Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

crssc.exe


  • Please log in to reply
12 replies to this topic

#1 Mythilas

Mythilas

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:04:08 AM

Posted 12 August 2013 - 05:42 AM

Hello, I recently downloaded a .svg file thinking it was legitimate, however, when I opened it, my computer started lagging and most of my memory was being used up. I checked the task manager and found a process called crssc.exe and when I tried to stop the process, it said that I don't have permission to, which is unusual because I have admin rights on my user account. I quickly shut down my computer.

 

Right now I have my computer in Safe mode, but I haven't found any trace of the Trojan yet. I ran both a quick scan with MBAM and MSE that detected nothing, but I just want to be sure that the trojan is gone. 

 

My computer uses Windows 7 64, Service pack 1. 

 

Thanks



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:08 AM

Posted 12 August 2013 - 07:09 AM

Download Security Check by Screen317

* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If any security program requests permission to access the Internet, allow it to do so.

 

 

Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

* Double-click on the Rkill desktop icon to run the tool.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

 

 

Download Malwarebytes' Anti-Malware Free (aka MBAM)
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
Be sure to reboot the computer after you post the log.

 

 

Download SUPERAntiSpyware Free (aka SAS)
* Double-click SAS -setup.exe and follow the prompts to install the program.
* At the end, be sure to Check for Updates to be so it is current
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to reboot the computer after you post the log.

 

 

Scan your machine with ESET OnlineScan
1. Hold down Control and click HERE to open ESET OnlineScan in a new window.
2. Click the ESET Online Scanner button.
3. NOTE :.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

 

- 1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
- 2. Double click on the ESET Online Scanner icon on your desktop.

 

 4. Check "YES, I accept the Terms of Use."
 5. Click the Start button.
 6. Accept any security warnings from your browser.
 7. Under scan settings, check "Scan Archives" and "Remove found threats"
8. Click Advanced settings and select the following:
Scan potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology

 9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this will take some time to download the program for a first time, and then download updated data base (1 to 2  hours is not unusual)
10. When the scan completes, click List Threats
11. Click Export, and save the file to your desktop using a unique name, such as ESETScan.
- Include the contents of this report in your next reply.
12. Click the Back button.
13. Click the Finish button

 

 

Please Download TDSSkiller
Launch it.
Click on change parameters-Select TDLFS file system
Click on "Scan".
Please post the LOG report (log file should be in your C drive)

Do not change the default options on scan results.

 

 

Thank You -



#3 Mythilas

Mythilas
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:04:08 AM

Posted 12 August 2013 - 05:32 PM

Hello, and thanks for the quick reply. I have a question before I start using these programs. Would the result change if I used these in Safe mode?

#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:08 AM

Posted 12 August 2013 - 08:17 PM

In Safe Mode the scanners that are looking for infections will not find everything.

 

The ones that are posting internal logs only, should show the same programs.

Security Check will show internal programs only for us to update, and Rkill can run in Safe Mode.

 

MBAM and SAS will generate logs, and find infections (at times) but not deep infections.

These should always be used in Normal Mode if you can -

 

In Safe Mode some infections will not be loaded for removal, since "Safe Mode" is designed to usually only load Safe files, and not All files. 

 

I hope that explains the situation, but please ask if you are never sure of any reply -

 

Thank You -



#5 Mythilas

Mythilas
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:04:08 AM

Posted 14 August 2013 - 02:41 AM

Security check log (Done in Safe mode)
 
 Results of screen317's Security Check version 0.99.72  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 Secunia PSI (3.0.0.7011)   
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 25  
 Adobe Flash Player 11.8.800.94  
 Adobe Reader 10.1.7 Adobe Reader out of Date!
 Google Chrome 28.0.1500.72  
 Google Chrome 28.0.1500.95  
````````Process Check: objlist.exe by Laurent````````
 Microsoft Security Essentials MSMpEng.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
 
 

Rkill log (done in Safe mode)

 

Rkill 2.6.0 by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 08/14/2013 05:27:05 PM in x64 mode. (Safe Mode)
Windows Version: Windows 7 Ultimate Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Automatic
 
 * Security Center (wscsvc) is not Running.
   Startup Type set to: Automatic (Delayed Start)
 
 * Windows Update (wuauserv) is not Running.
   Startup Type set to: Automatic (Delayed Start)
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  127.0.0.1  localhost
  ::1  localhost #[IPv6]
  127.0.0.1  fr.a2dfp.net
  127.0.0.1  m.fr.a2dfp.net
  127.0.0.1  ad.a8.net
  127.0.0.1  asy.a8ww.net
  127.0.0.1  abcstats.com
  127.0.0.1  a.abv.bg
  127.0.0.1  adserver.abv.bg
  127.0.0.1  adv.abv.bg
  127.0.0.1  bimg.abv.bg
  127.0.0.1  ca.abv.bg
  127.0.0.1  www2.a-counter.kiev.ua
  127.0.0.1  track.acclaimnetwork.com
  127.0.0.1  accuserveadsystem.com
  127.0.0.1  www.accuserveadsystem.com
  127.0.0.1  achmedia.com
  127.0.0.1  csh.actiondesk.com
  127.0.0.1  www.activemeter.com #[Tracking.Cookie]
  127.0.0.1  ads.activepower.net
 
  20 out of 13922 HOSTS entries shown.
  Please review HOSTS file for further entries.


#6 Mythilas

Mythilas
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:04:08 AM

Posted 14 August 2013 - 02:46 AM

MBAM LOG
 
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.08.14.02
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Emma :: EMMA-PC [administrator]
 
Protection: Enabled
 
14/08/2013 5:43:18 PM
mbam-log-2013-08-14 (17-43-18).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 267951
Time elapsed: 11 minute(s), 3 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 

 

 

SAS Log

 

SUPERAntiSpyware Scan Log
 
Generated 08/14/2013 at 06:30 PM
 
Application Version : 5.6.1030
 
Core Rules Database Version : 10690
Trace Rules Database Version: 8502
 
Scan type       : Quick Scan
Total Scan Time : 00:03:19
 
Operating System Information
Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
 
Memory items scanned      : 572
Memory threats detected   : 0
Registry items scanned    : 60554
Registry threats detected : 3
File items scanned        : 10633
File threats detected     : 140
 
Trojan.Agent/Gen-StartPage
(x86) HKCR\CLSID\{B69F34DD-F0F9-42DC-9EDD-957187DA688D}
(x86) HKCR\CLSID\{B69F34DD-F0F9-42DC-9EDD-957187DA688D}\TypeLib
 
Registry Cleaner Trial
(x86) HKCR\.03
 
Adware.Tracking Cookie
.doubleclick.net [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pro-market.net [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adtechus.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.saymedia.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.saymedia.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.statcounter.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.server.cpmstar.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
track.adform.net [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.findip-address.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.findip-address.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.findip-address.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.findtheword.info [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
account.norton.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
uk.sitestat.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
uk.sitestat.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.eset.122.2o7.net [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.microsoftsto.112.2o7.net [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.w3counter.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.w3counter.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.sbsaustralia.112.2o7.net [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com.au [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.account.live.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ponycountdown.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
account.mojang.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.linuxquestions.org [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediafire.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.commonsensemedia.org [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.commonsensemedia.org [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.commonsensemedia.org [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.commonsensemedia.org [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.commonsensemedia.org [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.commonsensemedia.org [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
account.norton.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
account.norton.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
mediakit.wikia.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
mediakit.wikia.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
mediakit.wikia.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
performances.bestofmedia.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fdic.122.2o7.net [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.linuxquestions.org [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.linuxquestions.org [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.linuxquestions.org [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.linuxquestions.org [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
account.thequestionsnetwork.org [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
account.thequestionsnetwork.org [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
account.thequestionsnetwork.org [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.linuxquestions.org [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.mediabistro.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
games.adultswim.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultswim.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
games.adultswim.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
games.adultswim.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
games.adultswim.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultswim.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adultswim.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.countrymusicchannel.com.au [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.countrymusicchannel.com.au [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.countrymusicchannel.com.au [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
cdn-www.cracked.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
media.techtarget.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.zcounter.net [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.flagcounter.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
account.live.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
account.live.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.dmtracker.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.canon.122.2o7.net [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
commons.wikimedia.org [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.acufinder.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.acufinder.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
www.acufinder.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.canwestglobal.112.2o7.net [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
8tracks.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
8tracks.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
8tracks.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.8tracks.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.8tracks.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
account.mojang.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
mediacdn.disqus.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.flagcounter.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.google.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\EMMA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

Edited by Mythilas, 14 August 2013 - 03:37 AM.


#7 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:08 AM

Posted 14 August 2013 - 03:14 AM

Right now I have my computer in Safe mode, but I haven't found any trace of the Trojan yet. I ran both a quick scan with MBAM and MSE that detected nothing, but I just want to be sure that the trojan is gone. 

As of now, you need to run the listed scans in Normal Mode to find any infections -

 

Thanks -



#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:08 AM

Posted 14 August 2013 - 04:06 AM

Just FYI, this infection we are dealing with has also been identified as - Trojan.Win32.Scar.duih

 

Summary - Trojan: Performs actions that are typical of malicious programs
Other activities : Modifies the system registry keys:
[ System registry hive HKEY_LOCAL_MACHINEHKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile ] "EnableFirewall" = "0x0"
[ System registry hive HKEY_LOCAL_MACHINEHKLM\SYSTEM\ControlSet001\Services\wuauserv ] "Start" = "0x4"
[ System registry hive HKEY_LOCAL_MACHINEHKLM\SYSTEM\ControlSet001\Services\wscsvc ] "Start" = "0x4"
[ System registry hive HKEY_CURRENT_USERHKCU\Software\Microsoft\Internet Explorer\International ] "W2KLpk" = "0x0"
[ System registry hive HKEY_LOCAL_MACHINEHKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters ] "MaxFreeTcbs" = "0x7D0"
[ System registry hive HKEY_LOCAL_MACHINEHKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters ] "MaxHashTableSize" = "0x800"
[ System registry hive HKEY_LOCAL_MACHINEHKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters ] "TcpTimedWaitDelay" = "0x1E"
[ System registry hive HKEY_LOCAL_MACHINEHKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters ] "MaxUserPort" = "0xF618"
[ System registry hive HKEY_LOCAL_MACHINEHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions ] "systemdates" = "<­path to source program­><­file of source program ­>"

 

For these above reasons we must remove it as soon as we can -

 

Thank You -



#9 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:08 AM

Posted 14 August 2013 - 04:36 AM

Windows Security Center service is not running! This is usually a result of the infection -

 

{B69F34DD-F0F9-42DC-9EDD-957187DA688D} This CLSID is identified as :
Infostealer trojan of Chinese origin hailing dropped by what Microsoft detects as Trojan:Win32/Meredrop
Browser hijacker of Chinese origin, detected by Rising antivirus as Win32/Trojan.StartIE.dd.rgrk
Infostealer trojan of Chinese origin, detected by Kaspersky antivirus as Trojan-Downloader.Win32.BHO.rhm

 

More information is available, From Kaspersky

 

Thanks -



#10 Mythilas

Mythilas
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:04:08 AM

Posted 16 August 2013 - 06:01 AM

ESET log

 

C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined

C:\Program Files (x86)\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Users\Emma\Downloads\Other\Installers\flstudio_10.0.9c.exe Win32/OpenCandy application cleaned by deleting - quarantined
 

 

TDSSkiller log

 

20:56:03.0454 0x08c4  TDSS rootkit removing tool 2.9.2.0 Aug 15 2013 16:44:29

20:56:05.0456 0x08c4  ============================================================
20:56:05.0456 0x08c4  Current date / time: 2013/08/16 20:56:05.0456
20:56:05.0456 0x08c4  SystemInfo:
20:56:05.0456 0x08c4  
20:56:05.0456 0x08c4  OS Version: 6.1.7601 ServicePack: 1.0
20:56:05.0456 0x08c4  Product type: Workstation
20:56:05.0456 0x08c4  ComputerName: EMMA-PC
20:56:05.0457 0x08c4  UserName: Emma
20:56:05.0457 0x08c4  Windows directory: C:\Windows
20:56:05.0457 0x08c4  System windows directory: C:\Windows
20:56:05.0457 0x08c4  Running under WOW64
20:56:05.0457 0x08c4  Processor architecture: Intel x64
20:56:05.0457 0x08c4  Number of processors: 2
20:56:05.0457 0x08c4  Page size: 0x1000
20:56:05.0457 0x08c4  Boot type: Normal boot
20:56:05.0457 0x08c4  ============================================================
20:56:06.0525 0x08c4  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:56:06.0529 0x08c4  ============================================================
20:56:06.0529 0x08c4  \Device\Harddisk0\DR0:
20:56:06.0529 0x08c4  MBR partitions:
20:56:06.0529 0x08c4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:56:06.0529 0x08c4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1C9A7800
20:56:06.0529 0x08c4  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1C9DA000, BlocksNum 0x1D9AB800
20:56:06.0529 0x08c4  ============================================================
20:56:06.0557 0x08c4  C: <-> \Device\Harddisk0\DR0\Partition2
20:56:06.0585 0x08c4  D: <-> \Device\Harddisk0\DR0\Partition3
20:56:06.0585 0x08c4  ============================================================
20:56:06.0585 0x08c4  Initialize success
20:56:06.0585 0x08c4  ============================================================
20:56:15.0226 0x1410  ============================================================
20:56:15.0227 0x1410  Scan started
20:56:15.0227 0x1410  Mode: Manual; TDLFS; 
20:56:15.0227 0x1410  ============================================================
20:56:15.0987 0x1410  ================ Scan system memory ========================
20:56:15.0987 0x1410  System memory - ok
20:56:15.0988 0x1410  ================ Scan services =============================
20:56:16.0115 0x1410  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:56:16.0119 0x1410  1394ohci - ok
20:56:16.0210 0x1410  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
20:56:16.0213 0x1410  ACDaemon - ok
20:56:16.0257 0x1410  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:56:16.0266 0x1410  ACPI - ok
20:56:16.0302 0x1410  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:56:16.0303 0x1410  AcpiPmi - ok
20:56:16.0379 0x1410  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:56:16.0382 0x1410  AdobeARMservice - ok
20:56:16.0499 0x1410  [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:56:16.0505 0x1410  AdobeFlashPlayerUpdateSvc - ok
20:56:16.0554 0x1410  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
20:56:16.0566 0x1410  adp94xx - ok
20:56:16.0594 0x1410  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
20:56:16.0599 0x1410  adpahci - ok
20:56:16.0618 0x1410  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
20:56:16.0621 0x1410  adpu320 - ok
20:56:16.0647 0x1410  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:56:16.0648 0x1410  AeLookupSvc - ok
20:56:16.0700 0x1410  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
20:56:16.0708 0x1410  AFD - ok
20:56:16.0745 0x1410  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:56:16.0747 0x1410  agp440 - ok
20:56:16.0757 0x1410  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
20:56:16.0759 0x1410  ALG - ok
20:56:16.0777 0x1410  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:56:16.0778 0x1410  aliide - ok
20:56:16.0814 0x1410  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
20:56:16.0815 0x1410  amdide - ok
20:56:16.0839 0x1410  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
20:56:16.0842 0x1410  AmdK8 - ok
20:56:16.0860 0x1410  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:56:16.0862 0x1410  AmdPPM - ok
20:56:16.0873 0x1410  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:56:16.0875 0x1410  amdsata - ok
20:56:16.0895 0x1410  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
20:56:16.0898 0x1410  amdsbs - ok
20:56:16.0910 0x1410  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:56:16.0912 0x1410  amdxata - ok
20:56:16.0950 0x1410  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
20:56:16.0952 0x1410  AppID - ok
20:56:16.0966 0x1410  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:56:16.0968 0x1410  AppIDSvc - ok
20:56:17.0012 0x1410  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
20:56:17.0013 0x1410  Appinfo - ok
20:56:17.0091 0x1410  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:56:17.0095 0x1410  Apple Mobile Device - ok
20:56:17.0124 0x1410  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
20:56:17.0129 0x1410  AppMgmt - ok
20:56:17.0153 0x1410  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
20:56:17.0155 0x1410  arc - ok
20:56:17.0161 0x1410  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
20:56:17.0162 0x1410  arcsas - ok
20:56:17.0252 0x1410  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:56:17.0254 0x1410  aspnet_state - ok
20:56:17.0275 0x1410  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:56:17.0276 0x1410  AsyncMac - ok
20:56:17.0311 0x1410  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
20:56:17.0311 0x1410  atapi - ok
20:56:17.0335 0x1410  [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
20:56:17.0336 0x1410  AtiPcie - ok
20:56:17.0381 0x1410  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:56:17.0388 0x1410  AudioEndpointBuilder - ok
20:56:17.0400 0x1410  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:56:17.0404 0x1410  AudioSrv - ok
20:56:17.0458 0x1410  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:56:17.0462 0x1410  AxInstSV - ok
20:56:17.0487 0x1410  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
20:56:17.0493 0x1410  b06bdrv - ok
20:56:17.0517 0x1410  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:56:17.0520 0x1410  b57nd60a - ok
20:56:17.0544 0x1410  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:56:17.0545 0x1410  BDESVC - ok
20:56:17.0559 0x1410  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:56:17.0560 0x1410  Beep - ok
20:56:17.0620 0x1410  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
20:56:17.0635 0x1410  BFE - ok
20:56:17.0767 0x1410  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
20:56:17.0845 0x1410  BITS - ok
20:56:17.0885 0x1410  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:56:17.0887 0x1410  blbdrive - ok
20:56:17.0953 0x1410  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:56:17.0962 0x1410  Bonjour Service - ok
20:56:18.0009 0x1410  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:56:18.0011 0x1410  bowser - ok
20:56:18.0025 0x1410  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:56:18.0027 0x1410  BrFiltLo - ok
20:56:18.0032 0x1410  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:56:18.0034 0x1410  BrFiltUp - ok
20:56:18.0070 0x1410  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
20:56:18.0072 0x1410  BridgeMP - ok
20:56:18.0111 0x1410  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
20:56:18.0116 0x1410  Browser - ok
20:56:18.0135 0x1410  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:56:18.0141 0x1410  Brserid - ok
20:56:18.0146 0x1410  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:56:18.0147 0x1410  BrSerWdm - ok
20:56:18.0152 0x1410  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:56:18.0154 0x1410  BrUsbMdm - ok
20:56:18.0167 0x1410  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:56:18.0169 0x1410  BrUsbSer - ok
20:56:18.0172 0x1410  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
20:56:18.0173 0x1410  BTHMODEM - ok
20:56:18.0201 0x1410  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
20:56:18.0202 0x1410  bthserv - ok
20:56:18.0216 0x1410  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:56:18.0217 0x1410  cdfs - ok
20:56:18.0252 0x1410  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
20:56:18.0254 0x1410  cdrom - ok
20:56:18.0291 0x1410  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
20:56:18.0293 0x1410  CertPropSvc - ok
20:56:18.0315 0x1410  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
20:56:18.0318 0x1410  circlass - ok
20:56:18.0340 0x1410  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
20:56:18.0348 0x1410  CLFS - ok
20:56:18.0394 0x1410  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:56:18.0396 0x1410  clr_optimization_v2.0.50727_32 - ok
20:56:18.0429 0x1410  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:56:18.0430 0x1410  clr_optimization_v2.0.50727_64 - ok
20:56:18.0504 0x1410  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:56:18.0527 0x1410  clr_optimization_v4.0.30319_32 - ok
20:56:18.0547 0x1410  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:56:18.0552 0x1410  clr_optimization_v4.0.30319_64 - ok
20:56:18.0584 0x1410  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:56:18.0586 0x1410  CmBatt - ok
20:56:18.0617 0x1410  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:56:18.0619 0x1410  cmdide - ok
20:56:18.0656 0x1410  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
20:56:18.0661 0x1410  CNG - ok
20:56:18.0672 0x1410  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:56:18.0673 0x1410  Compbatt - ok
20:56:18.0713 0x1410  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
20:56:18.0717 0x1410  CompositeBus - ok
20:56:18.0735 0x1410  COMSysApp - ok
20:56:18.0751 0x1410  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
20:56:18.0752 0x1410  crcdisk - ok
20:56:18.0781 0x1410  [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:56:18.0783 0x1410  CryptSvc - ok
20:56:18.0821 0x1410  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
20:56:18.0833 0x1410  CSC - ok
20:56:18.0884 0x1410  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
20:56:18.0892 0x1410  CscService - ok
20:56:18.0940 0x1410  [ A5D3D53178394CC7A8A26BB532575B59 ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
20:56:18.0942 0x1410  dc3d - ok
20:56:18.0977 0x1410  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:56:18.0984 0x1410  DcomLaunch - ok
20:56:19.0000 0x1410  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
20:56:19.0005 0x1410  defragsvc - ok
20:56:19.0038 0x1410  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:56:19.0042 0x1410  DfsC - ok
20:56:19.0073 0x1410  [ CFBB4907C7542180B5E0282301240006 ] DgiVecp         C:\Windows\system32\Drivers\DgiVecp.sys
20:56:19.0095 0x1410  DgiVecp - ok
20:56:19.0113 0x1410  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:56:19.0116 0x1410  Dhcp - ok
20:56:19.0134 0x1410  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
20:56:19.0134 0x1410  discache - ok
20:56:19.0158 0x1410  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
20:56:19.0162 0x1410  Disk - ok
20:56:19.0208 0x1410  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:56:19.0213 0x1410  Dnscache - ok
20:56:19.0255 0x1410  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:56:19.0259 0x1410  dot3svc - ok
20:56:19.0298 0x1410  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
20:56:19.0300 0x1410  DPS - ok
20:56:19.0316 0x1410  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:56:19.0317 0x1410  drmkaud - ok
20:56:19.0360 0x1410  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:56:19.0371 0x1410  DXGKrnl - ok
20:56:19.0396 0x1410  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
20:56:19.0399 0x1410  EapHost - ok
20:56:19.0460 0x1410  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
20:56:19.0512 0x1410  ebdrv - ok
20:56:19.0534 0x1410  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
20:56:19.0535 0x1410  EFS - ok
20:56:19.0587 0x1410  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:56:19.0602 0x1410  ehRecvr - ok
20:56:19.0630 0x1410  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
20:56:19.0633 0x1410  ehSched - ok
20:56:19.0659 0x1410  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
20:56:19.0667 0x1410  elxstor - ok
20:56:19.0702 0x1410  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:56:19.0703 0x1410  ErrDev - ok
20:56:19.0738 0x1410  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
20:56:19.0743 0x1410  EventSystem - ok
20:56:19.0760 0x1410  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
20:56:19.0763 0x1410  exfat - ok
20:56:19.0782 0x1410  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:56:19.0785 0x1410  fastfat - ok
20:56:19.0834 0x1410  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
20:56:19.0842 0x1410  Fax - ok
20:56:19.0847 0x1410  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:56:19.0849 0x1410  fdc - ok
20:56:19.0869 0x1410  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
20:56:19.0870 0x1410  fdPHost - ok
20:56:19.0883 0x1410  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:56:19.0885 0x1410  FDResPub - ok
20:56:19.0897 0x1410  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:56:19.0899 0x1410  FileInfo - ok
20:56:19.0913 0x1410  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:56:19.0914 0x1410  Filetrace - ok
20:56:19.0922 0x1410  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:56:19.0924 0x1410  flpydisk - ok
20:56:19.0938 0x1410  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:56:19.0942 0x1410  FltMgr - ok
20:56:20.0013 0x1410  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
20:56:20.0050 0x1410  FontCache - ok
20:56:20.0100 0x1410  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:56:20.0101 0x1410  FontCache3.0.0.0 - ok
20:56:20.0127 0x1410  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:56:20.0129 0x1410  FsDepends - ok
20:56:20.0168 0x1410  [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
20:56:20.0170 0x1410  fssfltr - ok
20:56:20.0255 0x1410  [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
20:56:20.0293 0x1410  fsssvc - ok
20:56:20.0323 0x1410  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:56:20.0324 0x1410  Fs_Rec - ok
20:56:20.0377 0x1410  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:56:20.0379 0x1410  fvevol - ok
20:56:20.0404 0x1410  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
20:56:20.0406 0x1410  gagp30kx - ok
20:56:20.0446 0x1410  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:56:20.0448 0x1410  GEARAspiWDM - ok
20:56:20.0489 0x1410  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
20:56:20.0499 0x1410  gpsvc - ok
20:56:20.0577 0x1410  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:56:20.0580 0x1410  gupdate - ok
20:56:20.0595 0x1410  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:56:20.0597 0x1410  gupdatem - ok
20:56:20.0637 0x1410  [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi         C:\Windows\system32\DRIVERS\hamachi.sys
20:56:20.0640 0x1410  hamachi - ok
20:56:20.0729 0x1410  [ B1E3F445943F06E36DC079AF28D0F86B ] Hamachi2Svc     C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
20:56:20.0773 0x1410  Hamachi2Svc - ok
20:56:20.0788 0x1410  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:56:20.0789 0x1410  hcw85cir - ok
20:56:20.0821 0x1410  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:56:20.0826 0x1410  HdAudAddService - ok
20:56:20.0843 0x1410  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
20:56:20.0844 0x1410  HDAudBus - ok
20:56:20.0858 0x1410  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
20:56:20.0859 0x1410  HidBatt - ok
20:56:20.0872 0x1410  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
20:56:20.0874 0x1410  HidBth - ok
20:56:20.0881 0x1410  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
20:56:20.0883 0x1410  HidIr - ok
20:56:20.0923 0x1410  [ 46BBE8EA221461A65F18A078528F4B2C ] hidkmdf         C:\Windows\system32\DRIVERS\hidkmdf.sys
20:56:20.0924 0x1410  hidkmdf - ok
20:56:20.0946 0x1410  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
20:56:20.0950 0x1410  hidserv - ok
20:56:20.0992 0x1410  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:56:20.0993 0x1410  HidUsb - ok
20:56:21.0021 0x1410  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:56:21.0023 0x1410  hkmsvc - ok
20:56:21.0053 0x1410  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:56:21.0057 0x1410  HomeGroupListener - ok
20:56:21.0069 0x1410  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:56:21.0074 0x1410  HomeGroupProvider - ok
20:56:21.0105 0x1410  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:56:21.0107 0x1410  HpSAMD - ok
20:56:21.0155 0x1410  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:56:21.0161 0x1410  HTTP - ok
20:56:21.0190 0x1410  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:56:21.0191 0x1410  hwpolicy - ok
20:56:21.0221 0x1410  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
20:56:21.0223 0x1410  i8042prt - ok
20:56:21.0241 0x1410  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:56:21.0246 0x1410  iaStorV - ok
20:56:21.0299 0x1410  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:56:21.0316 0x1410  idsvc - ok
20:56:21.0338 0x1410  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
20:56:21.0340 0x1410  iirsp - ok
20:56:21.0430 0x1410  [ C5B04409186A27409BD069580208A6D3 ] IJPLMSVC        C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
20:56:21.0433 0x1410  IJPLMSVC - ok
20:56:21.0486 0x1410  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
20:56:21.0501 0x1410  IKEEXT - ok
20:56:21.0543 0x1410  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
20:56:21.0544 0x1410  intelide - ok
20:56:21.0557 0x1410  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:56:21.0559 0x1410  intelppm - ok
20:56:21.0582 0x1410  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:56:21.0584 0x1410  IPBusEnum - ok
20:56:21.0611 0x1410  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:56:21.0612 0x1410  IpFilterDriver - ok
20:56:21.0647 0x1410  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:56:21.0663 0x1410  iphlpsvc - ok
20:56:21.0707 0x1410  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:56:21.0710 0x1410  IPMIDRV - ok
20:56:21.0749 0x1410  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:56:21.0752 0x1410  IPNAT - ok
20:56:21.0815 0x1410  [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
20:56:21.0834 0x1410  iPod Service - ok
20:56:21.0860 0x1410  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:56:21.0862 0x1410  IRENUM - ok
20:56:21.0891 0x1410  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:56:21.0892 0x1410  isapnp - ok
20:56:21.0934 0x1410  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:56:21.0938 0x1410  iScsiPrt - ok
20:56:21.0952 0x1410  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:56:21.0954 0x1410  kbdclass - ok
20:56:21.0973 0x1410  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:56:21.0975 0x1410  kbdhid - ok
20:56:21.0982 0x1410  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
20:56:21.0983 0x1410  KeyIso - ok
20:56:22.0013 0x1410  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:56:22.0015 0x1410  KSecDD - ok
20:56:22.0050 0x1410  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:56:22.0052 0x1410  KSecPkg - ok
20:56:22.0060 0x1410  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:56:22.0061 0x1410  ksthunk - ok
20:56:22.0087 0x1410  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:56:22.0093 0x1410  KtmRm - ok
20:56:22.0150 0x1410  [ B3F62AFEBD5C3E0AADCE5DE40D47AAEE ] KuaiZipDrive    C:\Windows\system32\drivers\KuaiZipDrive.sys
20:56:22.0154 0x1410  KuaiZipDrive - ok
20:56:22.0192 0x1410  [ 033B4AED2C5519072C0D81E00804D003 ] L1C             C:\Windows\system32\DRIVERS\L1C62x64.sys
20:56:22.0195 0x1410  L1C - ok
20:56:22.0233 0x1410  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
20:56:22.0241 0x1410  LanmanServer - ok
20:56:22.0297 0x1410  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:56:22.0314 0x1410  LanmanWorkstation - ok
20:56:22.0353 0x1410  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:56:22.0356 0x1410  lltdio - ok
20:56:22.0386 0x1410  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:56:22.0391 0x1410  lltdsvc - ok
20:56:22.0408 0x1410  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:56:22.0410 0x1410  lmhosts - ok
20:56:22.0430 0x1410  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
20:56:22.0432 0x1410  LSI_FC - ok
20:56:22.0446 0x1410  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
20:56:22.0448 0x1410  LSI_SAS - ok
20:56:22.0466 0x1410  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:56:22.0468 0x1410  LSI_SAS2 - ok
20:56:22.0481 0x1410  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:56:22.0484 0x1410  LSI_SCSI - ok
20:56:22.0495 0x1410  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
20:56:22.0497 0x1410  luafv - ok
20:56:22.0548 0x1410  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
20:56:22.0551 0x1410  MBAMProtector - ok
20:56:22.0594 0x1410  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:56:22.0599 0x1410  MBAMScheduler - ok
20:56:22.0652 0x1410  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:56:22.0661 0x1410  MBAMService - ok
20:56:22.0690 0x1410  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:56:22.0693 0x1410  Mcx2Svc - ok
20:56:22.0705 0x1410  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
20:56:22.0707 0x1410  megasas - ok
20:56:22.0725 0x1410  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
20:56:22.0728 0x1410  MegaSR - ok
20:56:22.0744 0x1410  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
20:56:22.0747 0x1410  MMCSS - ok
20:56:22.0755 0x1410  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
20:56:22.0755 0x1410  Modem - ok
20:56:22.0783 0x1410  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:56:22.0785 0x1410  monitor - ok
20:56:22.0816 0x1410  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:56:22.0818 0x1410  mouclass - ok
20:56:22.0839 0x1410  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:56:22.0842 0x1410  mouhid - ok
20:56:22.0879 0x1410  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:56:22.0882 0x1410  mountmgr - ok
20:56:22.0928 0x1410  [ FC1D590039EF06A381768710E6C07E75 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
20:56:22.0931 0x1410  MpFilter - ok
20:56:22.0964 0x1410  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:56:22.0967 0x1410  mpio - ok
20:56:22.0984 0x1410  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:56:22.0985 0x1410  mpsdrv - ok
20:56:23.0038 0x1410  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:56:23.0053 0x1410  MpsSvc - ok
20:56:23.0077 0x1410  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:56:23.0078 0x1410  MRxDAV - ok
20:56:23.0115 0x1410  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:56:23.0116 0x1410  mrxsmb - ok
20:56:23.0151 0x1410  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:56:23.0156 0x1410  mrxsmb10 - ok
20:56:23.0178 0x1410  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:56:23.0179 0x1410  mrxsmb20 - ok
20:56:23.0209 0x1410  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:56:23.0211 0x1410  msahci - ok
20:56:23.0227 0x1410  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:56:23.0229 0x1410  msdsm - ok
20:56:23.0253 0x1410  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
20:56:23.0256 0x1410  MSDTC - ok
20:56:23.0280 0x1410  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:56:23.0283 0x1410  Msfs - ok
20:56:23.0304 0x1410  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:56:23.0305 0x1410  mshidkmdf - ok
20:56:23.0319 0x1410  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:56:23.0320 0x1410  msisadrv - ok
20:56:23.0346 0x1410  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:56:23.0350 0x1410  MSiSCSI - ok
20:56:23.0354 0x1410  msiserver - ok
20:56:23.0368 0x1410  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:56:23.0369 0x1410  MSKSSRV - ok
20:56:23.0425 0x1410  [ 66238063B53E51ADDA16764BAB9A3F7C ] MsMpSvc         C:\Program Files\Microsoft Security Client\MsMpEng.exe
20:56:23.0426 0x1410  MsMpSvc - ok
20:56:23.0437 0x1410  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:56:23.0438 0x1410  MSPCLOCK - ok
20:56:23.0445 0x1410  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:56:23.0447 0x1410  MSPQM - ok
20:56:23.0489 0x1410  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:56:23.0492 0x1410  MsRPC - ok
20:56:23.0528 0x1410  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
20:56:23.0530 0x1410  mssmbios - ok
20:56:23.0540 0x1410  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:56:23.0542 0x1410  MSTEE - ok
20:56:23.0551 0x1410  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
20:56:23.0553 0x1410  MTConfig - ok
20:56:23.0573 0x1410  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:56:23.0575 0x1410  Mup - ok
20:56:23.0615 0x1410  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
20:56:23.0622 0x1410  napagent - ok
20:56:23.0651 0x1410  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:56:23.0655 0x1410  NativeWifiP - ok
20:56:23.0698 0x1410  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:56:23.0709 0x1410  NDIS - ok
20:56:23.0724 0x1410  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:56:23.0726 0x1410  NdisCap - ok
20:56:23.0742 0x1410  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:56:23.0742 0x1410  NdisTapi - ok
20:56:23.0778 0x1410  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:56:23.0781 0x1410  Ndisuio - ok
20:56:23.0821 0x1410  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:56:23.0825 0x1410  NdisWan - ok
20:56:23.0864 0x1410  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:56:23.0866 0x1410  NDProxy - ok
20:56:23.0905 0x1410  [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl         C:\Windows\system32\DRIVERS\netaapl64.sys
20:56:23.0908 0x1410  Netaapl - ok
20:56:23.0927 0x1410  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:56:23.0929 0x1410  NetBIOS - ok
20:56:23.0960 0x1410  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:56:23.0963 0x1410  NetBT - ok
20:56:23.0971 0x1410  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
20:56:23.0973 0x1410  Netlogon - ok
20:56:24.0000 0x1410  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
20:56:24.0005 0x1410  Netman - ok
20:56:24.0029 0x1410  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:56:24.0032 0x1410  NetMsmqActivator - ok
20:56:24.0037 0x1410  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:56:24.0038 0x1410  NetPipeActivator - ok
20:56:24.0052 0x1410  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
20:56:24.0059 0x1410  netprofm - ok
20:56:24.0074 0x1410  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:56:24.0075 0x1410  NetTcpActivator - ok
20:56:24.0080 0x1410  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:56:24.0082 0x1410  NetTcpPortSharing - ok
20:56:24.0109 0x1410  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
20:56:24.0111 0x1410  nfrd960 - ok
20:56:24.0182 0x1410  [ 8FB3C853E886E1E4D57271672486111C ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:56:24.0186 0x1410  NisDrv - ok
20:56:24.0208 0x1410  [ 869A808253726EA11939EC4FE76346A4 ] NisSrv          C:\Program Files\Microsoft Security Client\NisSrv.exe
20:56:24.0216 0x1410  NisSrv - ok
20:56:24.0235 0x1410  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:56:24.0240 0x1410  NlaSvc - ok
20:56:24.0253 0x1410  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:56:24.0255 0x1410  Npfs - ok
20:56:24.0276 0x1410  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
20:56:24.0278 0x1410  nsi - ok
20:56:24.0287 0x1410  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:56:24.0287 0x1410  nsiproxy - ok
20:56:24.0347 0x1410  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:56:24.0373 0x1410  Ntfs - ok
20:56:24.0416 0x1410  [ 317020D31F1696334679B9D0416EB62E ] NuidFltr        C:\Windows\system32\DRIVERS\NuidFltr.sys
20:56:24.0418 0x1410  NuidFltr - ok
20:56:24.0443 0x1410  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
20:56:24.0444 0x1410  Null - ok
20:56:24.0656 0x1410  [ 4EE399576F76D38C04745DB739BBC8C7 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
20:56:24.0818 0x1410  nvlddmkm - ok
20:56:24.0844 0x1410  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:56:24.0847 0x1410  nvraid - ok
20:56:24.0861 0x1410  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:56:24.0863 0x1410  nvstor - ok
20:56:24.0906 0x1410  [ 7335C3D78A7746D76D37F6722CC4A466 ] nvsvc           C:\Windows\system32\nvvsvc.exe
20:56:24.0914 0x1410  nvsvc - ok
20:56:25.0013 0x1410  [ B7C53DA1C73FF39F4A6248643EFD979A ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
20:56:25.0047 0x1410  nvUpdatusService - ok
20:56:25.0087 0x1410  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:56:25.0089 0x1410  nv_agp - ok
20:56:25.0122 0x1410  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:56:25.0124 0x1410  ohci1394 - ok
20:56:25.0165 0x1410  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:56:25.0169 0x1410  ose - ok
20:56:25.0292 0x1410  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:56:25.0386 0x1410  osppsvc - ok
20:56:25.0418 0x1410  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:56:25.0420 0x1410  p2pimsvc - ok
20:56:25.0444 0x1410  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:56:25.0455 0x1410  p2psvc - ok
20:56:25.0484 0x1410  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:56:25.0486 0x1410  Parport - ok
20:56:25.0522 0x1410  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:56:25.0523 0x1410  partmgr - ok
20:56:25.0565 0x1410  [ 8A0F8A9580D9F2FC512A35D5709088A9 ] pavboot         C:\Windows\system32\drivers\pavboot64.sys
20:56:25.0567 0x1410  pavboot - ok
20:56:25.0584 0x1410  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:56:25.0588 0x1410  PcaSvc - ok
20:56:25.0620 0x1410  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
20:56:25.0623 0x1410  pci - ok
20:56:25.0631 0x1410  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
20:56:25.0632 0x1410  pciide - ok
20:56:25.0656 0x1410  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
20:56:25.0663 0x1410  pcmcia - ok
20:56:25.0700 0x1410  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:56:25.0701 0x1410  pcw - ok
20:56:25.0728 0x1410  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:56:25.0733 0x1410  PEAUTH - ok
20:56:25.0769 0x1410  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
20:56:25.0795 0x1410  PeerDistSvc - ok
20:56:25.0848 0x1410  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:56:25.0850 0x1410  PerfHost - ok
20:56:25.0898 0x1410  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
20:56:25.0924 0x1410  pla - ok
20:56:25.0973 0x1410  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:56:25.0979 0x1410  PlugPlay - ok
20:56:25.0995 0x1410  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:56:25.0997 0x1410  PNRPAutoReg - ok
20:56:26.0009 0x1410  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:56:26.0013 0x1410  PNRPsvc - ok
20:56:26.0047 0x1410  [ 34A8FAE065249F85A67A3215FF5ECB34 ] Point64         C:\Windows\system32\DRIVERS\point64.sys
20:56:26.0049 0x1410  Point64 - ok
20:56:26.0062 0x1410  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:56:26.0068 0x1410  PolicyAgent - ok
20:56:26.0090 0x1410  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
20:56:26.0092 0x1410  Power - ok
20:56:26.0136 0x1410  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:56:26.0139 0x1410  PptpMiniport - ok
20:56:26.0163 0x1410  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
20:56:26.0167 0x1410  Processor - ok
20:56:26.0217 0x1410  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:56:26.0223 0x1410  ProfSvc - ok
20:56:26.0236 0x1410  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:56:26.0238 0x1410  ProtectedStorage - ok
20:56:26.0270 0x1410  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:56:26.0271 0x1410  Psched - ok
20:56:26.0313 0x1410  [ DD3FD48D69F5FBBB21D46D1514C1C2DB ] PSI             C:\Windows\system32\DRIVERS\psi_mf_amd64.sys
20:56:26.0327 0x1410  PSI - ok
20:56:26.0371 0x1410  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
20:56:26.0396 0x1410  ql2300 - ok
20:56:26.0415 0x1410  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
20:56:26.0417 0x1410  ql40xx - ok
20:56:26.0442 0x1410  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
20:56:26.0445 0x1410  QWAVE - ok
20:56:26.0458 0x1410  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:56:26.0459 0x1410  QWAVEdrv - ok
20:56:26.0468 0x1410  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:56:26.0469 0x1410  RasAcd - ok
20:56:26.0489 0x1410  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:56:26.0490 0x1410  RasAgileVpn - ok
20:56:26.0504 0x1410  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
20:56:26.0506 0x1410  RasAuto - ok
20:56:26.0536 0x1410  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:56:26.0537 0x1410  Rasl2tp - ok
20:56:26.0574 0x1410  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
20:56:26.0578 0x1410  RasMan - ok
20:56:26.0590 0x1410  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:56:26.0592 0x1410  RasPppoe - ok
20:56:26.0601 0x1410  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:56:26.0602 0x1410  RasSstp - ok
20:56:26.0635 0x1410  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:56:26.0638 0x1410  rdbss - ok
20:56:26.0645 0x1410  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:56:26.0647 0x1410  rdpbus - ok
20:56:26.0658 0x1410  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:56:26.0659 0x1410  RDPCDD - ok
20:56:26.0698 0x1410  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
20:56:26.0700 0x1410  RDPDR - ok
20:56:26.0716 0x1410  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:56:26.0718 0x1410  RDPENCDD - ok
20:56:26.0726 0x1410  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:56:26.0727 0x1410  RDPREFMP - ok
20:56:26.0767 0x1410  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:56:26.0767 0x1410  RdpVideoMiniport - ok
20:56:26.0807 0x1410  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:56:26.0808 0x1410  RDPWD - ok
20:56:26.0830 0x1410  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:56:26.0834 0x1410  rdyboost - ok
20:56:26.0860 0x1410  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:56:26.0862 0x1410  RemoteAccess - ok
20:56:26.0884 0x1410  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:56:26.0886 0x1410  RemoteRegistry - ok
20:56:26.0900 0x1410  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:56:26.0902 0x1410  RpcEptMapper - ok
20:56:26.0916 0x1410  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
20:56:26.0918 0x1410  RpcLocator - ok
20:56:26.0949 0x1410  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\System32\rpcss.dll
20:56:26.0954 0x1410  RpcSs - ok
20:56:26.0982 0x1410  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:56:26.0984 0x1410  rspndr - ok
20:56:27.0010 0x1410  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
20:56:27.0011 0x1410  s3cap - ok
20:56:27.0026 0x1410  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
20:56:27.0028 0x1410  SamSs - ok
20:56:27.0053 0x1410  [ D641337B75B9A9D5AE10687AA1097755 ] Samsung UPD Service C:\Windows\System32\SUPDSvc.exe
20:56:27.0058 0x1410  Samsung UPD Service - ok
20:56:27.0068 0x1410  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:56:27.0071 0x1410  sbp2port - ok
20:56:27.0094 0x1410  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:56:27.0097 0x1410  SCardSvr - ok
20:56:27.0125 0x1410  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:56:27.0126 0x1410  scfilter - ok
20:56:27.0180 0x1410  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
20:56:27.0199 0x1410  Schedule - ok
20:56:27.0231 0x1410  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:56:27.0233 0x1410  SCPolicySvc - ok
20:56:27.0312 0x1410  SDBaseSvc - ok
20:56:27.0339 0x1410  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:56:27.0342 0x1410  SDRSVC - ok
20:56:27.0359 0x1410  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:56:27.0361 0x1410  secdrv - ok
20:56:27.0395 0x1410  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
20:56:27.0397 0x1410  seclogon - ok
20:56:27.0465 0x1410  [ 05E383849FA1FBBBC160612B0080618C ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
20:56:27.0490 0x1410  Secunia PSI Agent - ok
20:56:27.0512 0x1410  [ F8173F1454F21C451439CB47EF75830A ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
20:56:27.0520 0x1410  Secunia Update Agent - ok
20:56:27.0541 0x1410  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
20:56:27.0543 0x1410  SENS - ok
20:56:27.0554 0x1410  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:56:27.0557 0x1410  SensrSvc - ok
20:56:27.0580 0x1410  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:56:27.0582 0x1410  Serenum - ok
20:56:27.0592 0x1410  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:56:27.0594 0x1410  Serial - ok
20:56:27.0622 0x1410  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
20:56:27.0624 0x1410  sermouse - ok
20:56:27.0658 0x1410  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:56:27.0662 0x1410  SessionEnv - ok
20:56:27.0695 0x1410  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:56:27.0697 0x1410  sffdisk - ok
20:56:27.0705 0x1410  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:56:27.0707 0x1410  sffp_mmc - ok
20:56:27.0715 0x1410  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:56:27.0716 0x1410  sffp_sd - ok
20:56:27.0724 0x1410  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
20:56:27.0726 0x1410  sfloppy - ok
20:56:27.0748 0x1410  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:56:27.0751 0x1410  SharedAccess - ok
20:56:27.0787 0x1410  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:56:27.0791 0x1410  ShellHWDetection - ok
20:56:27.0813 0x1410  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:56:27.0814 0x1410  SiSRaid2 - ok
20:56:27.0831 0x1410  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
20:56:27.0833 0x1410  SiSRaid4 - ok
20:56:27.0955 0x1410  [ AE40D1BC6FB02A5625516AD74CA9A309 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
20:56:28.0016 0x1410  Skype C2C Service - ok
20:56:28.0068 0x1410  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
20:56:28.0073 0x1410  SkypeUpdate - ok
20:56:28.0095 0x1410  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:56:28.0099 0x1410  Smb - ok
20:56:28.0139 0x1410  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:56:28.0141 0x1410  SNMPTRAP - ok
20:56:28.0149 0x1410  SNP2STD - ok
20:56:28.0166 0x1410  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:56:28.0166 0x1410  spldr - ok
20:56:28.0207 0x1410  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
20:56:28.0219 0x1410  Spooler - ok
20:56:28.0339 0x1410  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
20:56:28.0363 0x1410  sppsvc - ok
20:56:28.0380 0x1410  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:56:28.0382 0x1410  sppuinotify - ok
20:56:28.0417 0x1410  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:56:28.0419 0x1410  srv - ok
20:56:28.0431 0x1410  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:56:28.0433 0x1410  srv2 - ok
20:56:28.0445 0x1410  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:56:28.0446 0x1410  srvnet - ok
20:56:28.0460 0x1410  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:56:28.0462 0x1410  SSDPSRV - ok
20:56:28.0482 0x1410  [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys
20:56:28.0484 0x1410  SSPORT - ok
20:56:28.0496 0x1410  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:56:28.0497 0x1410  SstpSvc - ok
20:56:28.0553 0x1410  [ 9E1380328C39D661E085B24D6A6E044E ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
20:56:28.0565 0x1410  Steam Client Service - ok
20:56:28.0620 0x1410  [ 81F177C1954453AF407604160BD149CB ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
20:56:28.0628 0x1410  Stereo Service - ok
20:56:28.0647 0x1410  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
20:56:28.0648 0x1410  stexstor - ok
20:56:28.0703 0x1410  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
20:56:28.0716 0x1410  stisvc - ok
20:56:28.0757 0x1410  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
20:56:28.0760 0x1410  storflt - ok
20:56:28.0808 0x1410  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
20:56:28.0811 0x1410  storvsc - ok
20:56:28.0830 0x1410  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
20:56:28.0832 0x1410  swenum - ok
20:56:28.0866 0x1410  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
20:56:28.0871 0x1410  swprv - ok
20:56:28.0875 0x1410  Synth3dVsc - ok
20:56:28.0956 0x1410  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
20:56:28.0969 0x1410  SysMain - ok
20:56:29.0004 0x1410  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:56:29.0007 0x1410  TabletInputService - ok
20:56:29.0027 0x1410  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:56:29.0031 0x1410  TapiSrv - ok
20:56:29.0037 0x1410  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
20:56:29.0039 0x1410  TBS - ok
20:56:29.0100 0x1410  [ 6B9A19D78D79B5C6FB5BB7A2EFE22485 ] tbService       C:\Users\wangrui.alan\AppData\Roaming\taobaoK\tb.dll
20:56:29.0103 0x1410  tbService - ok
20:56:29.0153 0x1410  [ DB74544B75566C974815E79A62433F29 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:56:29.0166 0x1410  Tcpip - ok
20:56:29.0233 0x1410  [ DB74544B75566C974815E79A62433F29 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:56:29.0248 0x1410  TCPIP6 - ok
20:56:29.0282 0x1410  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:56:29.0283 0x1410  tcpipreg - ok
20:56:29.0299 0x1410  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:56:29.0299 0x1410  TDPIPE - ok
20:56:29.0327 0x1410  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:56:29.0328 0x1410  TDTCP - ok
20:56:29.0372 0x1410  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:56:29.0373 0x1410  tdx - ok
20:56:29.0407 0x1410  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
20:56:29.0409 0x1410  TermDD - ok
20:56:29.0438 0x1410  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
20:56:29.0444 0x1410  TermService - ok
20:56:29.0474 0x1410  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
20:56:29.0476 0x1410  Themes - ok
20:56:29.0495 0x1410  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
20:56:29.0497 0x1410  THREADORDER - ok
20:56:29.0512 0x1410  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
20:56:29.0514 0x1410  TrkWks - ok
20:56:29.0562 0x1410  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:56:29.0564 0x1410  TrustedInstaller - ok
20:56:29.0590 0x1410  [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:56:29.0591 0x1410  tssecsrv - ok
20:56:29.0622 0x1410  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:56:29.0623 0x1410  TsUsbFlt - ok
20:56:29.0627 0x1410  tsusbhub - ok
20:56:29.0668 0x1410  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:56:29.0670 0x1410  tunnel - ok
20:56:29.0688 0x1410  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
20:56:29.0690 0x1410  uagp35 - ok
20:56:29.0726 0x1410  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:56:29.0729 0x1410  udfs - ok
20:56:29.0755 0x1410  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:56:29.0758 0x1410  UI0Detect - ok
20:56:29.0797 0x1410  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:56:29.0799 0x1410  uliagpkx - ok
20:56:29.0834 0x1410  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
20:56:29.0836 0x1410  umbus - ok
20:56:29.0848 0x1410  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
20:56:29.0850 0x1410  UmPass - ok
20:56:29.0891 0x1410  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
20:56:29.0894 0x1410  UmRdpService - ok
20:56:29.0913 0x1410  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
20:56:29.0917 0x1410  upnphost - ok
20:56:29.0949 0x1410  [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
20:56:29.0951 0x1410  USBAAPL64 - ok
20:56:29.0983 0x1410  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
20:56:29.0985 0x1410  usbaudio - ok
20:56:30.0013 0x1410  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:56:30.0015 0x1410  usbccgp - ok
20:56:30.0035 0x1410  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:56:30.0037 0x1410  usbcir - ok
20:56:30.0052 0x1410  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
20:56:30.0054 0x1410  usbehci - ok
20:56:30.0098 0x1410  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:56:30.0103 0x1410  usbhub - ok
20:56:30.0114 0x1410  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
20:56:30.0116 0x1410  usbohci - ok
20:56:30.0143 0x1410  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:56:30.0144 0x1410  usbprint - ok
20:56:30.0186 0x1410  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
20:56:30.0188 0x1410  usbscan - ok
20:56:30.0202 0x1410  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:56:30.0204 0x1410  USBSTOR - ok
20:56:30.0213 0x1410  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:56:30.0215 0x1410  usbuhci - ok
20:56:30.0230 0x1410  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
20:56:30.0233 0x1410  UxSms - ok
20:56:30.0239 0x1410  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
20:56:30.0241 0x1410  VaultSvc - ok
20:56:30.0275 0x1410  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:56:30.0276 0x1410  vdrvroot - ok
20:56:30.0307 0x1410  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
20:56:30.0312 0x1410  vds - ok
20:56:30.0332 0x1410  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:56:30.0334 0x1410  vga - ok
20:56:30.0339 0x1410  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:56:30.0340 0x1410  VgaSave - ok
20:56:30.0344 0x1410  VGPU - ok
20:56:30.0377 0x1410  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:56:30.0381 0x1410  vhdmp - ok
20:56:30.0433 0x1410  [ 906A7C6B6659A650648CF21998270945 ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
20:56:30.0459 0x1410  VIAHdAudAddService - ok
20:56:30.0485 0x1410  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:56:30.0487 0x1410  viaide - ok
20:56:30.0525 0x1410  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
20:56:30.0531 0x1410  vmbus - ok
20:56:30.0553 0x1410  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
20:56:30.0556 0x1410  VMBusHID - ok
20:56:30.0572 0x1410  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:56:30.0574 0x1410  volmgr - ok
20:56:30.0611 0x1410  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:56:30.0616 0x1410  volmgrx - ok
20:56:30.0630 0x1410  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:56:30.0634 0x1410  volsnap - ok
20:56:30.0669 0x1410  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
20:56:30.0672 0x1410  vsmraid - ok
20:56:30.0738 0x1410  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
20:56:30.0757 0x1410  VSS - ok
20:56:30.0770 0x1410  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
20:56:30.0771 0x1410  vwifibus - ok
20:56:30.0793 0x1410  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
20:56:30.0797 0x1410  W32Time - ok
20:56:30.0834 0x1410  [ FDA15A0510F84FA46452B74529147A15 ] WacHidRouter    C:\Windows\system32\DRIVERS\wachidrouter.sys
20:56:30.0836 0x1410  WacHidRouter - ok
20:56:30.0845 0x1410  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
20:56:30.0848 0x1410  WacomPen - ok
20:56:30.0859 0x1410  [ EABFDBDC9BEDD325F260A3A9FEE5B3F9 ] wacomrouterfilter C:\Windows\system32\DRIVERS\wacomrouterfilter.sys
20:56:30.0861 0x1410  wacomrouterfilter - ok
20:56:30.0909 0x1410  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:56:30.0910 0x1410  WANARP - ok
20:56:30.0915 0x1410  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:56:30.0916 0x1410  Wanarpv6 - ok
20:56:30.0963 0x1410  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
20:56:30.0989 0x1410  WatAdminSvc - ok
20:56:31.0052 0x1410  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
20:56:31.0085 0x1410  wbengine - ok
20:56:31.0117 0x1410  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:56:31.0121 0x1410  WbioSrvc - ok
20:56:31.0164 0x1410  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:56:31.0174 0x1410  wcncsvc - ok
20:56:31.0189 0x1410  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:56:31.0192 0x1410  WcsPlugInService - ok
20:56:31.0214 0x1410  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
20:56:31.0215 0x1410  Wd - ok
20:56:31.0261 0x1410  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:56:31.0266 0x1410  Wdf01000 - ok
20:56:31.0283 0x1410  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:56:31.0286 0x1410  WdiServiceHost - ok
20:56:31.0291 0x1410  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:56:31.0294 0x1410  WdiSystemHost - ok
20:56:31.0342 0x1410  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
20:56:31.0350 0x1410  WebClient - ok
20:56:31.0365 0x1410  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:56:31.0371 0x1410  Wecsvc - ok
20:56:31.0389 0x1410  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:56:31.0392 0x1410  wercplsupport - ok
20:56:31.0410 0x1410  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:56:31.0413 0x1410  WerSvc - ok
20:56:31.0443 0x1410  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:56:31.0444 0x1410  WfpLwf - ok
20:56:31.0455 0x1410  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:56:31.0455 0x1410  WIMMount - ok
20:56:31.0468 0x1410  WinDefend - ok
20:56:31.0476 0x1410  WinHttpAutoProxySvc - ok
20:56:31.0516 0x1410  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:56:31.0520 0x1410  Winmgmt - ok
20:56:31.0603 0x1410  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
20:56:31.0620 0x1410  WinRM - ok
20:56:31.0676 0x1410  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:56:31.0678 0x1410  WinUsb - ok
20:56:31.0707 0x1410  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:56:31.0712 0x1410  Wlansvc - ok
20:56:31.0758 0x1410  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:56:31.0761 0x1410  wlcrasvc - ok
20:56:31.0851 0x1410  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:56:31.0892 0x1410  wlidsvc - ok
20:56:31.0927 0x1410  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:56:31.0929 0x1410  WmiAcpi - ok
20:56:31.0955 0x1410  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:56:31.0956 0x1410  wmiApSrv - ok
20:56:31.0966 0x1410  WMPNetworkSvc - ok
20:56:31.0983 0x1410  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:56:31.0987 0x1410  WPCSvc - ok
20:56:32.0016 0x1410  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:56:32.0019 0x1410  WPDBusEnum - ok
20:56:32.0040 0x1410  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:56:32.0041 0x1410  ws2ifsl - ok
20:56:32.0055 0x1410  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
20:56:32.0057 0x1410  wscsvc - ok
20:56:32.0061 0x1410  WSearch - ok
20:56:32.0143 0x1410  [ FF3F745A22B0C9C2EF1600762E8858A1 ] WTabletServiceCon C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
20:56:32.0155 0x1410  WTabletServiceCon - ok
20:56:32.0248 0x1410  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:56:32.0276 0x1410  wuauserv - ok
20:56:32.0309 0x1410  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:56:32.0311 0x1410  WudfPf - ok
20:56:32.0340 0x1410  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:56:32.0346 0x1410  WUDFRd - ok
20:56:32.0361 0x1410  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:56:32.0365 0x1410  wudfsvc - ok
20:56:32.0398 0x1410  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:56:32.0402 0x1410  WwanSvc - ok
20:56:32.0420 0x1410  ================ Scan global ===============================
20:56:32.0438 0x1410  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:56:32.0473 0x1410  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:56:32.0479 0x1410  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
20:56:32.0495 0x1410  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:56:32.0519 0x1410  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:56:32.0521 0x1410  [Global] - ok
20:56:32.0522 0x1410  ================ Scan MBR ==================================
20:56:32.0530 0x1410  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:56:32.0727 0x1410  \Device\Harddisk0\DR0 - ok
20:56:32.0729 0x1410  ================ Scan VBR ==================================
20:56:32.0762 0x1410  [ A58140FFD8A25157638E6E74EB283618 ] \Device\Harddisk0\DR0\Partition1
20:56:32.0766 0x1410  \Device\Harddisk0\DR0\Partition1 - ok
20:56:32.0781 0x1410  [ 46FF46C75E23139243B79BBF3250F86B ] \Device\Harddisk0\DR0\Partition2
20:56:32.0783 0x1410  \Device\Harddisk0\DR0\Partition2 - ok
20:56:32.0799 0x1410  [ 5F75AF8873F1349113117C27C4DB1E6D ] \Device\Harddisk0\DR0\Partition3
20:56:32.0801 0x1410  \Device\Harddisk0\DR0\Partition3 - ok
20:56:32.0802 0x1410  ============================================================
20:56:32.0802 0x1410  Scan finished
20:56:32.0802 0x1410  ============================================================
20:56:32.0814 0x112c  Detected object count: 0
20:56:32.0814 0x112c  Actual detected object count: 0
21:00:33.0714 0x0f18  Deinitialize success


#11 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:08 AM

Posted 17 August 2013 - 11:40 PM

Hi - Sorry I was a bit slow with my answer, as I have been on the road for 2 days .....

This line was the most important one and shows All Clear -
20:56:32.0814 0x112c  Detected object count: 0

 

Your system has no major infections, and no Rootkits that I can remove now -

Win32/OpenCandy / and riched20.dll Win32/Toolbar.MyWebSearch

are both minor ifections that have been cleaned -

 

Keep and Update and Run your Malwarebytes Anti-Malware Free (aka MBAM) and your SUPERAntiSpyware Free (aka SAS) every week, in Normal Mode to keep these infections away, and do a Full scan with your Antivirus every week to be sure these problems do not occur -

If you wish more detailed help, I can give you a link to preparation for help from the Experts forum area, but if the problem is no longer a concern, please leave it for a few days and only post back if this becomes worse -

 

 

Please download TFC, or Temp File Cleaner from Old Timer
Usage Instructions:

  • Download TFC from the download link above and save the file on your desktop.
  • Close ALL running applications as TFC will terminate them before attempting to clean up the temporary files.
  • Double-click on the TFC icon.
  • When the program opens, click on the Start button.  TFC will terminate the Explorer process and all running applications and then begin the process of cleaning out all of your temp folders.
  • When done, press OK to reboot your computer and finish the cleanup.

Note: Depending on how much data is currently stored in the Temp folders, this process can take quite a while to remove all of the files, so please be patient.

This will only remove older Junk / Temp files that waste space and are not required, run every few days -

 

Right Click and Delete any old reports on your desktop, and any other old downloaded programs we used. Keep TFC / MBAM / SAS and your antivirus (ESET will just go to programs and features and can stay there) -

If I missed any, please ask me and I will give a removal -

 

Thanks -



#12 Mythilas

Mythilas
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Australia
  • Local time:04:08 AM

Posted 19 August 2013 - 02:35 AM

I ran TFC

 

Thanks for the help. :D



#13 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:08 AM

Posted 19 August 2013 - 05:05 AM

The topic will stay on my watch for a few days, so post here if this issue bleepinues

But if you have other Unrelated problems, please start a new topic -

 

Thanks -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users