Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Sirefef


  • This topic is locked This topic is locked
15 replies to this topic

#1 Skyhound

Skyhound

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 15 August 2012 - 08:25 AM

My security service keeps picking up this trojan, it runs a scan and finds Trojan.Sirefef.JD or Trojan.Sirefef.JC it then precedes to remove this trojan. A box named Virus and Spyware Scanning pops up that says "The virus was removed. You can continue to use this computer", but as soon as I close this box, another one immediately pops back up and it runs the scan again, finding the exact same Trojan.Sirefef.JD or Trojan.Sirefef.JC.
I have two other issues that may be related; my Windows Automatic Updates keeps getting turned off automatically every time I restart my computer, and my icons keep randomly shuffling around as well.
I'm computer-basic so all I've done so far is run the DDS program as instructed by this website.
Thanks.

DDS Log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by HP_Administrator at 9:55:57 on 2012-08-15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.374 [GMT -3:00]
.
AV: EastLink Internet Security Services 9.12 *Enabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: EastLink Internet Security Services 9.12 *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\eastlinkinternetsecurityservices\Common\FSM32.EXE
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
svchost.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\fsgk32st.exe
C:\Program Files\eastlinkinternetsecurityservices\Common\FSMA32.EXE
C:\Program Files\eastlinkinternetsecurityservices\Common\FSHDLL32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\eastlinkinternetsecurityservices\FWES\Program\fsdfwd.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\DISC\DiscStreamHub.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\FSGK32.EXE
C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\fssm32.exe
C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\fsav32.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\eastlinkinternetsecurityservices\nrs\iescript\baselitmus.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [PinInit] c:\hp\bin\cloaker.exe c:\hp\bin\PinToStart.bat
mRun: [DISCover] c:\program files\disc\DISCover.exe
mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdMgr.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [<NO NAME>]
mRun: [PCDrProfiler] "c:\program files\pc-doctor 5 for windows\RunProfiler.exe" -r
mRun: [SetDefaultPrinter] c:\hp\bin\cloaker.exe c:\windows\system32\cmd.exe /c c:\hp\bin\defaultprinter\SetDefaultPrinter.cmd
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [F-Secure Manager] "c:\program files\eastlinkinternetsecurityservices\common\FSM32.EXE" /splash
mRun: [F-Secure TNB] "c:\program files\eastlinkinternetsecurityservices\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\resche~1.lnk - c:\hp\bin\CLOAKER.EXE
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1343487780656
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1343485843421
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 24.222.0.94 24.222.0.95
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
TCP: Interfaces\{A01669E9-C8AC-41BB-862D-A3BFC5D96F33} : DhcpNameServer = 24.222.0.94 24.222.0.95
TCP: Interfaces\{BBF1D3AA-E1CF-49C1-A866-7EA85A54E390} : NameServer = 24.222.0.94,24.222.0.95
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\nagrl9mv.default\
FF - plugin: c:\documents and settings\hp_administrator\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1165635.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2012-3-10 44240]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2012-3-10 81864]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-4-16 65584]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\eastlinkinternetsecurityservices\hips\drivers\fshs.sys [2012-3-10 69928]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\eastlinkinternetsecurityservices\anti-virus\fsgk32st.exe [2012-3-10 221608]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\eastlinkinternetsecurityservices\anti-virus\minifilter\fsgk.sys [2012-3-10 149672]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\eastlinkinternetsecurityservices\orsp client\fsorsp.exe [2012-3-10 61088]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-8-6 113120]
S3 RkHit;RkHit;\??\c:\windows\system32\drivers\rkhit.sys --> c:\windows\system32\drivers\RKHit.sys [?]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\eastlinkinternetsecurityservices\anti-virus\win2k\fsfilter.sys [2012-3-10 41640]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\eastlinkinternetsecurityservices\anti-virus\win2k\fsrec.sys [2012-3-10 27048]
.
=============== Created Last 30 ================
.
2012-08-15 06:40:48 -------- d--h--w- c:\program files\WindowsUpdate
2012-08-11 15:52:42 19569 ----a-w- c:\windows\000003_.tmp
2012-08-10 15:22:13 19569 ----a-w- c:\windows\000002_.tmp
2012-08-10 14:42:58 -------- d-----w- c:\documents and settings\hp_administrator\application data\FixZeroAccess
2012-08-03 06:11:27 -------- d--h--w- c:\windows\system32\GroupPolicy
2012-07-28 15:15:05 -------- d-----w- c:\windows\system32\XPSViewer
2012-07-28 15:14:30 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-07-28 15:13:43 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-07-28 15:13:43 117760 ------w- c:\windows\system32\prntvpt.dll
2012-07-28 15:13:42 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-07-28 15:13:42 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-07-28 15:13:42 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-07-28 15:13:42 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-07-28 15:13:41 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-07-28 15:13:41 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2012-07-27 05:36:57 33792 ------w- c:\program files\messenger\custsat.dll
2012-07-27 05:36:57 -------- d-----w- c:\program files\Messenger
2012-07-27 05:36:54 81920 ------w- c:\windows\system32\ieencode.dll
2012-07-27 05:36:03 19569 ----a-w- c:\windows\000001_.tmp
2012-07-26 23:50:30 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-26 01:30:07 -------- d-----w- c:\documents and settings\hp_administrator\application data\ElevatedDiagnostics
2012-07-25 20:41:36 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\Mozilla
2012-07-25 20:04:51 -------- dc-h--w- c:\windows\ie8
2012-07-21 22:37:14 -------- d-----w- c:\documents and settings\hp_administrator\application data\Roepru
2012-07-21 22:37:14 -------- d-----w- c:\documents and settings\hp_administrator\application data\Egmy
.
==================== Find3M ====================
.
2012-08-15 12:55:17 44240 ----a-w- c:\windows\system32\drivers\fsbts.sys
2012-07-26 23:55:16 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ------w- c:\windows\system32\drivers\rdpwd.sys
2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 20:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 18:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 18:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 18:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 18:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 18:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 18:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 9:57:26.06 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:40 PM

Posted 15 August 2012 - 02:13 PM

Hello Skyhound,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


1.
Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    Posted Image
  • Put a checkmark beside loaded modules.
    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Posted Image
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TdssKiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Skyhound

Skyhound
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 15 August 2012 - 06:13 PM

Everything seems to be running fine now. Security system is no longer picking up Trojan.Sirefef virus, automatic updates are turning on and icons are staying still. Here are my TDSSKiller and Combofix logs, just in case you can see anything else.

TDSSKiller Log:

18:35:03.0000 3360 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
18:35:05.0015 3360 ============================================================
18:35:05.0015 3360 Current date / time: 2012/08/15 18:35:05.0015
18:35:05.0015 3360 SystemInfo:
18:35:05.0015 3360
18:35:05.0015 3360 OS Version: 5.1.2600 ServicePack: 3.0
18:35:05.0015 3360 Product type: Workstation
18:35:05.0015 3360 ComputerName: BAD-T
18:35:05.0015 3360 UserName: HP_Administrator
18:35:05.0015 3360 Windows directory: C:\WINDOWS
18:35:05.0015 3360 System windows directory: C:\WINDOWS
18:35:05.0015 3360 Processor architecture: Intel x86
18:35:05.0015 3360 Number of processors: 1
18:35:05.0015 3360 Page size: 0x1000
18:35:05.0015 3360 Boot type: Normal boot
18:35:05.0015 3360 ============================================================
18:35:11.0328 3360 BG loaded
18:35:12.0187 3360 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:35:12.0296 3360 ============================================================
18:35:12.0296 3360 \Device\Harddisk0\DR0:
18:35:12.0328 3360 MBR partitions:
18:35:12.0328 3360 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x16303545
18:35:12.0328 3360 \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x16307445, BlocksNum 0x119697C
18:35:12.0359 3360 ============================================================
18:35:12.0515 3360 C: <-> \Device\Harddisk0\DR0\Partition1
18:35:12.0531 3360 D: <-> \Device\Harddisk0\DR0\Partition2
18:35:12.0640 3360 ============================================================
18:35:12.0640 3360 Initialize success
18:35:12.0640 3360 ============================================================
18:38:14.0046 0468 ============================================================
18:38:14.0046 0468 Scan started
18:38:14.0046 0468 Mode: Manual; SigCheck; TDLFS;
18:38:14.0046 0468 ============================================================
18:38:17.0046 0468 ================ Scan services =============================
18:38:21.0375 0468 Abiosdsk - ok
18:38:21.0421 0468 abp480n5 - ok
18:38:21.0734 0468 [ 8fd99680a539792a30e97944fdaecf17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:38:26.0813 0468 ACPI - ok
18:38:26.0876 0468 [ 9859c0f6936e723e4892d7141b1327d5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
18:38:27.0532 0468 ACPIEC - ok
18:38:27.0548 0468 adpu160m - ok
18:38:27.0704 0468 [ 8bed39e3c35d6a489438b8141717a557 ] aec C:\WINDOWS\system32\drivers\aec.sys
18:38:28.0626 0468 aec - ok
18:38:28.0782 0468 [ 1e44bc1e83d8fd2305f8d452db109cf9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
18:38:29.0454 0468 AFD - ok
18:38:29.0986 0468 [ 994a42d273c35b43ee9d1e8a5d8bc639 ] AgereSoftModem C:\WINDOWS\system32\DRIVERS\AGRSM.sys
18:38:31.0971 0468 AgereSoftModem - ok
18:38:31.0971 0468 Aha154x - ok
18:38:31.0987 0468 aic78u2 - ok
18:38:32.0002 0468 aic78xx - ok
18:38:32.0080 0468 [ a9a3daa780ca6c9671a19d52456705b4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
18:38:32.0862 0468 Alerter - ok
18:38:32.0924 0468 [ 8c515081584a38aa007909cd02020b3d ] ALG C:\WINDOWS\System32\alg.exe
18:38:33.0487 0468 ALG - ok
18:38:33.0503 0468 AliIde - ok
18:38:33.0659 0468 [ 59301936898ae62245a6f09c0aba9475 ] AmdK8 C:\WINDOWS\system32\DRIVERS\AmdK8.sys
18:38:34.0222 0468 AmdK8 - ok
18:38:34.0237 0468 amsint - ok
18:38:34.0566 0468 [ d8849f77c0b66226335a59d26cb4edc6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
18:38:36.0035 0468 AppMgmt - ok
18:38:36.0144 0468 [ 00523019e3579c8f8a94457fe25f0f24 ] aracpi C:\WINDOWS\system32\DRIVERS\aracpi.sys
18:38:36.0691 0468 aracpi - ok
18:38:36.0769 0468 [ 9fedaa46eb1a572ac4d9ee6b5f123cf2 ] arhidfltr C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
18:38:37.0098 0468 arhidfltr - ok
18:38:37.0144 0468 [ 82969576093cd983dd559f5a86f382b4 ] arkbcfltr C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
18:38:37.0535 0468 arkbcfltr - ok
18:38:37.0535 0468 [ 9b21791d8a78faece999fadbebda6c22 ] armoucfltr C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
18:38:38.0082 0468 armoucfltr - ok
18:38:38.0239 0468 [ b5b8a80875c1dededa8b02765642c32f ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
18:38:38.0973 0468 Arp1394 - ok
18:38:39.0020 0468 [ 7a2da7c7b0c524ef26a79f17a5c69fde ] ARPolicy C:\WINDOWS\system32\DRIVERS\arpolicy.sys
18:38:39.0348 0468 ARPolicy - ok
18:38:39.0442 0468 [ 9a0d9b2e263bede80fb79ddbad240ec1 ] ARSVC C:\WINDOWS\arservice.exe
18:38:47.0367 0468 ARSVC - ok
18:38:47.0382 0468 asc - ok
18:38:47.0382 0468 asc3350p - ok
18:38:47.0398 0468 asc3550 - ok
18:38:47.0914 0468 [ 0e5e4957549056e2bf2c49f4f6b601ad ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
18:38:48.0820 0468 aspnet_state - ok
18:38:48.0867 0468 [ b153affac761e7f5fcfa822b9c4e97bc ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:38:49.0461 0468 AsyncMac - ok
18:38:49.0492 0468 [ 9f3a2f5aa6875c72bf062c712cfa2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
18:38:50.0461 0468 atapi - ok
18:38:50.0477 0468 Atdisk - ok
18:38:50.0555 0468 [ 9916c1225104ba14794209cfa8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:38:51.0290 0468 Atmarpc - ok
18:38:51.0384 0468 [ def7a7882bec100fe0b2ce2549188f9d ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
18:38:51.0962 0468 AudioSrv - ok
18:38:52.0040 0468 [ d9f724aa26c010a217c97606b160ed68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
18:38:52.0712 0468 audstub - ok
18:38:52.0743 0468 [ 7270d070173b20ac9487ea16bb08b45f ] bb-run C:\WINDOWS\system32\DRIVERS\bb-run.sys
18:38:53.0165 0468 bb-run - ok
18:38:53.0259 0468 [ da1f27d85e0d1525f6621372e7b685e9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
18:38:53.0759 0468 Beep - ok
18:38:53.0916 0468 [ cfd4e51402da9838b5a04ae680af54a0 ] Browser C:\WINDOWS\System32\browser.dll
18:38:54.0775 0468 Browser - ok
18:38:54.0853 0468 [ 90a673fc8e12a79afbed2576f6a7aaf9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
18:38:55.0369 0468 cbidf2k - ok
18:38:55.0385 0468 cd20xrnt - ok
18:38:55.0416 0468 [ c1b486a7658353d33a10cc15211a873b ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
18:38:56.0416 0468 Cdaudio - ok
18:38:56.0463 0468 [ c885b02847f5d2fd45a24e219ed93b32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
18:38:57.0214 0468 Cdfs - ok
18:38:57.0323 0468 [ 1f4260cc5b42272d71f79e570a27a4fe ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:38:57.0745 0468 Cdrom - ok
18:38:57.0745 0468 Changer - ok
18:38:57.0870 0468 [ 1cfe720eb8d93a7158a4ebc3ab178bde ] CiSvc C:\WINDOWS\system32\cisvc.exe
18:38:58.0401 0468 CiSvc - ok
18:38:58.0495 0468 [ 34cbe729f38138217f9c80212a2a0c82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
18:38:58.0902 0468 ClipSrv - ok
18:38:59.0042 0468 [ d87acaed61e417bba546ced5e7e36d9c ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:39:00.0511 0468 clr_optimization_v2.0.50727_32 - ok
18:39:00.0527 0468 CmdIde - ok
18:39:00.0527 0468 COMSysApp - ok
18:39:00.0543 0468 Cpqarray - ok
18:39:00.0605 0468 [ 3d4e199942e29207970e04315d02ad3b ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
18:39:01.0340 0468 CryptSvc - ok
18:39:01.0481 0468 [ cb6ff7012bb5d59d7c12350db795ce1f ] ctxusbm C:\WINDOWS\system32\DRIVERS\ctxusbm.sys
18:39:04.0013 0468 ctxusbm - ok
18:39:04.0028 0468 dac2w2k - ok
18:39:04.0028 0468 dac960nt - ok
18:39:04.0263 0468 [ 6b27a5c03dfb94b4245739065431322c ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
18:39:05.0716 0468 DcomLaunch - ok
18:39:05.0810 0468 [ 5e38d7684a49cacfb752b046357e0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
18:39:06.0904 0468 Dhcp - ok
18:39:06.0998 0468 [ 044452051f3e02e7963599fc8f4f3e25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
18:39:07.0389 0468 Disk - ok
18:39:07.0389 0468 dmadmin - ok
18:39:07.0889 0468 [ d992fe1274bde0f84ad826acae022a41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
18:39:09.0296 0468 dmboot - ok
18:39:09.0374 0468 [ 7c824cf7bbde77d95c08005717a95f6f ] dmio C:\WINDOWS\system32\drivers\dmio.sys
18:39:09.0890 0468 dmio - ok
18:39:09.0983 0468 [ e9317282a63ca4d188c0df5e09c6ac5f ] dmload C:\WINDOWS\system32\drivers\dmload.sys
18:39:10.0577 0468 dmload - ok
18:39:10.0749 0468 [ 57edec2e5f59f0335e92f35184bc8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
18:39:11.0781 0468 dmserver - ok
18:39:11.0875 0468 [ 8a208dfcf89792a484e76c40e5f50b45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
18:39:12.0656 0468 DMusic - ok
18:39:12.0797 0468 [ 5f7e24fa9eab896051ffb87f840730d2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
18:39:13.0297 0468 Dnscache - ok
18:39:13.0344 0468 [ 0f0f6e687e5e15579ef4da8dd6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
18:39:13.0860 0468 Dot3svc - ok
18:39:13.0860 0468 dpti2o - ok
18:39:13.0922 0468 [ 8f5fcff8e8848afac920905fbd9d33c8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
18:39:14.0735 0468 drmkaud - ok
18:39:14.0797 0468 [ 2187855a7703adef0cef9ee4285182cc ] EapHost C:\WINDOWS\System32\eapsvc.dll
18:39:15.0173 0468 EapHost - ok
18:39:15.0516 0468 [ d039a0c347632622934906bd59a4e1ea ] ehRecvr C:\WINDOWS\eHome\ehRecvr.exe
18:39:15.0985 0468 ehRecvr - ok
18:39:16.0048 0468 [ a53243709439ac2a4c216b817f8d7411 ] ehSched C:\WINDOWS\eHome\ehSched.exe
18:39:16.0689 0468 ehSched - ok
18:39:16.0782 0468 [ bc93b4a066477954555966d77fec9ecb ] ERSvc C:\WINDOWS\System32\ersvc.dll
18:39:18.0173 0468 ERSvc - ok
18:39:18.0299 0468 [ 65df52f5b8b6e9bbd183505225c37315 ] Eventlog C:\WINDOWS\system32\services.exe
18:39:19.0002 0468 Eventlog - ok
18:39:19.0221 0468 [ d4991d98f2db73c60d042f1aef79efae ] EventSystem C:\WINDOWS\system32\es.dll
18:39:19.0971 0468 EventSystem - ok
18:39:20.0565 0468 [ c42b0105e09b1ece2dd75141cf64afd6 ] F-Secure Filter C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\Win2K\FSfilter.sys
18:39:20.0987 0468 F-Secure Filter - ok
18:39:21.0268 0468 [ 66422dc3faa1de433371816056d28270 ] F-Secure Gatekeeper C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\minifilter\fsgk.sys
18:39:24.0300 0468 F-Secure Gatekeeper - ok
18:39:24.0410 0468 [ 2346842f07e2ab64d1dc83a67fccdfa1 ] F-Secure Gatekeeper Handler Starter C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\fsgk32st.exe
18:39:25.0301 0468 F-Secure Gatekeeper Handler Starter - ok
18:39:25.0457 0468 [ dc0720248dc4d1f303df94ccc3adff96 ] F-Secure HIPS C:\Program Files\eastlinkinternetsecurityservices\HIPS\drivers\fshs.sys
18:39:25.0926 0468 F-Secure HIPS - ok
18:39:26.0082 0468 [ 17b22d1bb6770d8a86573387345c1738 ] F-Secure Recognizer C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\Win2K\FSrec.sys
18:39:26.0551 0468 F-Secure Recognizer - ok
18:39:26.0723 0468 [ 38d332a6d56af32635675f132548343e ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
18:39:27.0630 0468 Fastfat - ok
18:39:27.0802 0468 [ 99bc0b50f511924348be19c7c7313bbf ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
18:39:28.0677 0468 FastUserSwitchingCompatibility - ok
18:39:29.0240 0468 [ e97d6a8684466df94ff3bc24fb787a07 ] Fax C:\WINDOWS\system32\fxssvc.exe
18:39:29.0646 0468 Fax - ok
18:39:29.0677 0468 [ 92cdd60b6730b9f50f6a1a0c1f8cdc81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
18:39:30.0771 0468 Fdc - ok
18:39:30.0865 0468 [ d45926117eb9fa946a6af572fbe1caa3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
18:39:31.0506 0468 Fips - ok
18:39:31.0537 0468 [ 9d27e7b80bfcdf1cdd9b555862d5e7f0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
18:39:32.0178 0468 Flpydisk - ok
18:39:32.0381 0468 [ b2cf4b0786f8212cb92ed2b50c6db6b0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
18:39:32.0975 0468 FltMgr - ok
18:39:33.0413 0468 [ 8ba7c024070f2b7fdd98ed8a4ba41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
18:39:33.0819 0468 FontCache3.0.0.0 - ok
18:39:34.0007 0468 [ 18da737dd5122a475da4948ed4643675 ] fsbts C:\WINDOWS\system32\Drivers\fsbts.sys
18:39:34.0460 0468 fsbts - ok
18:39:35.0789 0468 [ 7cd27e80dfd22f02fbda47b706aba0f2 ] FSDFWD C:\Program Files\eastlinkinternetsecurityservices\FWES\Program\fsdfwd.exe
18:39:36.0898 0468 FSDFWD - ok
18:39:36.0961 0468 [ fe5918f5c839f7bbf74fb91743dd4262 ] FSFW C:\WINDOWS\system32\drivers\fsdfw.sys
18:39:37.0836 0468 FSFW - ok
18:39:38.0164 0468 [ 8a556a81e9ff95bd9eb7207783e8fcf4 ] FSMA C:\Program Files\eastlinkinternetsecurityservices\Common\FSMA32.EXE
18:39:39.0071 0468 FSMA - ok
18:39:39.0149 0468 [ 42aef6a385354aca65fc210ce7ce4d7c ] FSORSPClient C:\Program Files\eastlinkinternetsecurityservices\ORSP Client\fsorsp.exe
18:39:39.0555 0468 FSORSPClient - ok
18:39:39.0681 0468 [ 3e1e2bd4f39b0e2b7dc4f4d2bcc2779a ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:39:40.0290 0468 Fs_Rec - ok
18:39:40.0321 0468 [ 6ac26732762483366c3969c9e4d2259d ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:39:41.0056 0468 Ftdisk - ok
18:39:41.0259 0468 [ 22399d3ce5840c6082844679cca5d2fc ] ftsata2 C:\WINDOWS\system32\DRIVERS\ftsata2.sys
18:39:41.0900 0468 ftsata2 - ok
18:39:42.0197 0468 [ 0a02c63c8b144bd8c86b103dee7c86a2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:39:43.0275 0468 Gpc - ok
18:39:43.0432 0468 [ 573c7d0a32852b48f3058cfd8026f511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:39:44.0448 0468 HDAudBus - ok
18:39:44.0745 0468 [ 4fcca060dfe0c51a09dd5c3843888bcd ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
18:39:46.0511 0468 helpsvc - ok
18:39:46.0511 0468 HidServ - ok
18:39:46.0573 0468 [ ccf82c5ec8a7326c3066de870c06daf1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:39:47.0245 0468 HidUsb - ok
18:39:47.0417 0468 [ 8878bd685e490239777bfe51320b88e9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
18:39:47.0949 0468 hkmsvc - ok
18:39:47.0949 0468 hpn - ok
18:39:48.0090 0468 [ 30ca91e657cede2f95359d6ef186f650 ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
18:39:48.0512 0468 HPZid412 - ok
18:39:48.0543 0468 [ efd31afa752aa7c7bbb57bcbe2b01c78 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
18:39:49.0027 0468 HPZipr12 - ok
18:39:49.0168 0468 [ abcb05ccdbf03000354b9553820e39f8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
18:39:49.0981 0468 HPZius12 - ok
18:39:50.0434 0468 [ f80a415ef82cd06ffaf0d971528ead38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
18:39:51.0841 0468 HTTP - ok
18:39:52.0044 0468 [ 6100a808600f44d999cebdef8841c7a3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
18:39:52.0450 0468 HTTPFilter - ok
18:39:52.0450 0468 i2omgmt - ok
18:39:52.0466 0468 i2omp - ok
18:39:52.0528 0468 [ 4a0b06aa8943c1e332520f7440c0aa30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
18:39:53.0279 0468 i8042prt - ok
18:39:54.0107 0468 [ 9a65e42664d1534b68512caad0efe963 ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
18:39:57.0749 0468 iaStor - ok
18:39:58.0327 0468 [ 6f95324909b502e2651442c1548ab12f ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:39:59.0640 0468 IDriverT ( UnsignedFile.Multi.Generic ) - warning
18:39:59.0640 0468 IDriverT - detected UnsignedFile.Multi.Generic (1)
18:40:01.0125 0468 [ c01ac32dc5c03076cfb852cb5da5229c ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:40:05.0236 0468 idsvc - ok
18:40:05.0314 0468 [ 083a052659f5310dd8b6a6cb05edcf8e ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
18:40:06.0189 0468 Imapi - ok
18:40:06.0439 0468 [ 30deaf54a9755bb8546168cfe8a6b5e1 ] ImapiService C:\WINDOWS\system32\imapi.exe
18:40:07.0565 0468 ImapiService - ok
18:40:07.0565 0468 ini910u - ok
18:40:12.0472 0468 [ 64be56b8858ca0153c725c720ffd194f ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:40:22.0632 0468 IntcAzAudAddService - ok
18:40:22.0710 0468 [ b5466a9250342a7aa0cd1fba13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
18:40:22.0976 0468 IntelIde - ok
18:40:23.0429 0468 [ 8c953733d8f36eb2133f5bb58808b66b ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:40:24.0226 0468 intelppm - ok
18:40:24.0555 0468 [ 3bb22519a194418d5fec05d800a19ad0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
18:40:25.0070 0468 Ip6Fw - ok
18:40:25.0211 0468 [ 731f22ba402ee4b62748adaf6363c182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:40:25.0867 0468 IpFilterDriver - ok
18:40:25.0899 0468 [ b87ab476dcf76e72010632b5550955f5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:40:27.0352 0468 IpInIp - ok
18:40:27.0384 0468 [ cc748ea12c6effde940ee98098bf96bb ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:40:28.0118 0468 IpNat - ok
18:40:28.0212 0468 [ 23c74d75e36e7158768dd63d92789a91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:40:29.0259 0468 IPSec - ok
18:40:29.0337 0468 [ c93c9ff7b04d772627a3646d89f7bf89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
18:40:30.0088 0468 IRENUM - ok
18:40:30.0134 0468 [ 05a299ec56e52649b1cf2fc52d20f2d7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:40:31.0463 0468 isapnp - ok
18:40:32.0073 0468 [ 0a5709543986843d37a92290b7838340 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
18:40:33.0417 0468 JavaQuickStarterService - ok
18:40:33.0511 0468 [ 463c1ec80cd17420a542b7f36a36f128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:40:34.0026 0468 Kbdclass - ok
18:40:34.0120 0468 [ 692bcf44383d056aed41b045a323d378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
18:40:36.0637 0468 kmixer - ok
18:40:36.0683 0468 [ b467646c54cc746128904e1654c750c1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
18:40:37.0184 0468 KSecDD - ok
18:40:37.0371 0468 [ 3a7c3cbe5d96b8ae96ce81f0b22fb527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
18:40:38.0200 0468 lanmanserver - ok
18:40:38.0465 0468 [ a8888a5327621856c0cec4e385f69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
18:40:38.0887 0468 lanmanworkstation - ok
18:40:38.0887 0468 lbrtfdc - ok
18:40:39.0200 0468 [ e4973b3229e0015345afbe43a8a8eb3b ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
18:40:39.0966 0468 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
18:40:39.0966 0468 LightScribeService - detected UnsignedFile.Multi.Generic (1)
18:40:40.0091 0468 [ a7db739ae99a796d91580147e919cc59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
18:40:40.0450 0468 LmHosts - ok
18:40:40.0607 0468 [ df0a511f38f16016bf658fca0090cb87 ] McrdSvc C:\WINDOWS\ehome\mcrdsvc.exe
18:40:41.0154 0468 McrdSvc - ok
18:40:41.0779 0468 [ 11f714f85530a2bd134074dc30e99fca ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
18:40:43.0295 0468 MDM - ok
18:40:43.0451 0468 [ 986b1ff5814366d71e0ac5755c88f2d3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
18:40:43.0842 0468 Messenger - ok
18:40:43.0920 0468 [ b7521f69c0a9b29d356157229376fb21 ] MHN C:\WINDOWS\System32\mhn.dll
18:40:44.0733 0468 MHN ( UnsignedFile.Multi.Generic ) - warning
18:40:44.0733 0468 MHN - detected UnsignedFile.Multi.Generic (1)
18:40:44.0905 0468 [ 7f2f1d2815a6449d346fcccbc569fbd6 ] MHNDRV C:\WINDOWS\system32\DRIVERS\mhndrv.sys
18:40:46.0124 0468 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
18:40:46.0124 0468 MHNDRV - detected UnsignedFile.Multi.Generic (1)
18:40:46.0249 0468 [ 4ae068242760a1fb6e1a44bf4e16afa6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
18:40:46.0749 0468 mnmdd - ok
18:40:47.0218 0468 [ d18f1f0c101d06a1c1adf26eed16fcdd ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
18:40:48.0500 0468 mnmsrvc - ok
18:40:48.0609 0468 [ dfcbad3cec1c5f964962ae10e0bcc8e1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
18:40:48.0953 0468 Modem - ok
18:40:49.0094 0468 [ 35c9e97194c8cfb8430125f8dbc34d04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:40:49.0656 0468 Mouclass - ok
18:40:49.0782 0468 [ b1c303e17fb9d46e87a98e4ba6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:40:50.0235 0468 mouhid - ok
18:40:50.0344 0468 [ a80b9a0bad1b73637dbcbba7df72d3fd ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
18:40:50.0797 0468 MountMgr - ok
18:40:51.0219 0468 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
18:40:52.0079 0468 MozillaMaintenance - ok
18:40:52.0079 0468 mraid35x - ok
18:40:52.0126 0468 [ 11d42bb6206f33fbb3ba0288d3ef81bd ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:40:52.0751 0468 MRxDAV - ok
18:40:53.0064 0468 [ 7d304a5eb4344ebeeab53a2fe3ffb9f0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:40:54.0580 0468 MRxSmb - ok
18:40:54.0642 0468 [ a137f1470499a205abbb9aafb3b6f2b1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
18:40:55.0049 0468 MSDTC - ok
18:40:55.0111 0468 [ c941ea2454ba8350021d774daf0f1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
18:40:56.0127 0468 Msfs - ok
18:40:56.0127 0468 MSIServer - ok
18:40:56.0159 0468 [ d1575e71568f4d9e14ca56b7b0453bf1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:40:56.0565 0468 MSKSSRV - ok
18:40:56.0612 0468 [ 325bb26842fc7ccc1fcce2c457317f3e ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:40:57.0221 0468 MSPCLOCK - ok
18:40:57.0300 0468 [ bad59648ba099da4a17680b39730cb3d ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
18:40:57.0815 0468 MSPQM - ok
18:40:58.0065 0468 [ af5f4f3f14a8ea2c26de30f7a1e17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:40:58.0597 0468 mssmbios - ok
18:40:58.0659 0468 [ de6a75f5c270e756c5508d94b6cf68f5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
18:40:59.0722 0468 Mup - ok
18:41:00.0144 0468 [ 0102140028fad045756796e1c685d695 ] napagent C:\WINDOWS\System32\qagentrt.dll
18:41:01.0739 0468 napagent - ok
18:41:01.0989 0468 [ 1df7f42665c94b825322fae71721130d ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
18:41:02.0708 0468 NDIS - ok
18:41:02.0880 0468 [ 0109c4f3850dfbab279542515386ae22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:41:03.0364 0468 NdisTapi - ok
18:41:03.0567 0468 [ f927a4434c5028758a842943ef1a3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:41:04.0646 0468 Ndisuio - ok
18:41:04.0865 0468 [ edc1531a49c80614b2cfda43ca8659ab ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:41:06.0318 0468 NdisWan - ok
18:41:06.0490 0468 [ 9282bd12dfb069d3889eb3fcc1000a9b ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
18:41:07.0147 0468 NDProxy - ok
18:41:07.0225 0468 [ 5d81cf9a2f1a3a756b66cf684911cdf0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
18:41:07.0912 0468 NetBIOS - ok
18:41:08.0272 0468 [ 74b2b2f5bea5e9a3dc021d685551bd3d ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
18:41:10.0757 0468 NetBT - ok
18:41:11.0163 0468 [ b857ba82860d7ff85ae29b095645563b ] NetDDE C:\WINDOWS\system32\netdde.exe
18:41:12.0445 0468 NetDDE - ok
18:41:12.0461 0468 [ b857ba82860d7ff85ae29b095645563b ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
18:41:12.0945 0468 NetDDEdsdm - ok
18:41:13.0086 0468 [ bf2466b3e18e970d8a976fb95fc1ca85 ] Netlogon C:\WINDOWS\system32\lsass.exe
18:41:13.0477 0468 Netlogon - ok
18:41:13.0586 0468 [ 13e67b55b3abd7bf3fe7aae5a0f9a9de ] Netman C:\WINDOWS\System32\netman.dll
18:41:14.0993 0468 Netman - ok
18:41:15.0149 0468 [ d34612c5d02d026535b3095d620626ae ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:41:16.0243 0468 NetTcpPortSharing - ok
18:41:16.0321 0468 [ e9e47cfb2d461fa0fc75b7a74c6383ea ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
18:41:16.0947 0468 NIC1394 - ok
18:41:17.0181 0468 [ 832e4dd8964ab7acc880b2837cb1ed20 ] Nla C:\WINDOWS\System32\mswsock.dll
18:41:18.0572 0468 Nla - ok
18:41:18.0650 0468 [ 3182d64ae053d6fb034f44b6def8034a ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
18:41:19.0135 0468 Npfs - ok
18:41:19.0807 0468 [ 78a08dd6a8d65e697c18e1db01c5cdca ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
18:41:21.0558 0468 Ntfs - ok
18:41:21.0636 0468 [ bf2466b3e18e970d8a976fb95fc1ca85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
18:41:22.0151 0468 NtLmSsp - ok
18:41:22.0777 0468 [ 156f64a3345bd23c600655fb4d10bc08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
18:41:25.0059 0468 NtmsSvc - ok
18:41:25.0324 0468 [ 73c1e1f395918bc2c6dd67af7591a3ad ] Null C:\WINDOWS\system32\drivers\Null.sys
18:41:26.0075 0468 Null - ok
18:41:29.0466 0468 [ ce58f42b11be20a47c3d8d2f38da254e ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:41:40.0720 0468 nv - ok
18:41:41.0111 0468 [ 22eedb34c4d7613a25b10c347c6c4c21 ] NVENETFD C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
18:41:41.0705 0468 NVENETFD - ok
18:41:41.0736 0468 [ 5e3f6ad5cad0f12d3cccd06fd964087a ] nvnetbus C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
18:41:42.0689 0468 nvnetbus - ok
18:41:42.0908 0468 [ 95caec95d6777ce7d6b7091bc4d91ceb ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
18:41:43.0752 0468 NVSvc - ok
18:41:43.0924 0468 [ b305f3fad35083837ef46a0bbce2fc57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:41:44.0440 0468 NwlnkFlt - ok
18:41:44.0612 0468 [ c99b3415198d1aab7227f2c88fd664b9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:41:45.0206 0468 NwlnkFwd - ok
18:41:45.0315 0468 [ ca33832df41afb202ee7aeb05145922f ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
18:41:45.0972 0468 ohci1394 - ok
18:41:46.0175 0468 [ 7a56cf3e3f12e8af599963b16f50fb6a ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:41:47.0066 0468 ose - ok
18:41:49.0004 0468 [ 5575faf8f97ce5e713d108c2a58d7c7c ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
18:41:50.0989 0468 Parport - ok
18:41:51.0067 0468 [ beb3ba25197665d82ec7065b724171c6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
18:41:51.0724 0468 PartMgr - ok
18:41:52.0286 0468 [ 70e98b3fd8e963a6a46a2e6247e0bea1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
18:41:52.0943 0468 ParVdm - ok
18:41:53.0005 0468 [ a219903ccf74233761d92bef471a07b1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
18:41:53.0584 0468 PCI - ok
18:41:53.0599 0468 PCIDump - ok
18:41:53.0662 0468 [ ccf5f451bb1a5a2a522a76e670000ff0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
18:41:54.0240 0468 PCIIde - ok
18:41:54.0381 0468 [ 9e89ef60e9ee05e3f2eef2da7397f1c1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
18:41:54.0803 0468 Pcmcia - ok
18:41:54.0818 0468 PDCOMP - ok
18:41:54.0818 0468 PDFRAME - ok
18:41:54.0834 0468 PDRELI - ok
18:41:54.0834 0468 PDRFRAME - ok
18:41:54.0834 0468 perc2 - ok
18:41:54.0850 0468 perc2hib - ok
18:41:54.0928 0468 [ 65df52f5b8b6e9bbd183505225c37315 ] PlugPlay C:\WINDOWS\system32\services.exe
18:41:55.0459 0468 PlugPlay - ok
18:41:55.0678 0468 [ a38b3ce68e7f126190cde4aa3fdf050f ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.exe
18:42:01.0446 0468 Pml Driver HPZ12 - ok
18:42:01.0539 0468 [ bf2466b3e18e970d8a976fb95fc1ca85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
18:42:02.0055 0468 PolicyAgent - ok
18:42:02.0258 0468 [ efeec01b1d3cf84f16ddd24d9d9d8f99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:42:02.0758 0468 PptpMiniport - ok
18:42:02.0805 0468 [ a32bebaf723557681bfc6bd93e98bd26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
18:42:03.0556 0468 Processor - ok
18:42:04.0947 0468 [ bf2466b3e18e970d8a976fb95fc1ca85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
18:42:05.0322 0468 ProtectedStorage - ok
18:42:05.0353 0468 [ 390c204ced3785609ab24e9c52054a84 ] Ps2 C:\WINDOWS\system32\DRIVERS\PS2.sys
18:42:05.0869 0468 Ps2 - ok
18:42:05.0916 0468 [ 09298ec810b07e5d582cb3a3f9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
18:42:06.0603 0468 PSched - ok
18:42:06.0697 0468 [ 80d317bd1c3dbc5d4fe7b1678c60cadd ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:42:07.0322 0468 Ptilink - ok
18:42:07.0338 0468 [ 0457e25bb122b854e267cf552dcdc370 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:42:07.0588 0468 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
18:42:07.0588 0468 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
18:42:07.0588 0468 ql1080 - ok
18:42:07.0604 0468 Ql10wnt - ok
18:42:07.0619 0468 ql12160 - ok
18:42:07.0619 0468 ql1240 - ok
18:42:07.0635 0468 ql1280 - ok
18:42:07.0666 0468 [ fe0d99d6f31e4fad8159f690d68ded9c ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:42:07.0995 0468 RasAcd - ok
18:42:08.0135 0468 [ ad188be7bdf94e8df4ca0a55c00a5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
18:42:08.0870 0468 RasAuto - ok
18:42:08.0932 0468 [ 11b4a627bc9614b885c4969bfa5ff8a6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:42:09.0667 0468 Rasl2tp - ok
18:42:09.0964 0468 [ 76a9a3cbeadd68cc57cda5e1d7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
18:42:10.0667 0468 RasMan - ok
18:42:10.0714 0468 [ 5bc962f2654137c9909c3d4603587dee ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:42:11.0167 0468 RasPppoe - ok
18:42:11.0277 0468 [ fdbb1d60066fcfbb7452fd8f9829b242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
18:42:11.0683 0468 Raspti - ok
18:42:11.0808 0468 [ 7ad224ad1a1437fe28d89cf22b17780a ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:42:12.0402 0468 Rdbss - ok
18:42:12.0465 0468 [ 4912d5b403614ce99c28420f75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:42:13.0543 0468 RDPCDD - ok
18:42:13.0778 0468 [ 15cabd0f7c00c47c70124907916af3f1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:42:14.0606 0468 rdpdr - ok
18:42:14.0700 0468 [ 43af5212bd8fb5ba6eed9754358bd8f7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
18:42:15.0169 0468 RDPWD - ok
18:42:15.0294 0468 [ 3c37bf86641bda977c3bf8a840f3b7fa ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
18:42:16.0966 0468 RDSessMgr - ok
18:42:17.0013 0468 [ f828dd7e1419b6653894a8f97a0094c5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
18:42:17.0326 0468 redbook - ok
18:42:17.0419 0468 [ 7e699ff5f59b5d9de5390e3c34c67cf5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
18:42:17.0841 0468 RemoteAccess - ok
18:42:17.0935 0468 [ 5b19b557b0c188210a56a6b699d90b8f ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
18:42:18.0201 0468 RemoteRegistry - ok
18:42:18.0201 0468 RkHit - ok
18:42:18.0295 0468 [ aaed593f84afa419bbae8572af87cf6a ] RpcLocator C:\WINDOWS\system32\locator.exe
18:42:19.0061 0468 RpcLocator - ok
18:42:19.0576 0468 [ 6b27a5c03dfb94b4245739065431322c ] RpcSs C:\WINDOWS\system32\rpcss.dll
18:42:20.0624 0468 RpcSs - ok
18:42:20.0796 0468 [ 471b3f9741d762abe75e9deea4787e47 ] RSVP C:\WINDOWS\system32\rsvp.exe
18:42:21.0233 0468 RSVP - ok
18:42:21.0296 0468 [ d507c1400284176573224903819ffda3 ] rtl8139 C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
18:42:21.0593 0468 rtl8139 - ok
18:42:21.0624 0468 [ bf2466b3e18e970d8a976fb95fc1ca85 ] SamSs C:\WINDOWS\system32\lsass.exe
18:42:22.0015 0468 SamSs - ok
18:42:22.0077 0468 [ 86d007e7a654b9a71d1d7d856b104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
18:42:23.0312 0468 SCardSvr - ok
18:42:23.0453 0468 [ 0a9a7365a1ca4319aa7c1d6cd8e4eafa ] Schedule C:\WINDOWS\system32\schedsvc.dll
18:42:23.0984 0468 Schedule - ok
18:42:24.0078 0468 [ 90a3935d05b494a5a39d37e71f09a677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:42:24.0844 0468 Secdrv - ok
18:42:25.0000 0468 [ cbe612e2bb6a10e3563336191eda1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
18:42:25.0594 0468 seclogon - ok
18:42:25.0766 0468 [ 7fdd5d0684eca8c1f68b4d99d124dcd0 ] SENS C:\WINDOWS\system32\sens.dll
18:42:26.0891 0468 SENS - ok
18:42:27.0001 0468 [ cca207a8896d4c6a0c9ce29a4ae411a7 ] Serial C:\WINDOWS\system32\drivers\Serial.sys
18:42:27.0704 0468 Serial - ok
18:42:27.0860 0468 [ 8e6b8c671615d126fdc553d1e2de5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
18:42:28.0361 0468 Sfloppy - ok
18:42:28.0486 0468 [ 99bc0b50f511924348be19c7c7313bbf ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
18:42:28.0908 0468 ShellHWDetection - ok
18:42:28.0908 0468 Simbad - ok
18:42:28.0923 0468 Sparrow - ok
18:42:28.0954 0468 [ ab8b92451ecb048a4d1de7c3ffcb4a9f ] splitter C:\WINDOWS\system32\drivers\splitter.sys
18:42:29.0298 0468 splitter - ok
18:42:29.0361 0468 [ 60784f891563fb1b767f70117fc2428f ] Spooler C:\WINDOWS\system32\spoolsv.exe
18:42:29.0736 0468 Spooler - ok
18:42:29.0783 0468 [ 76bb022c2fb6902fd5bdd4f78fc13a5d ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
18:42:30.0189 0468 sr - ok
18:42:30.0361 0468 [ 3805df0ac4296a34ba4bf93b346cc378 ] srservice C:\WINDOWS\system32\srsvc.dll
18:42:31.0018 0468 srservice - ok
18:42:31.0174 0468 [ 47ddfc2f003f7f9f0592c6874962a2e7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
18:42:31.0830 0468 Srv - ok
18:42:31.0893 0468 [ 0a5679b3714edab99e357057ee88fca6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
18:42:32.0127 0468 SSDPSRV - ok
18:42:32.0284 0468 [ 8bad69cbac032d4bbacfce0306174c30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
18:42:32.0815 0468 stisvc - ok
18:42:32.0925 0468 [ 3941d127aef12e93addf6fe6ee027e0f ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
18:42:33.0268 0468 swenum - ok
18:42:33.0331 0468 [ 8ce882bcc6cf8a62f2b2323d95cb3d01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
18:42:33.0909 0468 swmidi - ok
18:42:33.0909 0468 SwPrv - ok
18:42:33.0925 0468 symc810 - ok
18:42:33.0941 0468 symc8xx - ok
18:42:34.0050 0468 SYMIDSCO - ok
18:42:34.0066 0468 sym_hi - ok
18:42:34.0066 0468 sym_u3 - ok
18:42:34.0128 0468 [ 8b83f3ed0f1688b4958f77cd6d2bf290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
18:42:34.0566 0468 sysaudio - ok
18:42:34.0659 0468 [ c7abbc59b43274b1109df6b24d617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
18:42:35.0175 0468 SysmonLog - ok
18:42:35.0332 0468 [ 3cb78c17bb664637787c9a1c98f79c38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
18:42:36.0160 0468 TapiSrv - ok
18:42:36.0895 0468 [ 9aefa14bd6b182d61e3119fa5f436d3d ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:42:37.0551 0468 Tcpip - ok
18:42:37.0629 0468 [ 6471a66807f5e104e4885f5b67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
18:42:37.0926 0468 TDPIPE - ok
18:42:37.0973 0468 [ c56b6d0402371cf3700eb322ef3aaf61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
18:42:38.0286 0468 TDTCP - ok
18:42:38.0333 0468 [ 88155247177638048422893737429d9e ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
18:42:38.0614 0468 TermDD - ok
18:42:38.0911 0468 [ ff3477c03be7201c294c35f684b3479f ] TermService C:\WINDOWS\System32\termsrv.dll
18:42:39.0505 0468 TermService - ok
18:42:39.0567 0468 [ 99bc0b50f511924348be19c7c7313bbf ] Themes C:\WINDOWS\System32\shsvcs.dll
18:42:39.0692 0468 Themes - ok
18:42:39.0802 0468 [ db7205804759ff62c34e3efd8a4cc76a ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
18:42:40.0130 0468 TlntSvr - ok
18:42:40.0130 0468 TosIde - ok
18:42:40.0224 0468 [ 55bca12f7f523d35ca3cb833c725f54e ] TrkWks C:\WINDOWS\system32\trkwks.dll
18:42:40.0552 0468 TrkWks - ok
18:42:40.0615 0468 [ 5787b80c2e3c5e2f56c2a233d91fa2c9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
18:42:41.0005 0468 Udfs - ok
18:42:41.0005 0468 ultra - ok
18:42:41.0208 0468 [ 402ddc88356b1bac0ee3dd1580c76a31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
18:42:41.0787 0468 Update - ok
18:42:42.0131 0468 [ 1ebafeb9a3fbdc41b8d9c7f0f687ad91 ] upnphost C:\WINDOWS\System32\upnphost.dll
18:42:42.0553 0468 upnphost - ok
18:42:42.0600 0468 [ 05365fb38fca1e98f7a566aaaf5d1815 ] UPS C:\WINDOWS\System32\ups.exe
18:42:43.0194 0468 UPS - ok
18:42:43.0272 0468 [ 173f317ce0db8e21322e71b7e60a27e8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:42:43.0537 0468 usbccgp - ok
18:42:43.0569 0468 [ 65dcf09d0e37d4c6b11b5b0b76d470a7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:42:43.0975 0468 usbehci - ok
18:42:44.0038 0468 [ 1ab3cdde553b6e064d2e754efe20285c ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:42:44.0319 0468 usbhub - ok
18:42:44.0350 0468 [ 0daecce65366ea32b162f85f07c6753b ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
18:42:44.0616 0468 usbohci - ok
18:42:44.0694 0468 [ a717c8721046828520c9edf31288fc00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:42:44.0913 0468 usbprint - ok
18:42:44.0991 0468 [ a0b8cf9deb1184fbdd20784a58fa75d4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:42:45.0288 0468 usbscan - ok
18:42:45.0382 0468 [ a32426d9b14a089eaa1d922e0c5801a9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:42:45.0741 0468 usbstor - ok
18:42:45.0819 0468 [ 26496f9dee2d787fc3e61ad54821ffe6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:42:46.0101 0468 usbuhci - ok
18:42:46.0163 0468 [ 0d3a8fafceacd8b7625cd549757a7df1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
18:42:51.0493 0468 VgaSave - ok
18:42:51.0853 0468 [ 3b3efcda263b8ac14fdf9cbdd0791b2e ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
18:42:52.0165 0468 ViaIde - ok
18:42:52.0259 0468 [ 4c8fcb5cc53aab716d810740fe59d025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
18:42:54.0197 0468 VolSnap - ok
18:42:54.0603 0468 [ 7a9db3a67c333bf0bd42e42b8596854b ] VSS C:\WINDOWS\System32\vssvc.exe
18:42:55.0948 0468 VSS - ok
18:42:56.0026 0468 [ 54af4b1d5459500ef0937f6d33b1914f ] W32Time C:\WINDOWS\system32\w32time.dll
18:42:56.0589 0468 W32Time - ok
18:42:56.0745 0468 [ e20b95baedb550f32dd489265c1da1f6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:42:57.0479 0468 Wanarp - ok
18:42:57.0479 0468 WDICA - ok
18:42:57.0573 0468 [ 6768acf64b18196494413695f0c3a00f ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
18:42:58.0058 0468 wdmaud - ok
18:42:58.0261 0468 [ 77a354e28153ad2d5e120a5a8687bc06 ] WebClient C:\WINDOWS\System32\webclnt.dll
18:42:58.0667 0468 WebClient - ok
18:42:58.0964 0468 [ 2d0e4ed081963804ccc196a0929275b5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
18:42:59.0699 0468 winmgmt - ok
18:42:59.0808 0468 [ 051b1bdecd6dee18c771b5d5ec7f044d ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
18:43:00.0246 0468 WmdmPmSN - ok
18:43:00.0543 0468 [ e76f8807070ed04e7408a86d6d3a6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
18:43:01.0746 0468 Wmi - ok
18:43:01.0856 0468 [ e0673f1106e62a68d2257e376079f821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
18:43:02.0231 0468 WmiApSrv - ok
18:43:03.0091 0468 [ 6bab4dc65515a098505f8b3d01fb6fe5 ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
18:43:05.0670 0468 WMPNetworkSvc - ok
18:43:05.0810 0468 [ 7c278e6408d1dce642230c0585a854d5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
18:43:06.0295 0468 wscsvc - ok
18:43:06.0373 0468 [ f15feafffbb3644ccc80c5da584e6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:43:06.0983 0468 WudfPf - ok
18:43:07.0014 0468 [ 28b524262bce6de1f7ef9f510ba3985b ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:43:07.0639 0468 WudfRd - ok
18:43:07.0733 0468 [ 05231c04253c5bc30b26cbaae680ed89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
18:43:07.0983 0468 WudfSvc - ok
18:43:08.0264 0468 [ 81dc3f549f44b1c1fff022dec9ecf30b ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
18:43:09.0718 0468 WZCSVC - ok
18:43:09.0905 0468 [ 295d21f14c335b53cb8154e5b1f892b9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
18:43:10.0515 0468 xmlprov - ok
18:43:10.0531 0468 ================ Scan global ===============================
18:43:10.0640 0468 (42f1f4c0afb08410e5f02d4b13ebb623) C:\WINDOWS\system32\basesrv.dll
18:43:10.0890 0468 (8c7dca4b158bf16894120786a7a5f366) C:\WINDOWS\system32\winsrv.dll
18:43:11.0140 0468 (8c7dca4b158bf16894120786a7a5f366) C:\WINDOWS\system32\winsrv.dll
18:43:11.0171 0468 (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
18:43:11.0171 0468 [Global] - ok
18:43:11.0171 0468 ================ Scan MBR ==================================
18:43:11.0281 0468 MBR (0x1B8) (d11c727e03bb7318dcda069b06e652f0) \Device\Harddisk0\DR0
18:43:33.0319 0468 \Device\Harddisk0\DR0 - ok
18:43:33.0319 0468 ================ Scan VBR ==================================
18:43:33.0335 0468 Boot (0x1200) (00c2644e6200adf8f440f3c02c41e711) \Device\Harddisk0\DR0\Partition1
18:43:33.0335 0468 \Device\Harddisk0\DR0\Partition1 - ok
18:43:33.0382 0468 Boot (0x1200) (46ac92754b5097d13e1517f81b4effed) \Device\Harddisk0\DR0\Partition2
18:43:33.0382 0468 \Device\Harddisk0\DR0\Partition2 - ok
18:43:33.0382 0468 ================ Scan active images ========================
18:43:33.0413 0468 [ 59301936898AE62245A6F09C0ABA9475 ] C:\WINDOWS\system32\drivers\AmdK8.sys
18:43:33.0413 0468 C:\WINDOWS\system32\drivers\AmdK8.sys - ok
18:43:33.0429 0468 [ 00523019E3579C8F8A94457FE25F0F24 ] C:\WINDOWS\system32\drivers\aracpi.sys
18:43:33.0429 0468 C:\WINDOWS\system32\drivers\aracpi.sys - ok
18:43:33.0429 0468 [ E28726B72C46821A28830E077D39A55B ] C:\WINDOWS\system32\drivers\videoprt.sys
18:43:33.0429 0468 C:\WINDOWS\system32\drivers\videoprt.sys - ok
18:43:33.0522 0468 [ CE58F42B11BE20A47C3D8D2F38DA254E ] C:\WINDOWS\system32\drivers\nv4_mini.sys
18:43:33.0522 0468 C:\WINDOWS\system32\drivers\nv4_mini.sys - ok
18:43:33.0522 0468 [ 791912E524CC2CC6F50B5F2B52D1EB71 ] C:\WINDOWS\system32\drivers\usbport.sys
18:43:33.0522 0468 C:\WINDOWS\system32\drivers\usbport.sys - ok
18:43:33.0538 0468 [ 0DAECCE65366EA32B162F85F07C6753B ] C:\WINDOWS\system32\drivers\usbohci.sys
18:43:33.0538 0468 C:\WINDOWS\system32\drivers\usbohci.sys - ok
18:43:33.0616 0468 [ 083A052659F5310DD8B6A6CB05EDCF8E ] C:\WINDOWS\system32\drivers\imapi.sys
18:43:33.0616 0468 C:\WINDOWS\system32\drivers\imapi.sys - ok
18:43:33.0632 0468 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] C:\WINDOWS\system32\drivers\usbehci.sys
18:43:33.0632 0468 C:\WINDOWS\system32\drivers\usbehci.sys - ok
18:43:33.0632 0468 [ 1F4260CC5B42272D71F79E570A27A4FE ] C:\WINDOWS\system32\drivers\cdrom.sys
18:43:33.0632 0468 C:\WINDOWS\system32\drivers\cdrom.sys - ok
18:43:33.0647 0468 [ 0753515F78DF7F271A5E61C20BCD36A1 ] C:\WINDOWS\system32\drivers\ks.sys
18:43:33.0647 0468 C:\WINDOWS\system32\drivers\ks.sys - ok
18:43:33.0710 0468 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] C:\WINDOWS\system32\drivers\nic1394.sys
18:43:33.0710 0468 C:\WINDOWS\system32\drivers\nic1394.sys - ok
18:43:33.0710 0468 [ F828DD7E1419B6653894A8F97A0094C5 ] C:\WINDOWS\system32\drivers\redbook.sys
18:43:33.0710 0468 C:\WINDOWS\system32\drivers\redbook.sys - ok
18:43:33.0710 0468 [ 596EB39B50D6EBD9B734DC4AE0544693 ] C:\WINDOWS\system32\drivers\usbd.sys
18:43:33.0710 0468 C:\WINDOWS\system32\drivers\usbd.sys - ok
18:43:33.0726 0468 [ 994A42D273C35B43EE9D1E8A5D8BC639 ] C:\WINDOWS\system32\drivers\AGRSM.sys
18:43:33.0726 0468 C:\WINDOWS\system32\drivers\AGRSM.sys - ok
18:43:33.0726 0468 [ 573C7D0A32852B48F3058CFD8026F511 ] C:\WINDOWS\system32\drivers\hdaudbus.sys
18:43:33.0726 0468 C:\WINDOWS\system32\drivers\hdaudbus.sys - ok
18:43:33.0726 0468 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] C:\WINDOWS\system32\drivers\modem.sys
18:43:33.0726 0468 C:\WINDOWS\system32\drivers\modem.sys - ok
18:43:33.0741 0468 [ 60CA4F6F077CCC73AF7B5556BE81639A ] C:\WINDOWS\system32\drivers\nvsnpu.sys
18:43:33.0741 0468 C:\WINDOWS\system32\drivers\nvsnpu.sys - ok
18:43:33.0741 0468 [ B80EB11F6BA8596153FE7067ACDBFE43 ] C:\WINDOWS\system32\drivers\nvnrm.sys
18:43:33.0741 0468 C:\WINDOWS\system32\drivers\nvnrm.sys - ok
18:43:33.0741 0468 [ 82969576093CD983DD559F5A86F382B4 ] C:\WINDOWS\system32\drivers\arkbcfltr.sys
18:43:33.0741 0468 C:\WINDOWS\system32\drivers\arkbcfltr.sys - ok
18:43:33.0741 0468 [ 7A2DA7C7B0C524EF26A79F17A5C69FDE ] C:\WINDOWS\system32\drivers\arpolicy.sys
18:43:33.0741 0468 C:\WINDOWS\system32\drivers\arpolicy.sys - ok
18:43:33.0757 0468 [ D9F724AA26C010A217C97606B160ED68 ] C:\WINDOWS\system32\drivers\audstub.sys
18:43:33.0757 0468 C:\WINDOWS\system32\drivers\audstub.sys - ok
18:43:33.0757 0468 [ 4A0B06AA8943C1E332520F7440C0AA30 ] C:\WINDOWS\system32\drivers\i8042prt.sys
18:43:33.0757 0468 C:\WINDOWS\system32\drivers\i8042prt.sys - ok
18:43:33.0757 0468 [ 463C1EC80CD17420A542B7F36A36F128 ] C:\WINDOWS\system32\drivers\kbdclass.sys
18:43:33.0757 0468 C:\WINDOWS\system32\drivers\kbdclass.sys - ok
18:43:33.0773 0468 [ 5E3F6AD5CAD0F12D3CCCD06FD964087A ] C:\WINDOWS\system32\drivers\nvnetbus.sys
18:43:33.0773 0468 C:\WINDOWS\system32\drivers\nvnetbus.sys - ok
18:43:33.0773 0468 [ 390C204CED3785609AB24E9C52054A84 ] C:\WINDOWS\system32\drivers\PS2.sys
18:43:33.0773 0468 C:\WINDOWS\system32\drivers\PS2.sys - ok
18:43:33.0773 0468 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] C:\WINDOWS\system32\drivers\rasl2tp.sys
18:43:33.0773 0468 C:\WINDOWS\system32\drivers\rasl2tp.sys - ok
18:43:33.0773 0468 [ 0109C4F3850DFBAB279542515386AE22 ] C:\WINDOWS\system32\drivers\ndistapi.sys
18:43:33.0773 0468 C:\WINDOWS\system32\drivers\ndistapi.sys - ok
18:43:33.0788 0468 [ EDC1531A49C80614B2CFDA43CA8659AB ] C:\WINDOWS\system32\drivers\ndiswan.sys
18:43:33.0788 0468 C:\WINDOWS\system32\drivers\ndiswan.sys - ok
18:43:33.0788 0468 [ 5BC962F2654137C9909C3D4603587DEE ] C:\WINDOWS\system32\drivers\raspppoe.sys
18:43:33.0788 0468 C:\WINDOWS\system32\drivers\raspppoe.sys - ok
18:43:33.0788 0468 [ 0539D5E53587F82D1B4FD74C5BE205CF ] C:\WINDOWS\system32\drivers\tdi.sys
18:43:33.0788 0468 C:\WINDOWS\system32\drivers\tdi.sys - ok
18:43:33.0804 0468 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] C:\WINDOWS\system32\drivers\msgpc.sys
18:43:33.0804 0468 C:\WINDOWS\system32\drivers\msgpc.sys - ok
18:43:33.0804 0468 [ 09298EC810B07E5D582CB3A3F9255424 ] C:\WINDOWS\system32\drivers\psched.sys
18:43:33.0804 0468 C:\WINDOWS\system32\drivers\psched.sys - ok
18:43:33.0804 0468 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] C:\WINDOWS\system32\drivers\raspptp.sys
18:43:33.0804 0468 C:\WINDOWS\system32\drivers\raspptp.sys - ok
18:43:33.0804 0468 [ 35C9E97194C8CFB8430125F8DBC34D04 ] C:\WINDOWS\system32\drivers\mouclass.sys
18:43:33.0804 0468 C:\WINDOWS\system32\drivers\mouclass.sys - ok
18:43:33.0819 0468 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] C:\WINDOWS\system32\drivers\ptilink.sys
18:43:33.0819 0468 C:\WINDOWS\system32\drivers\ptilink.sys - ok
18:43:33.0819 0468 [ FDBB1D60066FCFBB7452FD8F9829B242 ] C:\WINDOWS\system32\drivers\raspti.sys
18:43:33.0819 0468 C:\WINDOWS\system32\drivers\raspti.sys - ok
18:43:33.0819 0468 [ 15CABD0F7C00C47C70124907916AF3F1 ] C:\WINDOWS\system32\drivers\rdpdr.sys
18:43:33.0819 0468 C:\WINDOWS\system32\drivers\rdpdr.sys - ok
18:43:33.0835 0468 [ 88155247177638048422893737429D9E ] C:\WINDOWS\system32\drivers\termdd.sys
18:43:33.0835 0468 C:\WINDOWS\system32\drivers\termdd.sys - ok
18:43:33.0835 0468 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] C:\WINDOWS\system32\drivers\swenum.sys
18:43:33.0835 0468 C:\WINDOWS\system32\drivers\swenum.sys - ok
18:43:33.0835 0468 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] C:\WINDOWS\system32\drivers\update.sys
18:43:33.0835 0468 C:\WINDOWS\system32\drivers\update.sys - ok
18:43:33.0835 0468 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] C:\WINDOWS\system32\drivers\mssmbios.sys
18:43:33.0835 0468 C:\WINDOWS\system32\drivers\mssmbios.sys - ok
18:43:33.0851 0468 [ 9282BD12DFB069D3889EB3FCC1000A9B ] C:\WINDOWS\system32\drivers\ndproxy.sys
18:43:33.0851 0468 C:\WINDOWS\system32\drivers\ndproxy.sys - ok
18:43:33.0851 0468 [ 1AB3CDDE553B6E064D2E754EFE20285C ] C:\WINDOWS\system32\drivers\usbhub.sys
18:43:33.0851 0468 C:\WINDOWS\system32\drivers\usbhub.sys - ok
18:43:33.0851 0468 [ 22EEDB34C4D7613A25B10C347C6C4C21 ] C:\WINDOWS\system32\drivers\NVENETFD.sys
18:43:33.0851 0468 C:\WINDOWS\system32\drivers\NVENETFD.sys - ok
18:43:33.0866 0468 [ 6CB08593487F5701D2D2254E693EAFCE ] C:\WINDOWS\system32\drivers\drmk.sys
18:43:33.0866 0468 C:\WINDOWS\system32\drivers\drmk.sys - ok
18:43:33.0866 0468 [ E82A496C3961EFC6828B508C310CE98F ] C:\WINDOWS\system32\drivers\portcls.sys
18:43:33.0866 0468 C:\WINDOWS\system32\drivers\portcls.sys - ok
18:43:33.0866 0468 [ 64BE56B8858CA0153C725C720FFD194F ] C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:43:33.0866 0468 C:\WINDOWS\system32\drivers\RtkHDAud.sys - ok
18:43:33.0882 0468 [ C1B486A7658353D33A10CC15211A873B ] C:\WINDOWS\system32\drivers\cdaudio.sys
18:43:33.0882 0468 C:\WINDOWS\system32\drivers\cdaudio.sys - ok
18:43:33.0882 0468 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] C:\WINDOWS\system32\drivers\fdc.sys
18:43:33.0882 0468 C:\WINDOWS\system32\drivers\fdc.sys - ok
18:43:33.0882 0468 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] C:\WINDOWS\system32\drivers\flpydisk.sys
18:43:33.0882 0468 C:\WINDOWS\system32\drivers\flpydisk.sys - ok
18:43:33.0882 0468 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] C:\WINDOWS\system32\drivers\fs_rec.sys
18:43:33.0882 0468 C:\WINDOWS\system32\drivers\fs_rec.sys - ok
18:43:33.0898 0468 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] C:\WINDOWS\system32\drivers\null.sys
18:43:33.0898 0468 C:\WINDOWS\system32\drivers\null.sys - ok
18:43:33.0898 0468 [ 8E6B8C671615D126FDC553D1E2DE5562 ] C:\WINDOWS\system32\drivers\sfloppy.sys
18:43:33.0898 0468 C:\WINDOWS\system32\drivers\sfloppy.sys - ok
18:43:33.0898 0468 [ DA1F27D85E0D1525F6621372E7B685E9 ] C:\WINDOWS\system32\drivers\beep.sys
18:43:33.0898 0468 C:\WINDOWS\system32\drivers\beep.sys - ok
18:43:33.0898 0468 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] C:\WINDOWS\system32\drivers\mnmdd.sys
18:43:33.0898 0468 C:\WINDOWS\system32\drivers\mnmdd.sys - ok
18:43:33.0913 0468 [ C941EA2454BA8350021D774DAF0F1027 ] C:\WINDOWS\system32\drivers\msfs.sys
18:43:33.0913 0468 C:\WINDOWS\system32\drivers\msfs.sys - ok
18:43:33.0913 0468 [ 4912D5B403614CE99C28420F75353332 ] C:\WINDOWS\system32\drivers\rdpcdd.sys
18:43:33.0913 0468 C:\WINDOWS\system32\drivers\rdpcdd.sys - ok
18:43:33.0913 0468 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] C:\WINDOWS\system32\drivers\vga.sys
18:43:33.0913 0468 C:\WINDOWS\system32\drivers\vga.sys - ok
18:43:33.0929 0468 [ 3182D64AE053D6FB034F44B6DEF8034A ] C:\WINDOWS\system32\drivers\npfs.sys
18:43:33.0929 0468 C:\WINDOWS\system32\drivers\npfs.sys - ok
18:43:33.0929 0468 [ FE0D99D6F31E4FAD8159F690D68DED9C ] C:\WINDOWS\system32\drivers\rasacd.sys
18:43:33.0929 0468 C:\WINDOWS\system32\drivers\rasacd.sys - ok
18:43:33.0929 0468 [ 23C74D75E36E7158768DD63D92789A91 ] C:\WINDOWS\system32\drivers\ipsec.sys
18:43:33.0929 0468 C:\WINDOWS\system32\drivers\ipsec.sys - ok
18:43:33.0929 0468 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] C:\WINDOWS\system32\drivers\tcpip.sys
18:43:33.0929 0468 C:\WINDOWS\system32\drivers\tcpip.sys - ok
18:43:33.0944 0468 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] C:\WINDOWS\system32\drivers\netbt.sys
18:43:33.0944 0468 C:\WINDOWS\system32\drivers\netbt.sys - ok
18:43:33.0944 0468 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] C:\WINDOWS\system32\drivers\afd.sys
18:43:33.0944 0468 C:\WINDOWS\system32\drivers\afd.sys - ok
18:43:33.0944 0468 [ B5B8A80875C1DEDEDA8B02765642C32F ] C:\WINDOWS\system32\drivers\arp1394.sys
18:43:33.0944 0468 C:\WINDOWS\system32\drivers\arp1394.sys - ok
18:43:33.0960 0468 [ CC748EA12C6EFFDE940EE98098BF96BB ] C:\WINDOWS\system32\drivers\ipnat.sys
18:43:33.0960 0468 C:\WINDOWS\system32\drivers\ipnat.sys - ok
18:43:33.0960 0468 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] C:\WINDOWS\system32\drivers\netbios.sys
18:43:33.0960 0468 C:\WINDOWS\system32\drivers\netbios.sys - ok
18:43:33.0960 0468 [ A32BEBAF723557681BFC6BD93E98BD26 ] C:\WINDOWS\system32\drivers\processr.sys
18:43:33.0960 0468 C:\WINDOWS\system32\drivers\processr.sys - ok
18:43:33.0960 0468 [ E20B95BAEDB550F32DD489265C1DA1F6 ] C:\WINDOWS\system32\drivers\wanarp.sys
18:43:33.0960 0468 C:\WINDOWS\system32\drivers\wanarp.sys - ok
18:43:33.0976 0468 [ 7AD224AD1A1437FE28D89CF22B17780A ] C:\WINDOWS\system32\drivers\rdbss.sys
18:43:33.0976 0468 C:\WINDOWS\system32\drivers\rdbss.sys - ok
18:43:33.0976 0468 [ D45926117EB9FA946A6AF572FBE1CAA3 ] C:\WINDOWS\system32\drivers\fips.sys
18:43:33.0976 0468 C:\WINDOWS\system32\drivers\fips.sys - ok
18:43:33.0976 0468 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] C:\WINDOWS\system32\drivers\mrxsmb.sys
18:43:33.0976 0468 C:\WINDOWS\system32\drivers\mrxsmb.sys - ok
18:43:33.0991 0468 [ DC0720248DC4D1F303DF94CCC3ADFF96 ] C:\Program Files\eastlinkinternetsecurityservices\HIPS\drivers\fshs.sys
18:43:33.0991 0468 C:\Program Files\eastlinkinternetsecurityservices\HIPS\drivers\fshs.sys - ok
18:43:33.0991 0468 [ CB6FF7012BB5D59D7C12350DB795CE1F ] C:\WINDOWS\system32\drivers\ctxusbm.sys
18:43:33.0991 0468 C:\WINDOWS\system32\drivers\ctxusbm.sys - ok
18:43:33.0991 0468 [ F8F0D25CA553E39DDE485D8FC7FCCE89 ] C:\WINDOWS\system32\ntdll.dll
18:43:33.0991 0468 C:\WINDOWS\system32\ntdll.dll - ok
18:43:33.0991 0468 [ 5F816C1F539266D2D4C78694239DA0B5 ] C:\WINDOWS\system32\smss.exe
18:43:33.0991 0468 C:\WINDOWS\system32\smss.exe - ok
18:43:34.0007 0468 [ 23043C91A0F9DFB4B9E9F87B680863B4 ] C:\WINDOWS\system32\autochk.exe
18:43:34.0007 0468 C:\WINDOWS\system32\autochk.exe - ok
18:43:34.0007 0468 [ 38D332A6D56AF32635675F132548343E ] C:\WINDOWS\system32\drivers\fastfat.sys
18:43:34.0007 0468 C:\WINDOWS\system32\drivers\fastfat.sys - ok
18:43:34.0007 0468 [ 96ECCF28FDBF1B2CC12725818A63628D ] C:\WINDOWS\system32\drivers\hidparse.sys
18:43:34.0007 0468 C:\WINDOWS\system32\drivers\hidparse.sys - ok
18:43:34.0023 0468 [ 1AF592532532A402ED7C060F6954004F ] C:\WINDOWS\system32\drivers\hidclass.sys
18:43:34.0023 0468 C:\WINDOWS\system32\drivers\hidclass.sys - ok
18:43:34.0023 0468 [ 9DD07AF82244867CA36681EA2D29CE79 ] C:\WINDOWS\system32\sfcfiles.dll
18:43:34.0023 0468 C:\WINDOWS\system32\sfcfiles.dll - ok
18:43:34.0023 0468 [ 9FEDAA46EB1A572AC4D9EE6B5F123CF2 ] C:\WINDOWS\system32\drivers\arhidfltr.sys
18:43:34.0023 0468 C:\WINDOWS\system32\drivers\arhidfltr.sys - ok
18:43:34.0023 0468 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] C:\WINDOWS\system32\drivers\hidusb.sys
18:43:34.0023 0468 C:\WINDOWS\system32\drivers\hidusb.sys - ok
18:43:34.0038 0468 [ A32426D9B14A089EAA1D922E0C5801A9 ] C:\WINDOWS\system32\drivers\usbstor.sys
18:43:34.0038 0468 C:\WINDOWS\system32\drivers\usbstor.sys - ok
18:43:34.0038 0468 [ 9B21791D8A78FAECE999FADBEBDA6C22 ] C:\WINDOWS\system32\drivers\armoucfltr.sys
18:43:34.0038 0468 C:\WINDOWS\system32\drivers\armoucfltr.sys - ok
18:43:34.0038 0468 [ B1C303E17FB9D46E87A98E4BA6769685 ] C:\WINDOWS\system32\drivers\mouhid.sys
18:43:34.0038 0468 C:\WINDOWS\system32\drivers\mouhid.sys - ok
18:43:34.0054 0468 [ 2F31B7F954BED437F2C75026C65CAF7B ] C:\WINDOWS\system32\drivers\wmilib.sys
18:43:34.0054 0468 C:\WINDOWS\system32\drivers\wmilib.sys - ok
18:43:34.0054 0468 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] C:\WINDOWS\system32\drivers\atapi.sys
18:43:34.0054 0468 C:\WINDOWS\system32\drivers\atapi.sys - ok
18:43:34.0054 0468 [ FE97D0343ACFDEBDD578FC67CC91FA87 ] C:\WINDOWS\system32\drivers\dxapi.sys
18:43:34.0054 0468 C:\WINDOWS\system32\drivers\dxapi.sys - ok
18:43:34.0054 0468 [ 9A10AACBFDC4922715375FB4065EC930 ] C:\WINDOWS\system32\watchdog.sys
18:43:34.0054 0468 C:\WINDOWS\system32\watchdog.sys - ok
18:43:34.0069 0468 [ DFF851C4D8977A26F95B929A0B89BB5D ] C:\WINDOWS\system32\win32k.sys
18:43:34.0069 0468 C:\WINDOWS\system32\win32k.sys - ok
18:43:34.0069 0468 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
18:43:34.0069 0468 C:\WINDOWS\system32\basesrv.dll - ok
18:43:34.0069 0468 [ DD40363ABAD230A84C5E2178B11EFA88 ] C:\WINDOWS\system32\csrsrv.dll
18:43:34.0069 0468 C:\WINDOWS\system32\csrsrv.dll - ok
18:43:34.0085 0468 [ 44F275C64738EA2056E3D9580C23B60F ] C:\WINDOWS\system32\csrss.exe
18:43:34.0085 0468 C:\WINDOWS\system32\csrss.exe - ok
18:43:34.0085 0468 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
18:43:34.0085 0468 C:\WINDOWS\system32\winsrv.dll - ok
18:43:34.0085 0468 [ 8B1F3320AEBB536E021A5014409862DE ] C:\WINDOWS\system32\gdi32.dll
18:43:34.0085 0468 C:\WINDOWS\system32\gdi32.dll - ok
18:43:34.0085 0468 [ B921FB870C9AC0D509B2CCABBBBE95F3 ] C:\WINDOWS\system32\kernel32.dll
18:43:34.0085 0468 C:\WINDOWS\system32\kernel32.dll - ok
18:43:34.0101 0468 [ B26B135FF1B9F60C9388B4A7D16F600B ] C:\WINDOWS\system32\user32.dll
18:43:34.0101 0468 C:\WINDOWS\system32\user32.dll - ok
18:43:34.0101 0468 [ AC7280566A7BB85CB3291F04DDC1198E ] C:\WINDOWS\system32\drivers\dxg.sys
18:43:34.0101 0468 C:\WINDOWS\system32\drivers\dxg.sys - ok
18:43:34.0101 0468 [ A73F5D6705B1D820C19B18782E176EFD ] C:\WINDOWS\system32\drivers\dxgthk.sys
18:43:34.0101 0468 C:\WINDOWS\system32\drivers\dxgthk.sys - ok
18:43:34.0116 0468 [ 381EACE688037700B20A4AAACBD123C0 ] C:\WINDOWS\system32\nv4_disp.dll
18:43:34.0116 0468 C:\WINDOWS\system32\nv4_disp.dll - ok
18:43:34.0116 0468 [ ECB7591870F8BFB1A4C17B718AD5A4AA ] C:\WINDOWS\system32\vga.dll
18:43:34.0116 0468 C:\WINDOWS\system32\vga.dll - ok
18:43:34.0116 0468 [ ED0EF0A136DEC83DF69F04118870003E ] C:\WINDOWS\system32\winlogon.exe
18:43:34.0116 0468 C:\WINDOWS\system32\winlogon.exe - ok
18:43:34.0116 0468 [ E76F8807070ED04E7408A86D6D3A6137 ] C:\WINDOWS\system32\advapi32.dll
18:43:34.0116 0468 C:\WINDOWS\system32\advapi32.dll - ok
18:43:34.0132 0468 [ D4502F124289A31976130CCCB014C9AA ] C:\WINDOWS\system32\rpcrt4.dll
18:43:34.0132 0468 C:\WINDOWS\system32\rpcrt4.dll - ok
18:43:34.0132 0468 [ 5357826C8A8DD6A07F17C48BB45BE46E ] C:\WINDOWS\system32\secur32.dll
18:43:34.0132 0468 C:\WINDOWS\system32\secur32.dll - ok
18:43:34.0132 0468 [ 714705F29A917993536A6AB2DEDB0B7F ] C:\WINDOWS\system32\authz.dll
18:43:34.0132 0468 C:\WINDOWS\system32\authz.dll - ok
18:43:34.0132 0468 [ 355EDBB4D412B01F1740C17E3F50FA00 ] C:\WINDOWS\system32\msvcrt.dll
18:43:34.0132 0468 C:\WINDOWS\system32\msvcrt.dll - ok
18:43:34.0148 0468 [ 64416C6E07606720C1ECE6DD374BDFFD ] C:\WINDOWS\system32\crypt32.dll
18:43:34.0148 0468 C:\WINDOWS\system32\crypt32.dll - ok
18:43:34.0148 0468 [ 04D898830DF96A17A20FD35D7590F87E ] C:\WINDOWS\system32\msasn1.dll
18:43:34.0148 0468 C:\WINDOWS\system32\msasn1.dll - ok
18:43:34.0148 0468 [ 013C1148C1EC025596896E093F60F608 ] C:\WINDOWS\system32\nddeapi.dll
18:43:34.0148 0468 C:\WINDOWS\system32\nddeapi.dll - ok
18:43:34.0163 0468 [ CAC752BF84DB4666ED3CE0948E6EA937 ] C:\WINDOWS\system32\netapi32.dll
18:43:34.0163 0468 C:\WINDOWS\system32\netapi32.dll - ok
18:43:34.0163 0468 [ FCFA1C55971CC229D353B3A15ACCD995 ] C:\WINDOWS\system32\profmap.dll
18:43:34.0163 0468 C:\WINDOWS\system32\profmap.dll - ok
18:43:34.0163 0468 [ 43D13C80EBEC0135A3611E0F616F179B ] C:\WINDOWS\system32\userenv.dll
18:43:34.0163 0468 C:\WINDOWS\system32\userenv.dll - ok
18:43:34.0163 0468 [ 9CFCB3CA3D83B4EAA133F0644A2C6F31 ] C:\WINDOWS\system32\psapi.dll
18:43:34.0163 0468 C:\WINDOWS\system32\psapi.dll - ok
18:43:34.0179 0468 [ AF11C591F2F4AFF4A6CF699D376F618B ] C:\WINDOWS\system32\regapi.dll
18:43:34.0179 0468 C:\WINDOWS\system32\regapi.dll - ok
18:43:34.0179 0468 [ 24192246760E0E64435522E246B1D6C2 ] C:\WINDOWS\system32\setupapi.dll
18:43:34.0179 0468 C:\WINDOWS\system32\setupapi.dll - ok
18:43:34.0179 0468 [ FFC01A72D1C25CCB39F61B202CE60819 ] C:\WINDOWS\system32\imagehlp.dll
18:43:34.0179 0468 C:\WINDOWS\system32\imagehlp.dll - ok
18:43:34.0195 0468 [ C7CE131408739B0B3A318BE2D0032719 ] C:\WINDOWS\system32\version.dll
18:43:34.0195 0468 C:\WINDOWS\system32\version.dll - ok
18:43:34.0195 0468 [ 430CEB794F6E6EF8AC86958C242366D6 ] C:\WINDOWS\system32\winsta.dll
18:43:34.0195 0468 C:\WINDOWS\system32\winsta.dll - ok
18:43:34.0195 0468 [ 95F5C420E9BDD4C3569602911420A774 ] C:\WINDOWS\system32\wintrust.dll
18:43:34.0195 0468 C:\WINDOWS\system32\wintrust.dll - ok
18:43:34.0195 0468 [ 0DA85218E92526972A821587E6A8BF8F ] C:\WINDOWS\system32\imm32.dll
18:43:34.0195 0468 C:\WINDOWS\system32\imm32.dll - ok
18:43:34.0210 0468 [ 9789E95E1D88EEB4B922BF3EA7779C28 ] C:\WINDOWS\system32\ws2help.dll
18:43:34.0210 0468 C:\WINDOWS\system32\ws2help.dll - ok
18:43:34.0210 0468 [ 2CCC474EB85CEAA3E1FA1726580A3E5A ] C:\WINDOWS\system32\ws2_32.dll
18:43:34.0210 0468 C:\WINDOWS\system32\ws2_32.dll - ok
18:43:34.0210 0468 [ 56C5B179FE3308B655EB6208C3256FEC ] C:\WINDOWS\system32\kbdus.dll
18:43:34.0210 0468 C:\WINDOWS\system32\kbdus.dll - ok
18:43:34.0226 0468 [ D7B7A57C0E57C836F18CF12A4C62A1CA ] C:\WINDOWS\system32\msgina.dll
18:43:34.0226 0468 C:\WINDOWS\system32\msgina.dll - ok
18:43:34.0226 0468 [ 93AFB83FBC1F9443CAC722FCA63D73BF ] C:\WINDOWS\system32\comctl32.dll
18:43:34.0226 0468 C:\WINDOWS\system32\comctl32.dll - ok
18:43:34.0226 0468 [ 40B0F98BAD16AD5DEF894E88C3EF8014 ] C:\WINDOWS\system32\odbc32.dll
18:43:34.0226 0468 C:\WINDOWS\system32\odbc32.dll - ok
18:43:34.0226 0468 [ 86987A5000DFA3EBE2275C0456BCF2FE ] C:\WINDOWS\system32\comdlg32.dll
18:43:34.0241 0468 C:\WINDOWS\system32\comdlg32.dll - ok
18:43:34.0241 0468 [ 6843D54BC4A40CC8C5741AF750233D10 ] C:\WINDOWS\system32\shell32.dll
18:43:34.0241 0468 C:\WINDOWS\system32\shell32.dll - ok
18:43:34.0241 0468 [ C448A248B743F5FB935C787A5D97268B ] C:\WINDOWS\system32\shlwapi.dll
18:43:34.0241 0468 C:\WINDOWS\system32\shlwapi.dll - ok
18:43:34.0241 0468 [ 694503348B586E99D56C0E30AB5B3EF8 ] C:\WINDOWS\system32\sxs.dll
18:43:34.0241 0468 C:\WINDOWS\system32\sxs.dll - ok
18:43:34.0257 0468 [ 736B12B725AEB2B07F0241A9F680CB10 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
18:43:34.0257 0468 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll - ok
18:43:34.0257 0468 [ 6B7C6B32F8E84D56C6260D684019FEA2 ] C:\WINDOWS\system32\odbcint.dll
18:43:34.0257 0468 C:\WINDOWS\system32\odbcint.dll - ok
18:43:34.0257 0468 [ 6BAD1BED9872E62049E487FB91AE2F3A ] C:\WINDOWS\system32\ole32.dll
18:43:34.0257 0468 C:\WINDOWS\system32\ole32.dll - ok
18:43:34.0257 0468 [ 96E1C926F22EE1BFBAE82901A35F6BF3 ] C:\WINDOWS\system32\sfc.dll
18:43:34.0257 0468 C:\WINDOWS\system32\sfc.dll - ok
18:43:34.0273 0468 [ 6B5DB6789177A4FD0DEBC248041D0739 ] C:\WINDOWS\system32\sfc_os.dll
18:43:34.0273 0468 C:\WINDOWS\system32\sfc_os.dll - ok
18:43:34.0273 0468 [ 99BC0B50F511924348BE19C7C7313BBF ] C:\WINDOWS\system32\shsvcs.dll
18:43:34.0273 0468 C:\WINDOWS\system32\shsvcs.dll - ok
18:43:34.0273 0468 [ CF492D7E9AF1C628B3536D20EF6F5CC7 ] C:\WINDOWS\system32\apphelp.dll
18:43:34.0273 0468 C:\WINDOWS\system32\apphelp.dll - ok
18:43:34.0288 0468 [ BD31DC6DBE9333C4FBD4BDF0899F2160 ] C:\WINDOWS\system32\lsasrv.dll
18:43:34.0288 0468 C:\WINDOWS\system32\lsasrv.dll - ok
18:43:34.0288 0468 [ BF2466B3E18E970D8A976FB95FC1CA85 ] C:\WINDOWS\system32\lsass.exe
18:43:34.0288 0468 C:\WINDOWS\system32\lsass.exe - ok
18:43:34.0288 0468 [ EC29A79F1E76DC509E24D401F29D0678 ] C:\WINDOWS\system32\ncobjapi.dll
18:43:34.0288 0468 C:\WINDOWS\system32\ncobjapi.dll - ok
18:43:34.0288 0468 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
18:43:34.0288 0468 C:\WINDOWS\system32\services.exe - ok
18:43:34.0304 0468 [ F404830F3CD9BF8F2515E489C0CDA297 ] C:\WINDOWS\system32\msvcp60.dll
18:43:34.0304 0468 C:\WINDOWS\system32\msvcp60.dll - ok
18:43:34.0304 0468 [ B24A42A413E694AD73FDFB7FBD492C31 ] C:\WINDOWS\system32\scesrv.dll
18:43:34.0304 0468 C:\WINDOWS\system32\scesrv.dll - ok
18:43:34.0304 0468 [ DD7BD97FB8BD800963789158A5E4B41D ] C:\WINDOWS\system32\mpr.dll
18:43:34.0304 0468 C:\WINDOWS\system32\mpr.dll - ok
18:43:34.0320 0468 [ EC4C0D9BFD9F7E33F8B395AD54E13063 ] C:\WINDOWS\system32\ntdsapi.dll
18:43:34.0320 0468 C:\WINDOWS\system32\ntdsapi.dll - ok
18:43:34.0320 0468 [ 2EDFC2A8893435723AD80481803C6D5C ] C:\WINDOWS\system32\umpnpmgr.dll
18:43:34.0320 0468 C:\WINDOWS\system32\umpnpmgr.dll - ok
18:43:34.0320 0468 [ EA9EE60B408878E5F2012F9C783836DB ] C:\WINDOWS\AppPatch\acadproc.dll
18:43:34.0320 0468 C:\WINDOWS\AppPatch\acadproc.dll - ok
18:43:34.0320 0468 [ 389496118B3B03C2328024AF320132AC ] C:\WINDOWS\system32\dnsapi.dll
18:43:34.0320 0468 C:\WINDOWS\system32\dnsapi.dll - ok
18:43:34.0335 0468 [ 1F03103598BD817B1078DAB1326DDE11 ] C:\WINDOWS\system32\shimeng.dll
18:43:34.0335 0468 C:\WINDOWS\system32\shimeng.dll - ok
18:43:34.0335 0468 [ 0492CF5870F0E616B0C71695A433D162 ] C:\WINDOWS\system32\wldap32.dll
18:43:34.0335 0468 C:\WINDOWS\system32\wldap32.dll - ok
18:43:34.0335 0468 [ 8329A39D5A402A75A74301D6A62ECDA1 ] C:\WINDOWS\system32\samlib.dll
18:43:34.0335 0468 C:\WINDOWS\system32\samlib.dll - ok
18:43:34.0351 0468 [ F05B8CDB7FE0E55DCCFB1D946CE80064 ] C:\WINDOWS\system32\samsrv.dll
18:43:34.0351 0468 C:\WINDOWS\system32\samsrv.dll - ok
18:43:34.0351 0468 [ 310C15FD8358B2C4CD7A5B98A112883F ] C:\WINDOWS\AppPatch\acgenral.dll
18:43:34.0351 0468 C:\WINDOWS\AppPatch\acgenral.dll - ok
18:43:34.0351 0468 [ 17A1D675C12BBF80CAAC54A4855C41D0 ] C:\WINDOWS\system32\cryptdll.dll
18:43:34.0351 0468 C:\WINDOWS\system32\cryptdll.dll - ok
18:43:34.0366 0468 [ 1B2BE5777F69A71778F52FFEE1C798D6 ] C:\WINDOWS\system32\oleaut32.dll
18:43:34.0366 0468 C:\WINDOWS\system32\oleaut32.dll - ok
18:43:34.0366 0468 [ 4A953F13942867BA8FB41F141EC1B80C ] C:\WINDOWS\system32\winmm.dll
18:43:34.0366 0468 C:\WINDOWS\system32\winmm.dll - ok
18:43:34.0366 0468 [ 2098AB52BD5316E59AA36F3437B13BE6 ] C:\WINDOWS\system32\msacm32.dll
18:43:34.0366 0468 C:\WINDOWS\system32\msacm32.dll - ok
18:43:34.0382 0468 [ 7A2CC3719B255E6B5D74396183B7715B ] C:\WINDOWS\system32\uxtheme.dll
18:43:34.0382 0468 C:\WINDOWS\system32\uxtheme.dll - ok
18:43:34.0382 0468 [ F24B12786D60A17008319E3F2AEE7799 ] C:\WINDOWS\system32\msapsspc.dll
18:43:34.0382 0468 C:\WINDOWS\system32\msapsspc.dll - ok
18:43:34.0382 0468 [ 7A660EDC0757849DF5F8706FB6E9F740 ] C:\WINDOWS\system32\msvcrt40.dll
18:43:34.0382 0468 C:\WINDOWS\system32\msvcrt40.dll - ok
18:43:34.0382 0468 [ 3D76DD0CBC536E0F8C45D23ED230BEB2 ] C:\WINDOWS\system32\digest.dll
18:43:34.0382 0468 C:\WINDOWS\system32\digest.dll - ok
18:43:34.0398 0468 [ A4388DF80E52695AE92EE5F3F61F1619 ] C:\WINDOWS\system32\msnsspc.dll
18:43:34.0398 0468 C:\WINDOWS\system32\msnsspc.dll - ok
18:43:34.0398 0468 [ 0F64207B49390C8063C36AE7CBF9C2DB ] C:\WINDOWS\system32\schannel.dll
18:43:34.0398 0468 C:\WINDOWS\system32\schannel.dll - ok
18:43:34.0398 0468 [ 3F790874A85819E94574F3E7AF9C5806 ] C:\WINDOWS\system32\msctfime.ime
18:43:34.0398 0468 C:\WINDOWS\system32\msctfime.ime - ok
18:43:34.0413 0468 [ C6BB1D1500DB4A0E224CB65E6C7E8A80 ] C:\WINDOWS\system32\msprivs.dll
18:43:34.0413 0468 C:\WINDOWS\system32\msprivs.dll - ok
18:43:34.0413 0468 [ A525C96C51D55111FDF3BEA9FFFFC7AE ] C:\WINDOWS\system32\kerberos.dll
18:43:34.0413 0468 C:\WINDOWS\system32\kerberos.dll - ok
18:43:34.0413 0468 [ 1E644E3533DCE2B580A663AE1ACBD539 ] C:\WINDOWS\system32\atmfd.dll
18:43:34.0413 0468 C:\WINDOWS\system32\atmfd.dll - ok
18:43:34.0429 0468 [ 517561A1113B04E51D936CD018DE1C1F ] C:\WINDOWS\system32\msv1_0.dll
18:43:34.0429 0468 C:\WINDOWS\system32\msv1_0.dll - ok
18:43:34.0429 0468 [ AF07DC9B7CC455629E732340C7B15F3A ] C:\WINDOWS\system32\iphlpapi.dll
18:43:34.0429 0468 C:\WINDOWS\system32\iphlpapi.dll - ok
18:43:34.0429 0468 [ 1B7F071C51B77C272875C3A23E1E4550 ] C:\WINDOWS\system32\netlogon.dll
18:43:34.0429 0468 C:\WINDOWS\system32\netlogon.dll - ok
18:43:34.0429 0468 [ 54AF4B1D5459500EF0937F6D33B1914F ] C:\WINDOWS\system32\w32time.dll
18:43:34.0429 0468 C:\WINDOWS\system32\w32time.dll - ok
18:43:34.0445 0468 [ 54DAE3EA34802B4ED9AE1C6B1209FA56 ] C:\WINDOWS\system32\rsaenh.dll
18:43:34.0445 0468 C:\WINDOWS\system32\rsaenh.dll - ok
18:43:34.0445 0468 [ 3AAF9B35939FF9E58CCD18D41655C2FC ] C:\WINDOWS\system32\wdigest.dll
18:43:34.0445 0468 C:\WINDOWS\system32\wdigest.dll - ok
18:43:34.0445 0468 [ 02988B904C386B500CD08639C4C20EEA ] C:\WINDOWS\system32\winscard.dll
18:43:34.0445 0468 C:\WINDOWS\system32\winscard.dll - ok
18:43:34.0460 0468 [ 0E2735281FBB9A764D5584C2A5DCBA59 ] C:\WINDOWS\system32\wtsapi32.dll
18:43:34.0460 0468 C:\WINDOWS\system32\wtsapi32.dll - ok
18:43:34.0460 0468 [ A86BB5E61BF3E39B62AB4C7E7085A084 ] C:\WINDOWS\system32\scecli.dll
18:43:34.0460 0468 C:\WINDOWS\system32\scecli.dll - ok
18:43:34.0460 0468 [ 27C6D03BCDB8CFEB96B716F3D8BE3E18 ] C:\WINDOWS\system32\svchost.exe
18:43:34.0460 0468 C:\WINDOWS\system32\svchost.exe - ok
18:43:34.0476 0468 [ 549290DBC280C887681D7652978DBBE0 ] C:\WINDOWS\system32\ntmarta.dll
18:43:34.0476 0468 C:\WINDOWS\system32\ntmarta.dll - ok
18:43:34.0476 0468 [ 6B27A5C03DFB94B4245739065431322C ] C:\WINDOWS\system32\rpcss.dll
18:43:34.0476 0468 C:\WINDOWS\system32\rpcss.dll - ok
18:43:34.0476 0468 [ 16403217AB6FC5C30C14C6B12098AD4B ] C:\WINDOWS\system32\xpsp2res.dll
18:43:34.0476 0468 C:\WINDOWS\system32\xpsp2res.dll - ok
18:43:34.0492 0468 [ 6D4FEB43EE538FC5428CC7F0565AA656 ] C:\WINDOWS\system32\eventlog.dll
18:43:34.0492 0468 C:\WINDOWS\system32\eventlog.dll - ok
18:43:34.0492 0468 [ 832E4DD8964AB7ACC880B2837CB1ED20 ] C:\WINDOWS\system32\mswsock.dll
18:43:34.0492 0468 C:\WINDOWS\system32\mswsock.dll - ok
18:43:34.0492 0468 [ 3CB32D3B8CBE79899D63280BB7A83CD9 ] C:\WINDOWS\system32\hnetcfg.dll
18:43:34.0492 0468 C:\WINDOWS\system32\hnetcfg.dll - ok
18:43:34.0492 0468 [ 6F9BEF24C578D5D6740E080BEDD6A448 ] C:\WINDOWS\system32\rasadhlp.dll
18:43:34.0492 0468 C:\WINDOWS\system32\rasadhlp.dll - ok
18:43:34.0507 0468 [ D72B9EC3337B247A666F098F3D6B43DE ] C:\WINDOWS\system32\winrnr.dll
18:43:34.0507 0468 C:\WINDOWS\system32\winrnr.dll - ok
18:43:34.0507 0468 [ 4E3D06D6E68EEDB52565080F55B460D3 ] C:\WINDOWS\system32\wshtcpip.dll
18:43:34.0507 0468 C:\WINDOWS\system32\wshtcpip.dll - ok
18:43:34.0507 0468 [ F927A4434C5028758A842943EF1A3849 ] C:\WINDOWS\system32\drivers\ndisuio.sys
18:43:34.0507 0468 C:\WINDOWS\system32\drivers\ndisuio.sys - ok
18:43:34.0523 0468 [ 5E38D7684A49CACFB752B046357E0589 ] C:\WINDOWS\system32\dhcpcsvc.dll
18:43:34.0523 0468 C:\WINDOWS\system32\dhcpcsvc.dll - ok
18:43:34.0523 0468 [ 515A7FAE2070C2B0242B2353443E2F11 ] C:\WINDOWS\system32\cscdll.dll
18:43:34.0523 0468 C:\WINDOWS\system32\cscdll.dll - ok
18:43:34.0523 0468 [ 5F7E24FA9EAB896051FFB87F840730D2 ] C:\WINDOWS\system32\dnsrslvr.dll
18:43:34.0523 0468 C:\WINDOWS\system32\dnsrslvr.dll - ok
18:43:34.0538 0468 [ 3D41A9326F0376FC73AF961DD23B1FB1 ] C:\WINDOWS\system32\duser.dll
18:43:34.0538 0468 C:\WINDOWS\system32\duser.dll - ok
18:43:34.0538 0468 [ 2081A5B5E4ABA206A0A8A1A97DF0FB23 ] C:\WINDOWS\system32\logonui.exe
18:43:34.0538 0468 C:\WINDOWS\system32\logonui.exe - ok
18:43:34.0538 0468 [ E2092F0A1D7ABC243F9C2362483D150D ] C:\WINDOWS\system32\dimsntfy.dll
18:43:34.0538 0468 C:\WINDOWS\system32\dimsntfy.dll - ok
18:43:34.0538 0468 [ AFFC87E2501FCE8F09D4C10BA6421CCF ] C:\WINDOWS\system32\msimg32.dll
18:43:34.0538 0468 C:\WINDOWS\system32\msimg32.dll - ok
18:43:34.0554 0468 [ BD83ABA61E8ACCC8D9FFB869F29418CE ] C:\WINDOWS\system32\winspool.drv
18:43:34.0554 0468 C:\WINDOWS\system32\winspool.drv - ok
18:43:34.0554 0468 [ 2CC34E8BB667EEF78899546E12649196 ] C:\WINDOWS\system32\wlnotify.dll
18:43:34.0554 0468 C:\WINDOWS\system32\wlnotify.dll - ok
18:43:34.0554 0468 [ 20200EE3CFE10E9F0C028D8653BE11C6 ] C:\WINDOWS\system32\oleacc.dll
18:43:34.0554 0468 C:\WINDOWS\system32\oleacc.dll - ok
18:43:34.0570 0468 [ F137A0CA70003DB20448D540651FA003 ] C:\WINDOWS\system32\clbcatq.dll
18:43:34.0570 0468 C:\WINDOWS\system32\clbcatq.dll - ok
18:43:34.0585 0468 [ A7DB739AE99A796D91580147E919CC59 ] C:\WINDOWS\system32\lmhsvc.dll
18:43:34.0585 0468 C:\WINDOWS\system32\lmhsvc.dll - ok
18:43:34.0585 0468 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] C:\WINDOWS\system32\wzcsvc.dll
18:43:34.0585 0468 C:\WINDOWS\system32\wzcsvc.dll - ok
18:43:34.0585 0468 [ 224FB925C641DA16CEB6D60F40CA4C75 ] C:\WINDOWS\system32\atl.dll
18:43:34.0585 0468 C:\WINDOWS\system32\atl.dll - ok
18:43:34.0601 0468 [ 1280A158C722FA95A80FB7AEBE78FA7D ] C:\WINDOWS\system32\comres.dll
18:43:34.0601 0468 C:\WINDOWS\system32\comres.dll - ok
18:43:34.0601 0468 [ E6EF7BC927D9F8F9BA1584BFC39E0C6F ] C:\WINDOWS\system32\eapolqec.dll
18:43:34.0601 0468 C:\WINDOWS\system32\eapolqec.dll - ok
18:43:34.0601 0468 [ 876CCF164E08D6B903CD14398E056DD2 ] C:\WINDOWS\system32\rtutils.dll
18:43:34.0601 0468 C:\WINDOWS\system32\rtutils.dll - ok
18:43:34.0601 0468 [ 7B0770526801F05D58C51A3DFB87B4BD ] C:\WINDOWS\system32\wmi.dll
18:43:34.0601 0468 C:\WINDOWS\system32\wmi.dll - ok
18:43:34.0617 0468 [ 8E2CC37BA87D8F681066E0E9C8A19F73 ] C:\WINDOWS\system32\dot3api.dll
18:43:34.0617 0468 C:\WINDOWS\system32\dot3api.dll - ok
18:43:34.0617 0468 [ 8AE93AACC648921BAACB8602991AC4B3 ] C:\WINDOWS\system32\qutil.dll
18:43:34.0617 0468 C:\WINDOWS\system32\qutil.dll - ok
18:43:34.0617 0468 [ F5B754CDEA20BBB3A31E16A776EDE6D6 ] C:\WINDOWS\system32\esent.dll
18:43:34.0617 0468 C:\WINDOWS\system32\esent.dll - ok
18:43:34.0632 0468 [ E5EDBD51476DB5001ABF5C82AE5C3DD1 ] C:\WINDOWS\system32\shgina.dll
18:43:34.0632 0468 C:\WINDOWS\system32\shgina.dll - ok
18:43:34.0632 0468 [ A39BE37C9237DB5F1990D61B268EA555 ] C:\WINDOWS\system32\rastls.dll
18:43:34.0632 0468 C:\WINDOWS\system32\rastls.dll - ok
18:43:34.0632 0468 [ 6E4BE11D50F8A8DE2BAD644C9C9DE8D3 ] C:\WINDOWS\system32\cryptui.dll
18:43:34.0632 0468 C:\WINDOWS\system32\cryptui.dll - ok
18:43:34.0632 0468 [ C4300CB4D20B1159DC77E01E8A2525EC ] C:\WINDOWS\system32\wininet.dll
18:43:34.0632 0468 C:\WINDOWS\system32\wininet.dll - ok
18:43:34.0648 0468 [ 10753A3ADC3E39A3B10CC3F08E98E6B4 ] C:\WINDOWS\system32\normaliz.dll
18:43:34.0648 0468 C:\WINDOWS\system32\normaliz.dll - ok
18:43:34.0648 0468 [ C9335D5B07E6A930BD561D35C431A0AF ] C:\WINDOWS\system32\urlmon.dll
18:43:34.0648 0468 C:\WINDOWS\system32\urlmon.dll - ok
18:43:34.0648 0468 [ 46485AE6433AF77F237C792D3DA11F48 ] C:\WINDOWS\system32\iertutil.dll
18:43:34.0648 0468 C:\WINDOWS\system32\iertutil.dll - ok
18:43:34.0648 0468 [ 2CDAE321B8E878A278BA2D2FA013060B ] C:\WINDOWS\system32\activeds.dll
18:43:34.0648 0468 C:\WINDOWS\system32\activeds.dll - ok
18:43:34.0663 0468 [ 0D84657DBF93DB98673DEFDF2B29E25A ] C:\WINDOWS\system32\adsldpc.dll
18:43:34.0663 0468 C:\WINDOWS\system32\adsldpc.dll - ok
18:43:34.0663 0468 [ EA5B8BECA3F279C757578CD7F1E95855 ] C:\WINDOWS\system32\mprapi.dll
18:43:34.0663 0468 C:\WINDOWS\system32\mprapi.dll - ok
18:43:34.0663 0468 [ 92C4F48B62B0B876194584C3FF09CCB6 ] C:\WINDOWS\system32\rasapi32.dll
18:43:34.0663 0468 C:\WINDOWS\system32\rasapi32.dll - ok
18:43:34.0679 0468 [ 4DEF926F6A0545AE486A03C84F2EE482 ] C:\WINDOWS\system32\rasman.dll
18:43:34.0679 0468 C:\WINDOWS\system32\rasman.dll - ok
18:43:34.0679 0468 [ 00AABF131B4823785818DB99A075A313 ] C:\WINDOWS\system32\tapi32.dll
18:43:34.0679 0468 C:\WINDOWS\system32\tapi32.dll - ok
18:43:34.0679 0468 [ C1FAEA15E41F62D7BFA7FBC395C24BA6 ] C:\WINDOWS\system32\riched20.dll
18:43:34.0679 0468 C:\WINDOWS\system32\riched20.dll - ok
18:43:34.0695 0468 [ 56CE97FF94B7662A300D359CD6F4D601 ] C:\WINDOWS\system32\raschap.dll
18:43:34.0695 0468 C:\WINDOWS\system32\raschap.dll - ok
18:43:34.0695 0468 [ 085ED2E391A871C7BAE87E0228B546BA ] C:\WINDOWS\system32\cscui.dll
18:43:34.0695 0468 C:\WINDOWS\system32\cscui.dll - ok
18:43:34.0695 0468 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] C:\WINDOWS\system32\schedsvc.dll
18:43:34.0695 0468 C:\WINDOWS\system32\schedsvc.dll - ok
18:43:34.0695 0468 [ 50A166237A0FA771261275A405646CC0 ] C:\WINDOWS\system32\powrprof.dll
18:43:34.0695 0468 C:\WINDOWS\system32\powrprof.dll - ok
18:43:34.0710 0468 [ 6C26DCF01E2A92F183B97D434017268A ] C:\WINDOWS\system32\dpcdll.dll
18:43:34.0710 0468 C:\WINDOWS\system32\dpcdll.dll - ok
18:43:34.0710 0468 [ E47E364C96467FD54FA44D59F927C3AB ] C:\WINDOWS\system32\msidle.dll
18:43:34.0710 0468 C:\WINDOWS\system32\msidle.dll - ok
18:43:34.0710 0468 [ 60784F891563FB1B767F70117FC2428F ] C:\WINDOWS\system32\spoolsv.exe
18:43:34.0710 0468 C:\WINDOWS\system32\spoolsv.exe - ok
18:43:34.0726 0468 [ A93AEE1928A9D7CE3E16D24EC7380F89 ] C:\WINDOWS\system32\userinit.exe
18:43:34.0726 0468 C:\WINDOWS\system32\userinit.exe - ok
18:43:34.0726 0468 [ 12896823FB95BFB3DC9B46BCAEDC9923 ] C:\WINDOWS\explorer.exe
18:43:34.0726 0468 C:\WINDOWS\explorer.exe - ok
18:43:34.0726 0468 [ DEF7A7882BEC100FE0B2CE2549188F9D ] C:\WINDOWS\system32\audiosrv.dll
18:43:34.0726 0468 C:\WINDOWS\system32\audiosrv.dll - ok
18:43:34.0726 0468 [ B1C23558820A1B889949C1B5B050AA62 ] C:\WINDOWS\system32\browseui.dll
18:43:34.0726 0468 C:\WINDOWS\system32\browseui.dll - ok
18:43:34.0742 0468 [ EA28E642E65DC6767578EA3B37D3DA0C ] C:\WINDOWS\system32\shdocvw.dll
18:43:34.0742 0468 C:\WINDOWS\system32\shdocvw.dll - ok
18:43:34.0742 0468 [ A8888A5327621856C0CEC4E385F69309 ] C:\WINDOWS\system32\wkssvc.dll
18:43:34.0742 0468 C:\WINDOWS\system32\wkssvc.dll - ok
18:43:34.0742 0468 [ B4ED498E3BFEE64E952BC44FC6057DB8 ] C:\WINDOWS\system32\desk.cpl
18:43:34.0742 0468 C:\WINDOWS\system32\desk.cpl - ok
18:43:34.0757 0468 [ A314EEA2A503A8E04085201E436384A5 ] C:\WINDOWS\system32\themeui.dll
18:43:34.0757 0468 C:\WINDOWS\system32\themeui.dll - ok
18:43:34.0757 0468 [ 912B67BB8249925A5C972FC5839EAE09 ] C:\WINDOWS\system32\actxprxy.dll
18:43:34.0757 0468 C:\WINDOWS\system32\actxprxy.dll - ok
18:43:34.0757 0468 [ 6D778E0F95447E6546553EEEA709D03C ] C:\WINDOWS\system32\cmd.exe
18:43:34.0757 0468 C:\WINDOWS\system32\cmd.exe - ok
18:43:34.0757 0468 [ CE5BC065C74C0A49486664CF71E0CA0A ] C:\WINDOWS\system32\ieframe.dll
18:43:34.0757 0468 C:\WINDOWS\system32\ieframe.dll - ok
18:43:34.0773 0468 [ C14350FC0D47D806699C4F907FC6785B ] C:\WINDOWS\system32\cryptnet.dll
18:43:34.0773 0468 C:\WINDOWS\system32\cryptnet.dll - ok
18:43:34.0773 0468 [ 3CBA2210FA39C6ED7895634842E930DD ] C:\WINDOWS\system32\sensapi.dll
18:43:34.0773 0468 C:\WINDOWS\system32\sensapi.dll - ok
18:43:34.0773 0468 [ 684559A03CBC1D05BA120A18B0D8BA5D ] C:\WINDOWS\system32\winhttp.dll
18:43:34.0773 0468 C:\WINDOWS\system32\winhttp.dll - ok
18:43:34.0788 0468 [ F9D3C78CFE15271D80790677C893CE45 ] C:\WINDOWS\system32\cabinet.dll
18:43:34.0788 0468 C:\WINDOWS\system32\cabinet.dll - ok
18:43:34.0788 0468 [ 6768ACF64B18196494413695F0C3A00F ] C:\WINDOWS\system32\drivers\wdmaud.sys
18:43:34.0788 0468 C:\WINDOWS\system32\drivers\wdmaud.sys - ok
18:43:34.0788 0468 [ 680B56A8B62D1BCF4A0B2AAAD03D88E4 ] C:\WINDOWS\system32\wdmaud.drv
18:43:34.0788 0468 C:\WINDOWS\system32\wdmaud.drv - ok
18:43:34.0804 0468 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] C:\WINDOWS\system32\drivers\sysaudio.sys
18:43:34.0804 0468 C:\WINDOWS\system32\drivers\sysaudio.sys - ok
18:43:34.0804 0468 [ 8BED39E3C35D6A489438B8141717A557 ] C:\WINDOWS\system32\drivers\aec.sys
18:43:34.0804 0468 C:\WINDOWS\system32\drivers\aec.sys - ok
18:43:34.0804 0468 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] C:\WINDOWS\system32\drivers\splitter.sys
18:43:34.0804 0468 C:\WINDOWS\system32\drivers\splitter.sys - ok
18:43:34.0820 0468 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] C:\WINDOWS\system32\drivers\swmidi.sys
18:43:34.0820 0468 C:\WINDOWS\system32\drivers\swmidi.sys - ok
18:43:34.0820 0468 [ 8A208DFCF89792A484E76C40E5F50B45 ] C:\WINDOWS\system32\drivers\dmusic.sys
18:43:34.0820 0468 C:\WINDOWS\system32\drivers\dmusic.sys - ok
18:43:34.0820 0468 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] C:\WINDOWS\system32\drivers\drmkaud.sys
18:43:34.0820 0468 C:\WINDOWS\system32\drivers\drmkaud.sys - ok
18:43:34.0820 0468 [ 692BCF44383D056AED41B045A323D378 ] C:\WINDOWS\system32\drivers\kmixer.sys
18:43:34.0820 0468 C:\WINDOWS\system32\drivers\kmixer.sys - ok
18:43:34.0835 0468 [ 9A3BD5F55AADFF859539142F6328A66E ] C:\WINDOWS\system32\msacm32.drv
18:43:34.0835 0468 C:\WINDOWS\system32\msacm32.drv - ok
18:43:34.0835 0468 [ 5C12660A97822F6E61576943B49AAAD6 ] C:\WINDOWS\system32\midimap.dll
18:43:34.0835 0468 C:\WINDOWS\system32\midimap.dll - ok
18:43:34.0835 0468 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] C:\WINDOWS\system32\drivers\mrxdav.sys
18:43:34.0835 0468 C:\WINDOWS\system32\drivers\mrxdav.sys - ok
18:43:34.0851 0468 [ 77A354E28153AD2D5E120A5A8687BC06 ] C:\WINDOWS\system32\webclnt.dll
18:43:34.0851 0468 C:\WINDOWS\system32\webclnt.dll - ok
18:43:34.0851 0468 [ 9A0D9B2E263BEDE80FB79DDBAD240EC1 ] C:\WINDOWS\arservice.exe
18:43:34.0851 0468 C:\WINDOWS\arservice.exe - ok
18:43:34.0851 0468 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] C:\WINDOWS\system32\drivers\serial.sys
18:43:34.0851 0468 C:\WINDOWS\system32\drivers\serial.sys - ok
18:43:34.0867 0468 [ 3D4E199942E29207970E04315D02AD3B ] C:\WINDOWS\system32\cryptsvc.dll
18:43:34.0867 0468 C:\WINDOWS\system32\cryptsvc.dll - ok
18:43:34.0867 0468 [ D039A0C347632622934906BD59A4E1EA ] C:\WINDOWS\ehome\ehrecvr.exe
18:43:34.0867 0468 C:\WINDOWS\ehome\ehrecvr.exe - ok
18:43:34.0867 0468 [ 6D280BC969218AE4A72180F907C32913 ] C:\WINDOWS\ehome\ehTrace.dll
18:43:34.0867 0468 C:\WINDOWS\ehome\ehTrace.dll - ok
18:43:34.0882 0468 [ 00709952D444EAE14DBBD30D36FBAE0F ] C:\WINDOWS\system32\certcli.dll
18:43:34.0882 0468 C:\WINDOWS\system32\certcli.dll - ok
18:43:34.0882 0468 [ 57EDEC2E5F59F0335E92F35184BC8631 ] C:\WINDOWS\system32\dmserver.dll
18:43:34.0882 0468 C:\WINDOWS\system32\dmserver.dll - ok
18:43:34.0882 0468 [ 0099D24356585743B0B35C222092FD8F ] C:\WINDOWS\system32\faultrep.dll
18:43:34.0882 0468 C:\WINDOWS\system32\faultrep.dll - ok
18:43:34.0882 0468 [ A53243709439AC2A4C216B817F8D7411 ] C:\WINDOWS\ehome\ehSched.exe
18:43:34.0882 0468 C:\WINDOWS\ehome\ehSched.exe - ok
18:43:34.0898 0468 [ 2346842F07E2AB64D1DC83A67FCCDFA1 ] C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\fsgk32st.exe
18:43:34.0898 0468 C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\fsgk32st.exe - ok
18:43:34.0898 0468 [ BC93B4A066477954555966D77FEC9ECB ] C:\WINDOWS\system32\ersvc.dll
18:43:34.0898 0468 C:\WINDOWS\system32\ersvc.dll - ok
18:43:34.0898 0468 [ D4991D98F2DB73C60D042F1AEF79EFAE ] C:\WINDOWS\system32\es.dll
18:43:34.0898 0468 C:\WINDOWS\system32\es.dll - ok
18:43:34.0898 0468 [ 008DF0C9D81BD814480DD9C052893E8C ] C:\WINDOWS\ehome\ehRec.exe
18:43:34.0898 0468 C:\WINDOWS\ehome\ehRec.exe - ok
18:43:34.0914 0468 [ F14A2A809E25233160FCD369003BEFB5 ] C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\fsgk32.exe
18:43:34.0914 0468 C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\fsgk32.exe - ok
18:43:34.0914 0468 [ 659899C5ED6CDBD6151D40086F30ACE5 ] C:\Program Files\eastlinkinternetsecurityservices\Common\FSMA32.DLL
18:43:34.0914 0468 C:\Program Files\eastlinkinternetsecurityservices\Common\FSMA32.DLL - ok
18:43:34.0914 0468 [ 8A556A81E9FF95BD9EB7207783E8FCF4 ] C:\Program Files\eastlinkinternetsecurityservices\Common\FSMA32.EXE
18:43:34.0914 0468 C:\Program Files\eastlinkinternetsecurityservices\Common\FSMA32.EXE - ok
18:43:34.0914 0468 [ 128DD9AF8640DBCC711940903C8B554F ] C:\WINDOWS\system32\mscoree.dll
18:43:34.0929 0468 C:\WINDOWS\system32\mscoree.dll - ok
18:43:34.0929 0468 [ D32CA0E59846EC01461BF1345E8C8B91 ] C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\updcfg.dll
18:43:34.0929 0468 C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\updcfg.dll - ok
18:43:34.0929 0468 [ 7AE34851006137A01D824C081D4BBD38 ] C:\Program Files\eastlinkinternetsecurityservices\Common\FSPMAPI.DLL
18:43:34.0929 0468 C:\Program Files\eastlinkinternetsecurityservices\Common\FSPMAPI.DLL - ok
18:43:34.0929 0468 [ 926AFC4848FF3297BB264333BF51E21F ] C:\WINDOWS\system32\sbe.dll
18:43:34.0929 0468 C:\WINDOWS\system32\sbe.dll - ok
18:43:34.0945 0468 [ 1CFF6DC8F60BBE0AADC1AD15DFAD162A ] C:\WINDOWS\system32\msvidctl.dll
18:43:34.0945 0468 C:\WINDOWS\system32\msvidctl.dll - ok
18:43:34.0945 0468 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll
18:43:34.0945 0468 C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll - ok
18:43:34.0945 0468 [ F80A415EF82CD06FFAF0D971528EAD38 ] C:\WINDOWS\system32\drivers\http.sys
18:43:34.0945 0468 C:\WINDOWS\system32\drivers\http.sys - ok
18:43:34.0960 0468 [ 9FA8C585F19FD6F957F7B1743EC3FFCB ] C:\Program Files\eastlinkinternetsecurityservices\Common\FCH32.DLL
18:43:34.0960 0468 C:\Program Files\eastlinkinternetsecurityservices\Common\FCH32.DLL - ok
18:43:34.0960 0468 [ 86E8C2EA0BAA47BE919072251DE6489F ] C:\Program Files\eastlinkinternetsecurityservices\Common\FSHDLL32.EXE
18:43:34.0960 0468 C:\Program Files\eastlinkinternetsecurityservices\Common\FSHDLL32.EXE - ok
18:43:34.0960 0468 [ 425FDBF3C4F268ED0543BE2E747684B7 ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
18:43:34.0960 0468 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll - ok
18:43:34.0960 0468 [ C960FF9CCAF666BD9FD7F2FE7E31F167 ] C:\Program Files\eastlinkinternetsecurityservices\Common\FSPMENG.DLL
18:43:34.0960 0468 C:\Program Files\eastlinkinternetsecurityservices\Common\FSPMENG.DLL - ok
18:43:34.0976 0468 [ 966BB403E66CA17CFDCDB9AC9228DC09 ] C:\Program Files\eastlinkinternetsecurityservices\Common\FSMA32S.DLL
18:43:34.0976 0468 C:\Program Files\eastlinkinternetsecurityservices\Common\FSMA32S.DLL - ok
18:43:34.0976 0468 [ 868F1BB2410D9064FA19432D0FA33974 ] C:\Program Files\eastlinkinternetsecurityservices\Scanner-Interface\fsgkiapi.dll
18:43:34.0976 0468 C:\Program Files\eastlinkinternetsecurityservices\Scanner-Interface\fsgkiapi.dll - ok
18:43:34.0976 0468 [ 0A5709543986843D37A92290B7838340 ] C:\Program Files\Java\jre6\bin\jqs.exe
18:43:34.0976 0468 C:\Program Files\Java\jre6\bin\jqs.exe - ok
18:43:34.0992 0468 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files\Java\jre6\bin\msvcr71.dll
18:43:34.0992 0468 C:\Program Files\Java\jre6\bin\msvcr71.dll - ok
18:43:34.0992 0468 [ 40A225BD00F12751834B716A6F4975BE ] C:\Program Files\eastlinkinternetsecurityservices\DAAS2\fsclm.dll
18:43:34.0992 0468 C:\Program Files\eastlinkinternetsecurityservices\DAAS2\fsclm.dll - ok
18:43:34.0992 0468 [ 5D43C9A33F18C707BA169AFDA88BDF30 ] C:\WINDOWS\system32\fltlib.dll
18:43:34.0992 0468 C:\WINDOWS\system32\fltlib.dll - ok
18:43:34.0992 0468 [ 34FFB6ABA2DA398BB33422E1E9275BA9 ] C:\WINDOWS\system32\quartz.dll
18:43:34.0992 0468 C:\WINDOWS\system32\quartz.dll - ok
18:43:35.0007 0468 [ 62CF83A6989312A0DD39BBFFB3D1C166 ] C:\WINDOWS\system32\pdh.dll
18:43:35.0007 0468 C:\WINDOWS\system32\pdh.dll - ok
18:43:35.0007 0468 [ 369F7B1A4F358B976176556A1A331F36 ] C:\WINDOWS\system32\odbcbcp.dll
18:43:35.0007 0468 C:\WINDOWS\system32\odbcbcp.dll - ok
18:43:35.0007 0468 [ AA5E22854F56C68148EB3345DBD62970 ] C:\WINDOWS\system32\devenum.dll
18:43:35.0007 0468 C:\WINDOWS\system32\devenum.dll - ok
18:43:35.0023 0468 [ D25C03D04159D462D69F294BA7142BDB ] C:\WINDOWS\system32\msdmo.dll
18:43:35.0023 0468 C:\WINDOWS\system32\msdmo.dll - ok
18:43:35.0023 0468 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll
18:43:35.0023 0468 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll - ok
18:43:35.0023 0468 [ E4973B3229E0015345AFBE43A8A8EB3B ] C:\Program Files\Common Files\LightScribe\LSSrvc.exe
18:43:35.0023 0468 C:\Program Files\Common Files\LightScribe\LSSrvc.exe - ok
18:43:35.0023 0468 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files\Common Files\LightScribe\msvcr71.dll
18:43:35.0023 0468 C:\Program Files\Common Files\LightScribe\msvcr71.dll - ok
18:43:35.0039 0468 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] C:\WINDOWS\system32\srvsvc.dll
18:43:35.0039 0468 C:\WINDOWS\system32\srvsvc.dll - ok
18:43:35.0039 0468 [ 67156D5A9AC356DC99D7BCCB388E3316 ] C:\WINDOWS\system32\wsock32.dll
18:43:35.0039 0468 C:\WINDOWS\system32\wsock32.dll - ok
18:43:35.0039 0468 [ 90A19823FF3B5165AFCB2AA198FB6F69 ] C:\Program Files\eastlinkinternetsecurityservices\FSAUA\program\fsaua.dll
18:43:35.0039 0468 C:\Program Files\eastlinkinternetsecurityservices\FSAUA\program\fsaua.dll - ok
18:43:35.0039 0468 [ 0E8FE20BB184E59FF304045B74FDBC3F ] C:\Program Files\eastlinkinternetsecurityservices\Common\FAMEH32.DLL
18:43:35.0039 0468 C:\Program Files\eastlinkinternetsecurityservices\Common\FAMEH32.DLL - ok
18:43:35.0054 0468 [ 7C87A5FB95777E4132B11FC3D92CAAF5 ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll
18:43:35.0054 0468 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll - ok
18:43:35.0054 0468 [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\Program Files\Common Files\LightScribe\msvcp71.dll
18:43:35.0054 0468 C:\Program Files\Common Files\LightScribe\msvcp71.dll - ok
18:43:35.0054 0468 [ 932B47CB34E93B495630C215CADB0614 ] C:\Program Files\eastlinkinternetsecurityservices\Common\fslapi.dll
18:43:35.0054 0468 C:\Program Files\eastlinkinternetsecurityservices\Common\fslapi.dll - ok
18:43:35.0070 0468 [ 20FD44370267CCD0A64A1B31861C21D2 ] C:\WINDOWS\system32\netmsg.dll
18:43:35.0070 0468 C:\WINDOWS\system32\netmsg.dll - ok
18:43:35.0070 0468 [ 3DA977851FE3013741091ED584EE7658 ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
18:43:35.0070 0468 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll - ok
18:43:35.0070 0468 [ ACDAFCD14EC0ECE89198503746A5C147 ] C:\WINDOWS\system32\perfos.dll
18:43:35.0070 0468 C:\WINDOWS\system32\perfos.dll - ok
18:43:35.0070 0468 [ ABFB673B24A9B3287761D497529FB5B9 ] C:\WINDOWS\system32\perfdisk.dll
18:43:35.0070 0468 C:\WINDOWS\system32\perfdisk.dll - ok
18:43:35.0085 0468 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] C:\WINDOWS\system32\drivers\srv.sys
18:43:35.0085 0468 C:\WINDOWS\system32\drivers\srv.sys - ok
18:43:35.0085 0468 [ A8C10FD89AC97BC3687A265433B2F61C ] C:\Program Files\eastlinkinternetsecurityservices\Common\AMEHEVN.DLL
18:43:35.0085 0468 C:\Program Files\eastlinkinternetsecurityservices\Common\AMEHEVN.DLL - ok
18:43:35.0085 0468 [ 34184895D2CAFED6F8AB559546BFB929 ] C:\Program Files\eastlinkinternetsecurityservices\FSPC\fspc.dll
18:43:35.0085 0468 C:\Program Files\eastlinkinternetsecurityservices\FSPC\fspc.dll - ok
18:43:35.0101 0468 [ 11F714F85530A2BD134074DC30E99FCA ] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
18:43:35.0101 0468 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE - ok
18:43:35.0101 0468 [ 9050A738D58DE9C4F57D0A3667CEC9A6 ] C:\Program Files\eastlinkinternetsecurityservices\TNB\fstnb.dll
18:43:35.0101 0468 C:\Program Files\eastlinkinternetsecurityservices\TNB\fstnb.dll - ok
18:43:35.0101 0468 [ 18E2945E076BC3579204D9BA538BD226 ] C:\Program Files\eastlinkinternetsecurityservices\FSAUA\program\fsaua_api_dll.dll
18:43:35.0101 0468 C:\Program Files\eastlinkinternetsecurityservices\FSAUA\program\fsaua_api_dll.dll - ok
18:43:35.0117 0468 [ 26AE83CA23CE95676045F24E7449A12F ] C:\Program Files\eastlinkinternetsecurityservices\Common\AMEHLOG.DLL
18:43:35.0117 0468 C:\Program Files\eastlinkinternetsecurityservices\Common\AMEHLOG.DLL - ok
18:43:35.0117 0468 [ 88F9BAC03BE44DD50E14697C428215C5 ] C:\Program Files\eastlinkinternetsecurityservices\FSGUI\fsstm.exe
18:43:35.0117 0468 C:\Program Files\eastlinkinternetsecurityservices\FSGUI\fsstm.exe - ok
18:43:35.0117 0468 [ 93A47C0CDDACE194624240DFEA0CE04B ] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_0f801e0f\mscorlib.dll
18:43:35.0117 0468 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_0f801e0f\mscorlib.dll - ok
18:43:35.0117 0468 [ ABEC6AD92EDE64CFD3E63CF846248EB2 ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
18:43:35.0117 0468 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll - ok
18:43:35.0132 0468 [ 3C307610A9874B5AF89B14C173D56ECE ] C:\Program Files\eastlinkinternetsecurityservices\FSGUI\chmres.eng
18:43:35.0132 0468 C:\Program Files\eastlinkinternetsecurityservices\FSGUI\chmres.eng - ok
18:43:35.0132 0468 [ 694F338A48A23E79E45FC5C0A28283C3 ] C:\Program Files\eastlinkinternetsecurityservices\FSGUI\strres.eng
18:43:35.0132 0468 C:\Program Files\eastlinkinternetsecurityservices\FSGUI\strres.eng - ok
18:43:35.0132 0468 [ D6318DF9830658EBF707955F9B444776 ] C:\WINDOWS\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll
18:43:35.0132 0468 C:\WINDOWS\assembly\GAC\ehepg\6.0.3000.0__31bf3856ad364e35\ehepg.dll - ok
18:43:35.0132 0468 [ AA5F3B2663A0427DDA75549AD197F9C1 ] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehepg\6.0.3000.0__31bf3856ad364e35_0cdb2d93\ehepg.dll
18:43:35.0132 0468 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehepg\6.0.3000.0__31bf3856ad364e35_0cdb2d93\ehepg.dll - ok
18:43:35.0148 0468 [ 29A86B84BE97922C2FFDA0265D47ADBD ] C:\Program Files\eastlinkinternetsecurityservices\ExploitShield\esauahandlerconsole.exe
18:43:35.0148 0468 C:\Program Files\eastlinkinternetsecurityservices\ExploitShield\esauahandlerconsole.exe - ok
18:43:35.0148 0468 [ 00C2A09C92E432B3D4440FF3C5B00F7C ] C:\Program Files\eastlinkinternetsecurityservices\FSAUA\program\fsauach.exe
18:43:35.0148 0468 C:\Program Files\eastlinkinternetsecurityservices\FSAUA\program\fsauach.exe - ok
18:43:35.0148 0468 [ E723FA5697AFF0F9ADF1F2FD784B1E11 ] C:\Program Files\eastlinkinternetsecurityservices\FSAUA\program\fsus.exe
18:43:35.0148 0468 C:\Program Files\eastlinkinternetsecurityservices\FSAUA\program\fsus.exe - ok
18:43:35.0164 0468 [ 727E74F0BC5E628516FAFC0D2FDC1C4D ] C:\Program Files\eastlinkinternetsecurityservices\FSAUA\program\ih8.exe
18:43:35.0164 0468 C:\Program Files\eastlinkinternetsecurityservices\FSAUA\program\ih8.exe - ok
18:43:35.0164 0468 [ 9750C655431EAFA8B936A691322E7E09 ] C:\Program Files\eastlinkinternetsecurityservices\NRS\litmus-update-handler.exe
18:43:35.0164 0468 C:\Program Files\eastlinkinternetsecurityservices\NRS\litmus-update-handler.exe - ok
18:43:35.0164 0468 [ D641F8456B2BE9B7F07BECCA3B4B3C2C ] C:\Program Files\eastlinkinternetsecurityservices\ORSP Client\orspupd.exe
18:43:35.0164 0468 C:\Program Files\eastlinkinternetsecurityservices\ORSP Client\orspupd.exe - ok
18:43:35.0164 0468 [ 8BA39E5F79366F45AF9759C1DAE346AE ] C:\WINDOWS\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\ehRecObj.dll
18:43:35.0164 0468 C:\WINDOWS\assembly\GAC\ehRecObj\6.0.3000.0__31bf3856ad364e35\ehRecObj.dll - ok
18:43:35.0179 0468 [ CF9EEA7F51101A281B99FCA7AFFA2524 ] C:\WINDOWS\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\ehCIR.dll
18:43:35.0179 0468 C:\WINDOWS\assembly\GAC\ehCIR\6.0.3000.0__31bf3856ad364e35\ehCIR.dll - ok
18:43:35.0179 0468 [ BC1E1BDC32552A1384C05A1407419870 ] C:\Program Files\eastlinkinternetsecurityservices\FSAUA\program\ih8run.exe
18:43:35.0179 0468 C:\Program Files\eastlinkinternetsecurityservices\FSAUA\program\ih8run.exe - ok
18:43:35.0179 0468 [ 0967D9749326622FA8FDE688CA126736 ] C:\WINDOWS\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\ehepgdat.dll
18:43:35.0179 0468 C:\WINDOWS\assembly\GAC\ehepgdat\6.0.3000.0__31bf3856ad364e35\ehepgdat.dll - ok
18:43:35.0195 0468 [ 6C9157B5BBF4C224957A9DACF1231E5A ] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehepgdat\6.0.3000.0__31bf3856ad364e35_86f3b51a\ehepgdat.dll
18:43:35.0195 0468 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehepgdat\6.0.3000.0__31bf3856ad364e35_86f3b51a\ehepgdat.dll - ok
18:43:35.0195 0468 [ FDC32DC94994D3202B569525B20E2CC2 ] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehCIR\6.0.3000.0__31bf3856ad364e35_439310f6\ehCIR.dll
18:43:35.0195 0468 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehCIR\6.0.3000.0__31bf3856ad364e35_439310f6\ehCIR.dll - ok
18:43:35.0195 0468 [ 9FAA14404689ED13789023D12D345D4A ] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehRecObj\6.0.3000.0__31bf3856ad364e35_c158bfbc\ehRecObj.dll
18:43:35.0195 0468 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehRecObj\6.0.3000.0__31bf3856ad364e35_c158bfbc\ehRecObj.dll - ok
18:43:35.0195 0468 [ B6335A2EFBF0B4B7D4080E8B933A9F9B ] C:\WINDOWS\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\ehiProxy.dll
18:43:35.0210 0468 C:\WINDOWS\assembly\GAC\ehiProxy\6.0.3000.0__31bf3856ad364e35\ehiProxy.dll - ok
18:43:35.0210 0468 [ 1A6CCA1A2FB414CB8A050A3FA7ECF095 ] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiProxy\6.0.3000.0__31bf3856ad364e35_c3d0a0be\ehiProxy.dll
18:43:35.0210 0468 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\ehiProxy\6.0.3000.0__31bf3856ad364e35_c3d0a0be\ehiProxy.dll - ok
18:43:35.0210 0468 [ 235CFDF303511FFBB504A461329FE670 ] C:\WINDOWS\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\EhCM.dll
18:43:35.0210 0468 C:\WINDOWS\assembly\GAC\EhCM\6.0.3000.0__31bf3856ad364e35\EhCM.dll - ok
18:43:35.0210 0468 [ 95CAEC95D6777CE7D6B7091BC4D91CEB ] C:\WINDOWS\system32\nvsvc32.exe
18:43:35.0210 0468 C:\WINDOWS\system32\nvsvc32.exe - ok
18:43:35.0226 0468 [ A38B3CE68E7F126190CDE4AA3FDF050F ] C:\WINDOWS\system32\HPZipm12.exe
18:43:35.0226 0468 C:\WINDOWS\system32\HPZipm12.exe - ok
18:43:35.0226 0468 [ DF5133EA0D6D7C34E44551F87044EE59 ] C:\WINDOWS\system32\nvcpl.dll
18:43:35.0226 0468 C:\WINDOWS\system32\nvcpl.dll - ok
18:43:35.0226 0468 [ 332760FBA1655FCFD35BD6F4FD871300 ] C:\WINDOWS\system32\ipsecsvc.dll
18:43:35.0226 0468 C:\WINDOWS\system32\ipsecsvc.dll - ok
18:43:35.0242 0468 [ C5FF8682EADA5B3B27A865F1C3EF9270 ] C:\WINDOWS\system32\oakley.dll
18:43:35.0242 0468 C:\WINDOWS\system32\oakley.dll - ok
18:43:35.0242 0468 [ 5B19B557B0C188210A56A6B699D90B8F ] C:\WINDOWS\system32\regsvc.dll
18:43:35.0242 0468 C:\WINDOWS\system32\regsvc.dll - ok
18:43:35.0257 0468 [ CBE612E2BB6A10E3563336191EDA1250 ] C:\WINDOWS\system32\seclogon.dll
18:43:35.0257 0468 C:\WINDOWS\system32\seclogon.dll - ok
18:43:35.0257 0468 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] C:\WINDOWS\system32\sens.dll
18:43:35.0257 0468 C:\WINDOWS\system32\sens.dll - ok
18:43:35.0257 0468 [ 3805DF0AC4296A34BA4BF93B346CC378 ] C:\WINDOWS\system32\srsvc.dll
18:43:35.0257 0468 C:\WINDOWS\system32\srsvc.dll - ok
18:43:35.0273 0468 [ 0A5679B3714EDAB99E357057EE88FCA6 ] C:\WINDOWS\system32\ssdpsrv.dll
18:43:35.0273 0468 C:\WINDOWS\system32\ssdpsrv.dll - ok
18:43:35.0273 0468 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] C:\WINDOWS\system32\wiaservc.dll
18:43:35.0273 0468 C:\WINDOWS\system32\wiaservc.dll - ok
18:43:35.0273 0468 [ 248712EA6BA17B9FF0C542A3828375DD ] C:\WINDOWS\system32\winipsec.dll
18:43:35.0273 0468 C:\WINDOWS\system32\winipsec.dll - ok
18:43:35.0273 0468 [ 853D0D0C6F02D7BFDF1CF99DD7553732 ] C:\WINDOWS\system32\pstorsvc.dll
18:43:35.0273 0468 C:\WINDOWS\system32\pstorsvc.dll - ok
18:43:35.0289 0468 [ 55BCA12F7F523D35CA3CB833C725F54E ] C:\WINDOWS\system32\trkwks.dll
18:43:35.0289 0468 C:\WINDOWS\system32\trkwks.dll - ok
18:43:35.0289 0468 [ 22D89D84E8E081CDA529DBF8C0255A38 ] C:\WINDOWS\system32\psbase.dll
18:43:35.0289 0468 C:\WINDOWS\system32\psbase.dll - ok
18:43:35.0289 0468 [ ED4558869C7D2251F86CC24B90F15976 ] C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
18:43:35.0289 0468 C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll - ok
18:43:35.0304 0468 [ 2D0E4ED081963804CCC196A0929275B5 ] C:\WINDOWS\system32\wbem\wmisvc.dll
18:43:35.0304 0468 C:\WINDOWS\system32\wbem\wmisvc.dll - ok
18:43:35.0304 0468 [ FEDE68BF80052BAD393AFD5C2E60DCB0 ] C:\WINDOWS\system32\dssenh.dll
18:43:35.0304 0468 C:\WINDOWS\system32\dssenh.dll - ok
18:43:35.0304 0468 [ 5F0CE62E0831CF972EC6949FD3E37DA7 ] C:\WINDOWS\system32\cfgmgr32.dll
18:43:35.0304 0468 C:\WINDOWS\system32\cfgmgr32.dll - ok
18:43:35.0304 0468 [ ACACB8B14E66109B8ACD6644B5574B9A ] C:\WINDOWS\system32\vssapi.dll
18:43:35.0304 0468 C:\WINDOWS\system32\vssapi.dll - ok
18:43:35.0320 0468 [ DF0A511F38F16016BF658FCA0090CB87 ] C:\WINDOWS\ehome\mcrdsvc.exe
18:43:35.0320 0468 C:\WINDOWS\ehome\mcrdsvc.exe - ok
18:43:35.0320 0468 [ 4AC2FA4A6F0DF2511BAC13393C06EFF1 ] C:\WINDOWS\system32\mscms.dll
18:43:35.0320 0468 C:\WINDOWS\system32\mscms.dll - ok
18:43:35.0320 0468 [ 3D075865DCC26931972F6476AD0497BE ] C:\WINDOWS\system32\ssdpapi.dll
18:43:35.0320 0468 C:\WINDOWS\system32\ssdpapi.dll - ok
18:43:35.0320 0468 [ CFD4E51402DA9838B5A04AE680AF54A0 ] C:\WINDOWS\system32\browser.dll
18:43:35.0320 0468 C:\WINDOWS\system32\browser.dll - ok
18:43:35.0336 0468 [ 7C278E6408D1DCE642230C0585A854D5 ] C:\WINDOWS\system32\wscsvc.dll
18:43:35.0336 0468 C:\WINDOWS\system32\wscsvc.dll - ok
18:43:35.0336 0468 [ D3F72D50DE53F9F1F55240115AF4D42E ] C:\WINDOWS\system32\msi.dll
18:43:35.0336 0468 C:\WINDOWS\system32\msi.dll - ok
18:43:35.0336 0468 [ 662267F0EFF8CD1C51A6EC63AF7C92CA ] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\EhCM\6.0.3000.0__31bf3856ad364e35_41fac7f3\EhCM.dll
18:43:35.0336 0468 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\EhCM\6.0.3000.0__31bf3856ad364e35_41fac7f3\EhCM.dll - ok
18:43:35.0351 0468 [ 17F92A0871781838D51FAB6688DCAB1D ] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_00ab90ce\System.dll
18:43:35.0351 0468 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_00ab90ce\System.dll - ok
18:43:35.0351 0468 [ 062F837C1FBDB6A0A75F82EFC2EE8E74 ] C:\WINDOWS\system32\netshell.dll
18:43:35.0351 0468 C:\WINDOWS\system32\netshell.dll - ok
18:43:35.0351 0468 [ 235892E493845D64D890163CFEF90E97 ] C:\WINDOWS\system32\credui.dll
18:43:35.0351 0468 C:\WINDOWS\system32\credui.dll - ok
18:43:35.0351 0468 [ 46F199C2645ACE8A6C09654F0434CB7A ] C:\WINDOWS\ehome\ehui.dll
18:43:35.0351 0468 C:\WINDOWS\ehome\ehui.dll - ok
18:43:35.0367 0468 [ 4E8F3230BAC8C1CAADF01A8C728E1C5C ] C:\WINDOWS\system32\dot3dlg.dll
18:43:35.0367 0468 C:\WINDOWS\system32\dot3dlg.dll - ok
18:43:35.0367 0468 [ CA04959077AFE36369D37B3504740C87 ] C:\WINDOWS\system32\onex.dll
18:43:35.0367 0468 C:\WINDOWS\system32\onex.dll - ok
18:43:35.0367 0468 [ 5DB625E7D095604010CF84DE2D8ACFA6 ] C:\WINDOWS\system32\eappcfg.dll
18:43:35.0367 0468 C:\WINDOWS\system32\eappcfg.dll - ok
18:43:35.0382 0468 [ ABC4206543450C0666D152F4B65833B8 ] C:\WINDOWS\system32\eappprxy.dll
18:43:35.0382 0468 C:\WINDOWS\system32\eappprxy.dll - ok
18:43:35.0382 0468 [ 205ADD80FF8099B1A8101EB490B933D1 ] C:\WINDOWS\system32\wbem\wbemprox.dll
18:43:35.0382 0468 C:\WINDOWS\system32\wbem\wbemprox.dll - ok
18:43:35.0382 0468 [ 8973122796E3B5D6B5900FC186E55FEA ] C:\WINDOWS\system32\hid.dll
18:43:35.0382 0468 C:\WINDOWS\system32\hid.dll - ok
18:43:35.0382 0468 [ D95C71052E5EF63B55997FB31483D02F ] C:\WINDOWS\system32\wbem\wbemcomn.dll
18:43:35.0382 0468 C:\WINDOWS\system32\wbem\wbemcomn.dll - ok
18:43:35.0398 0468 [ 855F6333E3A4DFC6F3C8B0520C261FCD ] C:\WINDOWS\system32\msftedit.dll
18:43:35.0398 0468 C:\WINDOWS\system32\msftedit.dll - ok
18:43:35.0398 0468 [ F0BF811622F2DD6C8E26EE4600D83731 ] C:\WINDOWS\system32\wbem\wbemcore.dll
18:43:35.0398 0468 C:\WINDOWS\system32\wbem\wbemcore.dll - ok
18:43:35.0398 0468 [ 79E3A8C328E7E569C32B0998377D9742 ] C:\WINDOWS\system32\spoolss.dll
18:43:35.0398 0468 C:\WINDOWS\system32\spoolss.dll - ok
18:43:35.0398 0468 [ 254CCDC043DFADC5D5EF99B533BB1DC2 ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll
18:43:35.0398 0468 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll - ok
18:43:35.0414 0468 [ 7AC813E17BD960987C5DA788AF295361 ] C:\WINDOWS\ehome\ehdebug.dll
18:43:35.0414 0468 C:\WINDOWS\ehome\ehdebug.dll - ok
18:43:35.0414 0468 [ FF3477C03BE7201C294C35F684B3479F ] C:\WINDOWS\system32\termsrv.dll
18:43:35.0414 0468 C:\WINDOWS\system32\termsrv.dll - ok
18:43:35.0414 0468 [ E4616430709F440CF1809D88DC2366EA ] C:\WINDOWS\system32\wbem\esscli.dll
18:43:35.0414 0468 C:\WINDOWS\system32\wbem\esscli.dll - ok
18:43:35.0429 0468 [ AA897735D5AB916297A6823A9B2D61B1 ] C:\WINDOWS\system32\localspl.dll
18:43:35.0429 0468 C:\WINDOWS\system32\localspl.dll - ok
18:43:35.0429 0468 [ C14AA05881A35B6D6BB8D55B117EE22D ] C:\WINDOWS\system32\shfolder.dll
18:43:35.0429 0468 C:\WINDOWS\system32\shfolder.dll - ok
18:43:35.0429 0468 [ A5205B3AF85B1477AB2C2A1E12201598 ] C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll
18:43:35.0429 0468 C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll - ok
18:43:35.0445 0468 [ 378A0AEFB11D8B0DC8C27B9F7604B88D ] C:\WINDOWS\system32\wbem\fastprox.dll
18:43:35.0445 0468 C:\WINDOWS\system32\wbem\fastprox.dll - ok
18:43:35.0445 0468 [ 037B1E7798960E0420003D05BB577EE6 ] C:\WINDOWS\system32\rundll32.exe
18:43:35.0445 0468 C:\WINDOWS\system32\rundll32.exe - ok
18:43:35.0445 0468 [ DF6551E4C4C46655A0C76194F1FCEA5D ] C:\WINDOWS\system32\icaapi.dll
18:43:35.0445 0468 C:\WINDOWS\system32\icaapi.dll - ok
18:43:35.0445 0468 [ 2D65D56C2F8B6CC5EBFF8E7200C30304 ] C:\WINDOWS\system32\mstlsapi.dll
18:43:35.0445 0468 C:\WINDOWS\system32\mstlsapi.dll - ok
18:43:35.0461 0468 [ 66422DC3FAA1DE433371816056D28270 ] C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\minifilter\fsgk.sys
18:43:35.0461 0468 C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\minifilter\fsgk.sys - ok
18:43:35.0461 0468 [ ED0C0DF222209E43AD9AFBF3FE87DDE0 ] C:\WINDOWS\system32\comsvcs.dll
18:43:35.0461 0468 C:\WINDOWS\system32\comsvcs.dll - ok
18:43:35.0461 0468 [ 5D3D1AB0EF4EA55B731863050482C111 ] C:\WINDOWS\system32\cnbjmon.dll
18:43:35.0461 0468 C:\WINDOWS\system32\cnbjmon.dll - ok
18:43:35.0476 0468 [ E965160B09675E027EF8235EF90EB405 ] C:\WINDOWS\system32\HPTcpMon.dll
18:43:35.0476 0468 C:\WINDOWS\system32\HPTcpMon.dll - ok
18:43:35.0476 0468 [ 73B710FA477D8B139523488E8DEB0138 ] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_bdbb3d5d\System.Xml.dll
18:43:35.0476 0468 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_bdbb3d5d\System.Xml.dll - ok
18:43:35.0476 0468 [ B85EC14C7A5F7B2C8D70D4443486DD77 ] C:\WINDOWS\system32\hpzjrd01.dll
18:43:35.0476 0468 C:\WINDOWS\system32\hpzjrd01.dll - ok
18:43:35.0492 0468 [ DF82E222578DBE59FCBBD69A02E4C806 ] C:\WINDOWS\system32\clusapi.dll
18:43:35.0492 0468 C:\WINDOWS\system32\clusapi.dll - ok
18:43:35.0492 0468 [ 219541B30B162B7BD1202A252C56F941 ] C:\WINDOWS\system32\HPTcpMUI.dll
18:43:35.0492 0468 C:\WINDOWS\system32\HPTcpMUI.dll - ok
18:43:35.0492 0468 [ 690D97864735E8ECD87F55777E266690 ] C:\WINDOWS\system32\colbact.dll
18:43:35.0492 0468 C:\WINDOWS\system32\colbact.dll - ok
18:43:35.0507 0468 [ 3550DFA6FFFBD7604DABB28DF4ABF096 ] C:\WINDOWS\ehome\custsat.dll
18:43:35.0507 0468 C:\WINDOWS\ehome\custsat.dll - ok
18:43:35.0507 0468 [ 36795A645EAA47FE31D2A8F136A2C69B ] C:\WINDOWS\system32\mtxclu.dll
18:43:35.0507 0468 C:\WINDOWS\system32\mtxclu.dll - ok
18:43:35.0507 0468 [ 7CD27E80DFD22F02FBDA47B706ABA0F2 ] C:\Program Files\eastlinkinternetsecurityservices\FWES\program\fsdfwd.exe
18:43:35.0507 0468 C:\Program Files\eastlinkinternetsecurityservices\FWES\program\fsdfwd.exe - ok
18:43:35.0507 0468 [ 5B7BD542F6D040351602558ED4CF4488 ] C:\Program Files\eastlinkinternetsecurityservices\HIPS\fships.dll
18:43:35.0507 0468 C:\Program Files\eastlinkinternetsecurityservices\HIPS\fships.dll - ok
18:43:35.0523 0468 [ F51EBB6FC536A6B2D588FD668D3A8249 ] C:\WINDOWS\system32\resutils.dll
18:43:35.0523 0468 C:\WINDOWS\system32\resutils.dll - ok
18:43:35.0523 0468 [ 1C55259F89A68F223939A34753965B0C ] C:\Program Files\eastlinkinternetsecurityservices\ORSP Client\orspapi.dll
18:43:35.0523 0468 C:\Program Files\eastlinkinternetsecurityservices\ORSP Client\orspapi.dll - ok
18:43:35.0523 0468 [ 0F0F5B564C5A3C9B38A6220230252567 ] C:\WINDOWS\ehome\ehProxy.dll
18:43:35.0523 0468 C:\WINDOWS\ehome\ehProxy.dll - ok
18:43:35.0523 0468 [ 010472D0AE758227C6F6E6933549C219 ] C:\WINDOWS\system32\wbem\wbemsvc.dll
18:43:35.0539 0468 C:\WINDOWS\system32\wbem\wbemsvc.dll - ok
18:43:35.0539 0468 [ 42AEF6A385354ACA65FC210CE7CE4D7C ] C:\Program Files\eastlinkinternetsecurityservices\ORSP Client\fsorsp.exe
18:43:35.0539 0468 C:\Program Files\eastlinkinternetsecurityservices\ORSP Client\fsorsp.exe - ok
18:43:35.0539 0468 [ 6FF27FB91694CDE2A4A459FCF57AD824 ] C:\Program Files\eastlinkinternetsecurityservices\FWES\program\fsmirror.dll
18:43:35.0539 0468 C:\Program Files\eastlinkinternetsecurityservices\FWES\program\fsmirror.dll - ok
18:43:35.0539 0468 [ BEF0E24D58AE175BD0BD4F3CB93FAA76 ] C:\Program Files\eastlinkinternetsecurityservices\ORSP Client\orspplug.dll
18:43:35.0539 0468 C:\Program Files\eastlinkinternetsecurityservices\ORSP Client\orspplug.dll - ok
18:43:35.0554 0468 [ 3273D1565BF30225C115B480A3BB2C9D ] C:\WINDOWS\system32\wbem\wmiutils.dll
18:43:35.0554 0468 C:\WINDOWS\system32\wbem\wmiutils.dll - ok
18:43:35.0554 0468 [ D9475978214C01F06A51B52CCCA8FFF2 ] C:\Program Files\eastlinkinternetsecurityservices\ORSP Client\json_c.dll
18:43:35.0554 0468 C:\Program Files\eastlinkinternetsecurityservices\ORSP Client\json_c.dll - ok
18:43:35.0554 0468 [ E5A93F799298147E169D689969D5C73F ] C:\WINDOWS\system32\HPTcpMib.dll
18:43:35.0554 0468 C:\WINDOWS\system32\HPTcpMib.dll - ok
18:43:35.0554 0468 [ 942A17D2901A31EA68627CBFFCD268CC ] C:\WINDOWS\system32\wbem\repdrvfs.dll
18:43:35.0554 0468 C:\WINDOWS\system32\wbem\repdrvfs.dll - ok
18:43:35.0570 0468 [ 6F640DC052CF77161A23E29261593793 ] C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
18:43:35.0570 0468 C:\WINDOWS\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll - ok
18:43:35.0570 0468 [ B2731830513E6FEF4925B5894F2C8CC9 ] C:\Program Files\eastlinkinternetsecurityservices\HIPS\fsumi.dll
18:43:35.0570 0468 C:\Program Files\eastlinkinternetsecurityservices\HIPS\fsumi.dll - ok
18:43:35.0570 0468 [ 034B56709E632B3F4A965F3DD96E48B4 ] C:\Program Files\eastlinkinternetsecurityservices\FWES\program\fsesperf.dll
18:43:35.0570 0468 C:\Program Files\eastlinkinternetsecurityservices\FWES\program\fsesperf.dll - ok
18:43:35.0586 0468 [ 5388CD9895B54C0C3A48EEF2B73B0310 ] C:\Program Files\eastlinkinternetsecurityservices\Common\fsdfwres.eng
18:43:35.0586 0468 C:\Program Files\eastlinkinternetsecurityservices\Common\fsdfwres.eng - ok
18:43:35.0586 0468 [ 071143F687B4F887E21461CA6CC7EB29 ] C:\WINDOWS\system32\wbem\wmiprvsd.dll
18:43:35.0586 0468 C:\WINDOWS\system32\wbem\wmiprvsd.dll - ok
18:43:35.0586 0468 [ 1E744353BD534405187A404667DA3DC3 ] C:\WINDOWS\system32\mgmtapi.dll
18:43:35.0586 0468 C:\WINDOWS\system32\mgmtapi.dll - ok
18:43:35.0601 0468 [ 217A86A3838BDE2B8110E41C630EF219 ] C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\fssm32.exe
18:43:35.0601 0468 C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\fssm32.exe - ok
18:43:35.0601 0468 [ 5C1F0537E61F87B435F56E00B4F20EE8 ] C:\WINDOWS\system32\snmpapi.dll
18:43:35.0601 0468 C:\WINDOWS\system32\snmpapi.dll - ok
18:43:35.0601 0468 [ DB74CD82309A16ABBF12B44BEE9AAC45 ] C:\WINDOWS\Installer\{8be05a38-f079-0aab-f4c6-b71042d61947}\n
18:43:35.0601 0468 C:\WINDOWS\Installer\{8be05a38-f079-0aab-f4c6-b71042d61947}\n - ok
18:43:35.0601 0468 [ 277F3E3333F1D10CA428568197FCCE70 ] C:\WINDOWS\system32\wsnmp32.dll
18:43:35.0601 0468 C:\WINDOWS\system32\wsnmp32.dll - ok
18:43:35.0617 0468 [ 30D9CFDDDE206082A5A3CF71AAB6C9C3 ] C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
18:43:35.0617 0468 C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll - ok
18:43:35.0617 0468 [ 26D881D27CBE51D3614E68D7313EA026 ] C:\WINDOWS\system32\wbem\wbemess.dll
18:43:35.0617 0468 C:\WINDOWS\system32\wbem\wbemess.dll - ok
18:43:35.0617 0468 [ A9200C6035A01D7C65CB20E737095070 ] C:\WINDOWS\Installer\{8be05a38-f079-0aab-f4c6-b71042d61947}\U\80000000.@
18:43:35.0617 0468 C:\WINDOWS\Installer\{8be05a38-f079-0aab-f4c6-b71042d61947}\U\80000000.@ - ok
18:43:35.0633 0468 [ CA75C883EA05A05B592EE3C562CFAE10 ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
18:43:35.0633 0468 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll - ok
18:43:35.0633 0468 [ 4BCD0728B4E9A33BAB845C99A101A80C ] C:\WINDOWS\Installer\{8be05a38-f079-0aab-f4c6-b71042d61947}\U\00000001.@
18:43:35.0633 0468 C:\WINDOWS\Installer\{8be05a38-f079-0aab-f4c6-b71042d61947}\U\00000001.@ - ok
18:43:35.0633 0468 [ 324947565B7789E273B676B2D55CA533 ] C:\WINDOWS\Installer\{8be05a38-f079-0aab-f4c6-b71042d61947}\U\800000cb.@
18:43:35.0633 0468 C:\WINDOWS\Installer\{8be05a38-f079-0aab-f4c6-b71042d61947}\U\800000cb.@ - ok
18:43:35.0633 0468 [ 8543A1DC58D50034FB7A564C497F5F73 ] C:\Program Files\eastlinkinternetsecurityservices\DAAS2\daas2.dll
18:43:35.0633 0468 C:\Program Files\eastlinkinternetsecurityservices\DAAS2\daas2.dll - ok
18:43:35.0648 0468 [ EA08C74D9BE05E53D3C92456413AA656 ] C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
18:43:35.0648 0468 C:\WINDOWS\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll - ok
18:43:35.0648 0468 [ 8C54260D3263ED4E9BEA132FEB3BFCB1 ] C:\WINDOWS\system32\wuapi.dll
18:43:35.0648 0468 C:\WINDOWS\system32\wuapi.dll - ok
18:43:35.0648 0468 [ ED39EE168420E54F2750B6A3A7F5B1A2 ] C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\fshive2.dll
18:43:35.0648 0468 C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\fshive2.dll - ok
18:43:35.0648 0468 [ 7CC5951B917EAC1C2E42600A1B669373 ] C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\minifilter\hashlib_x86.dll
18:43:35.0648 0468 C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\minifilter\hashlib_x86.dll - ok
18:43:35.0664 0468 [ 18032F63B3AB79D861D690527B61F22A ] C:\Program Files\eastlinkinternetsecurityservices\HIPS\fshook32.dll
18:43:35.0664 0468 C:\Program Files\eastlinkinternetsecurityservices\HIPS\fshook32.dll - ok
18:43:35.0664 0468 [ 0A9BA6AF531AFE7FA5E4FB973852D863 ] C:\WINDOWS\system32\dllhost.exe
18:43:35.0664 0468 C:\WINDOWS\system32\dllhost.exe - ok
18:43:35.0664 0468 [ 796B88BAD57848AB2EED0FD516071608 ] C:\WINDOWS\system32\hpz3l054.dll
18:43:35.0664 0468 C:\WINDOWS\system32\hpz3l054.dll - ok
18:43:35.0679 0468 [ 17E0CF9C8CBB717D05948656BCD86EFA ] C:\WINDOWS\system32\txflog.dll
18:43:35.0679 0468 C:\WINDOWS\system32\txflog.dll - ok
18:43:35.0679 0468 [ 322FD75A97DBA67FC8F97A9957F857F1 ] C:\WINDOWS\system32\mdimon.dll
18:43:35.0679 0468 C:\WINDOWS\system32\mdimon.dll - ok
18:43:35.0679 0468 [ CC6292CA575E851E5B74BF8883AB967A ] C:\WINDOWS\system32\fxsmon.dll
18:43:35.0679 0468 C:\WINDOWS\system32\fxsmon.dll - ok
18:43:35.0695 0468 [ BDB83C844EDEC9BD01A94750D2C38DDF ] C:\WINDOWS\system32\fxsevent.dll
18:43:35.0695 0468 C:\WINDOWS\system32\fxsevent.dll - ok
18:43:35.0695 0468 [ D26451B540720A7313A9BCBE794DAF62 ] C:\WINDOWS\system32\wbem\ncprov.dll
18:43:35.0695 0468 C:\WINDOWS\system32\wbem\ncprov.dll - ok
18:43:35.0695 0468 [ 7ECD1477CDF42E181CA0239C10704DDA ] C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\aquarius\fpiaqu.dll
18:43:35.0695 0468 C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\aquarius\fpiaqu.dll - ok
18:43:35.0695 0468 [ 222DE7F5EDB9DDBE628384A1A8BE59CE ] C:\WINDOWS\system32\pjlmon.dll
18:43:35.0695 0468 C:\WINDOWS\system32\pjlmon.dll - ok
18:43:35.0711 0468 [ 1755023407FDE00D9916505A557569D5 ] C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\aquarius\core\bdcore.dll
18:43:35.0711 0468 C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\aquarius\core\bdcore.dll - ok
18:43:35.0711 0468 [ 9627EE26C7F3FD023D87DB50C62F5111 ] C:\WINDOWS\ehome\sqldb20.dll
18:43:35.0711 0468 C:\WINDOWS\ehome\sqldb20.dll - ok
18:43:35.0711 0468 [ 6404807ABC7AF52FA3792697AE638B50 ] C:\WINDOWS\system32\wbem\wbemcons.dll
18:43:35.0711 0468 C:\WINDOWS\system32\wbem\wbemcons.dll - ok
18:43:35.0726 0468 [ AE0382AD9C73D343D85E1A50C80B7C20 ] C:\WINDOWS\system32\tcpmon.dll
18:43:35.0726 0468 C:\WINDOWS\system32\tcpmon.dll - ok
18:43:35.0726 0468 [ 160762386084A0BB69F91BB694114D14 ] C:\WINDOWS\ehome\sqlse20.dll
18:43:35.0726 0468 C:\WINDOWS\ehome\sqlse20.dll - ok
18:43:35.0726 0468 [ A3AE51C21160328EA11F734392A0F269 ] C:\WINDOWS\ehome\sqlqp20.dll
18:43:35.0726 0468 C:\WINDOWS\ehome\sqlqp20.dll - ok
18:43:35.0726 0468 [ F26385E8BA4549B5186B774EC0E45D86 ] C:\WINDOWS\system32\usbmon.dll
18:43:35.0726 0468 C:\WINDOWS\system32\usbmon.dll - ok
18:43:35.0742 0468 [ 307499E92BFE4AE04B4D716BACE8BA7A ] C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp054.dll
18:43:35.0742 0468 C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp054.dll - ok
18:43:35.0742 0468 [ EA8647A21BCB56C5F15712D4B7407501 ] C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
18:43:35.0742 0468 C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll - ok
18:43:35.0742 0468 [ EEE7F12D9FF46F68FBC0DA059A359E9E ] C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
18:43:35.0742 0468 C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll - ok
18:43:35.0742 0468 [ 22DD6D7D4BFE2B8CE705CC950C8AEA4C ] C:\WINDOWS\system32\win32spl.dll
18:43:35.0742 0468 C:\WINDOWS\system32\win32spl.dll - ok
18:43:35.0758 0468 [ 4F573EE9531D8357A82D829155E26A1B ] C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\fsbl.dll
18:43:35.0758 0468 C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\fsbl.dll - ok
18:43:35.0758 0468 [ E053AD1EA4F713DED08164069BF2A105 ] C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\fsbld.dll
18:43:35.0758 0468 C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\fsbld.dll - ok
18:43:35.0758 0468 [ B41D53899E37CC43DA85DA19998BEE81 ] C:\WINDOWS\system32\netrap.dll
18:43:35.0758 0468 C:\WINDOWS\system32\netrap.dll - ok
18:43:35.0773 0468 [ EE4C651A217B01D636B5364AC77DA892 ] C:\WINDOWS\system32\inetpp.dll
18:43:35.0773 0468 C:\WINDOWS\system32\inetpp.dll - ok
18:43:35.0773 0468 [ 2C65318245C73ADBCED684518519DF43 ] C:\Program Files\eastlinkinternetsecurityservices\Gemini\fsgem.dll
18:43:35.0773 0468 C:\Program Files\eastlinkinternetsecurityservices\Gemini\fsgem.dll - ok
18:43:35.0773 0468 [ 224CB8CBC5D76C01E6125FC258DE9632 ] C:\Program Files\eastlinkinternetsecurityservices\Gemini\fsgeme.dll
18:43:35.0773 0468 C:\Program Files\eastlinkinternetsecurityservices\Gemini\fsgeme.dll - ok
18:43:35.0773 0468 [ 3CA4CF5F2DB25532948EE0801A513ED7 ] C:\PROGRA~1\EASTLI~1\ANTI-V~1\fsepx32.dll
18:43:35.0773 0468 C:\PROGRA~1\EASTLI~1\ANTI-V~1\fsepx32.dll - ok
18:43:35.0789 0468 [ C72E7DE2A4A234C1CADC46436A4E2ED2 ] C:\Program Files\eastlinkinternetsecurityservices\DAAS\daas.dll
18:43:35.0789 0468 C:\Program Files\eastlinkinternetsecurityservices\DAAS\daas.dll - ok
18:43:35.0789 0468 [ 92CB6CD8F28A0C6D1BCA7822CE647C87 ] C:\PROGRA~1\EASTLI~1\ANTI-V~1\fsecr32.dll
18:43:35.0789 0468 C:\PROGRA~1\EASTLI~1\ANTI-V~1\fsecr32.dll - ok
18:43:35.0789 0468 [ EEEB5D74E86C22BD4E828B5D51C1D1A3 ] C:\Program Files\eastlinkinternetsecurityservices\Spam Control\fsas.dll
18:43:35.0789 0468 C:\Program Files\eastlinkinternetsecurityservices\Spam Control\fsas.dll - ok
18:43:35.0789 0468 [ 452356F29D2EF1BEADF26F4F0EFF6070 ] C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\fsuss.dll
18:43:35.0789 0468 C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\fsuss.dll - ok
18:43:35.0804 0468 [ 85F34C0982338D3C5A41AC6E66E7DE7F ] C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\fsav32.exe
18:43:35.0804 0468 C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\fsav32.exe - ok
18:43:35.0804 0468 [ 1D5FD521AC43BA93D9AB26EBA5318115 ] C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\fsched.dll
18:43:35.0804 0468 C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\fsched.dll - ok
18:43:35.0804 0468 [ 5D1D2C1B7D4353B6ABEEBF0199CDB73C ] C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\fsusscr.dll
18:43:35.0804 0468 C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\fsusscr.dll - ok
18:43:35.0820 0468 [ 086B0530309B6251096027978882BDA2 ] C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\qrt.dll
18:43:35.0820 0468 C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\qrt.dll - ok
18:43:35.0820 0468 [ 3BE18EEB1A93CC5F70F5A9C977B71A75 ] C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\612FA9C7-D704-4028-A69E-5F39A61835DC.exe
18:43:35.0820 0468 C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\612FA9C7-D704-4028-A69E-5F39A61835DC.exe - ok
18:43:35.0820 0468 [ F1BFDC5801CE19AD7327C428BFFEBCC1 ] C:\Program Files\eastlinkinternetsecurityservices\Common\fswscs.dll
18:43:35.0820 0468 C:\Program Files\eastlinkinternetsecurityservices\Common\fswscs.dll - ok
18:43:35.0820 0468 [ F09EC6742763634A7501C1C430E2AEEA ] C:\Program Files\eastlinkinternetsecurityservices\FWES\program\fsfwperf.dll
18:43:35.0820 0468 C:\Program Files\eastlinkinternetsecurityservices\FWES\program\fsfwperf.dll - ok
18:43:35.0836 0468 [ BBADC7B85A41961C7ACAA3E9E2BF5E4B ] C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\fsavhres.eng
18:43:35.0836 0468 C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\fsavhres.eng - ok
18:43:35.0836 0468 [ 2DC5A8019E2387987905F77C664E4BE2 ] C:\WINDOWS\system32\linkinfo.dll
18:43:35.0836 0468 C:\WINDOWS\system32\linkinfo.dll - ok
18:43:35.0836 0468 [ A70A2D85AD143D6BB823C246CEB699A5 ] C:\WINDOWS\system32\ntshrui.dll
18:43:35.0836 0468 C:\WINDOWS\system32\ntshrui.dll - ok
18:43:35.0851 0468 [ 4044E880593FE1AC9942190FCE414BE7 ] C:\WINDOWS\system32\mstask.dll
18:43:35.0851 0468 C:\WINDOWS\system32\mstask.dll - ok
18:43:35.0851 0468 [ 91790D6749EBED90E2C40479C0A91879 ] C:\WINDOWS\system32\verclsid.exe
18:43:35.0851 0468 C:\WINDOWS\system32\verclsid.exe - ok
18:43:35.0851 0468 [ B714735C12A70171DE28657948FD91F1 ] C:\WINDOWS\system32\mlang.dll
18:43:35.0851 0468 C:\WINDOWS\system32\mlang.dll - ok
18:43:35.0851 0468 [ 2A8681AEA24003040CA7D677BE9F1702 ] C:\WINDOWS\system32\drivers\65300389.sys
18:43:35.0851 0468 C:\WINDOWS\system32\drivers\65300389.sys - ok
18:43:35.0867 0468 [ CC8915DB4E33E8FB29CA0D2DBF75306E ] C:\WINDOWS\system32\webcheck.dll
18:43:35.0867 0468 C:\WINDOWS\system32\webcheck.dll - ok
18:43:35.0867 0468 [ 231A0B0E3BA7ABFE469A8262FAA1FD71 ] C:\WINDOWS\system32\batmeter.dll
18:43:35.0867 0468 C:\WINDOWS\system32\batmeter.dll - ok
18:43:35.0867 0468 [ 50512FC9B7878E3C2C147BC17326A7DB ] C:\WINDOWS\system32\stobject.dll
18:43:35.0867 0468 C:\WINDOWS\system32\stobject.dll - ok
18:43:35.0883 0468 [ D7D69F304A604387B86BE991CBF07663 ] C:\WINDOWS\system32\WPDShServiceObj.dll
18:43:35.0883 0468 C:\WINDOWS\system32\WPDShServiceObj.dll - ok
18:43:35.0883 0468 [ 538A270F35A713C360B7ED4168BB7521 ] C:\WINDOWS\system32\mydocs.dll
18:43:35.0883 0468 C:\WINDOWS\system32\mydocs.dll - ok
18:43:35.0883 0468 [ C885B02847F5D2FD45A24E219ED93B32 ] C:\WINDOWS\system32\drivers\cdfs.sys
18:43:35.0883 0468 C:\WINDOWS\system32\drivers\cdfs.sys - ok
18:43:35.0883 0468 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] C:\WINDOWS\system32\imapi.exe
18:43:35.0883 0468 C:\WINDOWS\system32\imapi.exe - ok
18:43:35.0898 0468 [ A687C458B80C7D55CBE39649D952ED2A ] C:\WINDOWS\system32\PortableDeviceTypes.dll
18:43:35.0898 0468 C:\WINDOWS\system32\PortableDeviceTypes.dll - ok
18:43:35.0898 0468 [ E132AD94798E72ACB650E985984C7F58 ] C:\WINDOWS\system32\PortableDeviceApi.dll
18:43:35.0898 0468 C:\WINDOWS\system32\PortableDeviceApi.dll - ok
18:43:35.0898 0468 [ 7E48B4958C131E9643DDCD2E7CA3FE9F ] C:\WINDOWS\ehome\ehtray.exe
18:43:35.0898 0468 C:\WINDOWS\ehome\ehtray.exe - ok
18:43:35.0898 0468 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] C:\WINDOWS\system32\netman.dll
18:43:35.0898 0468 C:\WINDOWS\system32\netman.dll - ok
18:43:35.0914 0468 [ 767FF54A552732CE772C2302025FA82F ] C:\WINDOWS\system32\wzcsapi.dll
18:43:35.0914 0468 C:\WINDOWS\system32\wzcsapi.dll - ok
18:43:35.0914 0468 [ 93C088C2AEB2F23E720BDA7E32BD5117 ] C:\WINDOWS\system32\upnp.dll
18:43:35.0914 0468 C:\WINDOWS\system32\upnp.dll - ok
18:43:35.0914 0468 [ 10DD3509F84E9E5BDC2086288D009335 ] C:\WINDOWS\RTHDCPL.EXE
18:43:35.0914 0468 C:\WINDOWS\RTHDCPL.EXE - ok
18:43:35.0914 0468 [ 37A62C6092AADD2EFDE0468DD8818E99 ] C:\WINDOWS\system32\netcfgx.dll
18:43:35.0914 0468 C:\WINDOWS\system32\netcfgx.dll - ok
18:43:35.0929 0468 [ 03A905FBA1D62317087DB5C21C0F8F62 ] C:\WINDOWS\ehome\ehmsas.exe
18:43:35.0929 0468 C:\WINDOWS\ehome\ehmsas.exe - ok
18:43:35.0929 0468 [ B596347A26DC054EBB44EB3BC8E95B0A ] C:\WINDOWS\arpwrmsg.exe
18:43:35.0929 0468 C:\WINDOWS\arpwrmsg.exe - ok
18:43:35.0929 0468 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] C:\WINDOWS\system32\rasmans.dll
18:43:35.0929 0468 C:\WINDOWS\system32\rasmans.dll - ok
18:43:35.0945 0468 [ 3CB78C17BB664637787C9A1C98F79C38 ] C:\WINDOWS\system32\tapisrv.dll
18:43:35.0945 0468 C:\WINDOWS\system32\tapisrv.dll - ok
18:43:35.0945 0468 [ 21850AF423E983904CD63D43A560387D ] C:\WINDOWS\armcex.dll
18:43:35.0945 0468 C:\WINDOWS\armcex.dll - ok
18:43:35.0945 0468 [ 5F7692CEC90E2E9AA32CD58321E234B8 ] C:\WINDOWS\system32\rastapi.dll
18:43:35.0945 0468 C:\WINDOWS\system32\rastapi.dll - ok
18:43:35.0945 0468 [ 8D1805727E8642FF88DE9DAEB088ADEF ] C:\WINDOWS\system32\fpalsu.dll
18:43:35.0945 0468 C:\WINDOWS\system32\fpalsu.dll - ok
18:43:35.0961 0468 [ AACE07FE34FADDDF973CE068A6424957 ] C:\WINDOWS\system32\unimdm.tsp
18:43:35.0961 0468 C:\WINDOWS\system32\unimdm.tsp - ok
18:43:35.0976 0468 [ 995252FCC4692B5B97EE17D596C9386E ] C:\WINDOWS\system32\uniplat.dll
18:43:35.0976 0468 C:\WINDOWS\system32\uniplat.dll - ok
18:43:35.0976 0468 [ 22D71D1DB6FC789A1CE8AC6963580259 ] C:\WINDOWS\system32\hhctrl.ocx
18:43:35.0976 0468 C:\WINDOWS\system32\hhctrl.ocx - ok
18:43:35.0976 0468 [ 4D83ED8BDDEC431FC8AD907B47CFB6E3 ] C:\WINDOWS\system32\dsound.dll
18:43:35.0976 0468 C:\WINDOWS\system32\dsound.dll - ok
18:43:35.0976 0468 [ 19AE6CBA05B9005698A6DEDCC88F202E ] C:\WINDOWS\system32\unimdmat.dll
18:43:35.0976 0468 C:\WINDOWS\system32\unimdmat.dll - ok
18:43:35.0992 0468 [ FE4A73CDBC882A19D070F1C01586E81A ] C:\WINDOWS\system32\modemui.dll
18:43:35.0992 0468 C:\WINDOWS\system32\modemui.dll - ok
18:43:35.0992 0468 [ 76EC97C5068D3D9FAA7774B0F659D31A ] C:\WINDOWS\system32\kmddsp.tsp
18:43:35.0992 0468 C:\WINDOWS\system32\kmddsp.tsp - ok
18:43:35.0992 0468 [ 8B8A45DF7CEF36D93C7BD3E4C84003B8 ] C:\WINDOWS\system32\ipconf.tsp
18:43:35.0992 0468 C:\WINDOWS\system32\ipconf.tsp - ok
18:43:36.0008 0468 [ 4589963D84F2984FA5949A72162BA4F4 ] C:\WINDOWS\system32\ndptsp.tsp
18:43:36.0008 0468 C:\WINDOWS\system32\ndptsp.tsp - ok
18:43:36.0008 0468 [ 8BC2B02DC11C98D14CEE43B8E8393FF3 ] C:\WINDOWS\system32\h323.tsp
18:43:36.0008 0468 C:\WINDOWS\system32\h323.tsp - ok
18:43:36.0008 0468 [ AE0A7905C97BA30211C700C3E12DFD83 ] C:\WINDOWS\system32\nwiz.exe
18:43:36.0008 0468 C:\WINDOWS\system32\nwiz.exe - ok
18:43:36.0023 0468 [ 6B552ED3BEE5AA3C4560478FF779BA98 ] C:\WINDOWS\system32\hidphone.tsp
18:43:36.0023 0468 C:\WINDOWS\system32\hidphone.tsp - ok
18:43:36.0023 0468 [ D0545A010ED2259A740C8414899A938F ] C:\WINDOWS\system32\rasppp.dll
18:43:36.0023 0468 C:\WINDOWS\system32\rasppp.dll - ok
18:43:36.0023 0468 [ B464BD425D5D09ABE4192234D1577B22 ] C:\WINDOWS\system32\ntlsapi.dll
18:43:36.0023 0468 C:\WINDOWS\system32\ntlsapi.dll - ok
18:43:36.0023 0468 [ 4F113169A2DE985D043A5530987AD6D0 ] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
18:43:36.0023 0468 C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe - ok
18:43:36.0039 0468 [ A655C88AA555BB8EF8957BD29408827F ] C:\WINDOWS\system32\rasqec.dll
18:43:36.0039 0468 C:\WINDOWS\system32\rasqec.dll - ok
18:43:36.0039 0468 [ 8FED1E0A491D4990853D23F21C59C730 ] C:\WINDOWS\system32\advpack.dll
18:43:36.0039 0468 C:\WINDOWS\system32\advpack.dll - ok
18:43:36.0039 0468 [ 6ECB0526E0BF909BFA7B606323352652 ] C:\WINDOWS\system32\nview.dll
18:43:36.0039 0468 C:\WINDOWS\system32\nview.dll - ok
18:43:36.0055 0468 [ 54DF9B5FA02358B249CADEF9A0F262F6 ] C:\WINDOWS\system32\nvwddi.dll
18:43:36.0055 0468 C:\WINDOWS\system32\nvwddi.dll - ok
18:43:36.0055 0468 [ 401A8C0BE0BAA7D7A470F0942244152D ] C:\WINDOWS\system32\rasdlg.dll
18:43:36.0055 0468 C:\WINDOWS\system32\rasdlg.dll - ok
18:43:36.0055 0468 [ 5F4F51DCDDEED4CD994937572B9D9253 ] C:\Program Files\DISC\DISCover.exe
18:43:36.0055 0468 C:\Program Files\DISC\DISCover.exe - ok
18:43:36.0055 0468 [ 37BDDF9E2D1E368081DDE37C927C3ED2 ] C:\Program Files\DISC\DISCUpdMgr.exe
18:43:36.0070 0468 C:\Program Files\DISC\DISCUpdMgr.exe - ok
18:43:36.0070 0468 [ 9B9F1C38D559047B8AC0DBA2D5FEBDE9 ] C:\WINDOWS\system32\ksuser.dll
18:43:36.0070 0468 C:\WINDOWS\system32\ksuser.dll - ok
18:43:36.0070 0468 [ F3EAEA279F09A7779C18793C87640794 ] C:\WINDOWS\SMINST\Recguard.exe
18:43:36.0070 0468 C:\WINDOWS\SMINST\Recguard.exe - ok
18:43:36.0070 0468 [ A789B145F17FA5C2326907F4872FE173 ] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
18:43:36.0070 0468 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe - ok
18:43:36.0086 0468 [ FBAF93425D4B5A6C48ABB5B7F81088CD ] C:\Program Files\eastlinkinternetsecurityservices\Common\FSM32.EXE
18:43:36.0086 0468 C:\Program Files\eastlinkinternetsecurityservices\Common\FSM32.EXE - ok
18:43:36.0086 0468 [ 0B467F470CC9918FDCEEDCFD7DC4D697 ] C:\WINDOWS\system32\oledlg.dll
18:43:36.0086 0468 C:\WINDOWS\system32\oledlg.dll - ok
18:43:36.0086 0468 [ 5652F6CE1D9E9D8068B9D29BC21B5409 ] C:\WINDOWS\system32\olepro32.dll
18:43:36.0086 0468 C:\WINDOWS\system32\olepro32.dll - ok
18:43:36.0086 0468 [ B60FA35F0C8FA9ACB99AF751BF68CC2D ] C:\Program Files\eastlinkinternetsecurityservices\FSGUI\about.dll
18:43:36.0086 0468 C:\Program Files\eastlinkinternetsecurityservices\FSGUI\about.dll - ok
18:43:36.0101 0468 [ 0C551D09388819755066B00A58EBE506 ] C:\Program Files\eastlinkinternetsecurityservices\FSGUI\tnbutil.exe
18:43:36.0101 0468 C:\Program Files\eastlinkinternetsecurityservices\FSGUI\tnbutil.exe - ok
18:43:36.0101 0468 [ CD8FFA11F0D4FBCC4A84B12EDE6C256E ] C:\Program Files\DISC\DiscDLL.DLL
18:43:36.0101 0468 C:\Program Files\DISC\DiscDLL.DLL - ok
18:43:36.0101 0468 [ 87DEBA6F73264D0C7902756D173E1044 ] C:\Program Files\DISC\StdDisc.dll
18:43:36.0101 0468 C:\Program Files\DISC\StdDisc.dll - ok
18:43:36.0101 0468 [ AA0507F0516A4DFF1B1279AB4A2ABB37 ] C:\WINDOWS\system32\dinput8.dll
18:43:36.0101 0468 C:\WINDOWS\system32\dinput8.dll - ok
18:43:36.0117 0468 [ 80776884E7A05D6DA5040926F82B0273 ] C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll
18:43:36.0117 0468 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22791_x-ww_c8dff154\GdiPlus.dll - ok
18:43:36.0117 0468 [ 9B9F8D422F06B241F71CBE77C64BDC97 ] C:\Program Files\Citrix\ICA Client\concentr.exe
18:43:36.0117 0468 C:\Program Files\Citrix\ICA Client\concentr.exe - ok
18:43:36.0117 0468 [ CD2840730377D61CA687D1F44173B4AB ] C:\Program Files\DISC\downloadMgr.dll
18:43:36.0117 0468 C:\Program Files\DISC\downloadMgr.dll - ok
18:43:36.0133 0468 [ E83460DAE1EA520FC33B917BEC6AF08B ] C:\Program Files\DISC\mytdlib.dll
18:43:36.0133 0468 C:\Program Files\DISC\mytdlib.dll - ok
18:43:36.0133 0468 [ 1C4D0F52B4238B9388F2A28DD0903588 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll
18:43:36.0133 0468 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcr80.dll - ok
18:43:36.0133 0468 [ 2DE7626D495F4A51009AED22D79CABDC ] C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
18:43:36.0133 0468 C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe - ok
18:43:36.0133 0468 [ 98A078F838A70F84E1BD490D7C7675F4 ] C:\Program Files\Common Files\Java\Java Update\jusched.exe
18:43:36.0133 0468 C:\Program Files\Common Files\Java\Java Update\jusched.exe - ok
18:43:36.0133 0468 [ 86F1895AE8C5E8B17D99ECE768A70732 ] C:\Program Files\HP DigitalMedia Archive\msvcr71.dll
18:43:36.0133 0468 C:\Program Files\HP DigitalMedia Archive\msvcr71.dll - ok
18:43:36.0148 0468 [ 9DE762386E27E268CBA42830D527BE73 ] C:\Program Files\Citrix\ICA Client\ctxmui.dll
18:43:36.0148 0468 C:\Program Files\Citrix\ICA Client\ctxmui.dll - ok
18:43:36.0148 0468 [ 6CB0F58B3A78AB669099DF4E46CC7072 ] C:\Program Files\Citrix\ICA Client\CCMSDK.dll
18:43:36.0148 0468 C:\Program Files\Citrix\ICA Client\CCMSDK.dll - ok
18:43:36.0148 0468 [ D4931277DF5393E84A48B27DF40914E3 ] C:\WINDOWS\system32\riched32.dll
18:43:36.0148 0468 C:\WINDOWS\system32\riched32.dll - ok
18:43:36.0164 0468 [ E1F3AB2CC3521E68F242FB4D60C52AE3 ] C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll
18:43:36.0164 0468 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\msvcp80.dll - ok
18:43:36.0164 0468 [ 51E75C07DFB49F18BB115A17672AAC3B ] C:\Program Files\eastlinkinternetsecurityservices\FSGUI\aboutres.dll
18:43:36.0164 0468 C:\Program Files\eastlinkinternetsecurityservices\FSGUI\aboutres.dll - ok
18:43:36.0164 0468 [ 5F1D5F88303D4A4DBC8E5F97BA967CC3 ] C:\WINDOWS\system32\ctfmon.exe
18:43:36.0164 0468 C:\WINDOWS\system32\ctfmon.exe - ok
18:43:36.0164 0468 [ 2E61C409474416CC78D66300F1BCB722 ] C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
18:43:36.0164 0468 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll - ok
18:43:36.0180 0468 [ 798A9E6828997EEF4517ADA8A2259831 ] C:\WINDOWS\system32\wbem\wmiprvse.exe
18:43:36.0180 0468 C:\WINDOWS\system32\wbem\wmiprvse.exe - ok
18:43:36.0180 0468 [ A846C3BAF57AE286860D307EB7F7D242 ] C:\Program Files\eastlinkinternetsecurityservices\Common\FSMRES.eng
18:43:36.0180 0468 C:\Program Files\eastlinkinternetsecurityservices\Common\FSMRES.eng - ok
18:43:36.0180 0468 [ E40FCF943127DDC8FD60554B722D762B ] C:\WINDOWS\system32\msctf.dll
18:43:36.0180 0468 C:\WINDOWS\system32\msctf.dll - ok
18:43:36.0180 0468 [ 88BEEF09C654252F3E46B6167B7F4ECB ] C:\WINDOWS\system32\msisip.dll
18:43:36.0180 0468 C:\WINDOWS\system32\msisip.dll - ok
18:43:36.0195 0468 [ 3A6D465F379E5C815F4AD565391E654C ] C:\WINDOWS\system32\wshext.dll
18:43:36.0195 0468 C:\WINDOWS\system32\wshext.dll - ok
18:43:36.0195 0468 [ 6A3C3FF4437675DA77EAAB64FC235F58 ] C:\PROGRA~1\COMMON~1\System\MSMAPI\1033\MSMAPI32.DLL
18:43:36.0195 0468 C:\PROGRA~1\COMMON~1\System\MSMAPI\1033\MSMAPI32.DLL - ok
18:43:36.0195 0468 [ 0FF23645F813E3C7717BC2A627003947 ] C:\Program Files\eastlinkinternetsecurityservices\FSGUI\fsmuiav.dll
18:43:36.0195 0468 C:\Program Files\eastlinkinternetsecurityservices\FSGUI\fsmuiav.dll - ok
18:43:36.0211 0468 [ ABBECE951B2AA6ED4E242E1CDF1BD0FE ] C:\Program Files\Citrix\ICA Client\resource\en\ctxmuiUI.dll
18:43:36.0211 0468 C:\Program Files\Citrix\ICA Client\resource\en\ctxmuiUI.dll - ok
18:43:36.0211 0468 [ 218FA5991E1B47C8315CEB6A29CFE081 ] C:\Program Files\Citrix\ICA Client\resource\en\concenUI.dll
18:43:36.0211 0468 C:\Program Files\Citrix\ICA Client\resource\en\concenUI.dll - ok
18:43:36.0211 0468 [ 17AA58A54C00F1746B8654C050491F43 ] C:\WINDOWS\system32\msutb.dll
18:43:36.0211 0468 C:\WINDOWS\system32\msutb.dll - ok
18:43:36.0211 0468 [ 0F1B84F6765F126CA0D4A9AF74E792C7 ] C:\Program Files\Common Files\Sonic Shared\Sonic Central\Engine\PxWrap.dll
18:43:36.0211 0468 C:\Program Files\Common Files\Sonic Shared\Sonic Central\Engine\PxWrap.dll - ok
18:43:36.0226 0468 [ E837FDBB92E9873E538395B623F45462 ] C:\WINDOWS\system32\wbem\cimwin32.dll
18:43:36.0226 0468 C:\WINDOWS\system32\wbem\cimwin32.dll - ok
18:43:36.0226 0468 [ F6FAEC07446A78A9C5AF4558FF5BD118 ] C:\WINDOWS\ime\sptip.dll
18:43:36.0226 0468 C:\WINDOWS\ime\sptip.dll - ok
18:43:36.0226 0468 [ C4E457DB4542C0707293EF03B2A6A9BA ] C:\Program Files\Citrix\ICA Client\wfcrun32.exe
18:43:36.0226 0468 C:\Program Files\Citrix\ICA Client\wfcrun32.exe - ok
18:43:36.0226 0468 [ F3AD8EA144F411A6292775FA2B230DE5 ] C:\WINDOWS\system32\windowspowershell\v1.0\pwrshsip.dll
18:43:36.0226 0468 C:\WINDOWS\system32\windowspowershell\v1.0\pwrshsip.dll - ok
18:43:36.0242 0468 [ 40FA2F035ED88108850757CA51DAD942 ] C:\PROGRA~1\MICROS~4\OFFICE11\MCPS.DLL
18:43:36.0242 0468 C:\PROGRA~1\MICROS~4\OFFICE11\MCPS.DLL - ok
18:43:36.0242 0468 [ 559D9CBFC29DEE2773B28D38851683BA ] C:\Program Files\Microsoft Silverlight\xapauthenticodesip.dll
18:43:36.0242 0468 C:\Program Files\Microsoft Silverlight\xapauthenticodesip.dll - ok
18:43:36.0242 0468 [ 77E9CE0672E3D3D0399D9DE2C657DA2D ] C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSO.DLL
18:43:36.0242 0468 C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSO.DLL - ok
18:43:36.0242 0468 [ 90A9B542C9300E540864D9FE1C42A130 ] C:\WINDOWS\system32\fxsst.dll
18:43:36.0242 0468 C:\WINDOWS\system32\fxsst.dll - ok
18:43:36.0258 0468 [ 1B7524806D0270B81360C63A2FA047CB ] C:\Program Files\Citrix\ICA Client\mfc80.dll
18:43:36.0258 0468 C:\Program Files\Citrix\ICA Client\mfc80.dll - ok
18:43:36.0258 0468 [ 561FA2ABB31DFA8FAB762145F81667C2 ] C:\Program Files\Common Files\Sonic Shared\Sonic Central\Engine\msvcp71.DLL
18:43:36.0258 0468 C:\Program Files\Common Files\Sonic Shared\Sonic Central\Engine\msvcp71.DLL - ok
18:43:36.0258 0468 [ 13CFCB4E2A212C208840D7E679A5EE60 ] C:\WINDOWS\system32\Px.dll
18:43:36.0258 0468 C:\WINDOWS\system32\Px.dll - ok
18:43:36.0258 0468 [ 4306FA2F1099D7C606139255FDB62B19 ] C:\WINDOWS\system32\wbem\framedyn.dll
18:43:36.0258 0468 C:\WINDOWS\system32\wbem\framedyn.dll - ok
18:43:36.0273 0468 [ 2B504759B728649F3F483AE09F662F63 ] C:\Program Files\eastlinkinternetsecurityservices\FSGUI\gres.dll
18:43:36.0273 0468 C:\Program Files\eastlinkinternetsecurityservices\FSGUI\gres.dll - ok
18:43:36.0273 0468 [ 0329D0A4F230094B669A87BB3B85606E ] C:\WINDOWS\system32\fxsapi.dll
18:43:36.0273 0468 C:\WINDOWS\system32\fxsapi.dll - ok
18:43:36.0273 0468 [ 77B4BE0C9AA0AC78884D8E7CFB315463 ] C:\WINDOWS\system32\wmp.dll
18:43:36.0273 0468 C:\WINDOWS\system32\wmp.dll - ok
18:43:36.0289 0468 [ 425DA3E03D3B3FA308D30A2A682B6499 ] C:\Program Files\Citrix\ICA Client\ProgressNotificationCommon.dll
18:43:36.0289 0468 C:\Program Files\Citrix\ICA Client\ProgressNotificationCommon.dll - ok
18:43:36.0289 0468 [ F2012DA44521414574C3191E2FABF24D ] C:\Program Files\Citrix\ICA Client\wfcwinn.dll
18:43:36.0289 0468 C:\Program Files\Citrix\ICA Client\wfcwinn.dll - ok
18:43:36.0289 0468 [ FA45A2EBB9419CED0A4BF9C9E9BF4498 ] C:\Program Files\Citrix\ICA Client\acrdlg.dll
18:43:36.0289 0468 C:\Program Files\Citrix\ICA Client\acrdlg.dll - ok
18:43:36.0289 0468 [ B15120FDD741500C20C4DCBB29BAAB46 ] C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
18:43:36.0289 0468 C:\WINDOWS\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll - ok
18:43:36.0305 0468 [ 7EF9AA6D19A6962383EFF5E570BE0CC1 ] C:\Program Files\Citrix\ICA Client\statuin.dll
18:43:36.0305 0468 C:\Program Files\Citrix\ICA Client\statuin.dll - ok
18:43:36.0305 0468 [ 348CBCBAF2179567FF0098B756F02E57 ] C:\Program Files\Citrix\ICA Client\confmgr.dll
18:43:36.0305 0468 C:\Program Files\Citrix\ICA Client\confmgr.dll - ok
18:43:36.0305 0468 [ A0A085DCB1DE464E3BCE8A1835967E6A ] C:\Program Files\Citrix\ICA Client\ctxlogging.dll
18:43:36.0305 0468 C:\Program Files\Citrix\ICA Client\ctxlogging.dll - ok
18:43:36.0305 0468 [ 5171E721CE06C125FB02DA2B4DEF1890 ] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_9feb45e5\System.Windows.Forms.dll
18:43:36.0305 0468 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_9feb45e5\System.Windows.Forms.dll - ok
18:43:36.0320 0468 [ F27E6F727D8DB8A92D73513FC42201AA ] C:\Program Files\Citrix\ICA Client\icafile.dll
18:43:36.0320 0468 C:\Program Files\Citrix\ICA Client\icafile.dll - ok
18:43:36.0320 0468 [ EDF0AFD640C8800BCBD567774B6DAFEA ] C:\Program Files\eastlinkinternetsecurityservices\FSAUA\program\fsauainfo.dll
18:43:36.0320 0468 C:\Program Files\eastlinkinternetsecurityservices\FSAUA\program\fsauainfo.dll - ok
18:43:36.0320 0468 [ 90098BD6DCBCCD8428F0A6668A28C42F ] C:\Program Files\Citrix\ICA Client\cst.dll
18:43:36.0320 0468 C:\Program Files\Citrix\ICA Client\cst.dll - ok
18:43:36.0320 0468 [ 82451B3E27BF04DBB7683E285E3C8946 ] C:\PROGRA~1\EASTLI~1\FSGUI\guilaunc.dll
18:43:36.0320 0468 C:\PROGRA~1\EASTLI~1\FSGUI\guilaunc.dll - ok
18:43:36.0336 0468 [ B72D4CD3AF0EE6F12BF46610E39389A3 ] C:\Program Files\eastlinkinternetsecurityservices\FSGUI\fsavures.eng
18:43:36.0336 0468 C:\Program Files\eastlinkinternetsecurityservices\FSGUI\fsavures.eng - ok
18:43:36.0336 0468 [ A9D65CEEEC7844C9A0C6B445BCBE7823 ] C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
18:43:36.0336 0468 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - ok
18:43:36.0336 0468 [ 2DE1190196EE9555DB548A57622022EB ] C:\WINDOWS\system32\drprov.dll
18:43:36.0336 0468 C:\WINDOWS\system32\drprov.dll - ok
18:43:36.0351 0468 [ 36468087E22C57A83DF758B3F90DF73F ] C:\WINDOWS\system32\ntlanman.dll
18:43:36.0351 0468 C:\WINDOWS\system32\ntlanman.dll - ok
18:43:36.0351 0468 [ E464487295D2BAF57E93D97232DF6135 ] C:\Program Files\eastlinkinternetsecurityservices\FSGUI\guiplugn.dll
18:43:36.0351 0468 C:\Program Files\eastlinkinternetsecurityservices\FSGUI\guiplugn.dll - ok
18:43:36.0351 0468 [ AC5DF42FE314C1446B1DAD237BFCFFE0 ] C:\WINDOWS\system32\netui0.dll
18:43:36.0351 0468 C:\WINDOWS\system32\netui0.dll - ok
18:43:36.0351 0468 [ ED5A816D8E11E03F1937AC3C56826EE4 ] C:\WINDOWS\system32\netui1.dll
18:43:36.0351 0468 C:\WINDOWS\system32\netui1.dll - ok
18:43:36.0367 0468 [ B60DDDD2D63CE41CB8C487FCFBB6419E ] C:\Program Files\Internet Explorer\iexplore.exe
18:43:36.0367 0468 C:\Program Files\Internet Explorer\iexplore.exe - ok
18:43:36.0367 0468 [ FB8F8EEC8D9C2157789472DD61CDC78B ] C:\WINDOWS\system32\davclnt.dll
18:43:36.0367 0468 C:\WINDOWS\system32\davclnt.dll - ok
18:43:36.0367 0468 [ 98E53CA00D3C0A2E9FAA4E59C101AEBA ] C:\WINDOWS\system32\mslbui.dll
18:43:36.0367 0468 C:\WINDOWS\system32\mslbui.dll - ok
18:43:36.0367 0468 [ B4459D13473D07FCB43365C02732DE16 ] C:\WINDOWS\system32\pschdprf.dll
18:43:36.0367 0468 C:\WINDOWS\system32\pschdprf.dll - ok
18:43:36.0383 0468 [ 1F3A82333046F4B97B2BB148ABF38D54 ] C:\WINDOWS\system32\traffic.dll
18:43:36.0383 0468 C:\WINDOWS\system32\traffic.dll - ok
18:43:36.0383 0468 [ F9DD799E07ED5028DB2F1FFEA72C9357 ] C:\WINDOWS\system32\rsvpperf.dll
18:43:36.0383 0468 C:\WINDOWS\system32\rsvpperf.dll - ok
18:43:36.0383 0468 [ 6951B89B4F591AA694048A6CD0E5224A ] C:\WINDOWS\system32\tapiperf.dll
18:43:36.0383 0468 C:\WINDOWS\system32\tapiperf.dll - ok
18:43:36.0383 0468 [ 9090454E6772F7CFBCE240BF4DC5F7E8 ] C:\Program Files\Citrix\ICA Client\MFC80ENU.dll
18:43:36.0383 0468 C:\Program Files\Citrix\ICA Client\MFC80ENU.dll - ok
18:43:36.0398 0468 [ DBB3918350E09D38E164BE6851600D22 ] C:\Program Files\Citrix\ICA Client\resource\en\ProgressNotificationCommonUI.dll
18:43:36.0398 0468 C:\Program Files\Citrix\ICA Client\resource\en\ProgressNotificationCommonUI.dll - ok
18:43:36.0398 0468 [ B0B052115D933534E4DE8CFA0D861C77 ] C:\Program Files\DISC\DiscObjsLib.dll
18:43:36.0398 0468 C:\Program Files\DISC\DiscObjsLib.dll - ok
18:43:36.0398 0468 [ DF695E9850F66CCCC70659975184DF2A ] C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
18:43:36.0398 0468 C:\WINDOWS\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll - ok
18:43:36.0398 0468 [ F7FD34F43260D587F393305A97A9C2C4 ] C:\Program Files\Citrix\ICA Client\resource\en\statuiUI.dll
18:43:36.0398 0468 C:\Program Files\Citrix\ICA Client\resource\en\statuiUI.dll - ok
18:43:36.0414 0468 [ 5F687D7F798FD20C6B11B13F0B006037 ] C:\Program Files\Citrix\ICA Client\resource\en\cstUI.dll
18:43:36.0414 0468 C:\Program Files\Citrix\ICA Client\resource\en\cstUI.dll - ok
18:43:36.0414 0468 [ 235B2311786AC007AD644B12A2DA8AC7 ] C:\WINDOWS\system32\msvfw32.dll
18:43:36.0414 0468 C:\WINDOWS\system32\msvfw32.dll - ok
18:43:36.0414 0468 [ 80AE01677E4B5D296A9C4E09FE66AA22 ] C:\Program Files\Citrix\ICA Client\resource\en\wfcrunUI.dll
18:43:36.0414 0468 C:\Program Files\Citrix\ICA Client\resource\en\wfcrunUI.dll - ok
18:43:36.0430 0468 [ 86B5D7276F75B9DED758DA1C38BAE4C0 ] C:\Program Files\eastlinkinternetsecurityservices\FSPC\fspcapi.dll
18:43:36.0430 0468 C:\Program Files\eastlinkinternetsecurityservices\FSPC\fspcapi.dll - ok
18:43:36.0430 0468 [ 1BA2A4410B5E6680FF3EFC0ED9BC0B0B ] C:\Program Files\eastlinkinternetsecurityservices\FSGUI\pcpwd.dll
18:43:36.0430 0468 C:\Program Files\eastlinkinternetsecurityservices\FSGUI\pcpwd.dll - ok
18:43:36.0430 0468 [ B6E6F3F5B63053D5DC1F4EE32992492F ] C:\WINDOWS\system32\dbghelp.dll
18:43:36.0430 0468 C:\WINDOWS\system32\dbghelp.dll - ok
18:43:36.0445 0468 [ 3F476505B239F65C5D67B6686AF097D4 ] C:\WINDOWS\system32\wmploc.dll
18:43:36.0445 0468 C:\WINDOWS\system32\wmploc.dll - ok
18:43:36.0445 0468 [ 2D7689E3A09C582100E824BD9224203C ] C:\Program Files\HP\Digital Imaging\bin\hpquio08.dll
18:43:36.0445 0468 C:\Program Files\HP\Digital Imaging\bin\hpquio08.dll - ok
18:43:36.0445 0468 [ 6893D2F2C2BAB9C4DBADA52DFB8B3AD6 ] C:\Program Files\HP\Digital Imaging\bin\hpqtra08.rsc
18:43:36.0445 0468 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.rsc - ok
18:43:36.0445 0468 [ 9669358A3DE454884CAA5F6BD3E49D67 ] C:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll
18:43:36.0445 0468 C:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll - ok
18:43:36.0461 0468 [ 35FD73BA6356094ABCB61F0A2C555595 ] C:\Program Files\DISC\DiscStreamHub.exe
18:43:36.0461 0468 C:\Program Files\DISC\DiscStreamHub.exe - ok
18:43:36.0461 0468 [ 4ED09CCDA7D5E11E668339D6AD436FCB ] C:\Program Files\eastlinkinternetsecurityservices\FSGUI\fsavesui.dll
18:43:36.0461 0468 C:\Program Files\eastlinkinternetsecurityservices\FSGUI\fsavesui.dll - ok
18:43:36.0477 0468 [ 66F6A12C91B86093A3980B2CA5A18761 ] C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_609eeed9\System.Drawing.dll
18:43:36.0477 0468 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_609eeed9\System.Drawing.dll - ok
18:43:36.0477 0468 [ ADC5D27EB04A03368163C7C41F5CA1A8 ] C:\WINDOWS\system32\MFPLAT.dll
18:43:36.0477 0468 C:\WINDOWS\system32\MFPLAT.dll - ok
18:43:36.0477 0468 [ AF8841FEF8DE40D36E77C6662843EDAE ] C:\WINDOWS\AppPatch\aclayers.dll
18:43:36.0477 0468 C:\WINDOWS\AppPatch\aclayers.dll - ok
18:43:36.0492 0468 [ 40C53C82AEEE5E20EF655BFCAA78735C ] C:\Program Files\Citrix\ICA Client\CCMProxy.dll
18:43:36.0492 0468 C:\Program Files\Citrix\ICA Client\CCMProxy.dll - ok
18:43:36.0492 0468 [ 0F2C90DB2EDCB26FB0E79BB15FEE36B9 ] C:\WINDOWS\system32\pxdrv.dll
18:43:36.0492 0468 C:\WINDOWS\system32\pxdrv.dll - ok
18:43:36.0492 0468 [ F1C41C629AC44573BD93A19AFA5944EA ] C:\WINDOWS\system32\PxMas.dll
18:43:36.0492 0468 C:\WINDOWS\system32\PxMas.dll - ok
18:43:36.0508 0468 [ 5EB87BA0B93CA7E894FC8002E3CE4C2A ] C:\Program Files\Internet Explorer\sqmapi.dll
18:43:36.0508 0468 C:\Program Files\Internet Explorer\sqmapi.dll - ok
18:43:36.0508 0468 [ A38904AA3E3724F8E30C54352F6B80D2 ] C:\Program Files\DISC\BITSDownloadManager.dll
18:43:36.0508 0468 C:\Program Files\DISC\BITSDownloadManager.dll - ok
18:43:36.0508 0468 [ 27320D6D08F420D930040DD6C868A6DB ] C:\Program Files\DISC\EBGamesPack.dll
18:43:36.0508 0468 C:\Program Files\DISC\EBGamesPack.dll - ok
18:43:36.0523 0468 [ B005ABD25A4B4BC33E033908AB498CD7 ] C:\Program Files\DISC\YummyPack.dll
18:43:36.0523 0468 C:\Program Files\DISC\YummyPack.dll - ok
18:43:36.0523 0468 [ 26441EDF84CA911FECAEAC5E5E88C313 ] C:\Program Files\DISC\SocketComm.dll
18:43:36.0523 0468 C:\Program Files\DISC\SocketComm.dll - ok
18:43:36.0523 0468 [ 7DD35BE16E2094655409A2E3A4AF43D1 ] C:\Program Files\DISC\Interop.YummyPlayer.dll
18:43:36.0523 0468 C:\Program Files\DISC\Interop.YummyPlayer.dll - ok
18:43:36.0539 0468 [ 94A700B34A1B848B29B57747D2E4BE31 ] C:\Program Files\DISC\SecureComm.dll
18:43:36.0539 0468 C:\Program Files\DISC\SecureComm.dll - ok
18:43:36.0539 0468 [ 236B31C60D401F1AB428CA14D808DC95 ] C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
18:43:36.0539 0468 C:\WINDOWS\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll - ok
18:43:36.0539 0468 [ FC7FA8C8C3293AFEEC1145B509712227 ] C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
18:43:36.0539 0468 C:\WINDOWS\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll - ok
18:43:36.0539 0468 [ 269C3BFC643A9B3718BD5F33E6FF450E ] C:\Program Files\eastlinkinternetsecurityservices\FSGUI\flyer.dll
18:43:36.0539 0468 C:\Program Files\eastlinkinternetsecurityservices\FSGUI\flyer.dll - ok
18:43:36.0555 0468 [ 99EB84256BFA43C3A2A32341EDB8189E ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe
18:43:36.0555 0468 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe - ok
18:43:36.0586 0468 [ 49C71D59D0D940568F86494FE4A63C6D ] C:\WINDOWS\system32\PxSFS.DLL
18:43:36.0586 0468 C:\WINDOWS\system32\PxSFS.DLL - ok
18:43:36.0586 0468 [ 11734790410900D2CD6B7839020E4DD9 ] C:\WINDOWS\system32\ieui.dll
18:43:36.0586 0468 C:\WINDOWS\system32\ieui.dll - ok
18:43:36.0586 0468 [ 265518685AB07A09A5F96FD023E477EA ] C:\Program Files\Internet Explorer\ieproxy.dll
18:43:36.0586 0468 C:\Program Files\Internet Explorer\ieproxy.dll - ok
18:43:36.0602 0468 [ E11457C66FDD966EE415FBBC6D9BE643 ] C:\WINDOWS\system32\msimtf.dll
18:43:36.0602 0468 C:\WINDOWS\system32\msimtf.dll - ok
18:43:36.0602 0468 [ 11E19171255D683DE352673E477D7FE2 ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
18:43:36.0602 0468 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cscomp.dll - ok
18:43:36.0602 0468 [ 24BB2810506502DAF47E956103A2FCE0 ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\alink.dll
18:43:36.0602 0468 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\alink.dll - ok
18:43:36.0617 0468 [ 5C9D79CCBD4B1869EE331B35157EAB9F ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorpe.dll
18:43:36.0617 0468 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorpe.dll - ok
18:43:36.0617 0468 [ 4CCC82B2EE8ED6D744CC635325B18EDA ] C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe
18:43:36.0617 0468 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe - ok
18:43:36.0617 0468 [ 574E5BAEDEFA1115AA21B7F3E5C3660D ] C:\Program Files\eastlinkinternetsecurityservices\ISPNews\ispnews.dll
18:43:36.0617 0468 C:\Program Files\eastlinkinternetsecurityservices\ISPNews\ispnews.dll - ok
18:43:36.0617 0468 [ BEA4AEE74FEF171EB61DE1BAD8FAF427 ] C:\WINDOWS\system32\xmllite.dll
18:43:36.0617 0468 C:\WINDOWS\system32\xmllite.dll - ok
18:43:36.0633 0468 [ 4A8F597308DDF77806BFC466193C7638 ] C:\Program Files\eastlinkinternetsecurityservices\ISPNews\ispnewsres.eng
18:43:36.0633 0468 C:\Program Files\eastlinkinternetsecurityservices\ISPNews\ispnewsres.eng - ok
18:43:36.0633 0468 [ 9164FA3064CE25A40B374EF70059EB46 ] C:\WINDOWS\system32\PxWave.dll
18:43:36.0633 0468 C:\WINDOWS\system32\PxWave.dll - ok
18:43:36.0633 0468 [ DFBD2F0DC7126DCB83C2502C512122F1 ] C:\Program Files\eastlinkinternetsecurityservices\FSGUI\flyerres.eng
18:43:36.0633 0468 C:\Program Files\eastlinkinternetsecurityservices\FSGUI\flyerres.eng - ok
18:43:36.0633 0468 [ D43637F8E835DDF2FE95FBE6242494B0 ] C:\WINDOWS\ime\spgrmr.dll
18:43:36.0633 0468 C:\WINDOWS\ime\spgrmr.dll - ok
18:43:36.0648 0468 [ 34800ED38076BCD388225F53577EAB92 ] C:\Program Files\eastlinkinternetsecurityservices\Common\FSMAUI32.DLL
18:43:36.0648 0468 C:\Program Files\eastlinkinternetsecurityservices\Common\FSMAUI32.DLL - ok
18:43:36.0648 0468 [ A7E8525FA8788CA52F728414A65BA349 ] C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
18:43:36.0648 0468 C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL - ok
18:43:36.0648 0468 [ 89DA592F4771832DCDB315B75EDA9AB2 ] C:\Program Files\eastlinkinternetsecurityservices\Common\FSMAURES.eng
18:43:36.0648 0468 C:\Program Files\eastlinkinternetsecurityservices\Common\FSMAURES.eng - ok
18:43:36.0648 0468 [ 566102B8A7CD38E4417F0EAFAC10E25D ] C:\WINDOWS\system32\VXBLOCK.dll
18:43:36.0648 0468 C:\WINDOWS\system32\VXBLOCK.dll - ok
18:43:36.0664 0468 [ B75AEF9B2D64E0B07EBD93208E16E3B9 ] C:\Program Files\eastlinkinternetsecurityservices\FSPC\fspcfsm.dll
18:43:36.0664 0468 C:\Program Files\eastlinkinternetsecurityservices\FSPC\fspcfsm.dll - ok
18:43:36.0664 0468 [ 4A868B449EF52DEDA5EFEDF1E731CED2 ] C:\Program Files\eastlinkinternetsecurityservices\Spam Control\fsscoepl.dll
18:43:36.0664 0468 C:\Program Files\eastlinkinternetsecurityservices\Spam Control\fsscoepl.dll - ok
18:43:36.0664 0468 [ 42834F2B4D739690A425BB45073693FB ] C:\Program Files\eastlinkinternetsecurityservices\FSGUI\fsscgui.dll
18:43:36.0664 0468 C:\Program Files\eastlinkinternetsecurityservices\FSGUI\fsscgui.dll - ok
18:43:36.0680 0468 [ 957267B9E0EA68F4BE82BFA125292709 ] C:\Program Files\eastlinkinternetsecurityservices\FSPC\fspcfsm.eng
18:43:36.0680 0468 C:\Program Files\eastlinkinternetsecurityservices\FSPC\fspcfsm.eng - ok
18:43:36.0680 0468 [ 2163075E6A3A8750F12C3352F0BE9889 ] C:\Program Files\Internet Explorer\xpshims.dll
18:43:36.0680 0468 C:\Program Files\Internet Explorer\xpshims.dll - ok
18:43:36.0680 0468 [ 9E03DC5AB51CFD0190541CE2038D819D ] C:\WINDOWS\system32\usp10.dll
18:43:36.0680 0468 C:\WINDOWS\system32\usp10.dll - ok
18:43:36.0680 0468 [ 13D2E016B784730A98F24D6E5BEED22F ] C:\WINDOWS\system32\mshtml.dll
18:43:36.0680 0468 C:\WINDOWS\system32\mshtml.dll - ok
18:43:36.0695 0468 [ 2ACCD352451EC0F99AF2AD9DB6DB4439 ] C:\WINDOWS\system32\msls31.dll
18:43:36.0695 0468 C:\WINDOWS\system32\msls31.dll - ok
18:43:36.0695 0468 [ 66F1C930F4572816BB15C3A863590305 ] C:\WINDOWS\system32\ieapfltr.dll
18:43:36.0695 0468 C:\WINDOWS\system32\ieapfltr.dll - ok
18:43:36.0695 0468 [ 0689622E6484934EB6E5F4D3A96311F9 ] C:\WINDOWS\system32\jscript.dll
18:43:36.0695 0468 C:\WINDOWS\system32\jscript.dll - ok
18:43:36.0711 0468 [ 511FAE23EC6F02699418538DB875C836 ] C:\Program Files\DISC\Microsoft.Msdn.Samples.BITS.dll
18:43:36.0711 0468 C:\Program Files\DISC\Microsoft.Msdn.Samples.BITS.dll - ok
18:43:36.0711 0468 [ 9F3D9BDCD8E11FC262B31F7C1F355BA1 ] C:\Program Files\DISC\DashboardPack.dll
18:43:36.0711 0468 C:\Program Files\DISC\DashboardPack.dll - ok
18:43:36.0711 0468 [ 57AA81C8F01281F8F8FCE95694A25513 ] C:\Program Files\DISC\BackgroundCopyManager.DLL
18:43:36.0711 0468 C:\Program Files\DISC\BackgroundCopyManager.DLL - ok
18:43:36.0711 0468 [ 8E9ABF081E69A07D5DE5CD979E411013 ] C:\WINDOWS\system32\iepeers.dll
18:43:36.0711 0468 C:\WINDOWS\system32\iepeers.dll - ok
18:43:36.0727 0468 [ 00AB99E13C24AEE11A547BE3301EAF59 ] C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
18:43:36.0727 0468 C:\WINDOWS\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll - ok
18:43:36.0727 0468 [ 806780A1680EDD7B1E262751DE82F14C ] C:\Program Files\DISC\LogitechProfilerPack.dll
18:43:36.0727 0468 C:\Program Files\DISC\LogitechProfilerPack.dll - ok
18:43:36.0727 0468 [ 5E1A0476E009A1930A524DFF4CA13982 ] C:\WINDOWS\system32\dxtrans.dll
18:43:36.0727 0468 C:\WINDOWS\system32\dxtrans.dll - ok
18:43:36.0742 0468 [ A47F6A13202AA54541CA46D6CED79F5F ] C:\WINDOWS\system32\ddrawex.dll
18:43:36.0742 0468 C:\WINDOWS\system32\ddrawex.dll - ok
18:43:36.0742 0468 [ A340CD71EB535A3DD751B5F28723E50C ] C:\WINDOWS\system32\ddraw.dll
18:43:36.0742 0468 C:\WINDOWS\system32\ddraw.dll - ok
18:43:36.0742 0468 [ D8B91D94ECB123862B390FDE3250D3BB ] C:\WINDOWS\system32\dciman32.dll
18:43:36.0742 0468 C:\WINDOWS\system32\dciman32.dll - ok
18:43:36.0742 0468 [ 057D53F1490598D41D9D4DEE9A92B0B1 ] C:\WINDOWS\system32\dxtmsft.dll
18:43:36.0742 0468 C:\WINDOWS\system32\dxtmsft.dll - ok
18:43:36.0758 0468 [ 42B928FC8518D793BF7A5EAFC57B1D8B ] C:\WINDOWS\system32\imgutil.dll
18:43:36.0758 0468 C:\WINDOWS\system32\imgutil.dll - ok
18:43:36.0758 0468 [ E5FA1B044DAC5F6F600A1742D73F6936 ] C:\WINDOWS\system32\pngfilt.dll
18:43:36.0758 0468 C:\WINDOWS\system32\pngfilt.dll - ok
18:43:36.0758 0468 [ 165AE7A443F2139DD2C078AD87699F91 ] C:\Program Files\Microsoft Office\OFFICE11\MSOHEV.DLL
18:43:36.0758 0468 C:\Program Files\Microsoft Office\OFFICE11\MSOHEV.DLL - ok
18:43:36.0758 0468 [ C1AC05BBF42ADF50CD9F2A8710DC6AD0 ] C:\WINDOWS\system32\Macromed\Flash\Flash32_11_3_300_268.ocx
18:43:36.0758 0468 C:\WINDOWS\system32\Macromed\Flash\Flash32_11_3_300_268.ocx - ok
18:43:36.0789 0468 [ 484E0C07DA7DA4FD14D2CD74E4AAC05A ] C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\fm4av.dll
18:43:36.0789 0468 C:\Program Files\eastlinkinternetsecurityservices\Anti-Virus\fm4av.dll - ok
18:43:36.0805 0468 [ AFACE9A8E6F8D25B465586849B85B6B6 ] C:\Program Files\eastlinkinternetsecurityservices\Common\fpshx.eng
18:43:36.0805 0468 C:\Program Files\eastlinkinternetsecurityservices\Common\fpshx.eng - ok
18:43:36.0805 0468 [ 15D2314F1DCB55B6DE003DE1BA66CA3E ] C:\Program Files\eastlinkinternetsecurityservices\Common\FSABTRES.eng
18:43:36.0805 0468 C:\Program Files\eastlinkinternetsecurityservices\Common\FSABTRES.eng - ok
18:43:36.0805 0468 [ 6D07DF8A3B4E89B5BAC943B64F0B70D0 ] C:\WINDOWS\system32\icm32.dll
18:43:36.0805 0468 C:\WINDOWS\system32\icm32.dll - ok
18:43:36.0805 0468 [ 4701F42DCCF403041DA250CB77F030B9 ] C:\Program Files\eastlinkinternetsecurityservices\Common\fsavres.eng
18:43:36.0805 0468 C:\Program Files\eastlinkinternetsecurityservices\Common\fsavres.eng - ok
18:43:36.0820 0468 [ DB54F1B5A9B11F2003FA4FA73E207AF1 ] C:\Program Files\eastlinkinternetsecurityservices\Common\fships.eng
18:43:36.0820 0468 C:\Program Files\eastlinkinternetsecurityservices\Common\fships.eng - ok
18:43:36.0820 0468 [ B54CDB4F079836284E0F93DF41DBDA76 ] C:\Program Files\eastlinkinternetsecurityservices\Common\FSHOTFIX.eng
18:43:36.0820 0468 C:\Program Files\eastlinkinternetsecurityservices\Common\FSHOTFIX.eng - ok
18:43:36.0820 0468 [ 402E95A6A595F0BDDB86C18D71A20160 ] C:\Program Files\eastlinkinternetsecurityservices\Common\FSMAINST.ENG
18:43:36.0820 0468 C:\Program Files\eastlinkinternetsecurityservices\Common\FSMAINST.ENG - ok
18:43:36.0836 0468 [ 01F55A2A4010F97A7204494C37327380 ] C:\Program Files\eastlinkinternetsecurityservices\Common\FSMARES.eng
18:43:36.0836 0468 C:\Program Files\eastlinkinternetsecurityservices\Common\FSMARES.eng - ok
18:43:36.0836 0468 [ FE9A2916CF75FBCEDC15DE49B2B8B140 ] C:\Program Files\eastlinkinternetsecurityservices\Common\fspcres.ENG
18:43:36.0836 0468 C:\Program Files\eastlinkinternetsecurityservices\Common\fspcres.ENG - ok
18:43:36.0836 0468 [ 56ADB11F7D4D0816C0BE1E701C1B5E52 ] C:\WINDOWS\system32\d3dim700.dll
18:43:36.0836 0468 C:\WINDOWS\system32\d3dim700.dll - ok
18:43:36.0836 0468 ============================================================
18:43:36.0836 0468 Scan finished
18:43:36.0836 0468 ============================================================
18:43:37.0008 0452 Detected object count: 5
18:43:37.0008 0452 Actual detected object count: 5
18:43:50.0168 0452 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
18:43:50.0168 0452 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:43:50.0168 0452 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
18:43:50.0168 0452 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:43:50.0168 0452 MHN ( UnsignedFile.Multi.Generic ) - skipped by user
18:43:50.0168 0452 MHN ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:43:50.0168 0452 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
18:43:50.0168 0452 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:43:50.0168 0452 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
18:43:50.0168 0452 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:47:12.0703 3200 Deinitialize success

Combofix Log:

ComboFix 12-08-15.01 - HP_Administrator 15/08/2012 19:02:53.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.593 [GMT -3:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: EastLink Internet Security Services 9.12 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: EastLink Internet Security Services 9.12 *Disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\HP_Administrator\Cookies\B9QNDGEJ.txt
c:\documents and settings\HP_Administrator\WINDOWS
c:\program files\intellidownload\gunzip.exe
c:\program files\OApps\bhO_project.dll
c:\windows\Installer\{8be05a38-f079-0aab-f4c6-b71042d61947}\@
c:\windows\Installer\{8be05a38-f079-0aab-f4c6-b71042d61947}\n
c:\windows\Installer\{8be05a38-f079-0aab-f4c6-b71042d61947}\U\00000001.$.uss_dis
c:\windows\Installer\{8be05a38-f079-0aab-f4c6-b71042d61947}\U\00000001.@
c:\windows\Installer\{8be05a38-f079-0aab-f4c6-b71042d61947}\U\80000000.@
c:\windows\Installer\{8be05a38-f079-0aab-f4c6-b71042d61947}\U\800000cb.@
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
D:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RKHIT
-------\Service_RkHit
.
.
((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))
.
.
2012-08-11 15:52 . 2006-12-29 03:31 19569 ----a-w- c:\windows\000003_.tmp
2012-08-10 15:22 . 2006-12-29 03:31 19569 ----a-w- c:\windows\000002_.tmp
2012-08-10 14:42 . 2012-08-10 14:42 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\FixZeroAccess
2012-08-06 17:18 . 2012-08-06 17:18 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-08-03 06:11 . 2012-08-03 06:11 -------- d--h--w- c:\windows\system32\GroupPolicy
2012-07-28 15:15 . 2012-07-31 06:33 -------- d-----w- c:\windows\system32\XPSViewer
2012-07-28 15:14 . 2012-07-28 15:14 -------- d-----w- c:\program files\MSBuild
2012-07-28 15:14 . 2012-07-28 15:14 -------- d-----w- c:\program files\Reference Assemblies
2012-07-28 15:14 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-07-28 15:13 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-07-28 15:13 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2012-07-28 15:13 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-07-28 15:13 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-07-28 15:13 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-07-28 15:13 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-07-28 15:13 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-07-28 15:13 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2012-07-27 05:36 . 2008-04-14 08:41 81920 ------w- c:\windows\system32\ieencode.dll
2012-07-27 05:36 . 2006-12-29 03:31 19569 ----a-w- c:\windows\000001_.tmp
2012-07-26 23:50 . 2012-07-26 23:55 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-26 01:30 . 2012-07-26 21:28 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\ElevatedDiagnostics
2012-07-25 20:41 . 2012-07-25 20:41 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Mozilla
2012-07-25 20:04 . 2012-07-25 20:06 -------- dc-h--w- c:\windows\ie8
2012-07-25 12:33 . 2012-07-25 12:33 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-07-21 22:37 . 2012-08-08 15:02 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Roepru
2012-07-21 22:37 . 2012-07-25 15:48 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Egmy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 12:55 . 2012-03-11 00:54 44240 ----a-w- c:\windows\system32\drivers\fsbts.sys
2012-07-26 23:55 . 2012-03-10 20:36 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 13:58 . 2004-08-10 04:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2004-08-10 04:00 139784 ------w- c:\windows\system32\drivers\rdpwd.sys
2012-07-02 17:49 . 2004-08-10 04:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2004-08-10 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2004-08-10 04:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2004-08-10 04:00 385024 ----a-w- c:\windows\system32\html.iec
2012-06-13 13:19 . 2004-08-10 04:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2012-03-10 17:56 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-10 04:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 20:35 . 2012-03-11 14:46 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2004-08-10 04:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 18:19 . 2009-08-07 03:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 18:19 . 2009-08-07 03:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 18:19 . 2009-08-07 03:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 18:19 . 2009-08-07 03:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 18:19 . 2004-08-10 04:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 18:19 . 2009-08-07 03:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 18:18 . 2012-03-11 14:46 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 18:18 . 2012-03-11 14:46 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2004-08-10 04:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-07-14 00:17 . 2012-08-06 17:18 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"nwiz"="nwiz.exe" [2006-01-25 1519616]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-03-16 1077248]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2006-03-16 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"F-Secure Manager"="c:\program files\eastlinkinternetsecurityservices\Common\FSM32.EXE" [2009-11-18 201128]
"F-Secure TNB"="c:\program files\eastlinkinternetsecurityservices\FSGUI\TNBUtil.exe" [2012-03-11 1655464]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-05-12 300472]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
ReSchedHPSU.lnk - c:\hp\bin\CLOAKER.EXE [N/A]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [10/03/2012 9:54 PM 44240]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [10/03/2012 9:53 PM 81864]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [16/04/2010 4:22 PM 65584]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\eastlinkinternetsecurityservices\HIPS\drivers\fshs.sys [10/03/2012 9:53 PM 69928]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\eastlinkinternetsecurityservices\Anti-Virus\minifilter\fsgk.sys [10/03/2012 9:53 PM 149672]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\eastlinkinternetsecurityservices\ORSP Client\fsorsp.exe [10/03/2012 9:53 PM 61088]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [06/08/2012 2:18 PM 113120]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\eastlinkinternetsecurityservices\Anti-Virus\win2k\fsfilter.sys [10/03/2012 9:53 PM 41640]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\eastlinkinternetsecurityservices\Anti-Virus\win2k\fsrec.sys [10/03/2012 9:53 PM 27048]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*NewlyCreated* - WUAUSERV
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-31 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-09 02:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
TCP: DhcpNameServer = 24.222.0.94 24.222.0.95
TCP: Interfaces\{BBF1D3AA-E1CF-49C1-A866-7EA85A54E390}: NameServer = 24.222.0.94,24.222.0.95
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nagrl9mv.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-PinInit - c:\hp\bin\cloaker.exe
HKLM-Run-PCDrProfiler - c:\program files\PC-Doctor 5 for Windows\RunProfiler.exe
HKLM-Run-SetDefaultPrinter - c:\hp\bin\cloaker.exe
SafeBoot-46560950.sys
AddRemove-HP Game Console - c:\program files\WildTangent\Apps\HP Game Console\Uninstall.exe
AddRemove-KBD - c:\hp\KBD\Install.exe
AddRemove-LiveUpdate - c:\program files\Symantec\LiveUpdate\LSETUP.EXE
AddRemove-Python 2.2.3 - c:\python22\UNWISE.EXE
AddRemove-pywin32-py2.2 - c:\python22\Removepywin32.exe
AddRemove-WildTangent CDA - c:\program files\WildTangent\Apps\CDA\CDAUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-15 19:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1580)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\arservice.exe
c:\windows\RTHDCPL.EXE
c:\program files\Citrix\ICA Client\wfcrun32.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\eastlinkinternetsecurityservices\Anti-Virus\fsgk32st.exe
c:\program files\eastlinkinternetsecurityservices\Anti-Virus\FSGK32.EXE
c:\program files\eastlinkinternetsecurityservices\Common\FSMA32.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\eastlinkinternetsecurityservices\Common\FSHDLL32.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\eastlinkinternetsecurityservices\Anti-Virus\fssm32.exe
c:\program files\eastlinkinternetsecurityservices\FWES\Program\fsdfwd.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
c:\program files\DISC\DiscStreamHub.exe
c:\program files\eastlinkinternetsecurityservices\Anti-Virus\fsav32.exe
.
**************************************************************************
.
Completion time: 2012-08-15 19:24:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-15 22:24
.
Pre-Run: 161,079,054,336 bytes free
Post-Run: 161,572,151,296 bytes free
.
- - End Of File - - F8F09F5698E5F33D018A1D2EEBFA8FE2

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:40 PM

Posted 15 August 2012 - 06:20 PM

Hello,

Looks like we got the main infection. Let's run a couple other scanners for any leftovers.

1.
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


2.
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


Things to include in your next reply::
MBAM log
Eset log
How is your machine running now?

Edited by fireman4it, 15 August 2012 - 06:22 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 Skyhound

Skyhound
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 16 August 2012 - 01:59 AM

When ESET was scanning, my virus security window popped up saying it found and removed Trojan.Sirefef. I closed the popup window and another virus security window immediately popped up afterwards saying the same message I closed this popup and that was it nothing popped up again. Was this just something the scan brought up? Or am I still infected?

MBAM Log:

Database version: v2012.08.15.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
HP_Administrator :: BAD-T [administrator]

15/08/2012 8:52:37 PM
mbam-log-2012-08-15 (20-52-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207927
Time elapsed: 11 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



ESET Log:

C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\27\14c367db-733752e4 multiple threats deleted - quarantined
C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\45\3a81f6d-6e37eabc Java/Exploit.CVE-2012-0507.BR trojan cleaned by deleting - quarantined
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{8be05a38-f079-0aab-f4c6-b71042d61947}\U\800000cb.@ probably a variant of Win32/Agent.TEO trojan cleaned by deleting - quarantined
C:\Documents and Settings\HP_Administrator\My Documents\Dale\BC\ComboFix\Qoobox\Quarantine\C\Program Files\OApps\bhO_project.dll.vir Win32/Adware.Facetheme.D application cleaned by deleting - quarantined
C:\Program Files\intellidownload\torrent.exe Win32/BundleInstaller application cleaned by deleting - quarantined
C:\Program Files\intellidownload\vfd.exe multiple threats cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP115\A0002668.dll Win32/Adware.Facetheme.D application cleaned by deleting - quarantined

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:40 PM

Posted 16 August 2012 - 01:33 PM

When ESET was scanning, my virus security window popped up saying it found and removed Trojan.Sirefef. I closed the popup window and another virus security window immediately popped up afterwards saying the same message I closed this popup and that was it nothing popped up again. Was this just something the scan brought up? Or am I still infected?


I suspect it was a Quarantine from Combofix or a system restore file it found. That why we say to disable your antivirus till we know your clean so our tools can run uninterrupted. Lets run one more scanner to see if it sees any thing.

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download DrWeb-CureIt and save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
  • When complete, click Select All, then choose Cure > Move incurable.
    (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • Now put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
  • Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 Skyhound

Skyhound
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 16 August 2012 - 03:08 PM

I'm having an issue with the DrWeb scan, I ran DrWeb in safe mode and during the express scan a window popped up saying that 581d8_xp.exe has encountered an error and must close. I clicked ok, and a DrWeb window popped up saying "A system error has occured during the scanning process [RC=0x0000005]". I reran the scan 3 times and everytime this same thing happened.

#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:40 PM

Posted 16 August 2012 - 04:45 PM

Please download Sophos Anti-rootkit & save it to your desktop.
alternate download link
Note: If using the vendor's download site you will be asked to register with MySophos so an email containing an activation link can be sent to your email address.

Be sure to print out and read the Sophos Anti-Rookit User Manual and Release Notes.
  • Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.
  • Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
  • A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now".
  • Click Yes and allow the driver and its randomly named .tmp file (i.e. F.tmp) to load if asked.
  • If the scan did not start automatically, make sure the following are checked:
    • Running processes
    • Windows Registry
    • Local Hard Drives
  • Click Start scan.
  • Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
  • When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
  • Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.
    • Files tagged as Removable: No are not marked for removal and cannot be removed.
    • Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
    • Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.
  • Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.
  • A pop up window will appear advising the cleanup will finish when you restart your computer. Click Restart Now.
  • After reboot, a dialog box displays the files you selected for removal and the action taken.
  • Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
  • When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
  • This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\<username>\Local Settings\Temp\.
Before performing an ARK scan it is recommended to do the following to ensure more accurate results and avoid common issues that may cause false detections.
  • Disconnect from the Internet or physically unplug you Internet cable connection.
  • Clean out your temporary files.
  • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
  • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 Skyhound

Skyhound
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 16 August 2012 - 05:50 PM

Sophos Log:

Sophos Anti-Rootkit Version 1.5.20 © 2009 Sophos Plc
Started logging on 16/08/2012 at 18:56:24 PM
User "HP_Administrator" on computer "BAD-T"
Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\Documents and Settings\HP_Administrator\Application Data\FixZeroAccess\Archive\RtkHDAud.sys
Hidden: file C:\WINDOWS\I386\AUTOFMT.EXE
Hidden: file C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
Hidden: file C:\Documents and Settings\All Users\Application Data\Intuit\Quicken\Sku\Qnue\Custom\inprod_premier.exe
Hidden: file C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\MMT5AQJP\t8_FifsrrXEmSw8XHz-6FS1hOP1tKcHYAqTL4QeN5AMepEHOFc5lng24zRj3RwD_rKy_-VYSNXG5m-njrzM_uG9HYKgT4lL11a8XNocvKXSzjew&callback=google.LU[1].loadFeaturemap_421_0
Hidden: file C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
Hidden: file C:\Program Files\DISC\SystemMaint.exe
Hidden: file C:\Program Files\Hewlett-Packard\SDP\HPSender.dll
Hidden: file C:\Program Files\HP Games\Ancient Sudoku\Sudoku-WT.exe
Hidden: file C:\Program Files\HP Games\Flip Words\FlipWords-WT.exe
Hidden: file C:\Program Files\HP Games\Mystery Case Files\MysteryCaseFiles-WT.exe
Hidden: file C:\Program Files\HP Games\Ricochet Lost Worlds\Ricochet-WT.exe
Hidden: file C:\Program Files\HP Games\Tennis Titans\Tennis Titans-WT.exe
Hidden: file C:\Program Files\Microsoft Works\WksDict.exe
Hidden: file C:\Program Files\Microsoft Works\WksSb.exe
Hidden: file C:\Program Files\Microsoft Works\ctapi3t2.dll
Hidden: file C:\Program Files\Microsoft Works\lnchtour.exe
Hidden: file C:\Program Files\muvee Technologies\muvee autoProducer 5.0 - HPD\Flash\mv_hp_ap5_quicktour.exe
Hidden: file C:\Program Files\intellidownload\tdl\easydownload.exe
Hidden: file C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
Hidden: file C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\bc254d2fa26664898ae21d45643bc194\System.ServiceModel.ni.dll
Hidden: file C:\Documents and Settings\HP_Administrator\My Documents\Dale\BC\DDS\dds.com
Info: Starting disk scan of D: (FAT).
Hidden: file D:\I386\APPS\APP32213\src\BLUE\setup.exe
Hidden: file D:\I386\APPS\APP31487\pcdr\Custom\pcdr5cuiw32.exe
Hidden: file D:\I386\APPS\APP24335\src\MSWORKS\PFILES\MSWORKS\LTKRN13N.DLL
Hidden: file D:\I386\APPS\APP24335\src\MSWORKS\PFILES\MSWORKS\LTIMG13N.DLL
Hidden: file D:\I386\APPS\APP24335\src\MSWORKS\PFILES\MSWORKS\LTFIL13N.DLL
Hidden: file D:\I386\APPS\APP24335\src\MSWORKS\PFILES\MSWORKS\LTDIS13N.DLL
Hidden: file D:\I386\APPS\APP24335\src\MSWORKS\PFILES\MSWORKS\LNCHTOUR.EXE
Hidden: file D:\I386\APPS\APP09137\src\rp10-1483-hp-ja-setup.exe
Hidden: file D:\I386\APPS\APP06779\src\PSS\MDACOMP.EXE
Hidden: file D:\I386\APPS\APP01508\src\install\Worldwide-MediaCenter\other\fatemediaupgrade-silent.exe
Hidden: file D:\MiniNT\PC-Doctor 5 for Win PE\pcdr5cuiw32.exe
Hidden: file D:\MiniNT\system32\CDBootRC.dll
Stopped logging on 16/08/2012 at 19:33:57 PM

#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:40 PM

Posted 16 August 2012 - 06:09 PM

Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 Skyhound

Skyhound
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 16 August 2012 - 07:12 PM

Did you mean the Bitdefender QuickScan? That's the only one I can find and I don't see any way to export any scan results.
The link you posted doesn't seem to be working.

#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:40 PM

Posted 16 August 2012 - 07:14 PM

TrendMicro™ HouseCall Java Scan
  • Please go HERE to run the Trend Micro™ HouseCall Scan.
  • Click Scan now. It's free!
  • Read and put a Check next to Yes I accept the terms of use.
  • Click the Launching HouseCall>> button.
  • If confirmed that HouseCall can run on your system, under Using Java-based HouseCall kernel click the Starting HouseCall>> button.
  • You may receive a Security Warning about the TrendMicro Java applet, click YES.
  • Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
  • Please be patient while it installs, updates, and scans your system.
  • Once the scan is complete, it will take you to the summary page.
  • Under Cleanup options, choose clean all detected infections automatically.
  • Click the Clean now>> button.
  • If anything was found you may be prompted to run the scan again, you can just close the browser window.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:40 PM

Posted 18 August 2012 - 01:35 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 Skyhound

Skyhound
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 18 August 2012 - 01:49 PM

I ran the ESET scan again with my antivirus disabled and with Combofix uninstalled and I did not get any kind of trojan popup, so I think you were right and it was picking up a quarantined trojan. So yes my problem is solved. Thanks for all your help!

#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:40 PM

Posted 18 August 2012 - 02:47 PM

Hello, Skyhound.
Congratulations! You now appear clean! :cool:


Uninstall Combofix
  • Make sure that Combofix.exe that you downloaded is on your Desktop but Do not run it!
    o *If it is not on your Desktop, the below will not work.
  • Click on Posted Image then Run....
  • Now copy & paste the green bolded text in the run-box and click OK.

    ComboFix /Uninstall

    Posted Image

    <Notice the space between the "x" and "/".> <--- It needs to be there
    Windows Vista users: Press the Windows Key + R to bring the Run... Command and then from there you can add in the Combofix /Uninstall

  • Please advise if this step is missed for any reason as it performs some important actions:
    "This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
    It also makes a clean Restore Point and flashes all the old restore points in order to prevent possible reinfection from an old one through system restore".



Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.



One of the most common questions found when cleaning malware is "how did my machine get infected?"

There are a variety of reasons, but the most common ones are that you are not practicing Safe Internet, you are not running the proper security software or that your computer's security settings are set too low.

Below I have outlined a series of categories that outline how you can increase the security of your computer to help reduce the chance of being infected again in the future.

Do not use P2P programs
Peer-to-peer or file-sharing programs (such as uTorrent, Limewire and Bitorrent) are probably the primary route of infection nowadays. These programs allow file sharing between users as the name(s) suggest. It is almost impossible to know whether the file you’re downloading through P2P programs is safe.

It is therefore possible to be infected by downloading infected files via peer-to-peer programs and so I recommend that you do not use these programs. Should you wish to use them, they must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

In addition, P2P programs facilitate cyber crime and help distribute pirated software, movies and other illegal material.

Practice Safe Internet
Another one of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will.

Below are a list of simple precautions to take to keep your computer clean and running securely:
  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know who is themselves infected with malware which is trying to infect everyone in their address book. A key thing to look out for here is: does the email sound as though it’s from the person you know? Often, the email may simply have a web link or a “Run this file to make your PC run fast” message in it.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of pop-ups, or Foistware, you should read this article: Foistware, And how to avoid it.
    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. Removal instructions for a lot of these "rogues" can be found here.
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you, or will download a file to your PC without your knowledge. You can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake. DO NOT click on these windows, instead close them by finding the open window on your http://en.wikipedia.org/wiki/Taskbar#Screenshots '>Taskbar, right click and chose close.
  • Do not visit pornographic websites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do, as this can often form part of their funding.
  • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link you should message back to the person asking if it is legit.
  • Stay away from Warez and Crack sites! As with Peer-2-Peer programs, in addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download files from a site, and are not sure if they are legitimate, you can use tools such as BitDefender Traffic Light, Norton Safe Web, or McAfee SiteAdvisor to look up info on the site and stay protected against malicious sites. Please be sure to only choose and install one of those tool bars.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.
    Sometimes even legitimate programs will try to bundle extra, unwanted, software with the program you want - this is done to raise money for the program. Be sure to untick any boxes which may indicate that other programs will be downloaded.

Keep Windows up-to-date
Microsoft continually releases security and stability updates for its supported operating systems and you should always apply these to help keep your PC secure.

  • Windows XP users
    You should visit Windows Update to check for the latest updates to your system. The latest service pack (SP3) can be obtained directly from Microsoft here.
  • Windows Vista users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP2) can be obtained directly from Microsoft here.
  • Windows 7 users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP1) can be obtained directly from Microsoft here


Keep your browser secure
Most modern browsers have come on in leaps and bounds with their inbuilt, default security. The best way to keep your browser secure nowadays is simply to keep it up-to-date.

The latest versions of the three common browsers can be found below:

Use an AntiVirus Software
It is very important that your computer has an up-to-date anti-virus software on it which has a real-time agent running. This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources, a couple of free Anti-Virus programs you may be interested in are Microsoft Security Essentials and Avast.

It is imperative that you update your Antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

Use a Firewall
I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.

All versions of Windows starting from XP have an in-built firewall. With Windows XP this firewall will protect you from incoming traffic (i.e. hackers). Starting with Windows Vista, the firewall was beefed up to also protect you against outgoing traffic (i.e. malicious programs installed on your machine should be blocked from sending data, such as your bank details and passwords, out).

In addition, if you connect to the internet via a router, this will normally have a firewall in-built.

Some people will recommend installing a different firewall (instead of the Windows’ built one), this is personal choice, but the message is to definitely have one! For a tutorial on Firewalls and a listing of some available ones see this link: Understanding and Using Firewalls

Install an Anti-Malware program
Recommended, and free, Anti-Malware programs are Malwarebytes Anti-Malware and SuperAntiSpyware.

You should regularly (perhaps once a week) scan your computer with an Anti-Malware program just as you would with an antivirus software.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is very important to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities (such as Adobe Reader and Java). You can check these by visiting Secunia Software Inspector.

Follow this list and your potential for being infected again will reduce dramatically.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users