Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91601 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

SVCHOST uses 100% of CPU...continued... [Closed]


  • This topic is locked This topic is locked
8 replies to this topic

#1 CMD4649

CMD4649

    Authentic Member

  • Authentic Member
  • PipPip
  • 56 posts

Posted 23 December 2013 - 11:31 AM

Hello.

 

I opened up a topic in this post, but it was closed and I'm just getting around to it now:

 

http://forums.whatth...474#entry838979

 

I ran ComboFix and here is the log:

 

ComboFix 13-12-21.01 - Charlie Duffy 12/23/2013  12:00:19.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.511.336 [GMT -5:00]
Running from: c:\documents and settings\Charlie Duffy.CD-HOME\My Documents\Downloads\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\PricePeep
c:\program files\PricePeep\installer.ico
c:\program files\PricePeep\pricepeep.crx
c:\program files\PricePeep\uninstall.exe
c:\windows\$NtUninstallKB25012$
c:\windows\$NtUninstallKB25012$\1372139645\@
c:\windows\$NtUninstallKB25012$\1372139645\cfg.ini
c:\windows\$NtUninstallKB25012$\1372139645\Desktop.ini
c:\windows\$NtUninstallKB25012$\1372139645\L\jbjqmdfp
c:\windows\$NtUninstallKB25012$\2827122221
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-23 to 2013-12-23  )))))))))))))))))))))))))))))))
.
.
2013-12-17 03:30 . 2013-12-17 03:31 -------- d-----w- C:\AdwCleaner
2013-11-29 05:21 . 2013-11-29 05:28 -------- d-----w- c:\program files\MyPC Backup
2013-11-29 05:16 . 2013-11-29 05:26 -------- d-----w- c:\documents and settings\Charlie Duffy.CD-HOME\Application Data\Systweak
2013-11-29 05:15 . 2012-09-05 18:48 17832 ----a-w- c:\windows\system32\roboot.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-13 05:15 . 2012-04-13 04:57 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-13 05:15 . 2012-04-13 04:57 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-13 02:59 . 2008-04-14 12:00 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38 . 2008-04-14 12:00 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03 . 2012-04-15 02:33 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:26 . 2008-04-14 12:00 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-29 07:57 . 2008-04-14 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 07:57 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-10-29 07:57 . 2008-04-14 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 07:57 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-10-29 00:45 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2013-10-23 23:45 . 2008-04-14 12:00 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-10-12 15:56 . 2008-04-14 12:00 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12 . 2008-04-14 12:00 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59 . 2008-04-14 12:00 603136 ----a-w- c:\windows\system32\crypt32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn2\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Charlie Duffy.CD-HOME\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Charlie Duffy.CD-HOME\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Charlie Duffy.CD-HOME\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Charlie Duffy.CD-HOME\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2012-04-13 36864]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-08-22 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]
"EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-09 28672]
"SoundMan"="SOUNDMAN.EXE" [2002-08-15 46592]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"VMM Mode Selection"="c:\program files\HTC\ModeSelection\VMMModeSelection.exe" [2011-02-14 43520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\documents and settings\Charlie Duffy.CD-HOME\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Charlie Duffy.CD-HOME\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]
Verizon Wireless Software Utility Application for Android – Samsung.lnk - c:\documents and settings\Charlie Duffy.CD-HOME\Application Data\Verizon\UA_ar\UA.exe [2013-7-4 868208]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start [2012-4-12 196608]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Documents and Settings\\Charlie Duffy.CD-HOME\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [10/9/2013 10:58 AM 3275136]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [6/3/2013 3:21 PM 162408]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [3/21/2013 5:31 PM 83168]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [3/21/2013 5:31 PM 181344]
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 05:15]
.
2013-06-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2013-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-22 02:38]
.
2013-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-22 02:38]
.
2013-12-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-789336058-1606980848-1003Core.job
- c:\documents and settings\Charlie Duffy.CD-HOME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-13 04:24]
.
2013-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-789336058-1606980848-1003UA.job
- c:\documents and settings\Charlie Duffy.CD-HOME\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-13 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = localhost
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.123.254
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Charlie Duffy.CD-HOME\Application Data\Mozilla\Firefox\Profiles\eqjva4wu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=mkg030&p=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-McAfee Security Scan - c:\program files\McAfee Security Scan\uninstall.exe
AddRemove-25_escape - c:\program files\SAMSUNG\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-23 12:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(348)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
c:\docume~1\CHARLI~1.CD-\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Charlie Duffy.CD-HOME\Application Data\Dropbox\bin\DropboxExt.19.dll
c:\progra~1\Logitech\MOUSEW~1\SYSTEM\LGMOUSHK.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\documents and settings\Charlie Duffy.CD-HOME\Application Data\Dropbox\bin\Dropbox.exe
c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
c:\program files\Logitech\QuickCam10\COCIManager.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Completion time: 2013-12-23  12:24:23 - machine was rebooted
ComboFix-quarantined-files.txt  2013-12-23 17:24
.
Pre-Run: 5,177,888,768 bytes free
Post-Run: 6,511,161,344 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 6E4D9B9498356C4C758B57F6D320F888
8F558EB6672622401DA993E1E865C861
 

    Advertisements

Register to Remove


#2 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 26 December 2013 - 07:22 AM

Hi and sorry for any delay in seeing this.....
 
I tried to merge the two topics that you have on here into one, but am having some trouble doing so. 
 
We need to get some new diagnostics so we can see just what is on the system now.....
 
Please run new scans with DDS and AdwCleaner just like you did before and post the new logs.  We can go from there.  :)


Posted Image
 
 

#3 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 28 December 2013 - 09:58 AM

Still here?


Posted Image
 
 

#4 CMD4649

CMD4649

    Authentic Member

  • Authentic Member
  • PipPip
  • 56 posts

Posted 28 December 2013 - 01:58 PM

Yes, I'm still here. I'm going to run those scans again and post the logs.



#5 CMD4649

CMD4649

    Authentic Member

  • Authentic Member
  • PipPip
  • 56 posts

Posted 28 December 2013 - 02:04 PM

Here is the TDS Killer log:

 

15:01:15.0093 0x0b78  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
15:01:23.0765 0x0b78  ============================================================
15:01:23.0765 0x0b78  Current date / time: 2013/12/28 15:01:23.0765
15:01:23.0765 0x0b78  SystemInfo:
15:01:23.0765 0x0b78  
15:01:23.0765 0x0b78  OS Version: 5.1.2600 ServicePack: 3.0
15:01:23.0765 0x0b78  Product type: Workstation
15:01:23.0765 0x0b78  ComputerName: CD-HOME
15:01:23.0765 0x0b78  UserName: Charlie Duffy
15:01:23.0765 0x0b78  Windows directory: C:\WINDOWS
15:01:23.0765 0x0b78  System windows directory: C:\WINDOWS
15:01:23.0765 0x0b78  Processor architecture: Intel x86
15:01:23.0765 0x0b78  Number of processors: 1
15:01:23.0765 0x0b78  Page size: 0x1000
15:01:23.0765 0x0b78  Boot type: Normal boot
15:01:23.0765 0x0b78  ============================================================
15:01:26.0953 0x0b78  KLMD registered as C:\WINDOWS\system32\drivers\99910522.sys
15:01:27.0140 0x0b78  System UUID: {C71A0724-4625-7D25-1E47-1E58AE7AB3D7}
15:01:28.0734 0x0b78  Drive \Device\Harddisk0\DR0 - Size: 0x728D84000 (28.64 Gb), SectorSize: 0x200, Cylinders: 0xE9A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:01:28.0765 0x0b78  Drive \Device\Harddisk1\DR1 - Size: 0x1315740000 (76.34 Gb), SectorSize: 0x200, Cylinders: 0x26EC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:01:28.0828 0x0b78  Drive \Device\Harddisk2\DR4 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:01:32.0625 0x0b78  ============================================================
15:01:32.0625 0x0b78  \Device\Harddisk0\DR0:
15:01:32.0656 0x0b78  MBR partitions:
15:01:32.0656 0x0b78  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3940F1A
15:01:32.0656 0x0b78  \Device\Harddisk1\DR1:
15:01:32.0656 0x0b78  MBR partitions:
15:01:32.0656 0x0b78  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x98A40EC
15:01:32.0656 0x0b78  \Device\Harddisk2\DR4:
15:01:32.0656 0x0b78  MBR partitions:
15:01:32.0656 0x0b78  \Device\Harddisk2\DR4\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C02
15:01:32.0656 0x0b78  ============================================================
15:01:32.0671 0x0b78  D: <-> \Device\Harddisk1\DR1\Partition1
15:01:32.0703 0x0b78  C: <-> \Device\Harddisk0\DR0\Partition1
15:01:32.0718 0x0b78  G: <-> \Device\Harddisk2\DR4\Partition1
15:01:32.0718 0x0b78  ============================================================
15:01:32.0718 0x0b78  Initialize success
15:01:32.0718 0x0b78  ============================================================
15:01:50.0546 0x0bbc  ============================================================
15:01:50.0546 0x0bbc  Scan started
15:01:50.0546 0x0bbc  Mode: Manual; 
15:01:50.0546 0x0bbc  ============================================================
15:01:50.0546 0x0bbc  KSN ping started
15:02:05.0718 0x0bbc  KSN ping finished: true
15:02:07.0265 0x0bbc  ================ Scan system memory ========================
15:02:07.0265 0x0bbc  System memory - ok
15:02:07.0265 0x0bbc  ================ Scan services =============================
15:02:07.0375 0x0bbc  Abiosdsk - ok
15:02:07.0390 0x0bbc  abp480n5 - ok
15:02:07.0453 0x0bbc  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
15:02:07.0468 0x0bbc  ACPI - ok
15:02:07.0671 0x0bbc  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
15:02:07.0671 0x0bbc  ACPIEC - ok
15:02:07.0734 0x0bbc  [ 1BA1AB4141A92EB34DA99F1249CA2D4D, 43ADF35146E61E0DE58D2ACC2994538F6025135ECEB30073BEF05A804BB38107 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:02:07.0750 0x0bbc  AdobeFlashPlayerUpdateSvc - ok
15:02:07.0765 0x0bbc  adpu160m - ok
15:02:07.0812 0x0bbc  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
15:02:07.0812 0x0bbc  aec - ok
15:02:07.0859 0x0bbc  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
15:02:07.0875 0x0bbc  AFD - ok
15:02:07.0906 0x0bbc  [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
15:02:07.0906 0x0bbc  agp440 - ok
15:02:07.0921 0x0bbc  Aha154x - ok
15:02:07.0937 0x0bbc  aic78u2 - ok
15:02:07.0937 0x0bbc  aic78xx - ok
15:02:08.0015 0x0bbc  [ D1E147EC5185BE609F251FD9A458EA1A, 621D22645B2CB772020C94AB35B8F128E03D4D6BD49396751995ED70279120D2 ] ALCXWDM         C:\WINDOWS\system32\drivers\ALCXWDM.SYS
15:02:08.0062 0x0bbc  ALCXWDM - ok
15:02:08.0093 0x0bbc  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
15:02:08.0109 0x0bbc  Alerter - ok
15:02:08.0125 0x0bbc  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
15:02:08.0140 0x0bbc  ALG - ok
15:02:08.0140 0x0bbc  AliIde - ok
15:02:08.0156 0x0bbc  amsint - ok
15:02:08.0187 0x0bbc  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
15:02:08.0203 0x0bbc  AppMgmt - ok
15:02:08.0218 0x0bbc  asc - ok
15:02:08.0234 0x0bbc  asc3350p - ok
15:02:08.0234 0x0bbc  asc3550 - ok
15:02:08.0328 0x0bbc  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
15:02:08.0375 0x0bbc  aspnet_state - ok
15:02:08.0453 0x0bbc  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
15:02:08.0453 0x0bbc  AsyncMac - ok
15:02:08.0500 0x0bbc  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
15:02:08.0500 0x0bbc  atapi - ok
15:02:08.0531 0x0bbc  Atdisk - ok
15:02:08.0578 0x0bbc  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
15:02:08.0578 0x0bbc  Atmarpc - ok
15:02:08.0593 0x0bbc  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
15:02:08.0593 0x0bbc  AudioSrv - ok
15:02:08.0640 0x0bbc  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
15:02:08.0640 0x0bbc  audstub - ok
15:02:08.0671 0x0bbc  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
15:02:08.0671 0x0bbc  Beep - ok
15:02:08.0718 0x0bbc  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
15:02:08.0781 0x0bbc  BITS - ok
15:02:08.0828 0x0bbc  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
15:02:08.0843 0x0bbc  Browser - ok
15:02:08.0859 0x0bbc  catchme - ok
15:02:08.0906 0x0bbc  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
15:02:08.0906 0x0bbc  cbidf2k - ok
15:02:08.0953 0x0bbc  [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
15:02:08.0953 0x0bbc  CCDECODE - ok
15:02:08.0968 0x0bbc  cd20xrnt - ok
15:02:09.0015 0x0bbc  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
15:02:09.0015 0x0bbc  Cdaudio - ok
15:02:09.0046 0x0bbc  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
15:02:09.0046 0x0bbc  Cdfs - ok
15:02:09.0078 0x0bbc  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
15:02:09.0078 0x0bbc  Cdrom - ok
15:02:09.0109 0x0bbc  Changer - ok
15:02:09.0140 0x0bbc  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
15:02:09.0140 0x0bbc  CiSvc - ok
15:02:09.0156 0x0bbc  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
15:02:09.0156 0x0bbc  ClipSrv - ok
15:02:09.0218 0x0bbc  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:02:09.0343 0x0bbc  clr_optimization_v2.0.50727_32 - ok
15:02:09.0359 0x0bbc  CmdIde - ok
15:02:09.0375 0x0bbc  COMSysApp - ok
15:02:09.0406 0x0bbc  Cpqarray - ok
15:02:09.0468 0x0bbc  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
15:02:09.0468 0x0bbc  CryptSvc - ok
15:02:09.0484 0x0bbc  dac2w2k - ok
15:02:09.0500 0x0bbc  dac960nt - ok
15:02:09.0546 0x0bbc  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
15:02:09.0593 0x0bbc  DcomLaunch - ok
15:02:09.0656 0x0bbc  [ 7BEF2E2159EDB03105BC7A8BABE04726, 6F09F3C11DCE6E03D6A658B244F2F0ABBD2B13C46061D425A5266453C8159858 ] dg_ssudbus      C:\WINDOWS\system32\DRIVERS\ssudbus.sys
15:02:09.0671 0x0bbc  dg_ssudbus - ok
15:02:09.0718 0x0bbc  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
15:02:09.0718 0x0bbc  Dhcp - ok
15:02:09.0765 0x0bbc  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
15:02:09.0765 0x0bbc  Disk - ok
15:02:09.0765 0x0bbc  dmadmin - ok
15:02:09.0859 0x0bbc  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
15:02:09.0906 0x0bbc  dmboot - ok
15:02:09.0953 0x0bbc  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
15:02:09.0953 0x0bbc  dmio - ok
15:02:09.0984 0x0bbc  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
15:02:10.0000 0x0bbc  dmload - ok
15:02:10.0031 0x0bbc  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
15:02:10.0031 0x0bbc  dmserver - ok
15:02:10.0046 0x0bbc  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
15:02:10.0046 0x0bbc  DMusic - ok
15:02:10.0093 0x0bbc  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
15:02:10.0093 0x0bbc  Dnscache - ok
15:02:10.0140 0x0bbc  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
15:02:10.0140 0x0bbc  Dot3svc - ok
15:02:10.0156 0x0bbc  dpti2o - ok
15:02:10.0187 0x0bbc  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
15:02:10.0187 0x0bbc  drmkaud - ok
15:02:10.0218 0x0bbc  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
15:02:10.0218 0x0bbc  EapHost - ok
15:02:10.0250 0x0bbc  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
15:02:10.0250 0x0bbc  ERSvc - ok
15:02:10.0296 0x0bbc  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
15:02:10.0312 0x0bbc  Eventlog - ok
15:02:10.0359 0x0bbc  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
15:02:10.0375 0x0bbc  EventSystem - ok
15:02:10.0453 0x0bbc  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
15:02:10.0468 0x0bbc  Fastfat - ok
15:02:10.0500 0x0bbc  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
15:02:10.0515 0x0bbc  FastUserSwitchingCompatibility - ok
15:02:10.0546 0x0bbc  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
15:02:10.0546 0x0bbc  Fdc - ok
15:02:10.0578 0x0bbc  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
15:02:10.0593 0x0bbc  Fips - ok
15:02:10.0609 0x0bbc  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
15:02:10.0609 0x0bbc  Flpydisk - ok
15:02:10.0656 0x0bbc  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
15:02:10.0656 0x0bbc  FltMgr - ok
15:02:10.0750 0x0bbc  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
15:02:10.0812 0x0bbc  FontCache3.0.0.0 - ok
15:02:10.0828 0x0bbc  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
15:02:10.0828 0x0bbc  Fs_Rec - ok
15:02:10.0859 0x0bbc  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
15:02:10.0875 0x0bbc  Ftdisk - ok
15:02:10.0906 0x0bbc  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
15:02:10.0906 0x0bbc  Gpc - ok
15:02:11.0031 0x0bbc  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
15:02:11.0046 0x0bbc  gupdate - ok
15:02:11.0062 0x0bbc  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
15:02:11.0062 0x0bbc  gupdatem - ok
15:02:11.0125 0x0bbc  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
15:02:11.0156 0x0bbc  gusvc - ok
15:02:11.0218 0x0bbc  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
15:02:11.0218 0x0bbc  helpsvc - ok
15:02:11.0234 0x0bbc  HidServ - ok
15:02:11.0281 0x0bbc  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
15:02:11.0281 0x0bbc  hkmsvc - ok
15:02:11.0296 0x0bbc  hpn - ok
15:02:11.0343 0x0bbc  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
15:02:11.0359 0x0bbc  HTTP - ok
15:02:11.0406 0x0bbc  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
15:02:11.0437 0x0bbc  HTTPFilter - ok
15:02:11.0453 0x0bbc  i2omgmt - ok
15:02:11.0468 0x0bbc  i2omp - ok
15:02:11.0515 0x0bbc  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
15:02:11.0515 0x0bbc  i8042prt - ok
15:02:11.0656 0x0bbc  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:02:11.0718 0x0bbc  idsvc - ok
15:02:11.0765 0x0bbc  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
15:02:11.0765 0x0bbc  Imapi - ok
15:02:11.0812 0x0bbc  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
15:02:11.0812 0x0bbc  ImapiService - ok
15:02:11.0843 0x0bbc  ini910u - ok
15:02:11.0890 0x0bbc  [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
15:02:11.0890 0x0bbc  IntelIde - ok
15:02:11.0921 0x0bbc  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
15:02:11.0921 0x0bbc  intelppm - ok
15:02:11.0953 0x0bbc  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
15:02:11.0953 0x0bbc  Ip6Fw - ok
15:02:11.0984 0x0bbc  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
15:02:12.0000 0x0bbc  IpFilterDriver - ok
15:02:12.0031 0x0bbc  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
15:02:12.0031 0x0bbc  IpInIp - ok
15:02:12.0078 0x0bbc  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
15:02:12.0078 0x0bbc  IpNat - ok
15:02:12.0109 0x0bbc  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
15:02:12.0125 0x0bbc  IPSec - ok
15:02:12.0156 0x0bbc  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
15:02:12.0171 0x0bbc  IRENUM - ok
15:02:12.0218 0x0bbc  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
15:02:12.0218 0x0bbc  isapnp - ok
15:02:12.0265 0x0bbc  [ 8F1BA487B35F0C8F637E05113AA815F8, ADD27A92A56D271BD841B303E1813D8449158E683BAC595B8E5B5E145F7693AE ] itchfltr        C:\WINDOWS\system32\DRIVERS\itchfltr.sys
15:02:12.0265 0x0bbc  itchfltr - ok
15:02:12.0390 0x0bbc  [ 80A79264302910C7C24BA7E44267EFEF, 6080C233478350C8E07515D20D2D60C3758C4A65432B04E8C8B816248621A3EF ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
15:02:12.0406 0x0bbc  JavaQuickStarterService - ok
15:02:12.0437 0x0bbc  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
15:02:12.0437 0x0bbc  Kbdclass - ok
15:02:12.0484 0x0bbc  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
15:02:12.0484 0x0bbc  kmixer - ok
15:02:12.0531 0x0bbc  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
15:02:12.0531 0x0bbc  KSecDD - ok
15:02:12.0609 0x0bbc  [ 009C4267A8D74F98533C899710EE7419, F50902C557B7E4BACFA305945324A86DF5380B7BB50AF09CD012F9ADBB20F0F9 ] l8042pr2        C:\WINDOWS\system32\DRIVERS\L8042Pr2.sys
15:02:12.0609 0x0bbc  l8042pr2 - ok
15:02:12.0671 0x0bbc  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
15:02:12.0671 0x0bbc  LanmanServer - ok
15:02:12.0734 0x0bbc  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
15:02:12.0734 0x0bbc  lanmanworkstation - ok
15:02:12.0750 0x0bbc  lbrtfdc - ok
15:02:12.0796 0x0bbc  [ 74AB237C1106216814C5052481A990D5, 0312B38487FE4C02067ED013D31A74171CAA9A7C07C98C4C1920559F2C3DF19E ] LKbdFlt2        C:\WINDOWS\system32\DRIVERS\LKbdFlt2.sys
15:02:12.0796 0x0bbc  LKbdFlt2 - ok
15:02:12.0828 0x0bbc  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
15:02:12.0828 0x0bbc  LmHosts - ok
15:02:12.0859 0x0bbc  [ 90BFBCF6EF78E59466B8FB7D3B012688, 7D2627F26BA3992736EFFF72FA4F84288D5852E5285C138CC12213E348B5CF0F ] LMouFlt2        C:\WINDOWS\system32\DRIVERS\LMouFlt2.sys
15:02:12.0859 0x0bbc  LMouFlt2 - ok
15:02:13.0000 0x0bbc  [ 2D0AB9D29E6B0C42CCE955B5A8E0D62D, AA70B7B644E911C4539CDB48FC9D6702183666C02F59ED3C947C22B8AB71B709 ] LVcKap          C:\WINDOWS\system32\DRIVERS\LVcKap.sys
15:02:13.0093 0x0bbc  LVcKap - ok
15:02:13.0218 0x0bbc  [ A3963E3D997C3646E1D3338EB88A48E9, CC500574A5E59AB273BA246D2ABCE4BCE87473170B10B601F45EA6049B2EDA63 ] LVMVDrv         C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
15:02:13.0328 0x0bbc  LVMVDrv - ok
15:02:13.0359 0x0bbc  [ 39C767BD6D99C23D28E71B6E0CBA3129, A88E27A862D7E6E2500A56F8B6757EBCBD59860C1BCBA50F79DCEF1A279225AC ] LVPr2Mon        C:\WINDOWS\system32\drivers\LVPr2Mon.sys
15:02:13.0359 0x0bbc  LVPr2Mon - ok
15:02:13.0421 0x0bbc  [ 44B3B997E25C5D9A81D6C501451A96D7, BE8EDB440B6C5AAE952B00DBAB203A695209322C0401BEC835F7C92B7386D035 ] LVPrcSrv        c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
15:02:13.0421 0x0bbc  LVPrcSrv - ok
15:02:13.0468 0x0bbc  [ 7B4607C0C664DA98753508F85BB10694, 1BFB21633D724DE0AF7A63F49CF7321554EBEDF08F1C9251A6EF93BF837FED4A ] LVSrvLauncher   C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
15:02:13.0468 0x0bbc  LVSrvLauncher - ok
15:02:13.0515 0x0bbc  [ 6AD3F5275F117F08C12EAB2233A9E3FB, E20A600DDAD882565FC1191E4CED0212A89C4D4FCEB3880390CB50FA2AB2A5A4 ] LVUSBSta        C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys
15:02:13.0515 0x0bbc  LVUSBSta - ok
15:02:13.0546 0x0bbc  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
15:02:13.0562 0x0bbc  Messenger - ok
15:02:13.0593 0x0bbc  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
15:02:13.0593 0x0bbc  mnmdd - ok
15:02:13.0625 0x0bbc  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
15:02:13.0625 0x0bbc  mnmsrvc - ok
15:02:13.0656 0x0bbc  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
15:02:13.0656 0x0bbc  Modem - ok
15:02:13.0671 0x0bbc  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
15:02:13.0671 0x0bbc  Mouclass - ok
15:02:13.0718 0x0bbc  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
15:02:13.0718 0x0bbc  MountMgr - ok
15:02:13.0796 0x0bbc  [ 3B9398E0146855B1DC0E3D9769C80F01, DF69DB5CA30A5577648635C27DD468AF98515D07DF379B3FFDCC6B40744EDE66 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
15:02:13.0796 0x0bbc  MozillaMaintenance - ok
15:02:13.0812 0x0bbc  mraid35x - ok
15:02:13.0843 0x0bbc  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
15:02:13.0859 0x0bbc  MRxDAV - ok
15:02:13.0921 0x0bbc  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
15:02:13.0937 0x0bbc  MRxSmb - ok
15:02:13.0984 0x0bbc  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
15:02:13.0984 0x0bbc  MSDTC - ok
15:02:14.0031 0x0bbc  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
15:02:14.0031 0x0bbc  Msfs - ok
15:02:14.0046 0x0bbc  MSIServer - ok
15:02:14.0062 0x0bbc  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
15:02:14.0062 0x0bbc  MSKSSRV - ok
15:02:14.0093 0x0bbc  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
15:02:14.0093 0x0bbc  MSPCLOCK - ok
15:02:14.0109 0x0bbc  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
15:02:14.0109 0x0bbc  MSPQM - ok
15:02:14.0140 0x0bbc  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15:02:14.0156 0x0bbc  mssmbios - ok
15:02:14.0187 0x0bbc  [ E53736A9E30C45FA9E7B5EAC55056D1D, 38602F280BF69EBA3706AD175AFC1AEB561A8302B4B61E3FECB3C27D7A9BDB41 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
15:02:14.0187 0x0bbc  MSTEE - ok
15:02:14.0218 0x0bbc  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
15:02:14.0234 0x0bbc  Mup - ok
15:02:14.0265 0x0bbc  [ 5B50F1B2A2ED47D560577B221DA734DB, C16A554B6E1A7F5F98C94DFA88163E0F7426506BF2F51FD351B1A05FC0DB3BC5 ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
15:02:14.0281 0x0bbc  NABTSFEC - ok
15:02:14.0328 0x0bbc  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
15:02:14.0343 0x0bbc  napagent - ok
15:02:14.0390 0x0bbc  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
15:02:14.0390 0x0bbc  NDIS - ok
15:02:14.0468 0x0bbc  [ 7FF1F1FD8609C149AA432F95A8163D97, 18CD1FF5AC1EF8A38D1EC53014F2BADD28D9CDF4ECE2EBC2313D08903776F323 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
15:02:14.0468 0x0bbc  NdisIP - ok
15:02:14.0515 0x0bbc  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
15:02:14.0515 0x0bbc  NdisTapi - ok
15:02:14.0562 0x0bbc  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
15:02:14.0562 0x0bbc  Ndisuio - ok
15:02:14.0593 0x0bbc  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
15:02:14.0593 0x0bbc  NdisWan - ok
15:02:14.0640 0x0bbc  [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
15:02:14.0640 0x0bbc  NDProxy - ok
15:02:14.0671 0x0bbc  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
15:02:14.0671 0x0bbc  NetBIOS - ok
15:02:14.0703 0x0bbc  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
15:02:14.0703 0x0bbc  NetBT - ok
15:02:14.0750 0x0bbc  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
15:02:14.0765 0x0bbc  NetDDE - ok
15:02:14.0781 0x0bbc  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
15:02:14.0781 0x0bbc  NetDDEdsdm - ok
15:02:14.0828 0x0bbc  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
15:02:14.0828 0x0bbc  Netlogon - ok
15:02:14.0875 0x0bbc  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
15:02:14.0890 0x0bbc  Netman - ok
15:02:14.0937 0x0bbc  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:02:14.0937 0x0bbc  NetTcpPortSharing - ok
15:02:14.0984 0x0bbc  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
15:02:15.0000 0x0bbc  Nla - ok
15:02:15.0015 0x0bbc  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
15:02:15.0015 0x0bbc  Npfs - ok
15:02:15.0078 0x0bbc  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
15:02:15.0109 0x0bbc  Ntfs - ok
15:02:15.0125 0x0bbc  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
15:02:15.0125 0x0bbc  NtLmSsp - ok
15:02:15.0187 0x0bbc  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
15:02:15.0218 0x0bbc  NtmsSvc - ok
15:02:15.0250 0x0bbc  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
15:02:15.0250 0x0bbc  Null - ok
15:02:15.0375 0x0bbc  [ 2B298519EDBFCF451D43E0F1E8F1006D, 67F3F2001F4C8DABD253D60AB3222793635532DC51AD977954286F8A246F5592 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
15:02:15.0484 0x0bbc  nv - ok
15:02:15.0562 0x0bbc  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
15:02:15.0562 0x0bbc  NwlnkFlt - ok
15:02:15.0593 0x0bbc  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
15:02:15.0593 0x0bbc  NwlnkFwd - ok
15:02:15.0718 0x0bbc  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:02:15.0781 0x0bbc  odserv - ok
15:02:15.0859 0x0bbc  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:02:15.0875 0x0bbc  ose - ok
15:02:15.0906 0x0bbc  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
15:02:15.0921 0x0bbc  Parport - ok
15:02:15.0937 0x0bbc  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
15:02:15.0937 0x0bbc  PartMgr - ok
15:02:15.0968 0x0bbc  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
15:02:15.0968 0x0bbc  ParVdm - ok
15:02:16.0015 0x0bbc  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
15:02:16.0015 0x0bbc  PCI - ok
15:02:16.0046 0x0bbc  PCIDump - ok
15:02:16.0093 0x0bbc  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
15:02:16.0093 0x0bbc  PCIIde - ok
15:02:16.0125 0x0bbc  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
15:02:16.0140 0x0bbc  Pcmcia - ok
15:02:16.0156 0x0bbc  PDCOMP - ok
15:02:16.0156 0x0bbc  PDFRAME - ok
15:02:16.0171 0x0bbc  PDRELI - ok
15:02:16.0187 0x0bbc  PDRFRAME - ok
15:02:16.0234 0x0bbc  [ 4350CB255AD546F4668C8B8AFD6A00A4, 854780D5A96BEB674F3838376D0B4698EA9E0CD574C5A357759D298188125265 ] pepifilter      C:\WINDOWS\system32\DRIVERS\lv302af.sys
15:02:16.0234 0x0bbc  pepifilter - ok
15:02:16.0250 0x0bbc  perc2 - ok
15:02:16.0265 0x0bbc  perc2hib - ok
15:02:16.0375 0x0bbc  [ 6B310DE726E1A0DEFD66718A7F79B5D2, 6FE6AB44569EB69F2CD15829C4328323E40A3CDAFCF5B5D27267BA1303F95436 ] PID_08A0        C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
15:02:16.0406 0x0bbc  PID_08A0 - ok
15:02:16.0437 0x0bbc  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
15:02:16.0453 0x0bbc  PlugPlay - ok
15:02:16.0484 0x0bbc  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
15:02:16.0484 0x0bbc  PolicyAgent - ok
15:02:16.0515 0x0bbc  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
15:02:16.0515 0x0bbc  PptpMiniport - ok
15:02:16.0531 0x0bbc  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
15:02:16.0531 0x0bbc  ProtectedStorage - ok
15:02:16.0546 0x0bbc  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
15:02:16.0562 0x0bbc  PSched - ok
15:02:16.0593 0x0bbc  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
15:02:16.0593 0x0bbc  Ptilink - ok
15:02:16.0609 0x0bbc  ql1080 - ok
15:02:16.0625 0x0bbc  Ql10wnt - ok
15:02:16.0640 0x0bbc  ql12160 - ok
15:02:16.0656 0x0bbc  ql1240 - ok
15:02:16.0671 0x0bbc  ql1280 - ok
15:02:16.0687 0x0bbc  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
15:02:16.0687 0x0bbc  RasAcd - ok
15:02:16.0734 0x0bbc  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
15:02:16.0750 0x0bbc  RasAuto - ok
15:02:16.0781 0x0bbc  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
15:02:16.0781 0x0bbc  Rasl2tp - ok
15:02:16.0812 0x0bbc  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
15:02:16.0828 0x0bbc  RasMan - ok
15:02:16.0843 0x0bbc  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
15:02:16.0843 0x0bbc  RasPppoe - ok
15:02:16.0859 0x0bbc  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
15:02:16.0875 0x0bbc  Raspti - ok
15:02:16.0890 0x0bbc  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
15:02:16.0906 0x0bbc  Rdbss - ok
15:02:16.0921 0x0bbc  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
15:02:16.0921 0x0bbc  RDPCDD - ok
15:02:16.0984 0x0bbc  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
15:02:16.0984 0x0bbc  rdpdr - ok
15:02:17.0046 0x0bbc  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
15:02:17.0062 0x0bbc  RDPWD - ok
15:02:17.0109 0x0bbc  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
15:02:17.0109 0x0bbc  RDSessMgr - ok
15:02:17.0140 0x0bbc  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
15:02:17.0140 0x0bbc  redbook - ok
15:02:17.0171 0x0bbc  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
15:02:17.0171 0x0bbc  RemoteAccess - ok
15:02:17.0203 0x0bbc  [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
15:02:17.0203 0x0bbc  RemoteRegistry - ok
15:02:17.0234 0x0bbc  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
15:02:17.0250 0x0bbc  RpcLocator - ok
15:02:17.0296 0x0bbc  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\System32\rpcss.dll
15:02:17.0312 0x0bbc  RpcSs - ok
15:02:17.0359 0x0bbc  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
15:02:17.0375 0x0bbc  RSVP - ok
15:02:17.0390 0x0bbc  [ D507C1400284176573224903819FFDA3, DD0BDB2AB39A8A0A300B6D60FB6A7F5BA08C4DB8F59E0A784FB763EA8AD72AB2 ] rtl8139         C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
15:02:17.0390 0x0bbc  rtl8139 - ok
15:02:17.0421 0x0bbc  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
15:02:17.0421 0x0bbc  SamSs - ok
15:02:17.0453 0x0bbc  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
15:02:17.0468 0x0bbc  SCardSvr - ok
15:02:17.0500 0x0bbc  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
15:02:17.0531 0x0bbc  Schedule - ok
15:02:17.0562 0x0bbc  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
15:02:17.0562 0x0bbc  Secdrv - ok
15:02:17.0593 0x0bbc  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
15:02:17.0593 0x0bbc  seclogon - ok
15:02:17.0625 0x0bbc  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
15:02:17.0640 0x0bbc  SENS - ok
15:02:17.0656 0x0bbc  [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
15:02:17.0671 0x0bbc  serenum - ok
15:02:17.0687 0x0bbc  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
15:02:17.0687 0x0bbc  Serial - ok
15:02:17.0734 0x0bbc  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
15:02:17.0734 0x0bbc  Sfloppy - ok
15:02:17.0765 0x0bbc  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
15:02:17.0796 0x0bbc  SharedAccess - ok
15:02:17.0828 0x0bbc  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
15:02:17.0843 0x0bbc  ShellHWDetection - ok
15:02:17.0843 0x0bbc  Simbad - ok
15:02:18.0156 0x0bbc  [ 9F712B26EE3B0242DE997A42FD302E2C, 12663EB108F158282A965EE70980627C2F2332BA7944D7DE03B78E18BEB87D26 ] Skype C2C Service C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
15:02:18.0484 0x0bbc  Skype C2C Service - ok
15:02:18.0593 0x0bbc  [ 4E8A4BB5B11D828FF986F6228B1CD3DF, 8750614C6211059045A41F9579BC5A87162E9F72D865BC9790D2D55E98E50412 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
15:02:18.0593 0x0bbc  SkypeUpdate - ok
15:02:18.0625 0x0bbc  [ 866D538EBE33709A5C9F5C62B73B7D14, BC94BEB7C17B4FCAC8B5D0D5006A203BC209E0504EECE149651D8691935696CD ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
15:02:18.0625 0x0bbc  SLIP - ok
15:02:18.0656 0x0bbc  Sparrow - ok
15:02:18.0687 0x0bbc  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
15:02:18.0687 0x0bbc  splitter - ok
15:02:18.0718 0x0bbc  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
15:02:18.0718 0x0bbc  Spooler - ok
15:02:18.0765 0x0bbc  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
15:02:18.0765 0x0bbc  sr - ok
15:02:18.0796 0x0bbc  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
15:02:18.0812 0x0bbc  srservice - ok
15:02:18.0859 0x0bbc  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
15:02:18.0890 0x0bbc  Srv - ok
15:02:18.0937 0x0bbc  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
15:02:18.0937 0x0bbc  SSDPSRV - ok
15:02:18.0984 0x0bbc  [ BCB4E273147AFCAFDFC0DA59AF9E6E25, 27143BD55995AFF9819A34F726EDC3F32422B2251EABBE1E022DD4979503F668 ] ssudmdm         C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
15:02:19.0000 0x0bbc  ssudmdm - ok
15:02:19.0046 0x0bbc  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
15:02:19.0078 0x0bbc  stisvc - ok
15:02:19.0109 0x0bbc  [ 77813007BA6265C4B6098187E6ED79D2, 93939120E803C46FBFD577C8FC2E6C7E71C0460E01D25CB29579490640AB50C7 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
15:02:19.0109 0x0bbc  streamip - ok
15:02:19.0140 0x0bbc  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
15:02:19.0140 0x0bbc  swenum - ok
15:02:19.0171 0x0bbc  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
15:02:19.0171 0x0bbc  swmidi - ok
15:02:19.0187 0x0bbc  SwPrv - ok
15:02:19.0203 0x0bbc  symc810 - ok
15:02:19.0218 0x0bbc  symc8xx - ok
15:02:19.0234 0x0bbc  sym_hi - ok
15:02:19.0234 0x0bbc  sym_u3 - ok
15:02:19.0265 0x0bbc  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
15:02:19.0265 0x0bbc  sysaudio - ok
15:02:19.0312 0x0bbc  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
15:02:19.0312 0x0bbc  SysmonLog - ok
15:02:19.0359 0x0bbc  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
15:02:19.0375 0x0bbc  TapiSrv - ok
15:02:19.0421 0x0bbc  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
15:02:19.0453 0x0bbc  Tcpip - ok
15:02:19.0484 0x0bbc  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
15:02:19.0500 0x0bbc  TDPIPE - ok
15:02:19.0515 0x0bbc  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
15:02:19.0515 0x0bbc  TDTCP - ok
15:02:19.0562 0x0bbc  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
15:02:19.0562 0x0bbc  TermDD - ok
15:02:19.0609 0x0bbc  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
15:02:19.0625 0x0bbc  TermService - ok
15:02:19.0671 0x0bbc  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
15:02:19.0671 0x0bbc  Themes - ok
15:02:19.0718 0x0bbc  [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
15:02:19.0718 0x0bbc  TlntSvr - ok
15:02:19.0734 0x0bbc  TosIde - ok
15:02:19.0781 0x0bbc  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
15:02:19.0781 0x0bbc  TrkWks - ok
15:02:19.0828 0x0bbc  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
15:02:19.0828 0x0bbc  Udfs - ok
15:02:19.0843 0x0bbc  ultra - ok
15:02:19.0906 0x0bbc  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
15:02:19.0937 0x0bbc  Update - ok
15:02:19.0984 0x0bbc  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
15:02:20.0000 0x0bbc  upnphost - ok
15:02:20.0031 0x0bbc  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
15:02:20.0031 0x0bbc  UPS - ok
15:02:20.0078 0x0bbc  [ 65898A183FBF1D1F7759D5CCB364DCD4, 85E823123FDB4CA5F8255064E22A444627999055EC3419DFD001371893F36AB9 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
15:02:20.0078 0x0bbc  usbaudio - ok
15:02:20.0125 0x0bbc  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
15:02:20.0125 0x0bbc  usbccgp - ok
15:02:20.0140 0x0bbc  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
15:02:20.0140 0x0bbc  usbehci - ok
15:02:20.0187 0x0bbc  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
15:02:20.0187 0x0bbc  usbhub - ok
15:02:20.0218 0x0bbc  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
15:02:20.0234 0x0bbc  USBSTOR - ok
15:02:20.0265 0x0bbc  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
15:02:20.0265 0x0bbc  usbuhci - ok
15:02:20.0281 0x0bbc  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
15:02:20.0296 0x0bbc  VgaSave - ok
15:02:20.0296 0x0bbc  ViaIde - ok
15:02:20.0328 0x0bbc  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
15:02:20.0328 0x0bbc  VolSnap - ok
15:02:20.0375 0x0bbc  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
15:02:20.0390 0x0bbc  VSS - ok
15:02:20.0437 0x0bbc  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] W32Time         C:\WINDOWS\system32\w32time.dll
15:02:20.0453 0x0bbc  W32Time - ok
15:02:20.0484 0x0bbc  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
15:02:20.0484 0x0bbc  Wanarp - ok
15:02:20.0500 0x0bbc  WDICA - ok
15:02:20.0531 0x0bbc  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
15:02:20.0531 0x0bbc  wdmaud - ok
15:02:20.0562 0x0bbc  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
15:02:20.0562 0x0bbc  WebClient - ok
15:02:20.0640 0x0bbc  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
15:02:20.0656 0x0bbc  winmgmt - ok
15:02:20.0718 0x0bbc  [ 051B1BDECD6DEE18C771B5D5EC7F044D, E9D4870C7E4E6119B274CF788D564BE9C48EA63790F5D6A2E987EB6DF7C93200 ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
15:02:20.0718 0x0bbc  WmdmPmSN - ok
15:02:20.0781 0x0bbc  [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
15:02:20.0812 0x0bbc  Wmi - ok
15:02:20.0859 0x0bbc  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
15:02:20.0875 0x0bbc  WmiApSrv - ok
15:02:20.0984 0x0bbc  [ 6BAB4DC65515A098505F8B3D01FB6FE5, 52AA14777920753A8AF76072216A266F5D0036F112F671E7104E1F4C04AE499E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\WMPNetwk.exe
15:02:21.0031 0x0bbc  WMPNetworkSvc - ok
15:02:21.0078 0x0bbc  [ C60DC16D4E406810FAD54B98DC92D5EC, 43E7DF323BBD7C889CAD078176E239319A40EE4BEBC7BD753012B94CF5E48551 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
15:02:21.0078 0x0bbc  WpdUsb - ok
15:02:21.0125 0x0bbc  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
15:02:21.0125 0x0bbc  WS2IFSL - ok
15:02:21.0171 0x0bbc  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
15:02:21.0171 0x0bbc  wscsvc - ok
15:02:21.0187 0x0bbc  [ C98B39829C2BBD34E454150633C62C78, 71B60EA3AD0E2637917D528C6A9E7ECF2949E3E5E91036AA5BBADA95BD725511 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
15:02:21.0203 0x0bbc  WSTCODEC - ok
15:02:21.0218 0x0bbc  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
15:02:21.0218 0x0bbc  wuauserv - ok
15:02:21.0265 0x0bbc  [ F15FEAFFFBB3644CCC80C5DA584E6311, 79B3E9AF35976CE49921E9BEA3BA3B4A8AF762FD3F284B62954038B5FFB32471 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
15:02:21.0265 0x0bbc  WudfPf - ok
15:02:21.0296 0x0bbc  [ 28B524262BCE6DE1F7EF9F510BA3985B, AEFF02B899801A63CBB262757C3D4369E38BFF0690BD085DE60E873DFBE3C3F4 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
15:02:21.0296 0x0bbc  WudfRd - ok
15:02:21.0343 0x0bbc  [ 05231C04253C5BC30B26CBAAE680ED89, 5C03C2D7E0B573646D32F4093E2FF2C3BA391C39F5BA37D67F69D38E357FCC3D ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
15:02:21.0343 0x0bbc  WudfSvc - ok
15:02:21.0406 0x0bbc  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
15:02:21.0437 0x0bbc  WZCSVC - ok
15:02:21.0468 0x0bbc  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
15:02:21.0484 0x0bbc  xmlprov - ok
15:02:21.0578 0x0bbc  [ DD0042F0C3B606A6A8B92D49AFB18AD6, 8D3BE4C93D02AF5F42EC46AF598D6DA40C61D467CB2FEE5E222F9C1E7A84B852 ] YahooAUService  C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
15:02:21.0609 0x0bbc  YahooAUService - ok
15:02:21.0640 0x0bbc  ================ Scan global ===============================
15:02:21.0687 0x0bbc  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
15:02:21.0750 0x0bbc  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
15:02:21.0796 0x0bbc  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
15:02:21.0828 0x0bbc  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
15:02:21.0843 0x0bbc  [ Global ] - ok
15:02:21.0843 0x0bbc  ================ Scan MBR ==================================
15:02:21.0859 0x0bbc  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
15:02:22.0000 0x0bbc  \Device\Harddisk0\DR0 - ok
15:02:22.0000 0x0bbc  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
15:02:22.0015 0x0bbc  \Device\Harddisk1\DR1 - ok
15:02:22.0031 0x0bbc  [ 8FF255184F078C9C04E6A2CE66117C5C ] \Device\Harddisk2\DR4
15:02:22.0031 0x0bbc  \Device\Harddisk2\DR4 - ok
15:02:22.0046 0x0bbc  ================ Scan VBR ==================================
15:02:22.0046 0x0bbc  [ CC4186F7F1EC20A68A9EFE97D8EAE2F4 ] \Device\Harddisk0\DR0\Partition1
15:02:22.0046 0x0bbc  \Device\Harddisk0\DR0\Partition1 - ok
15:02:22.0062 0x0bbc  [ 3EAEDD92A2493B83CA4795D3F1DF5C80 ] \Device\Harddisk1\DR1\Partition1
15:02:22.0062 0x0bbc  \Device\Harddisk1\DR1\Partition1 - ok
15:02:22.0062 0x0bbc  [ 88491CE549D2B83F8620EF2D0A104758 ] \Device\Harddisk2\DR4\Partition1
15:02:22.0078 0x0bbc  \Device\Harddisk2\DR4\Partition1 - ok
15:02:22.0078 0x0bbc  Waiting for KSN requests completion. In queue: 177
15:02:23.0078 0x0bbc  Waiting for KSN requests completion. In queue: 177
15:02:24.0078 0x0bbc  Waiting for KSN requests completion. In queue: 177
15:02:27.0187 0x0bbc  Win FW state via NFM: enabled
15:02:29.0593 0x0bbc  ============================================================
15:02:29.0593 0x0bbc  Scan finished
15:02:29.0593 0x0bbc  ============================================================
15:02:29.0609 0x0bb4  Detected object count: 0
15:02:29.0609 0x0bb4  Actual detected object count: 0


#6 CMD4649

CMD4649

    Authentic Member

  • Authentic Member
  • PipPip
  • 56 posts

Posted 28 December 2013 - 02:25 PM

Here is the AdwCleaner log:

 

# AdwCleaner v3.016 - Report created 28/12/2013 at 15:08:08
# Updated 23/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Charlie Duffy - CD-HOME
# Running from : C:\Documents and Settings\Charlie Duffy.CD-HOME\My Documents\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\WINDOWS\system32\roboot.exe
Folder Found C:\Documents and Settings\All Users.WINDOWS\Application Data\Ask
Folder Found C:\Program Files\MyPC Backup
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\driverscanner
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\speedupmypc
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Found : HKLM\Software\systweak
Key Found : HKLM\Software\Uniblue
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v26.0 (en-US)
 
-\\ Google Chrome v
 
*************************
 
AdwCleaner[R0].txt - [3461 octets] - [16/12/2013 22:30:31]
AdwCleaner[R1].txt - [3338 octets] - [28/12/2013 15:08:08]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [3398 octets] ##########


#7 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 28 December 2013 - 03:20 PM

Good job!  ComboFix earlier had removed several entries, but we still have some work to do ok?  :)
 
Please delete the current version of Combofix.exe from your desktop and download a new version from here to your desktop.

Disable your AntiVirus and AntiSpyware applications.

Right-click and Run as Administrator on the Combofix.exe and follow the prombts on your display. When finish, it will create a C:\Combofix.txt. Please post this log for further review.
---------


Posted Image
 
 

#8 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 30 December 2013 - 12:52 PM

Still here?


Posted Image
 
 

#9 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 03 January 2014 - 06:50 AM

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic
Posted Image
 
 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users