.dll
02:22:28.0687 3924  C:\Program Files\CheckPoint\ZoneAlarm\scheduler.dll - ok
02:22:28.0687 3924  [ 8638F39A610B6ECBB91BD9045E147DF7 ] C:\Program Files\CheckPoint\ZoneAlarm\zlupdate.dll
02:22:28.0687 3924  C:\Program Files\CheckPoint\ZoneAlarm\zlupdate.dll - ok
02:22:28.0687 3924  [ 0F1775EC301CC26AC1713B2F2AD474B8 ] C:\Program Files\CheckPoint\ZoneAlarm\zdx.dll
02:22:28.0687 3924  C:\Program Files\CheckPoint\ZoneAlarm\zdx.dll - ok
02:22:28.0703 3924  [ 41735B82DB57E4EBE9504EC400FD120E ] C:\Program Files\AVAST Software\Avast\AvastSvc.exe
02:22:28.0703 3924  C:\Program Files\AVAST Software\Avast\AvastSvc.exe - ok
02:22:28.0703 3924  [ 81BC2B7B6C5C46EB31DEDAC66548053E ] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll
02:22:28.0703 3924  C:\Program Files\AVAST Software\Avast\aswCmnBS.dll - ok
02:22:28.0703 3924  [ 35868C1F8B1BFF5CA1F957E3548A96FC ] C:\Program Files\AVAST Software\Avast\aswCmnIS.dll
02:22:28.0703 3924  C:\Program Files\AVAST Software\Avast\aswCmnIS.dll - ok
02:22:28.0718 3924  [ 4021AEBD765FBFD22E5E7B21FB0E9549 ] C:\Program Files\AVAST Software\Avast\aswCmnOS.dll
02:22:28.0718 3924  C:\Program Files\AVAST Software\Avast\aswCmnOS.dll - ok
02:22:28.0718 3924  [ E9CE9F8CD76B81B1CE5C9F3F58D0591A ] C:\Program Files\AVAST Software\Avast\ashBase.dll
02:22:28.0718 3924  C:\Program Files\AVAST Software\Avast\ashBase.dll - ok
02:22:28.0718 3924  [ FFF65CA2746E1FA5673D2BF2CC706955 ] C:\Program Files\AVAST Software\Avast\aswEngLdr.dll
02:22:28.0718 3924  C:\Program Files\AVAST Software\Avast\aswEngLdr.dll - ok
02:22:28.0734 3924  [ 47742160BBC1B66D0CB09AA45F907540 ] C:\Program Files\AVAST Software\Avast\avBugReport.exe
02:22:28.0734 3924  C:\Program Files\AVAST Software\Avast\avBugReport.exe - ok
02:22:28.0734 3924  [ B6E6F3F5B63053D5DC1F4EE32992492F ] C:\WINDOWS\system32\dbghelp.dll
02:22:28.0734 3924  C:\WINDOWS\system32\dbghelp.dll - ok
02:22:28.0734 3924  [ 129D3C6FF2E0C60FBD757C63C72F15B8 ] C:\Program Files\AVAST Software\Avast\aswProperty.dll
02:22:28.0734 3924  C:\Program Files\AVAST Software\Avast\aswProperty.dll - ok
02:22:28.0750 3924  [ 31472162FB12CFE31226343FDEE94318 ] C:\Program Files\AVAST Software\Avast\AavmRpch.dll
02:22:28.0750 3924  C:\Program Files\AVAST Software\Avast\AavmRpch.dll - ok
02:22:28.0750 3924  [ 1BE8D8DCCEBD1174BCC22D0BC575C237 ] C:\Program Files\AVAST Software\Avast\ashServ.dll
02:22:28.0750 3924  C:\Program Files\AVAST Software\Avast\ashServ.dll - ok
02:22:28.0765 3924  [ 3B8707AC8BB05CD0D4D96333D4411EE7 ] C:\Program Files\AVAST Software\Avast\ashTask.dll
02:22:28.0765 3924  C:\Program Files\AVAST Software\Avast\ashTask.dll - ok
02:22:28.0765 3924  [ FD639FEEE160F399DB58A3FDB2E0DF4D ] C:\Program Files\AVAST Software\Avast\aswAux.dll
02:22:28.0765 3924  C:\Program Files\AVAST Software\Avast\aswAux.dll - ok
02:22:28.0765 3924  [ 8588D68F3A51C147EA8019E496F805EB ] C:\Program Files\AVAST Software\Avast\ashTaskEx.dll
02:22:28.0765 3924  C:\Program Files\AVAST Software\Avast\ashTaskEx.dll - ok
02:22:28.0781 3924  [ 720B5083FC3037150801504F9ECA1591 ] C:\Program Files\AVAST Software\Avast\aswLog.dll
02:22:28.0781 3924  C:\Program Files\AVAST Software\Avast\aswLog.dll - ok
02:22:28.0781 3924  [ 724A6A9AB5E1807665C5DB71C30BFC5F ] C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
02:22:28.0781 3924  C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys - ok
02:22:28.0781 3924  [ F5FEDB7D35E030A2DACD40FB3245C765 ] C:\Program Files\AVAST Software\Avast\aswSqLt.dll
02:22:28.0781 3924  C:\Program Files\AVAST Software\Avast\aswSqLt.dll - ok
02:22:28.0796 3924  [ 482310DD75538EB321210FF1E2538C72 ] C:\Program Files\AVAST Software\Avast\Aavm4h.dll
02:22:28.0796 3924  C:\Program Files\AVAST Software\Avast\Aavm4h.dll - ok
02:22:28.0796 3924  [ 57FE873B8246DEF1372503CBC57A7499 ] C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
02:22:28.0796 3924  C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe - ok
02:22:28.0796 3924  [ 1650A06EB48C18969057761AFCCBF001 ] C:\Program Files\AVAST Software\Avast\avastIP.dll
02:22:28.0796 3924  C:\Program Files\AVAST Software\Avast\avastIP.dll - ok
02:22:28.0812 3924  [ 682F67B86B4F586D813BACA7A0AA06A7 ] C:\Program Files\AVAST Software\Avast\aswIdle.dll
02:22:28.0812 3924  C:\Program Files\AVAST Software\Avast\aswIdle.dll - ok
02:22:28.0812 3924  [ EB6613261E287A8B9783C9C8B7F118F8 ] C:\Program Files\AVAST Software\Avast\aswDld.dll
02:22:28.0812 3924  C:\Program Files\AVAST Software\Avast\aswDld.dll - ok
02:22:28.0812 3924  [ 20EEC2605DC89048E9989FE8D73E26BD ] C:\Program Files\AVAST Software\Avast\aswStrm.dll
02:22:28.0812 3924  C:\Program Files\AVAST Software\Avast\aswStrm.dll - ok
02:22:28.0828 3924  [ E4FECE18310E23B1D8FEE993E35E7A6F ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
02:22:28.0828 3924  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll - ok
02:22:28.0828 3924  [ 4C8A880EABC0B4D462CC4B2472116EA1 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
02:22:28.0828 3924  C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll - ok
02:22:28.0828 3924  [ 73A720073843EDB55D7E67C42E846BE8 ] C:\Program Files\AVAST Software\Avast\defs\13050601\aswEngin.dll
02:22:28.0828 3924  C:\Program Files\AVAST Software\Avast\defs\13050601\aswEngin.dll - ok
02:22:28.0843 3924  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll
02:22:28.0843 3924  C:\WINDOWS\system32\schedsvc.dll - ok
02:22:28.0843 3924  [ 64790077F7574E0EB97F3CD2C7B46796 ] C:\Program Files\AVAST Software\Avast\defs\13050601\aswCmnIS.dll
02:22:28.0843 3924  C:\Program Files\AVAST Software\Avast\defs\13050601\aswCmnIS.dll - ok
02:22:28.0859 3924  [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll
02:22:28.0859 3924  C:\WINDOWS\system32\msidle.dll - ok
02:22:28.0859 3924  [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\system32\spoolsv.exe
02:22:28.0859 3924  C:\WINDOWS\system32\spoolsv.exe - ok
02:22:28.0859 3924  [ 09C5CB1DEEFFB23C29FDF135C70E506E ] C:\Program Files\AVAST Software\Avast\defs\13050601\aswCmnOS.dll
02:22:28.0859 3924  C:\Program Files\AVAST Software\Avast\defs\13050601\aswCmnOS.dll - ok
02:22:28.0875 3924  [ 746989EB81B6050163F86EBBBE44F260 ] C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll
02:22:28.0875 3924  C:\Program Files\CheckPoint\ZAForceField\ISWUL.dll - ok
02:22:28.0875 3924  [ 3E573496112D62DFCCE4E0D745E6D1DD ] C:\Program Files\AVAST Software\Avast\defs\13050601\aswCmnBS.dll
02:22:28.0875 3924  C:\Program Files\AVAST Software\Avast\defs\13050601\aswCmnBS.dll - ok
02:22:28.0875 3924  [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll
02:22:28.0875 3924  C:\WINDOWS\system32\audiosrv.dll - ok
02:22:28.0890 3924  [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\system32\wkssvc.dll
02:22:28.0890 3924  C:\WINDOWS\system32\wkssvc.dll - ok
02:22:28.0890 3924  [ F4B53E84EBD4EDC4938E9B40B583D6FE ] C:\Program Files\AVAST Software\Avast\defs\13050601\aswScan.dll
02:22:28.0890 3924  C:\Program Files\AVAST Software\Avast\defs\13050601\aswScan.dll - ok
02:22:28.0890 3924  [ 631EAABB9F82ACEDF8DE3DD20FD5ACC6 ] C:\Program Files\AVAST Software\Avast\defs\13050601\aswRep.dll
02:22:28.0890 3924  C:\Program Files\AVAST Software\Avast\defs\13050601\aswRep.dll - ok
02:22:28.0906 3924  [ 6FE42512AB1B89F32A7407F261B1D2D0 ] C:\WINDOWS\Temp\IswTmp\WH\0
02:22:28.0906 3924  C:\WINDOWS\Temp\IswTmp\WH\0 - ok
02:22:28.0906 3924  [ 2399F8068E969D9C25A05B6F779A790A ] C:\Program Files\AVAST Software\Avast\defs\13050601\aswFiDb.dll
02:22:28.0906 3924  C:\Program Files\AVAST Software\Avast\defs\13050601\aswFiDb.dll - ok
02:22:28.0921 3924  [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv
02:22:28.0921 3924  C:\WINDOWS\system32\wdmaud.drv - ok
02:22:28.0921 3924  [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys
02:22:28.0921 3924  C:\WINDOWS\system32\drivers\wdmaud.sys - ok
02:22:28.0921 3924  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys
02:22:28.0921 3924  C:\WINDOWS\system32\drivers\sysaudio.sys - ok
02:22:28.0937 3924  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys
02:22:28.0937 3924  C:\WINDOWS\system32\drivers\splitter.sys - ok
02:22:28.0937 3924  [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys
02:22:28.0937 3924  C:\WINDOWS\system32\drivers\aec.sys - ok
02:22:28.0937 3924  [ 71F503BAD4C1141067AECA573908B4E9 ] C:\Program Files\CheckPoint\ZAForceField\ZDXUI.dll
02:22:28.0937 3924  C:\Program Files\CheckPoint\ZAForceField\ZDXUI.dll - ok
02:22:28.0953 3924  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys
02:22:28.0953 3924  C:\WINDOWS\system32\drivers\swmidi.sys - ok
02:22:28.0953 3924  [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\DMusic.sys
02:22:28.0953 3924  C:\WINDOWS\system32\drivers\DMusic.sys - ok
02:22:28.0953 3924  [ 258444AC2AAD2A51820E6975D5A1F556 ] C:\Program Files\CheckPoint\ZAForceField\FFApi.dll
02:22:28.0953 3924  C:\Program Files\CheckPoint\ZAForceField\FFApi.dll - ok
02:22:28.0968 3924  [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys
02:22:28.0968 3924  C:\WINDOWS\system32\drivers\kmixer.sys - ok
02:22:28.0968 3924  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys
02:22:28.0968 3924  C:\WINDOWS\system32\drivers\drmkaud.sys - ok
02:22:28.0984 3924  [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
02:22:28.0984 3924  C:\WINDOWS\system32\msacm32.drv - ok
02:22:28.0984 3924  [ C23613BCD5B1065D2F9C7AA867B1EE0B ] C:\Program Files\AVAST Software\Avast\defs\13050601\algo.dll
02:22:28.0984 3924  C:\Program Files\AVAST Software\Avast\defs\13050601\algo.dll - ok
02:22:28.0984 3924  [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll
02:22:28.0984 3924  C:\WINDOWS\system32\midimap.dll - ok
02:22:29.0000 3924  [ 004650072EDF6B11BED995E18A898BD5 ] C:\Program Files\CheckPoint\ZAForceField\iswrcs.dll
02:22:29.0000 3924  C:\Program Files\CheckPoint\ZAForceField\iswrcs.dll - ok
02:22:29.0000 3924  [ AB3C4A3667AEAD147F175721D8719B78 ] C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
02:22:29.0000 3924  C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe - ok
02:22:29.0000 3924  [ 903FF9BA73E379237C0EDDDA8F17168C ] C:\Program Files\AVAST Software\Avast\Setup\setiface.dll
02:22:29.0000 3924  C:\Program Files\AVAST Software\Avast\Setup\setiface.dll - ok
02:22:29.0015 3924  [ 1A3FB4E84D8FE3801BE6B2220F1E38C4 ] C:\Program Files\CheckPoint\ZAForceField\Zdx.dll
02:22:29.0015 3924  C:\Program Files\CheckPoint\ZAForceField\Zdx.dll - ok
02:22:29.0015 3924  [ C9DF1AA04B09228D746536A90F01C73C ] C:\Program Files\CheckPoint\ZAForceField\ISWUILib.dll
02:22:29.0015 3924  C:\Program Files\CheckPoint\ZAForceField\ISWUILib.dll - ok
02:22:29.0015 3924  [ 80776884E7A05D6DA5040926F82B0273 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
02:22:29.0015 3924  C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll - ok
02:22:29.0031 3924  [ 9A7803D33692D1F373A99F7594D3145F ] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll
02:22:29.0031 3924  C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWDMP.dll - ok
02:22:29.0031 3924  [ AEDE14835589701A3BE1CC2BD7470364 ] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWMENUS.dll
02:22:29.0031 3924  C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWMENUS.dll - ok
02:22:29.0046 3924  [ 59292F5B1A88218F442B4485D0FD5C41 ] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSTATS.dll
02:22:29.0046 3924  C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSTATS.dll - ok
02:22:29.0046 3924  [ 662D13021A8E793615D55B1F7E741655 ] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll
02:22:29.0046 3924  C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWFWMON.dll - ok
02:22:29.0046 3924  [ 7C7AB513C5D9920ACAFFFF698C3E9529 ] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWUPD.dll
02:22:29.0046 3924  C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWUPD.dll - ok
02:22:29.0062 3924  [ 5D43C9A33F18C707BA169AFDA88BDF30 ] C:\WINDOWS\system32\fltlib.dll
02:22:29.0062 3924  C:\WINDOWS\system32\fltlib.dll - ok
02:22:29.0062 3924  [ 4AE04D9608F272F3F468B34F2F1329E5 ] C:\Program Files\AVAST Software\Avast\AhResBhv.dll
02:22:29.0062 3924  C:\Program Files\AVAST Software\Avast\AhResBhv.dll - ok
02:22:29.0062 3924  [ 94868FC1295C8B76B8D45C1F44D9F653 ] C:\Program Files\AVAST Software\Avast\AhResJs.dll
02:22:29.0062 3924  C:\Program Files\AVAST Software\Avast\AhResJs.dll - ok
02:22:29.0078 3924  [ DEA9DFD3E83F48D7005E066011D340F7 ] C:\Program Files\AVAST Software\Avast\AhResMai.dll
02:22:29.0078 3924  C:\Program Files\AVAST Software\Avast\AhResMai.dll - ok
02:22:29.0078 3924  [ C03EC02F6C9F492293D78F850E2E48FC ] C:\Program Files\AVAST Software\Avast\AhResMes.dll
02:22:29.0078 3924  C:\Program Files\AVAST Software\Avast\AhResMes.dll - ok
02:22:29.0078 3924  [ 15D7A4070D2B52D2EEA8D99E551E9E53 ] C:\Program Files\AVAST Software\Avast\AhResNS.dll
02:22:29.0078 3924  C:\Program Files\AVAST Software\Avast\AhResNS.dll - ok
02:22:29.0093 3924  [ A46789AD5F3A85470F898B15D5C056BD ] C:\Program Files\AVAST Software\Avast\AhResP2P.dll
02:22:29.0093 3924  C:\Program Files\AVAST Software\Avast\AhResP2P.dll - ok
02:22:29.0093 3924  [ B2D91A72C78D27D9A25FFF8BAF6EB2F4 ] C:\Program Files\AVAST Software\Avast\AhResStd.dll
02:22:29.0093 3924  C:\Program Files\AVAST Software\Avast\AhResStd.dll - ok
02:22:29.0109 3924  [ 39F39B23969512842F6A6D259E68FF11 ] C:\Program Files\AVAST Software\Avast\AhResWS.dll
02:22:29.0109 3924  C:\Program Files\AVAST Software\Avast\AhResWS.dll - ok
02:22:29.0109 3924  [ AAC3C0194EEBA939E18590411130CF43 ] C:\Program Files\AVAST Software\Avast\defs\13050601\ArPot.dll
02:22:29.0109 3924  C:\Program Files\AVAST Software\Avast\defs\13050601\ArPot.dll - ok
02:22:29.0109 3924  [ 2C8F7A0B6D023C6DD817E999528F2F98 ] C:\Program Files\AVAST Software\Avast\ashMaiSv.dll
02:22:29.0109 3924  C:\Program Files\AVAST Software\Avast\ashMaiSv.dll - ok
02:22:29.0125 3924  [ AF718FFE60D958E590AF49C4FC3BD6A6 ] C:\Program Files\AVAST Software\Avast\ssleay32.dll
02:22:29.0125 3924  C:\Program Files\AVAST Software\Avast\ssleay32.dll - ok
02:22:29.0125 3924  [ 9C70887708A7C88D20DD215AC5AA757F ] C:\Program Files\AVAST Software\Avast\libeay32.dll
02:22:29.0125 3924  C:\Program Files\AVAST Software\Avast\libeay32.dll - ok
02:22:29.0125 3924  [ B6D90C99A72044AEF85A2B7D78FEBEF4 ] C:\Program Files\AVAST Software\Avast\defs\13050601\exts.dll
02:22:29.0125 3924  C:\Program Files\AVAST Software\Avast\defs\13050601\exts.dll - ok
02:22:29.0140 3924  [ C339473B25526F866DBB21425F3D8F3A ] C:\Program Files\AVAST Software\Avast\ashWebSv.dll
02:22:29.0140 3924  C:\Program Files\AVAST Software\Avast\ashWebSv.dll - ok
02:22:29.0140 3924  [ 8BCD11D38FCE43A519246A91CC40DE6A ] C:\WINDOWS\system32\security.dll
02:22:29.0140 3924  C:\WINDOWS\system32\security.dll - ok
02:22:29.0140 3924  [ DF7A5058504EE982914A3C24676F4485 ] C:\Program Files\AVAST Software\Avast\ashWsFtr.dll
02:22:29.0140 3924  C:\Program Files\AVAST Software\Avast\ashWsFtr.dll - ok
02:22:29.0156 3924  [ 9EEFE69139FDBB4A3C327630F8EB993A ] C:\WINDOWS\system32\wlanapi.dll
02:22:29.0156 3924  C:\WINDOWS\system32\wlanapi.dll - ok
02:22:29.0156 3924  [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll
02:22:29.0156 3924  C:\WINDOWS\system32\wzcsapi.dll - ok
02:22:29.0171 3924  [ 2FFBCD4394E60013EAF45427EC4E6A1E ] C:\Program Files\AVAST Software\Avast\defs\13050601\aswAR.dll
02:22:29.0171 3924  C:\Program Files\AVAST Software\Avast\defs\13050601\aswAR.dll - ok
02:22:29.0171 3924  [ 9EC1D983086E5FA14FFB3518B7E3B596 ] C:\Program Files\AVAST Software\Avast\defs\13050601\aswRawFS.dll
02:22:29.0171 3924  C:\Program Files\AVAST Software\Avast\defs\13050601\aswRawFS.dll - ok
02:22:29.0171 3924  [ 899C7993A7DE3061C74623F5523BC21D ] C:\Program Files\AVAST Software\Avast\Setup\avast.setup
02:22:29.0171 3924  C:\Program Files\AVAST Software\Avast\Setup\avast.setup - ok
02:22:29.0187 3924  [ 0B467F470CC9918FDCEEDCFD7DC4D697 ] C:\WINDOWS\system32\oledlg.dll
02:22:29.0187 3924  C:\WINDOWS\system32\oledlg.dll - ok
02:22:29.0187 3924  [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll
02:22:29.0187 3924  C:\WINDOWS\system32\imm32.dll - ok
02:22:29.0187 3924  [ 5C5E3AFD499E5146FEF1DA5EF8A23205 ] C:\Program Files\AVAST Software\Avast\dbghelp.dll
02:22:29.0187 3924  C:\Program Files\AVAST Software\Avast\dbghelp.dll - ok
02:22:29.0203 3924  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] C:\WINDOWS\system32\drivers\mrxdav.sys
02:22:29.0203 3924  C:\WINDOWS\system32\drivers\mrxdav.sys - ok
02:22:29.0203 3924  [ 44B1C057B30890C55FB6F4C1582E8522 ] C:\Program Files\AVAST Software\Avast\snxhk.dll
02:22:29.0203 3924  C:\Program Files\AVAST Software\Avast\snxhk.dll - ok
02:22:29.0203 3924  [ 77A354E28153AD2D5E120A5A8687BC06 ] C:\WINDOWS\system32\webclnt.dll
02:22:29.0203 3924  C:\WINDOWS\system32\webclnt.dll - ok
02:22:29.0218 3924  [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] C:\WINDOWS\system32\drivers\parvdm.sys
02:22:29.0218 3924  C:\WINDOWS\system32\drivers\parvdm.sys - ok
02:22:29.0218 3924  [ C5A75EB48E2344ABDC162BDA79E16841 ] C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:22:29.0218 3924  C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe - ok
02:22:29.0234 3924  [ E5F7C30EDF0892667933BE879F067D67 ] C:\WINDOWS\system32\msvcr100_clr0400.dll
02:22:29.0234 3924  C:\WINDOWS\system32\msvcr100_clr0400.dll - ok
02:22:29.0234 3924  [ B04DB1F0B2652FCBCCC5FD0C46579F0F ] C:\WINDOWS\system32\mscoree.dll
02:22:29.0234 3924  C:\WINDOWS\system32\mscoree.dll - ok
02:22:29.0234 3924  [ 57EDEC2E5F59F0335E92F35184BC8631 ] C:\WINDOWS\system32\dmserver.dll
02:22:29.0234 3924  C:\WINDOWS\system32\dmserver.dll - ok
02:22:29.0250 3924  [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\system32\es.dll
02:22:29.0250 3924  C:\WINDOWS\system32\es.dll - ok
02:22:29.0250 3924  [ BC93B4A066477954555966D77FEC9ECB ] C:\WINDOWS\system32\ersvc.dll
02:22:29.0250 3924  C:\WINDOWS\system32\ersvc.dll - ok
02:22:29.0250 3924  [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll
02:22:29.0250 3924  C:\WINDOWS\system32\hid.dll - ok
02:22:29.0265 3924  [ DEB04DA35CC871B6D309B77E1443C796 ] C:\WINDOWS\system32\hidserv.dll
02:22:29.0265 3924  C:\WINDOWS\system32\hidserv.dll - ok
02:22:29.0265 3924  [ 4FCCA060DFE0C51A09DD5C3843888BCD ] C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
02:22:29.0265 3924  C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll - ok
02:22:29.0265 3924  [ A1509BA3A5FDC5366146E92B3D130EB5 ] C:\Program Files\Java\jre7\bin\jqs.exe
02:22:29.0265 3924  C:\Program Files\Java\jre7\bin\jqs.exe - ok
02:22:29.0281 3924  [ 67EC459E42D3081DD8FD34356F7CAFC1 ] C:\Program Files\Java\jre7\bin\msvcr100.dll
02:22:29.0281 3924  C:\Program Files\Java\jre7\bin\msvcr100.dll - ok
02:22:29.0281 3924  [ 62CF83A6989312A0DD39BBFFB3D1C166 ] C:\WINDOWS\system32\pdh.dll
02:22:29.0281 3924  C:\WINDOWS\system32\pdh.dll - ok
02:22:29.0296 3924  [ 369F7B1A4F358B976176556A1A331F36 ] C:\WINDOWS\system32\odbcbcp.dll
02:22:29.0296 3924  C:\WINDOWS\system32\odbcbcp.dll - ok
02:22:29.0296 3924  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] C:\WINDOWS\system32\srvsvc.dll
02:22:29.0296 3924  C:\WINDOWS\system32\srvsvc.dll - ok
02:22:29.0296 3924  [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
02:22:29.0296 3924  C:\WINDOWS\system32\netmsg.dll - ok
02:22:29.0312 3924  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll
02:22:29.0312 3924  C:\WINDOWS\system32\netman.dll - ok
02:22:29.0312 3924  [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll
02:22:29.0312 3924  C:\WINDOWS\system32\netshell.dll - ok
02:22:29.0312 3924  [ 30CB85790A3C70AE45C88E28BA6397C2 ] C:\WINDOWS\system32\nvsvc32.exe
02:22:29.0312 3924  C:\WINDOWS\system32\nvsvc32.exe - ok
02:22:29.0328 3924  [ ACDAFCD14EC0ECE89198503746A5C147 ] C:\WINDOWS\system32\perfos.dll
02:22:29.0328 3924  C:\WINDOWS\system32\perfos.dll - ok
02:22:29.0328 3924  [ ABFB673B24A9B3287761D497529FB5B9 ] C:\WINDOWS\system32\perfdisk.dll
02:22:29.0328 3924  C:\WINDOWS\system32\perfdisk.dll - ok
02:22:29.0328 3924  [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll
02:22:29.0328 3924  C:\WINDOWS\system32\credui.dll - ok
02:22:29.0343 3924  [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll
02:22:29.0343 3924  C:\WINDOWS\system32\dot3dlg.dll - ok
02:22:29.0343 3924  [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll
02:22:29.0343 3924  C:\WINDOWS\system32\onex.dll - ok
02:22:29.0343 3924  [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll
02:22:29.0343 3924  C:\WINDOWS\system32\eappcfg.dll - ok
02:22:29.0359 3924  [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll
02:22:29.0359 3924  C:\WINDOWS\system32\eappprxy.dll - ok
02:22:29.0359 3924  [ C39B824A30118E308D575D6507467D10 ] C:\WINDOWS\system32\nvcpl.dll
02:22:29.0359 3924  C:\WINDOWS\system32\nvcpl.dll - ok
02:22:29.0375 3924  [ 37C8EC2860DF210ED93A94BF6525CBC7 ] C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
02:22:29.0375 3924  C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe - ok
02:22:29.0375 3924  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] C:\WINDOWS\system32\drivers\srv.sys
02:22:29.0375 3924  C:\WINDOWS\system32\drivers\srv.sys - ok
02:22:29.0375 3924  [ D6B5A2966A6CE9ED29C58B56A51839F0 ] C:\WINDOWS\system32\nvapi.dll
02:22:29.0375 3924  C:\WINDOWS\system32\nvapi.dll - ok
02:22:29.0390 3924  [ BF1893E2B1B886161FD4BB7B3163E40F ] C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll
02:22:29.0390 3924  C:\Program Files\NVIDIA Corporation\Display\nvdisps.dll - ok
02:22:29.0390 3924  [ 037B1E7798960E0420003D05BB577EE6 ] C:\WINDOWS\system32\rundll32.exe
02:22:29.0390 3924  C:\WINDOWS\system32\rundll32.exe - ok
02:22:29.0390 3924  [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll
02:22:29.0390 3924  C:\WINDOWS\system32\spoolss.dll - ok
02:22:29.0406 3924  [ 5677DFE438EC1F009273FC84FEED6B10 ] C:\WINDOWS\system32\localspl.dll
02:22:29.0406 3924  C:\WINDOWS\system32\localspl.dll - ok
02:22:29.0406 3924  [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll
02:22:29.0406 3924  C:\WINDOWS\system32\cnbjmon.dll - ok
02:22:29.0406 3924  [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll
02:22:29.0406 3924  C:\WINDOWS\system32\pjlmon.dll - ok
02:22:29.0421 3924  [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll
02:22:29.0421 3924  C:\WINDOWS\system32\tcpmon.dll - ok
02:22:29.0421 3924  [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll
02:22:29.0421 3924  C:\WINDOWS\system32\usbmon.dll - ok
02:22:29.0437 3924  [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll
02:22:29.0437 3924  C:\WINDOWS\system32\win32spl.dll - ok
02:22:29.0437 3924  [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll
02:22:29.0437 3924  C:\WINDOWS\system32\netrap.dll - ok
02:22:29.0437 3924  [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll
02:22:29.0437 3924  C:\WINDOWS\system32\inetpp.dll - ok
02:22:29.0453 3924  [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll
02:22:29.0453 3924  C:\WINDOWS\system32\ipsecsvc.dll - ok
02:22:29.0453 3924  [ C5FF8682EADA5B3B27A865F1C3EF9270 ] C:\WINDOWS\system32\oakley.dll
02:22:29.0453 3924  C:\WINDOWS\system32\oakley.dll - ok
02:22:29.0453 3924  [ 5B19B557B0C188210A56A6B699D90B8F ] C:\WINDOWS\system32\regsvc.dll
02:22:29.0453 3924  C:\WINDOWS\system32\regsvc.dll - ok
02:22:29.0468 3924  [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll
02:22:29.0468 3924  C:\WINDOWS\system32\seclogon.dll - ok
02:22:29.0468 3924  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll
02:22:29.0468 3924  C:\WINDOWS\system32\sens.dll - ok
02:22:29.0468 3924  [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll
02:22:29.0468 3924  C:\WINDOWS\system32\winipsec.dll - ok
02:22:29.0484 3924  [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll
02:22:29.0484 3924  C:\WINDOWS\system32\srsvc.dll - ok
02:22:29.0484 3924  [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll
02:22:29.0484 3924  C:\WINDOWS\system32\psbase.dll - ok
02:22:29.0484 3924  [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll
02:22:29.0484 3924  C:\WINDOWS\system32\pstorsvc.dll - ok
02:22:29.0500 3924  [ 55BCA12F7F523D35CA3CB833C725F54E ] C:\WINDOWS\system32\trkwks.dll
02:22:29.0500 3924  C:\WINDOWS\system32\trkwks.dll - ok
02:22:29.0500 3924  [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll
02:22:29.0500 3924  C:\WINDOWS\system32\dssenh.dll - ok
02:22:29.0515 3924  [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll
02:22:29.0515 3924  C:\WINDOWS\system32\wbem\wmisvc.dll - ok
02:22:29.0515 3924  [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll
02:22:29.0515 3924  C:\WINDOWS\system32\vssapi.dll - ok
02:22:29.0515 3924  [ 35321FB577CDC98CE3EB3A3EB9E4610A ] C:\WINDOWS\system32\wuauserv.dll
02:22:29.0515 3924  C:\WINDOWS\system32\wuauserv.dll - ok
02:22:29.0531 3924  [ FC3EC24FCE372C89423E015A2AC1A31E ] C:\WINDOWS\system32\wuaueng.dll
02:22:29.0531 3924  C:\WINDOWS\system32\wuaueng.dll - ok
02:22:29.0531 3924  [ B85E95679B5ADC12311BCD3F5385D623 ] C:\WINDOWS\system32\mspatcha.dll
02:22:29.0531 3924  C:\WINDOWS\system32\mspatcha.dll - ok
02:22:29.0531 3924  [ CFD4E51402DA9838B5A04AE680AF54A0 ] C:\WINDOWS\system32\browser.dll
02:22:29.0531 3924  C:\WINDOWS\system32\browser.dll - ok
02:22:29.0546 3924  [ 83F41D0D89645D7235C051AB1D9523AC ] C:\WINDOWS\system32\ipnathlp.dll
02:22:29.0546 3924  C:\WINDOWS\system32\ipnathlp.dll - ok
02:22:29.0546 3924  [ 7C278E6408D1DCE642230C0585A854D5 ] C:\WINDOWS\system32\wscsvc.dll
02:22:29.0546 3924  C:\WINDOWS\system32\wscsvc.dll - ok
02:22:29.0546 3924  [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll
02:22:29.0546 3924  C:\WINDOWS\system32\comsvcs.dll - ok
02:22:29.0562 3924  [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll
02:22:29.0562 3924  C:\WINDOWS\system32\colbact.dll - ok
02:22:29.0562 3924  [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll
02:22:29.0562 3924  C:\WINDOWS\system32\clusapi.dll - ok
02:22:29.0562 3924  [ 36795A645EAA47FE31D2A8F136A2C69B ] C:\WINDOWS\system32\mtxclu.dll
02:22:29.0562 3924  C:\WINDOWS\system32\mtxclu.dll - ok
02:22:29.0578 3924  [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll
02:22:29.0578 3924  C:\WINDOWS\system32\resutils.dll - ok
02:22:29.0578 3924  [ 3458EDA96E30FBD0477A2800D3FB1909 ] C:\WINDOWS\system32\wups.dll
02:22:29.0578 3924  C:\WINDOWS\system32\wups.dll - ok
02:22:29.0578 3924  [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll
02:22:29.0578 3924  C:\WINDOWS\system32\wbem\wbemcore.dll - ok
02:22:29.0593 3924  [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll
02:22:29.0593 3924  C:\WINDOWS\system32\wbem\esscli.dll - ok
02:22:29.0593 3924  [ 378A0AEFB11D8B0DC8C27B9F7604B88D ] C:\WINDOWS\system32\wbem\fastprox.dll
02:22:29.0593 3924  C:\WINDOWS\system32\wbem\fastprox.dll - ok
02:22:29.0609 3924  [ BDC0C99E472176C8C2C853A68ADC5073 ] C:\WINDOWS\system32\wups2.dll
02:22:29.0609 3924  C:\WINDOWS\system32\wups2.dll - ok
02:22:29.0609 3924  [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
02:22:29.0609 3924  C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
02:22:29.0609 3924  [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll
02:22:29.0609 3924  C:\WINDOWS\system32\wbem\wmiutils.dll - ok
02:22:29.0625 3924  [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll
02:22:29.0625 3924  C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
02:22:29.0625 3924  [ 2E0B0A051FFAA86E358465BB0880D453 ] C:\WINDOWS\system32\wuauclt.exe
02:22:29.0625 3924  C:\WINDOWS\system32\wuauclt.exe - ok
02:22:29.0625 3924  [ 071143F687B4F887E21461CA6CC7EB29 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
02:22:29.0625 3924  C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
02:22:29.0640 3924  [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll
02:22:29.0640 3924  C:\WINDOWS\system32\wbem\wbemess.dll - ok
02:22:29.0640 3924  [ 1A617835452EEE5060976C9B9F5FE635 ] C:\WINDOWS\system32\wuapi.dll
02:22:29.0640 3924  C:\WINDOWS\system32\wuapi.dll - ok
02:22:29.0640 3924  [ D26451B540720A7313A9BCBE794DAF62 ] C:\WINDOWS\system32\wbem\ncprov.dll
02:22:29.0640 3924  C:\WINDOWS\system32\wbem\ncprov.dll - ok
02:22:29.0656 3924  [ FF3477C03BE7201C294C35F684B3479F ] C:\WINDOWS\system32\termsrv.dll
02:22:29.0656 3924  C:\WINDOWS\system32\termsrv.dll - ok
02:22:29.0656 3924  [ DF6551E4C4C46655A0C76194F1FCEA5D ] C:\WINDOWS\system32\icaapi.dll
02:22:29.0656 3924  C:\WINDOWS\system32\icaapi.dll - ok
02:22:29.0671 3924  [ 2D65D56C2F8B6CC5EBFF8E7200C30304 ] C:\WINDOWS\system32\mstlsapi.dll
02:22:29.0671 3924  C:\WINDOWS\system32\mstlsapi.dll - ok
02:22:29.0671 3924  [ 3CB78C17BB664637787C9A1C98F79C38 ] C:\WINDOWS\system32\tapisrv.dll
02:22:29.0671 3924  C:\WINDOWS\system32\tapisrv.dll - ok
02:22:29.0671 3924  [ 6404807ABC7AF52FA3792697AE638B50 ] C:\WINDOWS\system32\wbem\wbemcons.dll
02:22:29.0671 3924  C:\WINDOWS\system32\wbem\wbemcons.dll - ok
02:22:29.0687 3924  [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] C:\WINDOWS\system32\rasmans.dll
02:22:29.0687 3924  C:\WINDOWS\system32\rasmans.dll - ok
02:22:29.0687 3924  [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll
02:22:29.0687 3924  C:\WINDOWS\system32\netcfgx.dll - ok
02:22:29.0687 3924  [ 5F7692CEC90E2E9AA32CD58321E234B8 ] C:\WINDOWS\system32\rastapi.dll
02:22:29.0687 3924  C:\WINDOWS\system32\rastapi.dll - ok
02:22:29.0703 3924  [ 798A9E6828997EEF4517ADA8A2259831 ] C:\WINDOWS\system32\wbem\wmiprvse.exe
02:22:29.0703 3924  C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
02:22:29.0703 3924  [ AACE07FE34FADDDF973CE068A6424957 ] C:\WINDOWS\system32\unimdm.tsp
02:22:29.0703 3924  C:\WINDOWS\system32\unimdm.tsp - ok
02:22:29.0703 3924  [ 995252FCC4692B5B97EE17D596C9386E ] C:\WINDOWS\system32\uniplat.dll
02:22:29.0703 3924  C:\WINDOWS\system32\uniplat.dll - ok
02:22:29.0718 3924  [ 567D46179E7A673711CD9FEA512C5364 ] C:\Program Files\Java\jre7\bin\awt.dll
02:22:29.0718 3924  C:\Program Files\Java\jre7\bin\awt.dll - ok
02:22:29.0718 3924  [ 76EC97C5068D3D9FAA7774B0F659D31A ] C:\WINDOWS\system32\kmddsp.tsp
02:22:29.0718 3924  C:\WINDOWS\system32\kmddsp.tsp - ok
02:22:29.0718 3924  [ 4589963D84F2984FA5949A72162BA4F4 ] C:\WINDOWS\system32\ndptsp.tsp
02:22:29.0718 3924  C:\WINDOWS\system32\ndptsp.tsp - ok
02:22:29.0734 3924  [ 8B8A45DF7CEF36D93C7BD3E4C84003B8 ] C:\WINDOWS\system32\ipconf.tsp
02:22:29.0734 3924  C:\WINDOWS\system32\ipconf.tsp - ok
02:22:29.0734 3924  [ 8BC2B02DC11C98D14CEE43B8E8393FF3 ] C:\WINDOWS\system32\h323.tsp
02:22:29.0734 3924  C:\WINDOWS\system32\h323.tsp - ok
02:22:29.0750 3924  [ 6B552ED3BEE5AA3C4560478FF779BA98 ] C:\WINDOWS\system32\hidphone.tsp
02:22:29.0750 3924  C:\WINDOWS\system32\hidphone.tsp - ok
02:22:29.0750 3924  [ 6895427873D6C37A6D6DA7C3DB37DA14 ] C:\WINDOWS\system32\licwmi.dll
02:22:29.0750 3924  C:\WINDOWS\system32\licwmi.dll - ok
02:22:29.0750 3924  [ 4306FA2F1099D7C606139255FDB62B19 ] C:\WINDOWS\system32\wbem\framedyn.dll
02:22:29.0750 3924  C:\WINDOWS\system32\wbem\framedyn.dll - ok
02:22:29.0765 3924  [ D0545A010ED2259A740C8414899A938F ] C:\WINDOWS\system32\rasppp.dll
02:22:29.0765 3924  C:\WINDOWS\system32\rasppp.dll - ok
02:22:29.0765 3924  [ B464BD425D5D09ABE4192234D1577B22 ] C:\WINDOWS\system32\ntlsapi.dll
02:22:29.0765 3924  C:\WINDOWS\system32\ntlsapi.dll - ok
02:22:29.0765 3924  [ A655C88AA555BB8EF8957BD29408827F ] C:\WINDOWS\system32\rasqec.dll
02:22:29.0765 3924  C:\WINDOWS\system32\rasqec.dll - ok
02:22:29.0781 3924  [ A693A49A67673F2C8D76797EA9A628D0 ] C:\WINDOWS\system32\licdll.dll
02:22:29.0781 3924  C:\WINDOWS\system32\licdll.dll - ok
02:22:29.0781 3924  [ 84E2A7194C6771AEC66AD86DC63C1E2F ] C:\Program Files\Java\jre7\bin\client\jvm.dll
02:22:29.0781 3924  C:\Program Files\Java\jre7\bin\client\jvm.dll - ok
02:22:29.0781 3924  [ 401A8C0BE0BAA7D7A470F0942244152D ] C:\WINDOWS\system32\rasdlg.dll
02:22:29.0781 3924  C:\WINDOWS\system32\rasdlg.dll - ok
02:22:29.0796 3924  [ 8C515081584A38AA007909CD02020B3D ] C:\WINDOWS\system32\alg.exe
02:22:29.0796 3924  C:\WINDOWS\system32\alg.exe - ok
02:22:29.0796 3924  [ 71418CC50746FC2CB3F517CB3F5A022E ] C:\Program Files\Java\jre7\bin\dcpr.dll
02:22:29.0796 3924  C:\Program Files\Java\jre7\bin\dcpr.dll - ok
02:22:29.0796 3924  [ A958D75082496FBD6D27D290C41F1231 ] C:\Program Files\Java\jre7\bin\deploy.dll
02:22:29.0812 3924  C:\Program Files\Java\jre7\bin\deploy.dll - ok
02:22:29.0812 3924  [ 81E5FA9746A38DC190698F917ED821E7 ] C:\Program Files\Java\jre7\bin\fontmanager.dll
02:22:29.0812 3924  C:\Program Files\Java\jre7\bin\fontmanager.dll - ok
02:22:29.0812 3924  [ 003B1DEC8FC93671E793C24E06907DD3 ] C:\Program Files\Java\jre7\bin\java.dll
02:22:29.0812 3924  C:\Program Files\Java\jre7\bin\java.dll - ok
02:22:29.0812 3924  [ BADA7311D82CFA73A7DB1D1EEC9214E1 ] C:\Program Files\Java\jre7\bin\javaw.exe
02:22:29.0812 3924  C:\Program Files\Java\jre7\bin\javaw.exe - ok
02:22:29.0828 3924  [ 9EFBB3055B3EECE5B0FC7BAED07A6EE9 ] C:\WINDOWS\system32\msxml6.dll
02:22:29.0828 3924  C:\WINDOWS\system32\msxml6.dll - ok
02:22:29.0828 3924  [ 955C10E1BF9C814FCCA6E1DC7E25C0F6 ] C:\Program Files\Java\jre7\bin\jp2native.dll
02:22:29.0828 3924  C:\Program Files\Java\jre7\bin\jp2native.dll - ok
02:22:29.0828 3924  [ 7FF6E93568EF6B6401E254B407051750 ] C:\Program Files\Java\jre7\bin\jpeg.dll
02:22:29.0843 3924  C:\Program Files\Java\jre7\bin\jpeg.dll - ok
02:22:29.0843 3924  [ 91F7D4D415B0F0BD77D229D6D6F7EB52 ] C:\Program Files\Java\jre7\bin\net.dll
02:22:29.0843 3924  C:\Program Files\Java\jre7\bin\net.dll - ok
02:22:29.0843 3924  [ A20DA288DCDC0E1396FDC61F2AA656CE ] C:\Program Files\Java\jre7\bin\nio.dll
02:22:29.0843 3924  C:\Program Files\Java\jre7\bin\nio.dll - ok
02:22:29.0859 3924  [ D474AACD8E14692450E98B258D30B6CE ] C:\Program Files\Java\jre7\bin\verify.dll
02:22:29.0859 3924  C:\Program Files\Java\jre7\bin\verify.dll - ok
02:22:29.0859 3924  [ 66A841AFCC52DA7B6AF694E79E1326E2 ] C:\Program Files\Java\jre7\bin\zip.dll
02:22:29.0859 3924  C:\Program Files\Java\jre7\bin\zip.dll - ok
02:22:29.0859 3924  [ E837FDBB92E9873E538395B623F45462 ] C:\WINDOWS\system32\wbem\cimwin32.dll
02:22:29.0859 3924  C:\WINDOWS\system32\wbem\cimwin32.dll - ok
02:22:29.0875 3924  [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll
02:22:29.0875 3924  C:\WINDOWS\system32\cfgmgr32.dll - ok
02:22:29.0875 3924  [ 178A34E5554DCE485E1262DDF027960C ] C:\DOCUME~1\Nick\LOCALS~1\Temp\11A6C2EE-7CA3-43F3-BC32-68D19C304A4B.exe
02:22:29.0875 3924  C:\DOCUME~1\Nick\LOCALS~1\Temp\11A6C2EE-7CA3-43F3-BC32-68D19C304A4B.exe - ok
02:22:29.0875 3924  [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll
02:22:29.0875 3924  C:\WINDOWS\system32\actxprxy.dll - ok
02:22:29.0890 3924  [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll
02:22:29.0890 3924  C:\WINDOWS\system32\ntshrui.dll - ok
02:22:29.0890 3924  [ 91790D6749EBED90E2C40479C0A91879 ] C:\WINDOWS\system32\verclsid.exe
02:22:29.0890 3924  C:\WINDOWS\system32\verclsid.exe - ok
02:22:29.0890 3924  [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll
02:22:29.0890 3924  C:\WINDOWS\system32\linkinfo.dll - ok
02:22:29.0906 3924  [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll
02:22:29.0906 3924  C:\WINDOWS\system32\upnp.dll - ok
02:22:29.0906 3924  [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll
02:22:29.0906 3924  C:\WINDOWS\system32\mlang.dll - ok
02:22:29.0921 3924  [ F80A415EF82CD06FFAF0D971528EAD38 ] C:\WINDOWS\system32\drivers\http.sys
02:22:29.0921 3924  C:\WINDOWS\system32\drivers\http.sys - ok
02:22:29.0921 3924  [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll
02:22:29.0921 3924  C:\WINDOWS\system32\ssdpapi.dll - ok
02:22:29.0921 3924  [ 0A5679B3714EDAB99E357057EE88FCA6 ] C:\WINDOWS\system32\ssdpsrv.dll
02:22:29.0921 3924  C:\WINDOWS\system32\ssdpsrv.dll - ok
02:22:29.0937 3924  [ 3B556A0DD75EE786F8E1963E9770F760 ] C:\WINDOWS\system32\nvmctray.dll
02:22:29.0937 3924  C:\WINDOWS\system32\nvmctray.dll - ok
02:22:29.0937 3924  [ 6E0F29BD0E792618FF285AB094F4DCEF ] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe
02:22:29.0937 3924  C:\Program Files\NVIDIA Corporation\nview\nwiz.exe - ok
02:22:29.0937 3924  [ C551E83ADB312F0353961267F02D7047 ] C:\Program Files\NVIDIA Corporation\Update Common\NvUpdt.dll
02:22:29.0937 3924  C:\Program Files\NVIDIA Corporation\Update Common\NvUpdt.dll - ok
02:22:29.0953 3924  [ 148C545849C1379A3D4448F5DE768E86 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
02:22:29.0953 3924  C:\Program Files\AVAST Software\Avast\AvastUI.exe - ok
02:22:29.0953 3924  [ 1D18C4172C53F3411F80B3A58F1D740B ] C:\Program Files\NVIDIA Corporation\Update Common\EasyDaemonAPIU.dll
02:22:29.0953 3924  C:\Program Files\NVIDIA Corporation\Update Common\EasyDaemonAPIU.dll - ok
02:22:29.0953 3924  [ B2D4A37B12F04736362268FFC5B6F5BF ] C:\Program Files\AVAST Software\Avast\aswUtil.dll
02:22:29.0953 3924  C:\Program Files\AVAST Software\Avast\aswUtil.dll - ok
02:22:29.0968 3924  [ 3CB07566302BCEEB898DE270A0BEC175 ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
02:22:29.0968 3924  C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe - ok
02:22:29.0968 3924  [ 8657C4CFF27F0ADA25A2C33F3BBF2955 ] C:\Program Files\NVIDIA Corporation\Update Common\NvUpdtr.dll
02:22:29.0968 3924  C:\Program Files\NVIDIA Corporation\Update Common\NvUpdtr.dll - ok
02:22:29.0984 3924  [ 0D67A518BE3BC74C63423AC5595C7251 ] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
02:22:29.0984 3924  C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe - ok
02:22:29.0984 3924  [ CA6ADE4F7761BB15B3325356DC3B82BB ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll
02:22:29.0984 3924  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll - ok
02:22:29.0984 3924  [ D32584BE69090F06B62339B2D863C24E ] C:\Program Files\NVIDIA Corporation\nview\nView.dll
02:22:29.0984 3924  C:\Program Files\NVIDIA Corporation\nview\nView.dll - ok
02:22:30.0000 3924  [ A40432BB46793F3A2AD42E6D23A8290F ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
02:22:30.0000 3924  C:\Program Files\Common Files\Java\Java Update\jusched.exe - ok
02:22:30.0000 3924  [ 112AA56909B693AD665C915C96CF4A99 ] C:\WINDOWS\system32\nvwddi.dll
02:22:30.0000 3924  C:\WINDOWS\system32\nvwddi.dll - ok
02:22:30.0000 3924  [ FBFCA1A574D47EE575448B719CBBF2E4 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll
02:22:30.0000 3924  C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\mfc90enu.dll - ok
02:22:30.0015 3924  [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll
02:22:30.0015 3924  C:\WINDOWS\system32\webcheck.dll - ok
02:22:30.0015 3924  [ 520C1168F1D8447EFDE7C101CA5E75EC ] C:\Program Files\AVAST Software\Avast\aswData.dll
02:22:30.0015 3924  C:\Program Files\AVAST Software\Avast\aswData.dll - ok
02:22:30.0015 3924  [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll
02:22:30.0015 3924  C:\WINDOWS\system32\stobject.dll - ok
02:22:30.0031 3924  [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll
02:22:30.0031 3924  C:\WINDOWS\system32\batmeter.dll - ok
02:22:30.0031 3924  [ 92A9797D368E5952E753CC24321A7A0A ] C:\Program Files\CheckPoint\ZoneAlarm\zpeng25.dll
02:22:30.0031 3924  C:\Program Files\CheckPoint\ZoneAlarm\zpeng25.dll - ok
02:22:30.0046 3924  [ 045E228F71C31901084B64BE59093499 ] C:\WINDOWS\system32\WPDShServiceObj.dll
02:22:30.0046 3924  C:\WINDOWS\system32\WPDShServiceObj.dll - ok
02:22:30.0046 3924  [ 538A270F35A713C360B7ED4168BB7521 ] C:\WINDOWS\system32\mydocs.dll
02:22:30.0046 3924  C:\WINDOWS\system32\mydocs.dll - ok
02:22:30.0046 3924  [ 9F0E7FBD08442DDCF856E933D26A296C ] C:\Program Files\AVAST Software\Avast\1033\uiLangRes.dll
02:22:30.0046 3924  C:\Program Files\AVAST Software\Avast\1033\uiLangRes.dll - ok
02:22:30.0062 3924  [ 58B8702C20DE211D1FCB248D2FDD71D1 ] C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe
02:22:30.0062 3924  C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe - ok
02:22:30.0062 3924  [ ED13869C11FD522B80EDF712D77251F1 ] C:\Program Files\AVAST Software\Avast\CommonRes.dll
02:22:30.0062 3924  C:\Program Files\AVAST Software\Avast\CommonRes.dll - ok
02:22:30.0062 3924  [ 22358578CB321F3325496A3723029409 ] C:\WINDOWS\system32\PortableDeviceTypes.dll
02:22:30.0062 3924  C:\WINDOWS\system32\PortableDeviceTypes.dll - ok
02:22:30.0078 3924  [ 9D45B2201D0ECF9F42136C7B99DEB8B2 ] C:\WINDOWS\system32\PortableDeviceApi.dll
02:22:30.0078 3924  C:\WINDOWS\system32\PortableDeviceApi.dll - ok
02:22:30.0078 3924  [ E3C817F7FE44CC870ECDBCBC3EA36132 ] C:\WINDOWS\system32\msvcp100.dll
02:22:30.0078 3924  C:\WINDOWS\system32\msvcp100.dll - ok
02:22:30.0078 3924  [ 4044E880593FE1AC9942190FCE414BE7 ] C:\WINDOWS\system32\mstask.dll
02:22:30.0078 3924  C:\WINDOWS\system32\mstask.dll - ok
02:22:30.0093 3924  [ BF38660A9125935658CFA3E53FDC7D65 ] C:\WINDOWS\system32\msvcr100.dll
02:22:30.0093 3924  C:\WINDOWS\system32\msvcr100.dll - ok
02:22:30.0093 3924  [ CC96587B1C07F84B95271223B19537A8 ] C:\Program Files\AVAST Software\Avast\defs\13050601\uiext.dll
02:22:30.0093 3924  C:\Program Files\AVAST Software\Avast\defs\13050601\uiext.dll - ok
02:22:30.0109 3924  [ C71F26B6C46AF8C2003524AED21DBD18 ] C:\Program Files\CheckPoint\ZoneAlarm\lib\MainLoop.zip.dll
02:22:30.0109 3924  C:\Program Files\CheckPoint\ZoneAlarm\lib\MainLoop.zip.dll - ok
02:22:30.0109 3924  [ 76BBDFDDBDAF651409D7ECA767D9A81C ] C:\Program Files\CheckPoint\ZoneAlarm\lib\NavBar.zip.dll
02:22:30.0109 3924  C:\Program Files\CheckPoint\ZoneAlarm\lib\NavBar.zip.dll - ok
02:22:30.0109 3924  [ 35460DE2379887F2EF69BEDD7698E013 ] C:\Program Files\CheckPoint\ZoneAlarm\lib\ZAlert.zip.dll
02:22:30.0109 3924  C:\Program Files\CheckPoint\ZoneAlarm\lib\ZAlert.zip.dll - ok
02:22:30.0125 3924  [ 53D225764FBE85BBBA747F6DD4C02A54 ] C:\Program Files\CheckPoint\ZoneAlarm\lib\ZClient.zip.dll
02:22:30.0125 3924  C:\Program Files\CheckPoint\ZoneAlarm\lib\ZClient.zip.dll - ok
02:22:30.0125 3924  [ A7E763DE54F5A3514523E5161DAC780F ] C:\Program Files\CheckPoint\ZoneAlarm\lib\zfde.zip.dll
02:22:30.0125 3924  C:\Program Files\CheckPoint\ZoneAlarm\lib\zfde.zip.dll - ok
02:22:30.0125 3924  [ 4B6341866AB377401CF542C48167A42D ] C:\Program Files\CheckPoint\ZoneAlarm\lib\zmenu.zip.dll
02:22:30.0125 3924  C:\Program Files\CheckPoint\ZoneAlarm\lib\zmenu.zip.dll - ok
02:22:30.0140 3924  [ 624CD4A603105D62E1CFCD4677BE2C82 ] C:\Program Files\CheckPoint\ZoneAlarm\lib\zpy.zip.dll
02:22:30.0140 3924  C:\Program Files\CheckPoint\ZoneAlarm\lib\zpy.zip.dll - ok
02:22:30.0140 3924  [ F188E231B46A90DBB53A3461CE97E850 ] C:\Program Files\CheckPoint\ZoneAlarm\lib\zsys.zip.dll
02:22:30.0140 3924  C:\Program Files\CheckPoint\ZoneAlarm\lib\zsys.zip.dll - ok
02:22:30.0140 3924  [ 738AD6DF5AEA144D0B0AA8F9348DC946 ] C:\Program Files\CheckPoint\ZoneAlarm\lib\ztv.zip.dll
02:22:30.0140 3924  C:\Program Files\CheckPoint\ZoneAlarm\lib\ztv.zip.dll - ok
02:22:30.0156 3924  [ E7382FE735687351D3D0B6A2954A14FA ] C:\Program Files\CheckPoint\ZoneAlarm\lib\zui.zip.dll
02:22:30.0156 3924  C:\Program Files\CheckPoint\ZoneAlarm\lib\zui.zip.dll - ok
02:22:30.0156 3924  [ 3F78C35AE4C322E1C21BA6A59415623E ] C:\Program Files\CheckPoint\ZoneAlarm\lib\pyd\zpui.pyd
02:22:30.0156 3924  C:\Program Files\CheckPoint\ZoneAlarm\lib\pyd\zpui.pyd - ok
02:22:30.0171 3924  [ EF8E5E4FD6C023B1E6F26E947EDD1DD4 ] C:\Program Files\CheckPoint\ZoneAlarm\zhtml.dll
02:22:30.0171 3924  C:\Program Files\CheckPoint\ZoneAlarm\zhtml.dll - ok
02:22:30.0171 3924  [ 9E03DC5AB51CFD0190541CE2038D819D ] C:\WINDOWS\system32\usp10.dll
02:22:30.0171 3924  C:\WINDOWS\system32\usp10.dll - ok
02:22:30.0171 3924  [ D18DFBAC909527D5405802EAFBCC0B51 ] C:\Program Files\CheckPoint\ZoneAlarm\lib\pyd\_ctypes.pyd
02:22:30.0171 3924  C:\Program Files\CheckPoint\ZoneAlarm\lib\pyd\_ctypes.pyd - ok
02:22:30.0187 3924  [ 1276B62E3CA847317F5083DEAD342DCA ] C:\Program Files\CheckPoint\ZoneAlarm\lib\pyd\zpdx.pyd
02:22:30.0187 3924  C:\Program Files\CheckPoint\ZoneAlarm\lib\pyd\zpdx.pyd - ok
02:22:30.0187 3924  [ 611E983C8D4F640405CE5DE80EA1F786 ] C:\Program Files\CheckPoint\ZoneAlarm\lib\pyd\pyexpat.pyd
02:22:30.0187 3924  C:\Program Files\CheckPoint\ZoneAlarm\lib\pyd\pyexpat.pyd - ok
02:22:30.0187 3924  [ 151F7343580AFFB4AEC72AD24D075DE2 ] C:\Program Files\CheckPoint\ZoneAlarm\lib\pyd\_socket.pyd
02:22:30.0187 3924  C:\Program Files\CheckPoint\ZoneAlarm\lib\pyd\_socket.pyd - ok
02:22:30.0203 3924  [ 5C600B263C535BA148D87C0CCBC0BFB4 ] C:\Program Files\CheckPoint\ZoneAlarm\lib\pyd\zptv.pyd
02:22:30.0203 3924  C:\Program Files\CheckPoint\ZoneAlarm\lib\pyd\zptv.pyd - ok
02:22:30.0203 3924  [ AC76F190F4E13B171AD059069F5853AF ] C:\Program Files\CheckPoint\ZoneAlarm\vspubapi.dll
02:22:30.0203 3924  C:\Program Files\CheckPoint\ZoneAlarm\vspubapi.dll - ok
02:22:30.0203 3924  [ 8F0322CEA3CEFA07F4F25EB6D73FEC0D ] C:\Program Files\CheckPoint\ZoneAlarm\vsmonapi.dll
02:22:30.0203 3924  C:\Program Files\CheckPoint\ZoneAlarm\vsmonapi.dll - ok
02:22:30.0218 3924  [ 9F9D928F2004559247E8DEA4D1361D9B ] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
02:22:30.0218 3924  C:\Program Files\CheckPoint\ZAForceField\ForceField.exe - ok
02:22:30.0218 3924  [ 92143F1CE33835A2CD48E73A8169D083 ] C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustChecker.dll
02:22:30.0218 3924  C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustChecker.dll - ok
02:22:30.0218 3924  [ 6FE42512AB1B89F32A7407F261B1D2D0 ] C:\Documents and Settings\Nick\Local Settings\Temp\IswTmp\WH\0
02:22:30.0234 3924  C:\Documents and Settings\Nick\Local Settings\Temp\IswTmp\WH\0 - ok
02:22:30.0234 3924  [ 6203F47638198F7AA60B827E60BF36F0 ] C:\Program Files\CheckPoint\ZAForceField\ISWUL_MIN\ISWUL.dll
02:22:30.0234 3924  C:\Program Files\CheckPoint\ZAForceField\ISWUL_MIN\ISWUL.dll - ok
02:22:30.0234 3924  [ E5ED703E2B284FDB48EA5485A052318D ] C:\Program Files\CheckPoint\ZAForceField\Plugins\updating.dll
02:22:30.0234 3924  C:\Program Files\CheckPoint\ZAForceField\Plugins\updating.dll - ok
02:22:30.0250 3924  [ E7E25D10B83264F67D5D2120ECE42FDB ] C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
02:22:30.0250 3924  C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll - ok
02:22:30.0250 3924  [ 917E65F71F14DE6891BAA8CDA2957DDB ] C:\Program Files\CheckPoint\ZAForceField\Plugins\SiteChecker.dll
02:22:30.0250 3924  C:\Program Files\CheckPoint\ZAForceField\Plugins\SiteChecker.dll - ok
02:22:30.0250 3924  [ C7D789DF7DA3813DD70D8B19D5A308B5 ] C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\samplesites.dll
02:22:30.0250 3924  C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\samplesites.dll - ok
02:22:30.0265 3924  [ D1E18F4AE94FFEC7270BE0A10C0B295E ] C:\WINDOWS\system32\xmllite.dll
02:22:30.0265 3924  C:\WINDOWS\system32\xmllite.dll - ok
02:22:30.0265 3924  [ D46A9EAEAEF4A9B7022CAB6464CF3F2F ] C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\liblua.dll
02:22:30.0265 3924  C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\liblua.dll - ok
02:22:30.0265 3924  [ A019A1830C6A3633F87CD1097D57CB9E ] C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\libtextcat.dll
02:22:30.0265 3924  C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\libtextcat.dll - ok
02:22:30.0281 3924  [ 559158445537BE7126C6D1B6C5627205 ] C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TCData.dll
02:22:30.0281 3924  C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TCData.dll - ok
02:22:30.0281 3924  [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\50112329.sys
02:22:30.0281 3924  C:\WINDOWS\system32\drivers\50112329.sys - ok
02:22:30.0281 3924  [ C730F70351D950DDA7388C9A9763CF54 ] C:\WINDOWS\system32\wbem\wmipcima.dll
02:22:30.0296 3924  C:\WINDOWS\system32\wbem\wmipcima.dll - ok
02:22:30.0296 3924  ============================================================
02:22:30.0296 3924  Scan finished
02:22:30.0296 3924  ============================================================
02:22:30.0406 3916  Detected object count: 1
02:22:30.0406 3916  Actual detected object count: 1
02:22:47.0718 3916  \Device\Harddisk2\DR2\TDLFS\ldrm - copied to quarantine
02:22:47.0734 3916  \Device\Harddisk2\DR2\TDLFS\cmd.dll - copied to quarantine
02:22:50.0562 3916  \Device\Harddisk2\DR2\TDLFS\cmd32.dll - copied to quarantine
02:22:50.0656 3916  \Device\Harddisk2\DR2\TDLFS\cmd64.dll - copied to quarantine
02:22:50.0718 3916  \Device\Harddisk2\DR2\TDLFS\drv32 - copied to quarantine
02:22:50.0781 3916  \Device\Harddisk2\DR2\TDLFS\drv64 - copied to quarantine
02:22:52.0906 3916  \Device\Harddisk2\DR2\TDLFS\servers.dat - copied to quarantine
02:22:52.0906 3916  \Device\Harddisk2\DR2\TDLFS\config.ini - copied to quarantine
02:22:52.0921 3916  \Device\Harddisk2\DR2\TDLFS\ldr16 - copied to quarantine
02:22:52.0921 3916  \Device\Harddisk2\DR2\TDLFS\ldr32 - copied to quarantine
02:22:55.0046 3916  \Device\Harddisk2\DR2\TDLFS\ldr64 - copied to quarantine
02:22:55.0125 3916  \Device\Harddisk2\DR2\TDLFS\s - copied to quarantine
02:22:55.0140 3916  \Device\Harddisk2\DR2\TDLFS\u - copied to quarantine
02:22:55.0140 3916  \Device\Harddisk2\DR2\TDLFS - deleted
02:22:55.0140 3916  \Device\Harddisk2\DR2 ( TDSS File System ) - User select action: Delete



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:53 PM

Posted 07 May 2013 - 01:44 AM


Hello tiko8019

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 tiko8019

tiko8019
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 07 May 2013 - 01:44 AM

Also when I closed TDSS zone alarm poped up with this.

I havent clicked allow or deny yet???



#12 tiko8019

tiko8019
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 07 May 2013 - 01:47 AM

It said TDSS was trying to install a new driver of service



#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:53 PM

Posted 07 May 2013 - 01:48 AM

it uses that driver to help remove what it needs to - avast was reporting the quarantine folder


go ahead and run the combofix script for me


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 tiko8019

tiko8019
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 07 May 2013 - 02:15 AM

I ran combofix script. When I restarted avast it was blocking all websites (google ect.) it does that sometimes after restarting the services. ??? I shut them back down and went to google then restarted avast services but avast froze up. It doesnt usually freeze after this. I had to power cycle to reboot and everything is like it is supposed to be now. Problable not related to virus...

 

ComboFix 13-05-06.03 - Nick 05/07/2013   2:53.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3199.2685 [GMT -4:00]
Running from: c:\documents and settings\Nick\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Nick\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
(((((((((((((((((((((((((   Files Created from 2013-04-07 to 2013-05-07  )))))))))))))))))))))))))))))))
.
.
2013-05-07 05:35 . 2013-05-07 06:22    --------    d-----w-    C:\TDSSKiller_Quarantine
2013-04-23 20:03 . 2013-04-23 20:03    --------    d-----w-    C:\swsetup
2013-04-23 05:10 . 2013-04-23 05:10    --------    d-----w-    C:\NVIDIA
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-23 05:22 . 2013-03-23 05:22    1010464    ----a-w-    c:\windows\system32\nvdispco3230790.dll
2013-03-23 05:22 . 2013-03-23 05:22    893728    ----a-w-    c:\windows\system32\nvdispgenco3230790.dll
2013-03-08 08:36 . 2002-08-29 14:00    293376    ----a-w-    c:\windows\system32\winsrv.dll
2013-03-07 01:32 . 2002-08-29 14:00    2149888    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2002-08-29 01:04    2028544    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06 . 2002-08-29 14:00    916480    ----a-w-    c:\windows\system32\wininet.dll
2013-03-02 02:06 . 2002-08-29 14:00    43520    ------w-    c:\windows\system32\licmgr10.dll
2013-03-02 02:06 . 2002-08-29 14:00    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-03-02 01:25 . 2002-08-29 14:00    1867264    ----a-w-    c:\windows\system32\win32k.sys
2013-02-21 19:06 . 2013-02-21 19:06    81920    ------w-    c:\windows\system32\ieencode.dll
2013-02-12 00:32 . 2002-08-29 14:00    12928    ----a-w-    c:\windows\system32\drivers\usb8023.sys
2013-04-10 06:58 . 2013-04-23 06:48    263064    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-03-06 22:32    121968    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-03-15 15668512]
"NvMediaCenter"="NvMCTray.dll" [2013-03-15 223008]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-03-15 1982312]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-03-06 4767304]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2013-03-27 73832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"ISW"="" [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [4/23/2013 3:07 AM 49248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/23/2013 3:07 AM 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/23/2013 3:07 AM 368176]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/23/2013 3:07 AM 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [4/23/2013 3:07 AM 66336]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [11/22/2012 10:33 AM 27056]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [11/22/2012 10:33 AM 497320]
S3 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [4/23/2013 3:07 AM 164736]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 21370000
*NewlyCreated* - 51714570
*Deregistered* - 21370000
*Deregistered* - 51714570
*Deregistered* - PROCEXP152
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-07 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-04-23 22:32]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 72.240.13.7 72.240.13.5 156.154.70.43
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Nick\Application Data\Mozilla\Firefox\Profiles\5se9u5xj.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - ExtSQL: 2013-04-23 03:07; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: 2013-04-27 22:52; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\TrustChecker
FF - ExtSQL: 2013-04-28 00:12; {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=base2013&Lan={dfltLng}&gu=efb84f7005354840b9ef33bc90d1cdd1&tu=10G90007n2B0008&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - 989d7d080000000000000050baca00ff
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 15823
FF - user.js: extensions.zonealarm.vrsn - 1.8.11.11
FF - user.js: extensions.zonealarm.vrsni - 1.8.11.11
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.11.1122:50
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1001
FF - user.js: extensions.zonealarm.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base2013
FF - user.js: extensions.zonealarm.instlRef - ZLN117823828601611-1001
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - true
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.kw_url - hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=en&gu=efb84f7005354840b9ef33bc90d1cdd1&tu=10G90007n2B0008&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.dnsErr - true
FF - user.js: extensions.zonealarm.newTab - false
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-06158236.sys
SafeBoot-21370000.sys
SafeBoot-84221869.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-07 02:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(588)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(644)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(3132)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-05-07  03:01:05
ComboFix-quarantined-files.txt  2013-05-07 07:01
ComboFix2.txt  2013-05-07 04:44
.
Pre-Run: 891,888,754,688 bytes free
Post-Run: 891,888,930,816 bytes free
.
- - End Of File - - E6267B29D53325BAC6F1B7FED3E518C6
 



#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:53 PM

Posted 07 May 2013 - 03:24 AM


Hello tiko8019

I would like to see a report that combofix makes.

extra combofix report
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok
copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users