1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Started as redirect, now system very unstable

Discussion in 'Virus & Other Malware Removal' started by Franknj229, Jan 14, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. Franknj229

    Franknj229 Thread Starter

    Joined:
    Sep 21, 2009
    Messages:
    88
    My logs are below, but here is the background:
    I use a Virtual Machine running Ubuntu for most of my internet use and in 4 years I have not had any issues with Malware/Spyware that I am aware of, but my girlfriend recently started using my computer for Facebook and free-tv-show websites. Hasn't been a problem so far but started getting Google redirects out of nowhere a few days ago.

    Did a system restore to a point 2 weeks ago (just to be safe) and the system became very unstable. If I try to do more than 1 thing at a time, I crash to a blue screen that basically says, "Windows is shutting down to avoid damaging itself further." It does a quick crash dump and then restarts. Tried undoing the restore, but nothing changed.

    Upon start up, I get several pop-up messages, including: "Host Process for Windows Services stopped working and was closed" - "Google Installer stopped working and was closed" - "McAfee HTML UI Container stopped working and was closed" - Microsoft Resource File To COFF Object Conversion Utility has stopped working" - "Visual C# Command Line Compiler has stopped working" - Host Process for Windows Services stopped working and was closed" - "COM Surrogate has stopped working" - "GetODDModel has stopped working"

    And finally, the most annoying one, because it keeps popping up every few minutes even though I have uninstalled it: "RealPlayer has stopped working".

    Microsoft Support wants to charge me $99 just to tell me to do a full system restore. Is there anything I can try before that?

    Thank you for any advice. Here are my logs:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:46:17 PM, on 1/14/2013
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal
    Running processes:
    c:\PROGRA~2\mcafee.com\agent\mcagent.exe
    C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
    C:\Program Files (x86)\RivaTuner v2.24\RivaTunerWrapper.exe
    C:\Program Files (x86)\Steam\Video Games\steam.exe
    C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe
    C:\Users\Franknj229\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files\ASUS\TurboV\TurboV.exe
    C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
    C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
    C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
    C:\Program Files (x86)\Ask.com\Updater\Updater.exe
    C:\Program Files (x86)\Acer Display\eDisplay Management\DTHtml.exe
    C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files (x86)\QuickTime\QTTask.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Users\Franknj229\AppData\Local\Microsoft\Windows Sidebar\Gadgets\GPUMonitor[1].gadget\GPUMonitor.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\Franknj229\Desktop\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O4 - HKLM\..\Run: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe"
    O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\lgfw.exe" blrun
    O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe"
    O4 - HKLM\..\Run: [DT ACR] "C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" -ACR
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
    O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    O4 - HKLM\..\Run: [CanonSolutionMenuEx] "C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" /logon
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\video games\steam.exe" -silent
    O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    O4 - HKCU\..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
    O4 - HKCU\..\Run: [Apple Computer] rundll32 "C:\Users\Franknj229\AppData\Local\Apps\Apple Computer\thasashz.dll",DllRegisterServerW
    O4 - Startup: GameStop Now.lnk = C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe
    O4 - Startup: MLB.TV NexDef Plug-in.lnk = C:\Users\Franknj229\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB
    O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} (System Requirements Lab) - http://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://cam4231246.viewnetcam.com:5001/bl_camera.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {EAEFAD15-8753-45EF-94B0-1BAA7970CC21} (pmpeg4cam Class) - http://barkatl9991.viewnetcam.com:5007/MpegInst.cab
    O16 - DPF: {F3D4C08D-3616-43F0-9E29-44C749B0664B} (pmjpegcam Class) - http://cam8997481.viewnetcam.com:5009/JpegInst.cab
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
    O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    --
    End of file - 14345 bytes


    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.7.2
    Run by Franknj229 at 13:48:55 on 2013-01-14
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6134.2087 [GMT -5:00]
    .
    AV: McAfee VirusScan *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\AEADISRV.EXE
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
    c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
    C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    \\.\globalroot\systemroot\svchost.exe -netsvcs
    C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~2\mcafee.com\agent\mcagent.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\ASUS\Six Engine\SixEngine.exe
    C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
    C:\Program Files (x86)\RivaTuner v2.24\RivaTunerWrapper.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Steam\Video Games\steam.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Users\Franknj229\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files\ASUS\TurboV\TurboV.exe
    C:\Windows\system32\consent.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files (x86)\Portrait Displays\Pivot Software\wpCtrl.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
    C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
    C:\Program Files (x86)\Ask.com\Updater\Updater.exe
    C:\Program Files (x86)\Acer Display\eDisplay Management\DTHtml.exe
    C:\Program Files (x86)\Portrait Displays\Pivot Software\floater.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files (x86)\QuickTime\QTTask.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\RivaTuner v2.24\RivaTuner.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\splwow64.exe
    C:\Users\Franknj229\AppData\Local\Microsoft\Windows Sidebar\Gadgets\GPUMonitor[1].gadget\GPUMonitor.exe
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe
    C:\Program Files\Oracle\VirtualBox\VirtualBox.exe
    "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://news.yahoo.com/
    uSearch Bar = Preserve
    mWinlogon: Userinit = userinit.exe
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
    BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
    TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [Steam] "c:\program files (x86)\steam\video games\steam.exe" -silent
    uRun: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
    uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
    uRun: [Apple Computer] rundll32 "C:\Users\Franknj229\AppData\Local\Apps\Apple Computer\thasashz.dll",DllRegisterServerW
    mRun: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe"
    mRun: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\lgfw.exe" blrun
    mRun: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe"
    mRun: [DT ACR] "C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" -ACR
    mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    mRun: [mcagent_exe] "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey
    mRun: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
    mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [CanonSolutionMenuEx] "C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" /logon
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    StartupFolder: C:\Users\FRANKN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMEST~1.LNK - C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe
    StartupFolder: C:\Users\FRANKN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MLBTVN~1.LNK - C:\Users\Franknj229\AppData\Local\Autobahn\mlb-nexdef-autobahn.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
    IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
    LSP: mswsock.dll
    DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB
    DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/common/asusTek_sys_ctrl.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
    DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
    DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} - hxxp://cam4231246.viewnetcam.com:5001/bl_camera.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {EAEFAD15-8753-45EF-94B0-1BAA7970CC21} - hxxp://barkatl9991.viewnetcam.com:5007/MpegInst.cab
    DPF: {F3D4C08D-3616-43F0-9E29-44C749B0664B} - hxxp://cam8997481.viewnetcam.com:5009/JpegInst.cab
    TCP: NameServer = 208.59.247.45 208.59.247.46
    TCP: Interfaces\{55733108-CDE5-453C-BA75-9CAFD17B0FEC} : DHCPNameServer = 208.59.247.45 208.59.247.46
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-Run: [SoundMAX] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe" /tray
    x64-Run: [RivaTuner] "C:\Program Files (x86)\RivaTuner v2.24\RivaTunerWrapper.exe" /T
    x64-Run: [RivaTunerStartupDaemon] "C:\Program Files (x86)\RivaTuner v2.24\RivaTunerWrapper.exe" /S
    x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    x64-mPolicies-Explorer: NoActiveDesktop = dword:1
    x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    x64-mPolicies-System: EnableUIADesktopToggle = dword:0
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mv61xx;mv61xx;C:\Windows\System32\drivers\mv61xx.sys [2008-6-23 173096]
    R0 mv64xx;mv64xx;C:\Windows\System32\drivers\mv64xx.sys [2009-4-1 316456]
    R1 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2009-11-6 308296]
    R1 VBoxDrv;VirtualBox Service;C:\Windows\System32\drivers\VBoxDrv.sys [2012-12-2 237400]
    R1 VBoxUSBMon;VirtualBox USB Monitor Driver;C:\Windows\System32\drivers\VBoxUSBMon.sys [2012-12-2 119640]
    R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe [2008-8-15 86016]
    R2 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-27 25832]
    R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
    R2 McProxy;McAfee Proxy Service;C:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-11-6 359952]
    R2 McShield;McAfee Real-time Scanner;C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-11-6 155456]
    R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2009-4-1 90112]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
    R3 McSysmon;McAfee SystemGuards;C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe [2009-11-6 606736]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2009-11-6 102472]
    R3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\System32\drivers\mfesmfk.sys [2009-11-6 49480]
    R3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24\RivaTuner64.sys [2009-2-25 19952]
    R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;C:\Windows\System32\drivers\VBoxNetAdp.sys [2012-10-26 131416]
    R3 VBoxNetFlt;VirtualBox Bridged Networking Service;C:\Windows\System32\drivers\VBoxNetFlt.sys [2012-10-26 146264]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\System32\drivers\mferkdk.sys [2009-11-6 40904]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
    S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2011-12-19 117040]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-8-1 89920]
    .
    =============== File Associations ===============
    .
    FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2013-01-08 22:52:18 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-08 22:52:18 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-12-16 13:31:20 48128 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 13:12:54 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-16 11:08:21 368128 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 10:50:29 293376 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-14 02:22:06 67413224 ----a-w- C:\Windows\System32\mrt.exe
    2012-11-14 07:06:18 17811968 ----a-w- C:\Windows\System32\mshtml.dll
    2012-11-14 06:32:33 10925568 ----a-w- C:\Windows\System32\ieframe.dll
    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:44 1346048 ----a-w- C:\Windows\System32\urlmon.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-14 06:02:04 237056 ----a-w- C:\Windows\System32\url.dll
    2012-11-14 05:59:52 85504 ----a-w- C:\Windows\System32\jsproxy.dll
    2012-11-14 05:58:36 816640 ----a-w- C:\Windows\System32\jscript.dll
    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-14 05:55:45 2144768 ----a-w- C:\Windows\System32\iertutil.dll
    2012-11-14 05:55:26 729088 ----a-w- C:\Windows\System32\msfeeds.dll
    2012-11-14 05:53:22 96768 ----a-w- C:\Windows\System32\mshtmled.dll
    2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-14 05:46:25 248320 ----a-w- C:\Windows\System32\ieui.dll
    2012-11-14 02:48:26 12320256 ----a-w- C:\Windows\SysWow64\mshtml.dll
    2012-11-14 02:14:59 9738240 ----a-w- C:\Windows\SysWow64\ieframe.dll
    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:44 1103872 ----a-w- C:\Windows\SysWow64\urlmon.dll
    2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:55:46 231936 ----a-w- C:\Windows\SysWow64\url.dll
    2012-11-14 01:51:44 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-11-14 01:49:19 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
    2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-11-14 01:47:20 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
    2012-11-14 01:46:38 1793024 ----a-w- C:\Windows\SysWow64\iertutil.dll
    2012-11-14 01:45:01 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-11-14 01:41:30 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
    2012-11-13 01:55:22 2770432 ----a-w- C:\Windows\System32\win32k.sys
    2012-11-13 01:45:48 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-11-13 01:29:51 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-11-02 10:45:52 477696 ----a-w- C:\Windows\System32\dpnet.dll
    2012-11-02 10:45:51 68096 ----a-w- C:\Windows\System32\dpnathlp.dll
    2012-11-02 10:18:17 376320 ----a-w- C:\Windows\SysWow64\dpnet.dll
    2012-11-02 08:59:56 26112 ----a-w- C:\Windows\System32\dpnsvr.exe
    2012-11-02 08:26:06 23040 ----a-w- C:\Windows\SysWow64\dpnsvr.exe
    2012-10-27 00:01:18 237400 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
    2012-10-27 00:00:50 131416 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
    2012-10-26 23:59:44 203608 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll
    2012-10-26 23:59:44 146264 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
    2012-10-26 23:59:44 119640 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
    2012-10-25 08:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2012-10-25 08:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2012-10-24 03:20:47 198864 ----a-w- C:\Windows\SysWow64\rmoc3260.dll
    2012-10-24 03:20:40 6656 ----a-w- C:\Windows\SysWow64\pndx5016.dll
    2012-10-24 03:20:40 5632 ----a-w- C:\Windows\SysWow64\pndx5032.dll
    .
    ============= FINISH: 13:49:36.38 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 4/1/2009 2:47:45 AM
    System Uptime: 1/14/2013 11:47:41 AM (2 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P6T6 WS REVOLUTION
    Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | LGA1366 | 2668/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 932 GiB total, 469.515 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 932 GiB total, 476.259 GiB free.
    F: is FIXED (NTFS) - 596 GiB total, 484.797 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    AA3Deploy
    Acer eDisplay Management
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.4)
    Adobe Shockwave Player 11.6
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ask Toolbar
    Battlefield 1942™
    Bonjour
    BovadaPoker
    Canon Easy-PhotoPrint EX
    Canon MP Navigator EX 4.0
    Canon MP495 series MP Drivers
    Canon MP495 series User Registration
    Canon My Printer
    Canon Solution Menu EX
    Creation Kit
    CyberLink DVD Suite
    Download Manager 2.3.10
    Dragon Age DLC Service
    Dragon Age II
    Dragon Age Origins - Ultimate Edition
    Dragon Age: Origins
    EA Installer
    EA Shared Game Component: Activation
    EPU-6 Engine
    EVGA Precision 1.4.0
    Express Gate
    Fraps
    GameStop App
    Garmin Communicator Plugin
    Garmin POI Loader
    Garmin USB Drivers
    Google Chrome
    Google Earth Plug-in
    Google Update Helper
    HGTV Instant Makeover Workshop
    Host OpenAL (ADI)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    iCloud
    Intel(R) Processor ID Utility
    iTunes
    Java 7 Update 7
    Java Auto Updater
    Java(TM) 6 Update 7
    JavaFX 2.1.1
    Left 4 Dead
    Left 4 Dead 2 Demo
    LG ODD Auto Firmware Update
    marvell 61xx
    McAfee SecurityCenter
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656370)
    Microsoft .NET Framework 1.1 Security Update (KB2698023)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Default Manager
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft UI Engine
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Move Media Player
    MSN Toolbar
    MSN Toolbar Platform
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 7 Essentials
    neroxml
    NVIDIA 3D Vision Controller Driver 306.97
    NVIDIA 3D Vision Driver 306.97
    NVIDIA Control Panel 306.97
    NVIDIA Graphics Driver 306.97
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.0604
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.10.8
    NVIDIA Update Components
    OpenOffice.org 3.2
    Oracle VM VirtualBox 4.2.4
    Origin
    Overhead Door Configurator
    Peggle Extreme
    Pivot Software
    PokerStars
    Portal
    PunkBuster Services
    Puzzle Agent
    PVSonyDll
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    Realtek 8169 8168 8101E 8102E Ethernet Driver
    RealUpgrade 1.1
    RivaTuner v2.24
    SDK
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    SoundMAX
    Steam
    swMSM
    System Requirements Lab
    The Elder Scrolls V: Skyrim
    TurboV
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Vista Codec Package
    Visual C++ 8.0 Runtime Setup Package (x64)
    Visual Studio C++ 10.0 Runtime
    VLC media player 1.0.3
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
    Windows Live ID Sign-in Assistant
    WinRAR archiver
    x64 Components v2.1.1
    .
    ==== End Of File ===========================


    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-14 14:10:55
    Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1001FALS-00J7B0 rev.05.00K05 931.51GB
    Running: 00bsdxb5.exe; Driver: C:\Users\FRANKN~1\AppData\Local\Temp\axlyykoc.sys

    ---- Disk sectors - GMER 2.0 ----
    Disk \Device\Harddisk0\DR0 sector 0: rootkit-like behavior
    ---- Devices - GMER 2.0 ----
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 ð¹A
    ---- Threads - GMER 2.0 ----
    Thread C:\Windows\system32\svchost.exe [360:3504] 0000000000781808
    Thread C:\Windows\system32\svchost.exe [360:3508] 0000000000f24960
    Thread C:\Windows\system32\svchost.exe [360:3512] 0000000000f24430
    Thread C:\Windows\system32\svchost.exe [360:3516] 0000000000f28c50
    Thread C:\Windows\system32\svchost.exe [360:3520] 0000000000f24060
    Thread c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe [1156:748] 00000000754df36f
    Thread c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe [1156:2056] 000000006031ffe0
    Thread c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe [1156:2212] 000000006453fa00
    Thread c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe [1156:2216] 000000006453fa00
    Thread c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe [1156:2220] 000000006453fa00
    Thread c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe [1156:2224] 0000000064644310
    Thread c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe [1156:2240] 0000000074e357e9
    Thread c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe [1156:2300] 0000000064201910
    Thread c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe [1156:3636] 0000000075193402
    Thread C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [1776:3040] 0000000066241ad0
    Thread C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [1776:3044] 0000000066241ad0
    Thread C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [1776:3048] 0000000066241ad0
    Thread C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [1776:3052] 0000000066241ad0
    Thread C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [1776:3056] 0000000066241ad0
    Thread C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [1776:3060] 0000000066241ad0
    Thread C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [1776:3064] 0000000066241ad0
    Thread C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [1776:3068] 0000000066241ad0
    Thread C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [1776:620] 0000000066241ad0
    Thread C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [1776:2140] 0000000066241ad0
    Thread C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [1776:2184] 0000000066241ad0
    Thread C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [1776:2084] 0000000066241ad0
    Thread C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [1776:2264] 0000000066241ad0
    Thread C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [1776:2268] 0000000066241ad0
    Thread C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [1776:2304] 0000000066241ad0
    Thread C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [1776:2336] 0000000066241ad0
    Thread C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [1776:2360] 0000000066241ad0
    Thread C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [1776:2388] 0000000066241ad0
    Thread C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [1776:2440] 0000000066241ad0
    Thread C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [1776:2460] 0000000066241ad0
    Thread C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [1776:2488] 0000000066241ad0
    Thread C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [1776:2560] 0000000066241ad0
    Thread C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [1776:2564] 0000000066241ad0
    Thread C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [1776:2004] 0000000066241ad0
    Thread C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [1776:2756] 0000000066241ad0
    Thread C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [1776:2752] 0000000066241ad0
    Thread C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [1776:2848] 0000000066241ad0
    Thread C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [1776:2852] 0000000066241ad0
    Thread C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [1776:1472] 0000000066241ad0
    Thread C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [1776:2896] 0000000066241ad0
    Thread C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [1776:1836] 0000000066241ad0
    Thread C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [1776:3032] 0000000066241ad0
    Thread C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe [2068:2332] 0000000063469b7c
    Thread C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe [2736:2760] 00000000754df36f
    Thread C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe [2736:4048] 0000000074e357e9
    Thread C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe [2736:3756] 0000000075193402
    Thread C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe [2736:3464] 0000000074e357e9
    Thread C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe [2736:7404] 0000000075193402
    Thread C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe [3904:3988] 0000000066241850
    Thread C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe [3904:3992] 0000000066241850
    Thread C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe [3904:3996] 0000000066241850
    Thread C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe [3904:4000] 0000000066241850
    Thread c:\PROGRA~2\mcafee.com\agent\mcagent.exe [4440:5092] 0000000075193402
    Thread C:\Program Files (x86)\Steam\Video Games\steam.exe [4800:4132] 0000000073266488
    Thread C:\Program Files (x86)\Steam\Video Games\steam.exe [4800:6956] 00000000301a81a4
    Thread C:\Program Files (x86)\Steam\Video Games\steam.exe [4800:1664] 00000000301a81a4
    Thread C:\Program Files (x86)\Steam\Video Games\steam.exe [4800:7000] 00000000301a81a4
    Thread C:\Program Files (x86)\Steam\Video Games\steam.exe [4800:6756] 00000000301a81a4
    Thread C:\Program Files (x86)\Steam\Video Games\steam.exe [4800:6332] 00000000301a81a4
    Thread C:\Program Files (x86)\Steam\Video Games\steam.exe [4800:6208] 0000000069c30540
    Thread C:\Program Files (x86)\Steam\Video Games\steam.exe [4800:5848] 000000006349a510
    Thread C:\Program Files (x86)\Steam\Video Games\steam.exe [4800:6832] 0000000063ca28ad
    Thread C:\Program Files (x86)\Steam\Video Games\steam.exe [4800:6280] 000000007715dd19
    Thread C:\Program Files (x86)\Steam\Video Games\steam.exe [4800:6252] 00000000771e810d
    Thread C:\Program Files (x86)\Steam\Video Games\steam.exe [4800:1080] 000000006349a510
    Thread C:\Program Files (x86)\Steam\Video Games\steam.exe [4800:3376] 000000006349a510
    Thread C:\Program Files (x86)\Steam\Video Games\steam.exe [4800:6944] 000000006349a510
    Thread C:\Program Files (x86)\Steam\Video Games\steam.exe [4800:6864] 0000000069c30540
    Thread C:\Program Files (x86)\Steam\Video Games\steam.exe [4800:4116] 0000000069c30540
    Thread C:\Program Files (x86)\Steam\Video Games\steam.exe [4800:6964] 00000000380b5530
    Thread C:\Program Files (x86)\Steam\Video Games\steam.exe [4800:3684] 0000000072217e7e
    Thread C:\Program Files (x86)\Steam\Video Games\steam.exe [4800:6932] 0000000069c30540
    Thread C:\Program Files (x86)\Steam\Video Games\steam.exe [4800:5844] 0000000069c30540
    Thread C:\Program Files (x86)\Steam\Video Games\steam.exe [4800:3228] 0000000069c30540
    Thread C:\Program Files (x86)\Steam\Video Games\steam.exe [4800:1440] 0000000075193402
    Thread C:\Program Files (x86)\Steam\Video Games\steam.exe [4800:6996] 00000000301a81a4
    Thread C:\Program Files (x86)\Steam\Video Games\steam.exe [4800:3532] 00000000301a81a4
    Thread C:\Program Files (x86)\Steam\Video Games\steam.exe [4800:6180] 00000000301a81a4
    Thread C:\Program Files (x86)\Steam\Video Games\steam.exe [4800:352] 00000000301a81a4
    Thread C:\Program Files (x86)\Steam\Video Games\steam.exe [4800:5768] 00000000301a81a4
    Thread C:\Program Files (x86)\Steam\Video Games\steam.exe [4800:4868] 00000000301a81a4
    Thread C:\Program Files (x86)\Steam\Video Games\steam.exe [4800:6776] 00000000301a81a4
    Thread C:\Program Files (x86)\Steam\Video Games\steam.exe [4800:6492] 00000000301a81a4
    Thread C:\Program Files (x86)\Steam\Video Games\steam.exe [4800:6496] 00000000301a81a4
    Thread C:\Program Files (x86)\Steam\Video Games\steam.exe [4800:6500] 00000000301a81a4
    Thread C:\Program Files (x86)\Steam\Video Games\steam.exe [4800:6448] 00000000301a81a4
    Thread C:\Program Files (x86)\Steam\Video Games\steam.exe [4800:4944] 0000000069c30540
    Thread C:\Program Files (x86)\Steam\Video Games\steam.exe [4800:5344] 00000000301a81a4
    Thread C:\Program Files (x86)\Steam\Video Games\steam.exe [4800:6680] 00000000301a81a4
    Thread C:\Program Files (x86)\Steam\Video Games\steam.exe [4800:3700] 0000000069d4b420
    Thread C:\Program Files (x86)\Steam\Video Games\steam.exe [4800:4916] 0000000069c30540
    Thread C:\Program Files (x86)\Steam\Video Games\steam.exe [4800:5500] 00000000771db5ab
    Thread C:\Program Files (x86)\Steam\Video Games\steam.exe [4800:4260] 000000007715dd19
    Thread C:\Program Files (x86)\Steam\Video Games\steam.exe [4800:6584] 0000000075193402
    Thread [6432:6732] 0000000075193402
    Thread C:\Program Files (x86)\Internet Explorer\iexplore.exe [5972:4816] 00000000005cc920
    Thread C:\Program Files (x86)\Internet Explorer\iexplore.exe [5972:4032] 00000000005cb3e0
    Thread C:\Windows\SysWOW64\svchost.exe [5380:7616] 0000000071d47fa0
    Thread C:\Windows\SysWOW64\svchost.exe [5380:7328] 0000000071d47a80
    Thread C:\Windows\SysWOW64\svchost.exe [5380:8188] 0000000071d47a40
    ---- Processes - GMER 2.0 ----
    Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [328] 000007fefcbb0000
    Library c:\windows\system32\y (*** suspicious ***) @ C:\Windows\system32\svchost.exe [360] 0000033345670000
    Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\System32\spoolsv.exe [1620] 000007fefcbb0000
    Library ? (*** suspicious ***) @ c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe [1156] 0000000077120000
    Library ? (*** suspicious ***) @ C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [1776] 0000000062a00000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe [2068] 0000000062e00000
    Library ? (*** suspicious ***) @ C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe [2736] 0000000077120000
    Library \\.\globalroot\systemroot\svchost.exe (*** suspicious ***) @ \\.\globalroot\systemroot\svchost.exe [3284] 0000000000c00000
    Library ? (*** suspicious ***) @ C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe [3904] 0000000073620000
    Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe [4092] 0000000073260000
    Library ? (*** suspicious ***) @ c:\PROGRA~2\mcafee.com\agent\mcagent.exe [4440] 0000000077120000
    Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [5328] 000007fefcbb0000
    Library c:\windows\system32\y (*** suspicious ***) @ C:\Windows\Explorer.EXE [5328] 0000033345670000
    Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Program Files\Windows Sidebar\sidebar.exe [4760] 000007fefcbb0000
    Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe [6024] 0000000073260000
    Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [5488] 000007fefcbb0000
    Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [6388] 0000000073260000
    Library ? (*** suspicious ***) @ [6432] 0000000000950000
    Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\iTunes\iTunesHelper.exe [6480] 0000000073260000
    Library \\.\globalroot\systemroot\system32\mswsock.dll (*** suspicious ***) @ C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [2536] 000007fefcbb0000
    Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\iexplore.exe [5972] 0000000073260000
    Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\iexplore.exe [3976] 0000000073260000
    Library \\.\globalroot\systemroot\syswow64\mswsock.dll (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\iexplore.exe [6592] 0000000073260000
    ---- EOF - GMER 2.0 ----
     
  2. Franknj229

    Franknj229 Thread Starter

    Joined:
    Sep 21, 2009
    Messages:
    88
    Posted 3 days ago. No replies. Just bumping back to the top. I appreciate any help that can be offered.

    Thank you.

    *Update* I can get the computer to stay on (no blue screen crashes) and even get online, but only if I don't do more than one thing at a time. During boot up, I have to wait for every single pop-up warning (as listed in previous message) to clear one at a time and I don't do anything until at least a minute has passed with no new messages, or it will crash. Once I feel comfortable enough to tip-toe out onto the ice and open Internet Explorer, I can usually get around fine as long as I stay away from Google searches. Occassionally a new window will open up on its own with some ad, and I still get the "Real Player has stopped working" message every 10 minutes or so.
     
  3. Franknj229

    Franknj229 Thread Starter

    Joined:
    Sep 21, 2009
    Messages:
    88
    Still bumping.
     
  4. Franknj229

    Franknj229 Thread Starter

    Joined:
    Sep 21, 2009
    Messages:
    88
    Still bumping...

    Some new things I've noticed:
    -Can't access my inbox when trying to access my mail through Comcast.net
    -My girlfriend can't log into her school account (works on other computers)

    Could really use a hand here...
     
  5. Franknj229

    Franknj229 Thread Starter

    Joined:
    Sep 21, 2009
    Messages:
    88
    This will be my last bump, I promise. I am trying really hard to be patient. I know this site is run by volunteers and I really appreciate that you all are willing to help others without the promise of financial compensation.

    I'm frustrated because a post titled "999" has over 700 replies and has essentially turned into a chat-room, but my ACTUAL problem has not received a single response. Not even a "your call will be answered in the order it was received" to at least let me know it might eventually be looked at.

    The idea that maybe the lack of response is somehow my own fault has begun to occur to me. If I left something out of my initial post, or I inadvertatly committed some kind of message board faux pas, please let me know. It was not intentional. I thought I followed all the rules before posting and I waited over 48 hours with no response before bumping the first couple of times.

    If I don't hear anything by Friday I'm going to have to do a full system restore, which I REEEEEALLY don't want to do.

    Please let me know if I have any other options.

    Thank you for any help you can give me.

    -Frank
     
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,986
    Everyone here are volunteers and they may pass up certain threads in favour of others. There could be many reasons but it's certainly their perogative. So I'll try to help you out.

    Please go here and download the TDSSKiller.exe to your desktop.
    • Double-click to TDSSKiller.exe on your desktop to run it.
    • Click on Start Scan
    • As we don't want to fix anything yet, if any malicious objects are detected, do NOT select Cure but select Skip instead.
    It will produce a log once it finishes in the root drive which should look like this example:

    C:\TDSSKiller.<version_date_time>log.txt

    Please copy and paste the contents of that log in your next reply.
     
  7. Franknj229

    Franknj229 Thread Starter

    Joined:
    Sep 21, 2009
    Messages:
    88
    First, thank you very much for even getting back to me.

    Second, (so you have any and all information you need) when I didn't get a single response in over 2 weeks, I assumed the lack of response was your team's way of telling me the solution would be obvious if I just took the time to read some of the other similar posts. So a couple of days ago I ran Microsoft Security Essentials as suggested to another poster. It found 8 threats and was able to clean up 6. It then prompted me to download some offline removal software. (I think it was called Windows Defender Offline, or something similar) It had me create a CD and then boot from that CD. That program found 11 threats and claimed to have cleaned them all.

    I don't seem to be getting the google re-directs anymore and I can once again access my email through Comcast.net. I do, however, continue to get these popup messages that some random system has stopped working as I mentioned in my original post. The most common/annoying one is "Real Player has stopped working". This comes up every few minutes despite (as far as I can tell) being uninstalled.

    I'm afraid my problem is somehow related to Java, but that's a hunch and I don't know/understand why that would be a problem, but everytime I click "ok" to the popup about updating it, I get the crash.

    Here is the report from TDSSkiller: (Thanks again)

    12:12:07.0836 2356 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    12:12:08.0123 2356 ============================================================
    12:12:08.0123 2356 Current date / time: 2013/01/28 12:12:08.0123
    12:12:08.0123 2356 SystemInfo:
    12:12:08.0123 2356
    12:12:08.0123 2356 OS Version: 6.0.6002 ServicePack: 2.0
    12:12:08.0123 2356 Product type: Workstation
    12:12:08.0123 2356 ComputerName: FRANKNJ229-PC
    12:12:08.0124 2356 UserName: Franknj229
    12:12:08.0124 2356 Windows directory: C:\Windows
    12:12:08.0124 2356 System windows directory: C:\Windows
    12:12:08.0124 2356 Running under WOW64
    12:12:08.0124 2356 Processor architecture: Intel x64
    12:12:08.0124 2356 Number of processors: 8
    12:12:08.0124 2356 Page size: 0x1000
    12:12:08.0124 2356 Boot type: Normal boot
    12:12:08.0124 2356 ============================================================
    12:12:09.0114 2356 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    12:12:09.0129 2356 Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    12:12:09.0134 2356 ============================================================
    12:12:09.0134 2356 \Device\Harddisk0\DR0:
    12:12:09.0134 2356 MBR partitions:
    12:12:09.0134 2356 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
    12:12:09.0134 2356 \Device\Harddisk1\DR1:
    12:12:09.0134 2356 MBR partitions:
    12:12:09.0134 2356 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4A857000
    12:12:09.0134 2356 ============================================================
    12:12:09.0157 2356 C: <-> \Device\Harddisk0\DR0\Partition1
    12:12:09.0171 2356 F: <-> \Device\Harddisk1\DR1\Partition1
    12:12:09.0172 2356 ============================================================
    12:12:09.0172 2356 Initialize success
    12:12:09.0172 2356 ============================================================
    12:12:23.0072 5144 ============================================================
    12:12:23.0072 5144 Scan started
    12:12:23.0072 5144 Mode: Manual;
    12:12:23.0072 5144 ============================================================
    12:12:23.0457 5144 ================ Scan system memory ========================
    12:12:23.0457 5144 System memory - ok
    12:12:23.0457 5144 ================ Scan services =============================
    12:12:23.0549 5144 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
    12:12:23.0553 5144 ACPI - ok
    12:12:23.0581 5144 [ 59AA63B5DCC9B99C25ACC1BC5E9E6816 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys
    12:12:23.0586 5144 ADIHdAudAddService - ok
    12:12:23.0641 5144 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    12:12:23.0642 5144 AdobeARMservice - ok
    12:12:23.0724 5144 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    12:12:23.0725 5144 AdobeFlashPlayerUpdateSvc - ok
    12:12:23.0751 5144 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    12:12:23.0756 5144 adp94xx - ok
    12:12:23.0771 5144 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
    12:12:23.0775 5144 adpahci - ok
    12:12:23.0787 5144 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
    12:12:23.0789 5144 adpu160m - ok
    12:12:23.0798 5144 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    12:12:23.0800 5144 adpu320 - ok
    12:12:23.0824 5144 [ 3BDB13C79CC8C06E2F8182595903ED69 ] AEADIFilters C:\Windows\system32\AEADISRV.EXE
    12:12:23.0826 5144 AEADIFilters - ok
    12:12:23.0845 5144 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    12:12:23.0846 5144 AeLookupSvc - ok
    12:12:23.0867 5144 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
    12:12:23.0872 5144 AFD - ok
    12:12:23.0881 5144 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
    12:12:23.0882 5144 agp440 - ok
    12:12:23.0899 5144 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
    12:12:23.0900 5144 aic78xx - ok
    12:12:23.0906 5144 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
    12:12:23.0907 5144 ALG - ok
    12:12:23.0913 5144 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
    12:12:23.0914 5144 aliide - ok
    12:12:23.0916 5144 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
    12:12:23.0917 5144 amdide - ok
    12:12:23.0929 5144 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    12:12:23.0929 5144 AmdK8 - ok
    12:12:23.0943 5144 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
    12:12:23.0944 5144 Appinfo - ok
    12:12:23.0983 5144 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    12:12:23.0984 5144 Apple Mobile Device - ok
    12:12:23.0994 5144 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
    12:12:23.0995 5144 arc - ok
    12:12:24.0005 5144 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
    12:12:24.0006 5144 arcsas - ok
    12:12:24.0043 5144 [ 8065A7659562005127673AC52898675F ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
    12:12:24.0044 5144 AsIO - ok
    12:12:24.0072 5144 aspnet_state - ok
    12:12:24.0090 5144 [ EDABC3FA8F941D2047DA630E95E936C7 ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
    12:12:24.0136 5144 AsSysCtrlService - ok
    12:12:24.0138 5144 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    12:12:24.0139 5144 AsyncMac - ok
    12:12:24.0155 5144 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
    12:12:24.0155 5144 atapi - ok
    12:12:24.0186 5144 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    12:12:24.0191 5144 AudioEndpointBuilder - ok
    12:12:24.0197 5144 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    12:12:24.0199 5144 AudioSrv - ok
    12:12:24.0222 5144 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
    12:12:24.0227 5144 BFE - ok
    12:12:24.0264 5144 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
    12:12:24.0278 5144 BITS - ok
    12:12:24.0287 5144 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
    12:12:24.0288 5144 blbdrive - ok
    12:12:24.0333 5144 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    12:12:24.0339 5144 Bonjour Service - ok
    12:12:24.0360 5144 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    12:12:24.0361 5144 bowser - ok
    12:12:24.0364 5144 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
    12:12:24.0365 5144 BrFiltLo - ok
    12:12:24.0375 5144 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
    12:12:24.0376 5144 BrFiltUp - ok
    12:12:24.0393 5144 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
    12:12:24.0394 5144 Browser - ok
    12:12:24.0401 5144 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
    12:12:24.0402 5144 Brserid - ok
    12:12:24.0411 5144 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
    12:12:24.0412 5144 BrSerWdm - ok
    12:12:24.0414 5144 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
    12:12:24.0415 5144 BrUsbMdm - ok
    12:12:24.0422 5144 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
    12:12:24.0423 5144 BrUsbSer - ok
    12:12:24.0428 5144 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    12:12:24.0429 5144 BTHMODEM - ok
    12:12:24.0433 5144 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    12:12:24.0434 5144 cdfs - ok
    12:12:24.0459 5144 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    12:12:24.0460 5144 cdrom - ok
    12:12:24.0481 5144 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
    12:12:24.0482 5144 CertPropSvc - ok
    12:12:24.0501 5144 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys
    12:12:24.0502 5144 circlass - ok
    12:12:24.0532 5144 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
    12:12:24.0536 5144 CLFS - ok
    12:12:24.0555 5144 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    12:12:24.0573 5144 clr_optimization_v2.0.50727_32 - ok
    12:12:24.0616 5144 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    12:12:24.0617 5144 clr_optimization_v2.0.50727_64 - ok
    12:12:24.0659 5144 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    12:12:24.0661 5144 clr_optimization_v4.0.30319_32 - ok
    12:12:24.0698 5144 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    12:12:24.0700 5144 clr_optimization_v4.0.30319_64 - ok
    12:12:24.0711 5144 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
    12:12:24.0712 5144 cmdide - ok
    12:12:24.0714 5144 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
    12:12:24.0715 5144 Compbatt - ok
    12:12:24.0717 5144 COMSysApp - ok
    12:12:24.0848 5144 cpuz132 - ok
    12:12:24.0850 5144 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    12:12:24.0851 5144 crcdisk - ok
    12:12:24.0870 5144 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    12:12:24.0873 5144 CryptSvc - ok
    12:12:24.0915 5144 [ 80861969541971176E005D2C09DAE851 ] DAUpdaterSvc C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
    12:12:24.0916 5144 DAUpdaterSvc - ok
    12:12:24.0976 5144 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
    12:12:24.0984 5144 DcomLaunch - ok
    12:12:25.0003 5144 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    12:12:25.0004 5144 DfsC - ok
    12:12:25.0161 5144 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
    12:12:25.0203 5144 DFSR - ok
    12:12:25.0226 5144 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
    12:12:25.0229 5144 Dhcp - ok
    12:12:25.0253 5144 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
    12:12:25.0254 5144 disk - ok
    12:12:25.0281 5144 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    12:12:25.0282 5144 Dnscache - ok
    12:12:25.0305 5144 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
    12:12:25.0308 5144 dot3svc - ok
    12:12:25.0324 5144 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
    12:12:25.0326 5144 DPS - ok
    12:12:25.0338 5144 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    12:12:25.0339 5144 drmkaud - ok
    12:12:25.0351 5144 [ 3430A3D6A97C0E827DB0930FEE017499 ] DTSRVC C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
    12:12:25.0688 5144 DTSRVC - ok
    12:12:25.0690 5144 dvumgzsl - ok
    12:12:25.0715 5144 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    12:12:25.0725 5144 DXGKrnl - ok
    12:12:25.0738 5144 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
    12:12:25.0740 5144 E1G60 - ok
    12:12:25.0764 5144 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
    12:12:25.0765 5144 EapHost - ok
    12:12:25.0789 5144 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
    12:12:25.0791 5144 Ecache - ok
    12:12:25.0799 5144 edygbarx - ok
    12:12:25.0825 5144 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    12:12:25.0856 5144 ehRecvr - ok
    12:12:25.0859 5144 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
    12:12:25.0861 5144 ehSched - ok
    12:12:25.0869 5144 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
    12:12:25.0869 5144 ehstart - ok
    12:12:25.0886 5144 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    12:12:25.0891 5144 elxstor - ok
    12:12:25.0918 5144 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
    12:12:25.0923 5144 EMDMgmt - ok
    12:12:25.0928 5144 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
    12:12:25.0928 5144 ErrDev - ok
    12:12:25.0957 5144 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
    12:12:25.0962 5144 EventSystem - ok
    12:12:25.0982 5144 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
    12:12:25.0985 5144 exfat - ok
    12:12:26.0009 5144 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    12:12:26.0012 5144 fastfat - ok
    12:12:26.0021 5144 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    12:12:26.0022 5144 fdc - ok
    12:12:26.0024 5144 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
    12:12:26.0025 5144 fdPHost - ok
    12:12:26.0031 5144 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
    12:12:26.0032 5144 FDResPub - ok
    12:12:26.0039 5144 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    12:12:26.0041 5144 FileInfo - ok
    12:12:26.0051 5144 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    12:12:26.0053 5144 Filetrace - ok
    12:12:26.0073 5144 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    12:12:26.0074 5144 flpydisk - ok
    12:12:26.0094 5144 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    12:12:26.0097 5144 FltMgr - ok
    12:12:26.0134 5144 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
    12:12:26.0147 5144 FontCache - ok
    12:12:26.0177 5144 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    12:12:26.0178 5144 FontCache3.0.0.0 - ok
    12:12:26.0190 5144 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    12:12:26.0191 5144 Fs_Rec - ok
    12:12:26.0199 5144 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    12:12:26.0201 5144 gagp30kx - ok
    12:12:26.0223 5144 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    12:12:26.0224 5144 GEARAspiWDM - ok
    12:12:26.0226 5144 ghhhadcu - ok
    12:12:26.0263 5144 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
    12:12:26.0271 5144 gpsvc - ok
    12:12:26.0309 5144 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    12:12:26.0354 5144 gupdate - ok
    12:12:26.0360 5144 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    12:12:26.0361 5144 gupdatem - ok
    12:12:26.0387 5144 [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    12:12:26.0392 5144 HdAudAddService - ok
    12:12:26.0430 5144 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    12:12:26.0600 5144 HDAudBus - ok
    12:12:26.0689 5144 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
    12:12:26.0690 5144 HidBth - ok
    12:12:26.0727 5144 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
    12:12:26.0728 5144 HidIr - ok
    12:12:26.0734 5144 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
    12:12:26.0735 5144 hidserv - ok
    12:12:26.0754 5144 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    12:12:26.0755 5144 HidUsb - ok
    12:12:26.0776 5144 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
    12:12:26.0778 5144 hkmsvc - ok
    12:12:26.0788 5144 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
    12:12:26.0789 5144 HpCISSs - ok
    12:12:26.0810 5144 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    12:12:26.0817 5144 HTTP - ok
    12:12:26.0824 5144 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
    12:12:26.0825 5144 i2omp - ok
    12:12:26.0831 5144 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    12:12:26.0832 5144 i8042prt - ok
    12:12:26.0859 5144 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
    12:12:26.0862 5144 iaStorV - ok
    12:12:26.0906 5144 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    12:12:26.0907 5144 IDriverT - ok
    12:12:27.0035 5144 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    12:12:27.0087 5144 idsvc - ok
    12:12:27.0093 5144 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    12:12:27.0094 5144 iirsp - ok
    12:12:27.0119 5144 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
    12:12:27.0124 5144 IKEEXT - ok
    12:12:27.0136 5144 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys
    12:12:27.0137 5144 intelide - ok
    12:12:27.0146 5144 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    12:12:27.0147 5144 intelppm - ok
    12:12:27.0161 5144 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    12:12:27.0162 5144 IPBusEnum - ok
    12:12:27.0179 5144 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    12:12:27.0180 5144 IpFilterDriver - ok
    12:12:27.0209 5144 [ BF0DBFA9792C5C14FA00F61C75116C1B ] IpHlpSvc C:\Windows\System32\iphlpsvc.dll
    12:12:27.0212 5144 IpHlpSvc - ok
    12:12:27.0214 5144 IpInIp - ok
    12:12:27.0222 5144 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
    12:12:27.0224 5144 IPMIDRV - ok
    12:12:27.0231 5144 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
    12:12:27.0232 5144 IPNAT - ok
    12:12:27.0261 5144 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    12:12:27.0268 5144 iPod Service - ok
    12:12:27.0295 5144 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
    12:12:27.0296 5144 IRENUM - ok
    12:12:27.0306 5144 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
    12:12:27.0307 5144 isapnp - ok
    12:12:27.0330 5144 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
    12:12:27.0333 5144 iScsiPrt - ok
    12:12:27.0343 5144 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
    12:12:27.0344 5144 iteatapi - ok
    12:12:27.0355 5144 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
    12:12:27.0356 5144 iteraid - ok
    12:12:27.0358 5144 juekuvjz - ok
    12:12:27.0369 5144 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    12:12:27.0370 5144 kbdclass - ok
    12:12:27.0384 5144 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    12:12:27.0385 5144 kbdhid - ok
    12:12:27.0397 5144 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
    12:12:27.0397 5144 KeyIso - ok
    12:12:27.0419 5144 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    12:12:27.0425 5144 KSecDD - ok
    12:12:27.0434 5144 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    12:12:27.0434 5144 ksthunk - ok
    12:12:27.0462 5144 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
    12:12:27.0467 5144 KtmRm - ok
    12:12:27.0483 5144 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
    12:12:27.0486 5144 LanmanServer - ok
    12:12:27.0503 5144 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    12:12:27.0506 5144 LanmanWorkstation - ok
    12:12:27.0519 5144 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    12:12:27.0520 5144 lltdio - ok
    12:12:27.0543 5144 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
    12:12:27.0547 5144 lltdsvc - ok
    12:12:27.0560 5144 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
    12:12:27.0561 5144 lmhosts - ok
    12:12:27.0563 5144 lowqnqxo - ok
    12:12:27.0608 5144 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    12:12:27.0610 5144 LSI_FC - ok
    12:12:27.0619 5144 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    12:12:27.0621 5144 LSI_SAS - ok
    12:12:27.0631 5144 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    12:12:27.0633 5144 LSI_SCSI - ok
    12:12:27.0641 5144 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
    12:12:27.0643 5144 luafv - ok
    12:12:27.0663 5144 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    12:12:27.0665 5144 Mcx2Svc - ok
    12:12:27.0678 5144 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
    12:12:27.0678 5144 megasas - ok
    12:12:27.0695 5144 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
    12:12:27.0700 5144 MegaSR - ok
    12:12:27.0715 5144 [ 4A1C21576FB7F96F4DBDEA627FFDA775 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
    12:12:27.0716 5144 mfeavfk - ok
    12:12:27.0736 5144 [ 9E0AC52B3232FF8DC65FEE1A9C2FE8D1 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
    12:12:27.0740 5144 mfehidk - ok
    12:12:27.0758 5144 [ 624D717B11E5004F68442B5740F17F21 ] mferkdk C:\Windows\system32\drivers\mferkdk.sys
    12:12:27.0759 5144 mferkdk - ok
    12:12:27.0764 5144 [ 0CD9DE7B96735F33F078C4EA044E8B34 ] mfesmfk C:\Windows\system32\drivers\mfesmfk.sys
    12:12:27.0765 5144 mfesmfk - ok
    12:12:27.0782 5144 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
    12:12:27.0783 5144 MMCSS - ok
    12:12:27.0796 5144 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
    12:12:27.0797 5144 Modem - ok
    12:12:27.0813 5144 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    12:12:27.0814 5144 monitor - ok
    12:12:27.0819 5144 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    12:12:27.0820 5144 mouclass - ok
    12:12:27.0838 5144 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    12:12:27.0838 5144 mouhid - ok
    12:12:27.0846 5144 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
    12:12:27.0847 5144 MountMgr - ok
    12:12:27.0870 5144 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
    12:12:27.0872 5144 MpFilter - ok
    12:12:27.0884 5144 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
    12:12:27.0886 5144 mpio - ok
    12:12:27.0892 5144 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    12:12:27.0893 5144 mpsdrv - ok
    12:12:27.0920 5144 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
    12:12:27.0928 5144 MpsSvc - ok
    12:12:27.0940 5144 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
    12:12:27.0940 5144 Mraid35x - ok
    12:12:27.0962 5144 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    12:12:27.0964 5144 MRxDAV - ok
    12:12:27.0987 5144 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    12:12:27.0988 5144 mrxsmb - ok
    12:12:28.0003 5144 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    12:12:28.0006 5144 mrxsmb10 - ok
    12:12:28.0016 5144 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    12:12:28.0017 5144 mrxsmb20 - ok
    12:12:28.0039 5144 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys
    12:12:28.0040 5144 msahci - ok
    12:12:28.0051 5144 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    12:12:28.0052 5144 msdsm - ok
    12:12:28.0067 5144 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
    12:12:28.0104 5144 MSDTC - ok
    12:12:28.0127 5144 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
    12:12:28.0128 5144 Msfs - ok
    12:12:28.0134 5144 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    12:12:28.0134 5144 msisadrv - ok
    12:12:28.0160 5144 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    12:12:28.0162 5144 MSiSCSI - ok
    12:12:28.0164 5144 msiserver - ok
    12:12:28.0167 5144 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    12:12:28.0167 5144 MSKSSRV - ok
    12:12:28.0207 5144 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
    12:12:28.0208 5144 MsMpSvc - ok
    12:12:28.0219 5144 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    12:12:28.0219 5144 MSPCLOCK - ok
    12:12:28.0221 5144 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    12:12:28.0222 5144 MSPQM - ok
    12:12:28.0240 5144 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    12:12:28.0244 5144 MsRPC - ok
    12:12:28.0264 5144 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    12:12:28.0265 5144 mssmbios - ok
    12:12:28.0267 5144 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    12:12:28.0267 5144 MSTEE - ok
    12:12:28.0292 5144 [ 6936198F2CC25B39CF5262436C80DF46 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
    12:12:28.0293 5144 MTsensor - ok
    12:12:28.0300 5144 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
    12:12:28.0301 5144 Mup - ok
    12:12:28.0315 5144 [ E884FD7FB31BC82041AAB75BE5C81EEF ] mv61xx C:\Windows\system32\DRIVERS\mv61xx.sys
    12:12:28.0318 5144 mv61xx - ok
    12:12:28.0333 5144 [ 6E6A3ADF84ED72514C65484AF6E51242 ] mv64xx C:\Windows\system32\DRIVERS\mv64xx.sys
    12:12:28.0337 5144 mv64xx - ok
    12:12:28.0348 5144 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
    12:12:28.0354 5144 napagent - ok
    12:12:28.0371 5144 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    12:12:28.0374 5144 NativeWifiP - ok
    12:12:28.0375 5144 nbdvbzzw - ok
    12:12:28.0406 5144 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
    12:12:28.0414 5144 NDIS - ok
    12:12:28.0425 5144 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    12:12:28.0425 5144 NdisTapi - ok
    12:12:28.0435 5144 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    12:12:28.0435 5144 Ndisuio - ok
    12:12:28.0464 5144 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    12:12:28.0480 5144 NdisWan - ok
    12:12:28.0483 5144 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    12:12:28.0484 5144 NDProxy - ok
    12:12:28.0486 5144 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    12:12:28.0487 5144 NetBIOS - ok
    12:12:28.0557 5144 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
    12:12:28.0560 5144 netbt - ok
    12:12:28.0572 5144 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
    12:12:28.0572 5144 Netlogon - ok
    12:12:28.0687 5144 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
    12:12:28.0733 5144 Netman - ok
    12:12:28.0757 5144 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
    12:12:28.0761 5144 netprofm - ok
    12:12:28.0782 5144 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    12:12:28.0784 5144 NetTcpPortSharing - ok
    12:12:28.0795 5144 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    12:12:28.0796 5144 nfrd960 - ok
    12:12:28.0819 5144 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    12:12:28.0820 5144 NisDrv - ok
    12:12:28.0844 5144 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
    12:12:28.0848 5144 NisSrv - ok
    12:12:28.0857 5144 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
    12:12:28.0861 5144 NlaSvc - ok
    12:12:28.0933 5144 [ 193FA51DDDD0BFFDED1C340F0434999A ] NMIndexingService C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
    12:12:28.0992 5144 NMIndexingService - ok
    12:12:29.0010 5144 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    12:12:29.0011 5144 Npfs - ok
    12:12:29.0029 5144 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
    12:12:29.0030 5144 nsi - ok
    12:12:29.0032 5144 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    12:12:29.0033 5144 nsiproxy - ok
    12:12:29.0159 5144 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    12:12:29.0175 5144 Ntfs - ok
    12:12:29.0181 5144 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
    12:12:29.0181 5144 Null - ok
    12:12:29.0563 5144 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
    12:12:29.0753 5144 nvlddmkm - ok
    12:12:29.0771 5144 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    12:12:29.0773 5144 nvraid - ok
    12:12:29.0785 5144 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
    12:12:29.0786 5144 nvstor - ok
    12:12:29.0817 5144 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
    12:12:29.0828 5144 nvsvc - ok
    12:12:29.0892 5144 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    12:12:29.0906 5144 nvUpdatusService - ok
    12:12:29.0913 5144 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    12:12:29.0914 5144 nv_agp - ok
    12:12:29.0916 5144 NwlnkFlt - ok
    12:12:29.0919 5144 NwlnkFwd - ok
    12:12:29.0943 5144 [ 7B58953E2F263421FDBB09A192712A85 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    12:12:29.0945 5144 ohci1394 - ok
    12:12:29.0980 5144 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
    12:12:29.0989 5144 p2pimsvc - ok
    12:12:30.0001 5144 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
    12:12:30.0005 5144 p2psvc - ok
    12:12:30.0018 5144 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
    12:12:30.0019 5144 Parport - ok
    12:12:30.0041 5144 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    12:12:30.0043 5144 partmgr - ok
    12:12:30.0058 5144 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
    12:12:30.0060 5144 PcaSvc - ok
    12:12:30.0078 5144 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
    12:12:30.0081 5144 pci - ok
    12:12:30.0098 5144 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
    12:12:30.0099 5144 pciide - ok
    12:12:30.0115 5144 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    12:12:30.0118 5144 pcmcia - ok
    12:12:30.0143 5144 [ FD1BB23371EE2E5E3076D7B0D8B33E91 ] PdiPorts C:\Windows\system32\DRIVERS\PdiPorts.sys
    12:12:30.0150 5144 PdiPorts - ok
    12:12:30.0178 5144 [ A1F1260AD7AEABA9D53724E66AA274BA ] PdiService C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
    12:12:30.0227 5144 PdiService - ok
    12:12:30.0268 5144 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    12:12:30.0275 5144 PEAUTH - ok
    12:12:30.0345 5144 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    12:12:30.0346 5144 PerfHost - ok
    12:12:30.0378 5144 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
    12:12:30.0393 5144 pla - ok
    12:12:30.0419 5144 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    12:12:30.0423 5144 PlugPlay - ok
    12:12:30.0433 5144 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
    12:12:30.0437 5144 PNRPAutoReg - ok
    12:12:30.0446 5144 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
    12:12:30.0450 5144 PNRPsvc - ok
    12:12:30.0478 5144 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    12:12:30.0485 5144 PolicyAgent - ok
    12:12:30.0510 5144 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    12:12:30.0512 5144 PptpMiniport - ok
    12:12:30.0518 5144 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
    12:12:30.0519 5144 Processor - ok
    12:12:30.0541 5144 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
    12:12:30.0544 5144 ProfSvc - ok
    12:12:30.0556 5144 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
    12:12:30.0557 5144 ProtectedStorage - ok
    12:12:30.0579 5144 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
    12:12:30.0580 5144 PSched - ok
    12:12:30.0602 5144 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    12:12:30.0615 5144 ql2300 - ok
    12:12:30.0625 5144 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    12:12:30.0626 5144 ql40xx - ok
    12:12:30.0645 5144 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
    12:12:30.0649 5144 QWAVE - ok
    12:12:30.0654 5144 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    12:12:30.0655 5144 QWAVEdrv - ok
    12:12:30.0663 5144 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    12:12:30.0663 5144 RasAcd - ok
    12:12:30.0675 5144 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
    12:12:30.0677 5144 RasAuto - ok
    12:12:30.0699 5144 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    12:12:30.0701 5144 Rasl2tp - ok
    12:12:30.0706 5144 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
    12:12:30.0710 5144 RasMan - ok
    12:12:30.0732 5144 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    12:12:30.0733 5144 RasPppoe - ok
    12:12:30.0751 5144 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    12:12:30.0752 5144 RasSstp - ok
    12:12:30.0774 5144 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    12:12:30.0777 5144 rdbss - ok
    12:12:30.0814 5144 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    12:12:30.0815 5144 RDPCDD - ok
    12:12:30.0825 5144 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
    12:12:30.0829 5144 rdpdr - ok
    12:12:30.0831 5144 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    12:12:30.0832 5144 RDPENCDD - ok
    12:12:30.0860 5144 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    12:12:30.0863 5144 RDPWD - ok
    12:12:30.0874 5144 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
    12:12:30.0876 5144 RemoteAccess - ok
    12:12:30.0900 5144 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    12:12:30.0903 5144 RemoteRegistry - ok
    12:12:30.0940 5144 [ A10B40CF9EB57D24E44717A2D38A00F4 ] RivaTuner64 C:\Program Files (x86)\RivaTuner v2.24\RivaTuner64.sys
    12:12:30.0941 5144 RivaTuner64 - ok
    12:12:30.0956 5144 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
    12:12:30.0957 5144 RpcLocator - ok
    12:12:30.0976 5144 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
    12:12:30.0981 5144 RpcSs - ok
    12:12:30.0995 5144 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    12:12:30.0996 5144 rspndr - ok
    12:12:31.0020 5144 [ A2CBE070FBA458357ACEF41C3F3906CA ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
    12:12:31.0022 5144 RTL8169 - ok
    12:12:31.0025 5144 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
    12:12:31.0025 5144 SamSs - ok
    12:12:31.0039 5144 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    12:12:31.0040 5144 sbp2port - ok
    12:12:31.0060 5144 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
    12:12:31.0063 5144 SCardSvr - ok
    12:12:31.0092 5144 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
    12:12:31.0104 5144 Schedule - ok
    12:12:31.0117 5144 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
    12:12:31.0118 5144 SCPolicySvc - ok
    12:12:31.0142 5144 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    12:12:31.0144 5144 SDRSVC - ok
    12:12:31.0184 5144 [ CA7E42E0B8D117165ED553A7D681352A ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    12:12:31.0187 5144 SeaPort - ok
    12:12:31.0195 5144 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    12:12:31.0196 5144 secdrv - ok
    12:12:31.0205 5144 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
    12:12:31.0206 5144 seclogon - ok
    12:12:31.0215 5144 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
    12:12:31.0217 5144 SENS - ok
    12:12:31.0221 5144 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
    12:12:31.0222 5144 Serenum - ok
    12:12:31.0228 5144 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
    12:12:31.0229 5144 Serial - ok
    12:12:31.0232 5144 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
    12:12:31.0233 5144 sermouse - ok
    12:12:31.0243 5144 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
    12:12:31.0245 5144 SessionEnv - ok
    12:12:31.0253 5144 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    12:12:31.0253 5144 sffdisk - ok
    12:12:31.0262 5144 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    12:12:31.0262 5144 sffp_mmc - ok
    12:12:31.0265 5144 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    12:12:31.0270 5144 sffp_sd - ok
    12:12:31.0273 5144 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    12:12:31.0274 5144 sfloppy - ok
    12:12:31.0299 5144 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
    12:12:31.0304 5144 SharedAccess - ok
    12:12:31.0333 5144 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    12:12:31.0337 5144 ShellHWDetection - ok
    12:12:31.0343 5144 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
    12:12:31.0344 5144 SiSRaid2 - ok
    12:12:31.0354 5144 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    12:12:31.0355 5144 SiSRaid4 - ok
    12:12:31.0402 5144 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
    12:12:31.0441 5144 slsvc - ok
    12:12:31.0470 5144 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
    12:12:31.0472 5144 SLUINotify - ok
    12:12:31.0491 5144 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    12:12:31.0492 5144 Smb - ok
    12:12:31.0518 5144 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    12:12:31.0519 5144 SNMPTRAP - ok
    12:12:31.0538 5144 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
    12:12:31.0539 5144 spldr - ok
    12:12:31.0565 5144 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
    12:12:31.0569 5144 Spooler - ok
    12:12:31.0595 5144 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
    12:12:31.0600 5144 srv - ok
    12:12:31.0622 5144 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    12:12:31.0625 5144 srv2 - ok
    12:12:31.0638 5144 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    12:12:31.0639 5144 srvnet - ok
    12:12:31.0645 5144 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    12:12:31.0648 5144 SSDPSRV - ok
    12:12:31.0656 5144 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
    12:12:31.0659 5144 SstpSvc - ok
    12:12:31.0669 5144 Steam Client Service - ok
    12:12:31.0709 5144 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    12:12:31.0713 5144 Stereo Service - ok
    12:12:31.0819 5144 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
    12:12:31.0883 5144 stisvc - ok
    12:12:31.0905 5144 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    12:12:31.0905 5144 swenum - ok
    12:12:31.0936 5144 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
    12:12:31.0943 5144 swprv - ok
    12:12:31.0951 5144 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
    12:12:31.0952 5144 Symc8xx - ok
    12:12:31.0963 5144 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
    12:12:31.0964 5144 Sym_hi - ok
    12:12:31.0983 5144 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
    12:12:31.0984 5144 Sym_u3 - ok
    12:12:32.0006 5144 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
    12:12:32.0017 5144 SysMain - ok
    12:12:32.0034 5144 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
    12:12:32.0036 5144 TabletInputService - ok
    12:12:32.0065 5144 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
    12:12:32.0069 5144 TapiSrv - ok
    12:12:32.0072 5144 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
    12:12:32.0074 5144 TBS - ok
    12:12:32.0113 5144 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    12:12:32.0130 5144 Tcpip - ok
    12:12:32.0188 5144 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
    12:12:32.0195 5144 Tcpip6 - ok
    12:12:32.0216 5144 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    12:12:32.0217 5144 tcpipreg - ok
    12:12:32.0222 5144 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    12:12:32.0223 5144 TDPIPE - ok
    12:12:32.0235 5144 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    12:12:32.0235 5144 TDTCP - ok
    12:12:32.0259 5144 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    12:12:32.0260 5144 tdx - ok
    12:12:32.0281 5144 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    12:12:32.0283 5144 TermDD - ok
    12:12:32.0311 5144 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
    12:12:32.0318 5144 TermService - ok
    12:12:32.0333 5144 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
    12:12:32.0335 5144 Themes - ok
    12:12:32.0344 5144 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
    12:12:32.0345 5144 THREADORDER - ok
    12:12:32.0360 5144 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
    12:12:32.0363 5144 TrkWks - ok
    12:12:32.0396 5144 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    12:12:32.0414 5144 TrustedInstaller - ok
    12:12:32.0436 5144 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    12:12:32.0436 5144 tssecsrv - ok
    12:12:32.0462 5144 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
    12:12:32.0462 5144 tunmp - ok
    12:12:32.0486 5144 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    12:12:32.0487 5144 tunnel - ok
    12:12:32.0492 5144 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    12:12:32.0494 5144 uagp35 - ok
    12:12:32.0520 5144 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    12:12:32.0524 5144 udfs - ok
    12:12:32.0533 5144 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
    12:12:32.0535 5144 UI0Detect - ok
    12:12:32.0546 5144 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    12:12:32.0547 5144 uliagpkx - ok
    12:12:32.0557 5144 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
    12:12:32.0560 5144 uliahci - ok
    12:12:32.0572 5144 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
    12:12:32.0574 5144 UlSata - ok
    12:12:32.0582 5144 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
    12:12:32.0584 5144 ulsata2 - ok
    12:12:32.0589 5144 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    12:12:32.0590 5144 umbus - ok
    12:12:32.0605 5144 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
    12:12:32.0610 5144 upnphost - ok
    12:12:32.0637 5144 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    12:12:32.0638 5144 USBAAPL64 - ok
    12:12:32.0657 5144 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    12:12:32.0659 5144 usbaudio - ok
    12:12:32.0675 5144 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    12:12:32.0677 5144 usbccgp - ok
    12:12:32.0686 5144 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    12:12:32.0687 5144 usbcir - ok
    12:12:32.0701 5144 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    12:12:32.0702 5144 usbehci - ok
    12:12:32.0713 5144 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    12:12:32.0717 5144 usbhub - ok
    12:12:32.0725 5144 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    12:12:32.0726 5144 usbohci - ok
    12:12:32.0739 5144 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    12:12:32.0740 5144 usbprint - ok
    12:12:32.0761 5144 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    12:12:32.0762 5144 usbscan - ok
    12:12:32.0782 5144 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    12:12:32.0784 5144 USBSTOR - ok
    12:12:32.0800 5144 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    12:12:32.0800 5144 usbuhci - ok
    12:12:32.0821 5144 [ 1E36BB1A3C5AAF2AA9FA9A126DF8C16C ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
    12:12:32.0822 5144 usb_rndisx - ok
    12:12:32.0845 5144 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
    12:12:32.0867 5144 UxSms - ok
    12:12:32.0885 5144 [ 72EC34F9999A5A48CFD43F5E6BD779E4 ] VBoxDrv C:\Windows\system32\DRIVERS\VBoxDrv.sys
    12:12:32.0888 5144 VBoxDrv - ok
    12:12:32.0909 5144 [ A2FE818D7F930C51ADA37C04DBCB015D ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
    12:12:32.0911 5144 VBoxNetAdp - ok
    12:12:32.0922 5144 [ CD37A9264C404E48BCE162D37B117B45 ] VBoxNetFlt C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
    12:12:32.0924 5144 VBoxNetFlt - ok
    12:12:32.0949 5144 [ B925B19718A435D86D1A0CF82E902D15 ] VBoxUSB C:\Windows\system32\Drivers\VBoxUSB.sys
    12:12:32.0950 5144 VBoxUSB - ok
    12:12:32.0970 5144 [ F649B3D30C6F40B04BDCCD0D11A43481 ] VBoxUSBMon C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
    12:12:32.0972 5144 VBoxUSBMon - ok
    12:12:32.0995 5144 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
    12:12:33.0001 5144 vds - ok
    12:12:33.0013 5144 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    12:12:33.0014 5144 vga - ok
    12:12:33.0021 5144 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
    12:12:33.0022 5144 VgaSave - ok
    12:12:33.0032 5144 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
    12:12:33.0033 5144 viaide - ok
    12:12:33.0037 5144 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
    12:12:33.0038 5144 volmgr - ok
    12:12:33.0056 5144 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    12:12:33.0060 5144 volmgrx - ok
    12:12:33.0191 5144 [ 582F710097B46140F5A89A19A6573D4B ] volsnap C:\Windows\system32\drivers\volsnap.sys
    12:12:33.0220 5144 volsnap - ok
    12:12:33.0223 5144 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    12:12:33.0225 5144 vsmraid - ok
    12:12:33.0272 5144 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
    12:12:33.0298 5144 VSS - ok
    12:12:33.0331 5144 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
    12:12:33.0336 5144 W32Time - ok
    12:12:33.0349 5144 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    12:12:33.0350 5144 WacomPen - ok
    12:12:33.0378 5144 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
    12:12:33.0379 5144 Wanarp - ok
    12:12:33.0381 5144 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    12:12:33.0382 5144 Wanarpv6 - ok
    12:12:33.0412 5144 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
    12:12:33.0419 5144 wcncsvc - ok
    12:12:33.0440 5144 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    12:12:33.0461 5144 WcsPlugInService - ok
    12:12:33.0463 5144 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
    12:12:33.0464 5144 Wd - ok
    12:12:33.0486 5144 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
    12:12:33.0487 5144 WDC_SAM - ok
    12:12:33.0511 5144 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    12:12:33.0520 5144 Wdf01000 - ok
    12:12:33.0531 5144 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
    12:12:33.0533 5144 WdiServiceHost - ok
    12:12:33.0535 5144 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
    12:12:33.0536 5144 WdiSystemHost - ok
    12:12:33.0549 5144 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
    12:12:33.0553 5144 WebClient - ok
    12:12:33.0673 5144 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
    12:12:33.0737 5144 Wecsvc - ok
    12:12:33.0758 5144 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    12:12:33.0760 5144 wercplsupport - ok
    12:12:33.0772 5144 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
    12:12:33.0775 5144 WerSvc - ok
    12:12:33.0782 5144 WinDefend - ok
    12:12:33.0785 5144 WinHttpAutoProxySvc - ok
    12:12:33.0809 5144 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    12:12:33.0829 5144 Winmgmt - ok
    12:12:34.0034 5144 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
    12:12:34.0065 5144 WinRM - ok
    12:12:34.0098 5144 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
    12:12:34.0106 5144 Wlansvc - ok
    12:12:34.0236 5144 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    12:12:34.0268 5144 wlidsvc - ok
    12:12:34.0297 5144 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
    12:12:34.0298 5144 WmiAcpi - ok
    12:12:34.0313 5144 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    12:12:34.0316 5144 wmiApSrv - ok
    12:12:34.0320 5144 WMPNetworkSvc - ok
    12:12:34.0347 5144 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
    12:12:34.0350 5144 WPCSvc - ok
    12:12:34.0371 5144 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    12:12:34.0373 5144 WPDBusEnum - ok
    12:12:34.0395 5144 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
    12:12:34.0396 5144 WpdUsb - ok
    12:12:34.0501 5144 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
    12:12:34.0513 5144 WPFFontCache_v0400 - ok
    12:12:34.0520 5144 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    12:12:34.0521 5144 ws2ifsl - ok
    12:12:34.0545 5144 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll
    12:12:34.0547 5144 wscsvc - ok
    12:12:34.0548 5144 WSearch - ok
    12:12:34.0601 5144 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    12:12:34.0641 5144 wuauserv - ok
    12:12:34.0680 5144 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    12:12:34.0681 5144 WudfPf - ok
    12:12:34.0693 5144 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    12:12:34.0695 5144 WUDFRd - ok
    12:12:34.0712 5144 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    12:12:34.0714 5144 wudfsvc - ok
    12:12:34.0721 5144 ================ Scan global ===============================
    12:12:34.0747 5144 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
    12:12:34.0776 5144 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
    12:12:34.0786 5144 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
    12:12:34.0810 5144 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
    12:12:34.0815 5144 [Global] - ok
    12:12:34.0815 5144 ================ Scan MBR ==================================
    12:12:34.0825 5144 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
    12:12:34.0825 5144 Suspicious mbr (Forged): \Device\Harddisk0\DR0
    12:12:34.0867 5144 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    12:12:34.0867 5144 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    12:12:34.0883 5144 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
    12:12:34.0887 5144 \Device\Harddisk1\DR1 - ok
    12:12:34.0887 5144 ================ Scan VBR ==================================
    12:12:34.0888 5144 [ AA196B102977ED3A5D7E43D93C935B97 ] \Device\Harddisk0\DR0\Partition1
    12:12:34.0889 5144 \Device\Harddisk0\DR0\Partition1 - ok
    12:12:34.0892 5144 [ 843733667AFDB121A2A52E03B536DA34 ] \Device\Harddisk1\DR1\Partition1
    12:12:34.0893 5144 \Device\Harddisk1\DR1\Partition1 - ok
    12:12:34.0893 5144 ============================================================
    12:12:34.0893 5144 Scan finished
    12:12:34.0893 5144 ============================================================
    12:12:34.0899 6924 Detected object count: 1
    12:12:34.0899 6924 Actual detected object count: 1
    12:12:48.0303 6924 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - skipped by user
    12:12:48.0303 6924 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Skip
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,986
    Your system has a nasty rootkit infection still on it.

    Please be sure that you have everything important (documents, photos, music, etc.) backed up to external media before proceeding. Do not back up any programs (executable files) though.

    Run TDSSKiller again and this time select the option to "cure' the pihar.c rootkit infection then post the resulting log.
     
  9. Franknj229

    Franknj229 Thread Starter

    Joined:
    Sep 21, 2009
    Messages:
    88
    Re-ran TDSSkiller, clicked cure, clicked reboot computer.....

    Upon startup, I received this pop-up:

    (Well, I took a picture of it and tried to attach it, but the upload failed)

    Anyway, it said: Do you want to run this file?

    Name: ...p\3EE8C176-602E-4887-BFF7-05053584BF17.exe
    Publisher: Kaspersky Lab
    Type: Application
    From: C:\Users\Franknj229\AppData\Local\Temp\3EE8C...

    Run or Cancel

    Since you didn't say anything about it, I clicked "cancel". Was I supposed to "Run" it? Do I just do the whole process over again?
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,986
    Yes, since it's signed by Kaspersky so it's part of TDSSKiller.

    Please run TDSSKiller again and post the log so I can see if it removed the infection.
     
  11. Franknj229

    Franknj229 Thread Starter

    Joined:
    Sep 21, 2009
    Messages:
    88
    Ok, so I re-ran TDSSkiller again, but this time it said it found no infection, so it didn't prompt me to reboot this time. Here is the log though.

    16:19:45.0518 5824 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

    16:19:45.0861 5824 ============================================================

    16:19:45.0862 5824 Current date / time: 2013/01/28 16:19:45.0861

    16:19:45.0862 5824 SystemInfo:

    16:19:45.0862 5824

    16:19:45.0862 5824 OS Version: 6.0.6002 ServicePack: 2.0

    16:19:45.0862 5824 Product type: Workstation

    16:19:45.0862 5824 ComputerName: FRANKNJ229-PC

    16:19:45.0862 5824 UserName: Franknj229

    16:19:45.0862 5824 Windows directory: C:\Windows

    16:19:45.0862 5824 System windows directory: C:\Windows

    16:19:45.0862 5824 Running under WOW64

    16:19:45.0862 5824 Processor architecture: Intel x64

    16:19:45.0862 5824 Number of processors: 8

    16:19:45.0862 5824 Page size: 0x1000

    16:19:45.0862 5824 Boot type: Normal boot

    16:19:45.0862 5824 ============================================================

    16:19:47.0126 5824 BG loaded

    16:19:55.0299 5824 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

    16:19:55.0388 5824 Drive \Device\Harddisk1\DR1 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

    16:19:55.0393 5824 ============================================================

    16:19:55.0393 5824 \Device\Harddisk0\DR0:

    16:19:55.0405 5824 MBR partitions:

    16:19:55.0405 5824 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800

    16:19:55.0405 5824 \Device\Harddisk1\DR1:

    16:19:55.0405 5824 MBR partitions:

    16:19:55.0405 5824 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x4A857000

    16:19:55.0405 5824 ============================================================

    16:19:55.0432 5824 C: <-> \Device\Harddisk0\DR0\Partition1

    16:19:55.0448 5824 F: <-> \Device\Harddisk1\DR1\Partition1

    16:19:55.0448 5824 ============================================================

    16:19:55.0448 5824 Initialize success

    16:19:55.0448 5824 ============================================================

    16:19:58.0521 5768 ============================================================

    16:19:58.0521 5768 Scan started

    16:19:58.0521 5768 Mode: Manual;

    16:19:58.0521 5768 ============================================================

    16:19:59.0430 5768 ================ Scan system memory ========================

    16:19:59.0430 5768 System memory - ok

    16:19:59.0430 5768 ================ Scan services =============================

    16:20:00.0506 5768 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys

    16:20:00.0659 5768 ACPI - ok

    16:20:00.0732 5768 [ 59AA63B5DCC9B99C25ACC1BC5E9E6816 ] ADIHdAudAddService C:\Windows\system32\drivers\ADIHdAud.sys

    16:20:00.0734 5768 ADIHdAudAddService - ok

    16:20:00.0914 5768 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    16:20:00.0914 5768 AdobeARMservice - ok

    16:20:01.0264 5768 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    16:20:01.0266 5768 AdobeFlashPlayerUpdateSvc - ok

    16:20:01.0677 5768 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

    16:20:01.0679 5768 adp94xx - ok

    16:20:01.0944 5768 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys

    16:20:02.0003 5768 adpahci - ok

    16:20:02.0027 5768 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys

    16:20:02.0028 5768 adpu160m - ok

    16:20:02.0034 5768 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

    16:20:02.0037 5768 adpu320 - ok

    16:20:02.0057 5768 [ 3BDB13C79CC8C06E2F8182595903ED69 ] AEADIFilters C:\Windows\system32\AEADISRV.EXE

    16:20:02.0058 5768 AEADIFilters - ok

    16:20:02.0086 5768 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

    16:20:02.0087 5768 AeLookupSvc - ok

    16:20:02.0382 5768 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys

    16:20:02.0383 5768 AFD - ok

    16:20:02.0533 5768 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys

    16:20:02.0620 5768 agp440 - ok

    16:20:02.0654 5768 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys

    16:20:02.0656 5768 aic78xx - ok

    16:20:02.0664 5768 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe

    16:20:02.0665 5768 ALG - ok

    16:20:02.0677 5768 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys

    16:20:02.0678 5768 aliide - ok

    16:20:02.0687 5768 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys

    16:20:02.0688 5768 amdide - ok

    16:20:02.0696 5768 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

    16:20:02.0696 5768 AmdK8 - ok

    16:20:02.0717 5768 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll

    16:20:02.0718 5768 Appinfo - ok

    16:20:02.0791 5768 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    16:20:02.0792 5768 Apple Mobile Device - ok

    16:20:02.0862 5768 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys

    16:20:02.0916 5768 arc - ok

    16:20:02.0940 5768 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys

    16:20:02.0942 5768 arcsas - ok

    16:20:02.0985 5768 [ 8065A7659562005127673AC52898675F ] AsIO C:\Windows\syswow64\drivers\AsIO.sys

    16:20:02.0985 5768 AsIO - ok

    16:20:03.0139 5768 aspnet_state - ok

    16:20:03.0164 5768 [ EDABC3FA8F941D2047DA630E95E936C7 ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe

    16:20:03.0165 5768 AsSysCtrlService - ok

    16:20:03.0205 5768 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

    16:20:03.0206 5768 AsyncMac - ok

    16:20:03.0314 5768 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys

    16:20:03.0314 5768 atapi - ok

    16:20:03.0595 5768 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

    16:20:03.0597 5768 AudioEndpointBuilder - ok

    16:20:03.0773 5768 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll

    16:20:03.0775 5768 AudioSrv - ok

    16:20:04.0164 5768 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll

    16:20:04.0166 5768 BFE - ok

    16:20:04.0205 5768 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll

    16:20:04.0210 5768 BITS - ok

    16:20:04.0250 5768 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys

    16:20:04.0274 5768 blbdrive - ok

    16:20:04.0532 5768 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

    16:20:04.0534 5768 Bonjour Service - ok

    16:20:04.0675 5768 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

    16:20:04.0676 5768 bowser - ok

    16:20:04.0769 5768 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys

    16:20:04.0769 5768 BrFiltLo - ok

    16:20:04.0873 5768 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys

    16:20:04.0915 5768 BrFiltUp - ok

    16:20:04.0941 5768 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll

    16:20:04.0942 5768 Browser - ok

    16:20:04.0954 5768 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys

    16:20:04.0955 5768 Brserid - ok

    16:20:04.0972 5768 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys

    16:20:04.0972 5768 BrSerWdm - ok

    16:20:04.0983 5768 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys

    16:20:04.0984 5768 BrUsbMdm - ok

    16:20:04.0994 5768 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys

    16:20:04.0995 5768 BrUsbSer - ok

    16:20:05.0009 5768 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

    16:20:05.0009 5768 BTHMODEM - ok

    16:20:05.0019 5768 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

    16:20:05.0020 5768 cdfs - ok

    16:20:05.0040 5768 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

    16:20:05.0041 5768 cdrom - ok

    16:20:05.0138 5768 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll

    16:20:05.0139 5768 CertPropSvc - ok

    16:20:05.0183 5768 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys

    16:20:05.0184 5768 circlass - ok

    16:20:05.0205 5768 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys

    16:20:05.0209 5768 CLFS - ok

    16:20:05.0229 5768 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

    16:20:05.0230 5768 clr_optimization_v2.0.50727_32 - ok

    16:20:05.0564 5768 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

    16:20:05.0615 5768 clr_optimization_v2.0.50727_64 - ok

    16:20:05.0669 5768 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

    16:20:05.0716 5768 clr_optimization_v4.0.30319_32 - ok

    16:20:05.0749 5768 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

    16:20:05.0757 5768 clr_optimization_v4.0.30319_64 - ok

    16:20:05.0771 5768 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys

    16:20:05.0771 5768 cmdide - ok

    16:20:05.0778 5768 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

    16:20:05.0779 5768 Compbatt - ok

    16:20:05.0781 5768 COMSysApp - ok

    16:20:07.0815 5768 cpuz132 - ok

    16:20:07.0933 5768 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

    16:20:07.0984 5768 crcdisk - ok

    16:20:08.0012 5768 [ CA78B312C44E4D52E842C2C8BD48E452 ] CryptSvc C:\Windows\system32\cryptsvc.dll

    16:20:08.0013 5768 CryptSvc - ok

    16:20:08.0098 5768 [ 80861969541971176E005D2C09DAE851 ] DAUpdaterSvc C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe

    16:20:08.0098 5768 DAUpdaterSvc - ok

    16:20:08.0168 5768 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll

    16:20:08.0171 5768 DcomLaunch - ok

    16:20:08.0212 5768 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

    16:20:08.0213 5768 DfsC - ok

    16:20:09.0232 5768 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe

    16:20:09.0246 5768 DFSR - ok

    16:20:09.0444 5768 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll

    16:20:09.0445 5768 Dhcp - ok

    16:20:09.0538 5768 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys

    16:20:09.0538 5768 disk - ok

    16:20:09.0673 5768 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll

    16:20:09.0674 5768 Dnscache - ok

    16:20:09.0981 5768 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll

    16:20:09.0982 5768 dot3svc - ok

    16:20:10.0185 5768 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll

    16:20:10.0186 5768 DPS - ok

    16:20:10.0286 5768 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

    16:20:10.0324 5768 drmkaud - ok

    16:20:10.0378 5768 [ 3430A3D6A97C0E827DB0930FEE017499 ] DTSRVC C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe

    16:20:10.0379 5768 DTSRVC - ok

    16:20:10.0381 5768 dvumgzsl - ok

    16:20:10.0848 5768 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

    16:20:10.0852 5768 DXGKrnl - ok

    16:20:11.0018 5768 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys

    16:20:11.0019 5768 E1G60 - ok

    16:20:11.0090 5768 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll

    16:20:11.0091 5768 EapHost - ok

    16:20:11.0149 5768 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys

    16:20:11.0151 5768 Ecache - ok

    16:20:11.0153 5768 edygbarx - ok

    16:20:11.0318 5768 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe

    16:20:11.0319 5768 ehRecvr - ok

    16:20:11.0498 5768 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe

    16:20:11.0499 5768 ehSched - ok

    16:20:11.0603 5768 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll

    16:20:11.0604 5768 ehstart - ok

    16:20:12.0069 5768 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys

    16:20:12.0071 5768 elxstor - ok

    16:20:12.0434 5768 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll

    16:20:12.0436 5768 EMDMgmt - ok

    16:20:12.0558 5768 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys

    16:20:12.0559 5768 ErrDev - ok

    16:20:12.0642 5768 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll

    16:20:12.0644 5768 EventSystem - ok

    16:20:12.0730 5768 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys

    16:20:12.0731 5768 exfat - ok

    16:20:12.0920 5768 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys

    16:20:12.0981 5768 fastfat - ok

    16:20:12.0998 5768 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys

    16:20:12.0998 5768 fdc - ok

    16:20:13.0016 5768 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll

    16:20:13.0017 5768 fdPHost - ok

    16:20:13.0025 5768 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll

    16:20:13.0026 5768 FDResPub - ok

    16:20:13.0033 5768 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

    16:20:13.0052 5768 FileInfo - ok

    16:20:13.0073 5768 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys

    16:20:13.0074 5768 Filetrace - ok

    16:20:13.0080 5768 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

    16:20:13.0080 5768 flpydisk - ok

    16:20:13.0105 5768 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

    16:20:13.0106 5768 FltMgr - ok

    16:20:13.0162 5768 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll

    16:20:13.0167 5768 FontCache - ok

    16:20:13.0363 5768 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

    16:20:13.0363 5768 FontCache3.0.0.0 - ok

    16:20:13.0542 5768 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

    16:20:13.0542 5768 Fs_Rec - ok

    16:20:13.0715 5768 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

    16:20:13.0715 5768 gagp30kx - ok

    16:20:13.0933 5768 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

    16:20:13.0933 5768 GEARAspiWDM - ok

    16:20:13.0935 5768 ghhhadcu - ok

    16:20:14.0190 5768 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll

    16:20:14.0194 5768 gpsvc - ok

    16:20:14.0430 5768 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    16:20:14.0430 5768 gupdate - ok

    16:20:14.0519 5768 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    16:20:14.0519 5768 gupdatem - ok

    16:20:14.0854 5768 [ DF45F8142DC6DF9D18C39B3EFFBD0409 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

    16:20:14.0885 5768 HdAudAddService - ok

    16:20:14.0932 5768 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

    16:20:14.0936 5768 HDAudBus - ok

    16:20:15.0030 5768 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys

    16:20:15.0031 5768 HidBth - ok

    16:20:15.0163 5768 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys

    16:20:15.0164 5768 HidIr - ok

    16:20:15.0195 5768 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll

    16:20:15.0197 5768 hidserv - ok

    16:20:15.0208 5768 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

    16:20:15.0208 5768 HidUsb - ok

    16:20:15.0255 5768 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll

    16:20:15.0256 5768 hkmsvc - ok

    16:20:15.0344 5768 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys

    16:20:15.0427 5768 HpCISSs - ok

    16:20:15.0464 5768 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys

    16:20:15.0467 5768 HTTP - ok

    16:20:15.0480 5768 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys

    16:20:15.0502 5768 i2omp - ok

    16:20:15.0522 5768 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

    16:20:15.0523 5768 i8042prt - ok

    16:20:15.0538 5768 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys

    16:20:15.0542 5768 iaStorV - ok

    16:20:15.0584 5768 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    16:20:15.0598 5768 IDriverT - ok

    16:20:16.0157 5768 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

    16:20:16.0166 5768 idsvc - ok

    16:20:16.0173 5768 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys

    16:20:16.0174 5768 iirsp - ok

    16:20:16.0205 5768 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll

    16:20:16.0208 5768 IKEEXT - ok

    16:20:16.0221 5768 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\drivers\intelide.sys

    16:20:16.0240 5768 intelide - ok

    16:20:16.0266 5768 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

    16:20:16.0267 5768 intelppm - ok

    16:20:16.0295 5768 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll

    16:20:16.0295 5768 IPBusEnum - ok

    16:20:16.0379 5768 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

    16:20:16.0417 5768 IpFilterDriver - ok

    16:20:16.0507 5768 [ BF0DBFA9792C5C14FA00F61C75116C1B ] IpHlpSvc C:\Windows\System32\iphlpsvc.dll

    16:20:16.0508 5768 IpHlpSvc - ok

    16:20:16.0510 5768 IpInIp - ok

    16:20:16.0560 5768 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys

    16:20:16.0562 5768 IPMIDRV - ok

    16:20:16.0606 5768 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys

    16:20:16.0662 5768 IPNAT - ok

    16:20:16.0795 5768 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

    16:20:16.0798 5768 iPod Service - ok

    16:20:16.0815 5768 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys

    16:20:16.0815 5768 IRENUM - ok

    16:20:16.0828 5768 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys

    16:20:16.0829 5768 isapnp - ok

    16:20:16.0850 5768 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

    16:20:16.0851 5768 iScsiPrt - ok

    16:20:16.0866 5768 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys

    16:20:16.0867 5768 iteatapi - ok

    16:20:16.0869 5768 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys

    16:20:16.0870 5768 iteraid - ok

    16:20:16.0872 5768 juekuvjz - ok

    16:20:16.0881 5768 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

    16:20:16.0881 5768 kbdclass - ok

    16:20:16.0896 5768 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

    16:20:16.0896 5768 kbdhid - ok

    16:20:16.0908 5768 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe

    16:20:16.0909 5768 KeyIso - ok

    16:20:16.0931 5768 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

    16:20:16.0995 5768 KSecDD - ok

    16:20:17.0012 5768 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

    16:20:17.0013 5768 ksthunk - ok

    16:20:17.0036 5768 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll

    16:20:17.0038 5768 KtmRm - ok

    16:20:17.0053 5768 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll

    16:20:17.0055 5768 LanmanServer - ok

    16:20:17.0073 5768 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

    16:20:17.0075 5768 LanmanWorkstation - ok

    16:20:17.0081 5768 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

    16:20:17.0081 5768 lltdio - ok

    16:20:17.0222 5768 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll

    16:20:17.0265 5768 lltdsvc - ok

    16:20:17.0289 5768 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll

    16:20:17.0289 5768 lmhosts - ok

    16:20:17.0291 5768 lowqnqxo - ok

    16:20:17.0305 5768 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

    16:20:17.0307 5768 LSI_FC - ok

    16:20:17.0313 5768 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

    16:20:17.0315 5768 LSI_SAS - ok

    16:20:17.0334 5768 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

    16:20:17.0335 5768 LSI_SCSI - ok

    16:20:17.0345 5768 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys

    16:20:17.0346 5768 luafv - ok

    16:20:17.0367 5768 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

    16:20:17.0387 5768 Mcx2Svc - ok

    16:20:17.0406 5768 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys

    16:20:17.0406 5768 megasas - ok

    16:20:17.0418 5768 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys

    16:20:17.0423 5768 MegaSR - ok

    16:20:17.0444 5768 [ 4A1C21576FB7F96F4DBDEA627FFDA775 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys

    16:20:17.0446 5768 mfeavfk - ok

    16:20:17.0470 5768 [ 9E0AC52B3232FF8DC65FEE1A9C2FE8D1 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys

    16:20:17.0472 5768 mfehidk - ok

    16:20:17.0487 5768 [ 624D717B11E5004F68442B5740F17F21 ] mferkdk C:\Windows\system32\drivers\mferkdk.sys

    16:20:17.0504 5768 mferkdk - ok

    16:20:17.0524 5768 [ 0CD9DE7B96735F33F078C4EA044E8B34 ] mfesmfk C:\Windows\system32\drivers\mfesmfk.sys

    16:20:17.0525 5768 mfesmfk - ok

    16:20:17.0540 5768 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll

    16:20:17.0541 5768 MMCSS - ok

    16:20:17.0551 5768 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys

    16:20:17.0552 5768 Modem - ok

    16:20:17.0568 5768 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

    16:20:17.0568 5768 monitor - ok

    16:20:17.0574 5768 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

    16:20:17.0575 5768 mouclass - ok

    16:20:17.0584 5768 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

    16:20:17.0585 5768 mouhid - ok

    16:20:17.0626 5768 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys

    16:20:17.0658 5768 MountMgr - ok

    16:20:17.0724 5768 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys

    16:20:17.0726 5768 MpFilter - ok

    16:20:17.0764 5768 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys

    16:20:17.0784 5768 mpio - ok

    16:20:17.0805 5768 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

    16:20:17.0806 5768 mpsdrv - ok

    16:20:17.0834 5768 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll

    16:20:17.0837 5768 MpsSvc - ok

    16:20:17.0855 5768 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys

    16:20:17.0861 5768 Mraid35x - ok

    16:20:17.0900 5768 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

    16:20:17.0901 5768 MRxDAV - ok

    16:20:17.0978 5768 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

    16:20:17.0979 5768 mrxsmb - ok

    16:20:18.0195 5768 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

    16:20:18.0196 5768 mrxsmb10 - ok

    16:20:18.0199 5768 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

    16:20:18.0200 5768 mrxsmb20 - ok

    16:20:18.0206 5768 [ 1AC860612B85D8E85EE257D372E39F4D ] msahci C:\Windows\system32\drivers\msahci.sys

    16:20:18.0207 5768 msahci - ok

    16:20:18.0220 5768 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys

    16:20:18.0222 5768 msdsm - ok

    16:20:18.0239 5768 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe

    16:20:18.0241 5768 MSDTC - ok

    16:20:18.0265 5768 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys

    16:20:18.0266 5768 Msfs - ok

    16:20:18.0272 5768 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

    16:20:18.0273 5768 msisadrv - ok

    16:20:18.0298 5768 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

    16:20:18.0313 5768 MSiSCSI - ok

    16:20:18.0315 5768 msiserver - ok

    16:20:18.0334 5768 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

    16:20:18.0334 5768 MSKSSRV - ok

    16:20:18.0375 5768 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe

    16:20:18.0375 5768 MsMpSvc - ok

    16:20:18.0413 5768 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

    16:20:18.0436 5768 MSPCLOCK - ok

    16:20:18.0457 5768 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

    16:20:18.0457 5768 MSPQM - ok

    16:20:18.0478 5768 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

    16:20:18.0482 5768 MsRPC - ok

    16:20:18.0494 5768 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

    16:20:18.0494 5768 mssmbios - ok

    16:20:18.0500 5768 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

    16:20:18.0501 5768 MSTEE - ok

    16:20:18.0522 5768 [ 6936198F2CC25B39CF5262436C80DF46 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys

    16:20:18.0522 5768 MTsensor - ok

    16:20:18.0530 5768 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys

    16:20:18.0531 5768 Mup - ok

    16:20:18.0554 5768 [ E884FD7FB31BC82041AAB75BE5C81EEF ] mv61xx C:\Windows\system32\DRIVERS\mv61xx.sys

    16:20:18.0557 5768 mv61xx - ok

    16:20:18.0580 5768 [ 6E6A3ADF84ED72514C65484AF6E51242 ] mv64xx C:\Windows\system32\DRIVERS\mv64xx.sys

    16:20:18.0584 5768 mv64xx - ok

    16:20:18.0595 5768 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll

    16:20:18.0597 5768 napagent - ok

    16:20:18.0660 5768 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

    16:20:18.0677 5768 NativeWifiP - ok

    16:20:18.0679 5768 nbdvbzzw - ok

    16:20:18.0719 5768 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys

    16:20:18.0726 5768 NDIS - ok

    16:20:18.0771 5768 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

    16:20:18.0772 5768 NdisTapi - ok

    16:20:18.0843 5768 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

    16:20:18.0888 5768 Ndisuio - ok

    16:20:18.0919 5768 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

    16:20:18.0920 5768 NdisWan - ok

    16:20:18.0922 5768 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

    16:20:18.0923 5768 NDProxy - ok

    16:20:18.0925 5768 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

    16:20:18.0925 5768 NetBIOS - ok

    16:20:18.0945 5768 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys

    16:20:18.0946 5768 netbt - ok

    16:20:18.0951 5768 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe

    16:20:18.0952 5768 Netlogon - ok

    16:20:19.0100 5768 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll

    16:20:19.0103 5768 Netman - ok

    16:20:19.0187 5768 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll

    16:20:19.0189 5768 netprofm - ok

    16:20:19.0212 5768 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

    16:20:19.0214 5768 NetTcpPortSharing - ok

    16:20:19.0226 5768 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

    16:20:19.0227 5768 nfrd960 - ok

    16:20:19.0248 5768 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys

    16:20:19.0250 5768 NisDrv - ok

    16:20:19.0266 5768 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe

    16:20:19.0270 5768 NisSrv - ok

    16:20:19.0279 5768 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll

    16:20:19.0280 5768 NlaSvc - ok

    16:20:19.0411 5768 [ 193FA51DDDD0BFFDED1C340F0434999A ] NMIndexingService C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe

    16:20:19.0433 5768 NMIndexingService - ok

    16:20:19.0455 5768 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys

    16:20:19.0455 5768 Npfs - ok

    16:20:19.0474 5768 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll

    16:20:19.0475 5768 nsi - ok

    16:20:19.0481 5768 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

    16:20:19.0481 5768 nsiproxy - ok

    16:20:20.0174 5768 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

    16:20:20.0190 5768 Ntfs - ok

    16:20:20.0196 5768 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys

    16:20:20.0196 5768 Null - ok

    16:20:22.0269 5768 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

    16:20:22.0320 5768 nvlddmkm - ok

    16:20:22.0380 5768 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys

    16:20:22.0382 5768 nvraid - ok

    16:20:22.0395 5768 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys

    16:20:22.0396 5768 nvstor - ok

    16:20:22.0426 5768 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe

    16:20:22.0430 5768 nvsvc - ok

    16:20:23.0201 5768 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

    16:20:23.0214 5768 nvUpdatusService - ok

    16:20:23.0228 5768 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

    16:20:23.0230 5768 nv_agp - ok

    16:20:23.0232 5768 NwlnkFlt - ok

    16:20:23.0234 5768 NwlnkFwd - ok

    16:20:23.0243 5768 [ 7B58953E2F263421FDBB09A192712A85 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

    16:20:23.0245 5768 ohci1394 - ok

    16:20:23.0272 5768 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll

    16:20:23.0276 5768 p2pimsvc - ok

    16:20:23.0459 5768 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll

    16:20:23.0463 5768 p2psvc - ok

    16:20:23.0608 5768 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys

    16:20:23.0686 5768 Parport - ok

    16:20:23.0717 5768 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys

    16:20:23.0718 5768 partmgr - ok

    16:20:23.0734 5768 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll

    16:20:23.0735 5768 PcaSvc - ok

    16:20:23.0754 5768 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys

    16:20:23.0756 5768 pci - ok

    16:20:23.0774 5768 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys

    16:20:23.0774 5768 pciide - ok

    16:20:23.0786 5768 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

    16:20:23.0788 5768 pcmcia - ok

    16:20:23.0810 5768 [ FD1BB23371EE2E5E3076D7B0D8B33E91 ] PdiPorts C:\Windows\system32\DRIVERS\PdiPorts.sys

    16:20:23.0831 5768 PdiPorts - ok

    16:20:23.0920 5768 [ A1F1260AD7AEABA9D53724E66AA274BA ] PdiService C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe

    16:20:23.0921 5768 PdiService - ok

    16:20:24.0177 5768 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys

    16:20:24.0179 5768 PEAUTH - ok

    16:20:25.0190 5768 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe

    16:20:25.0191 5768 PerfHost - ok

    16:20:25.0272 5768 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll

    16:20:25.0278 5768 pla - ok

    16:20:25.0555 5768 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

    16:20:25.0557 5768 PlugPlay - ok

    16:20:26.0158 5768 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll

    16:20:26.0162 5768 PNRPAutoReg - ok

    16:20:26.0171 5768 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll

    16:20:26.0175 5768 PNRPsvc - ok

    16:20:26.0414 5768 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

    16:20:26.0417 5768 PolicyAgent - ok

    16:20:26.0480 5768 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

    16:20:26.0481 5768 PptpMiniport - ok

    16:20:26.0498 5768 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys

    16:20:26.0516 5768 Processor - ok

    16:20:26.0544 5768 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll

    16:20:26.0546 5768 ProfSvc - ok

    16:20:26.0584 5768 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe

    16:20:26.0585 5768 ProtectedStorage - ok

    16:20:26.0698 5768 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys

    16:20:26.0699 5768 PSched - ok

    16:20:27.0322 5768 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys

    16:20:27.0394 5768 ql2300 - ok

    16:20:27.0407 5768 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

    16:20:27.0408 5768 ql40xx - ok

    16:20:27.0433 5768 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll

    16:20:27.0435 5768 QWAVE - ok

    16:20:27.0442 5768 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

    16:20:27.0442 5768 QWAVEdrv - ok

    16:20:27.0450 5768 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

    16:20:27.0451 5768 RasAcd - ok

    16:20:27.0504 5768 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll

    16:20:27.0506 5768 RasAuto - ok

    16:20:27.0604 5768 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

    16:20:27.0604 5768 Rasl2tp - ok

    16:20:27.0894 5768 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll

    16:20:27.0896 5768 RasMan - ok

    16:20:28.0053 5768 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

    16:20:28.0053 5768 RasPppoe - ok

    16:20:28.0155 5768 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

    16:20:28.0155 5768 RasSstp - ok

    16:20:28.0254 5768 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

    16:20:28.0255 5768 rdbss - ok

    16:20:28.0302 5768 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

    16:20:28.0302 5768 RDPCDD - ok

    16:20:28.0525 5768 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys

    16:20:28.0603 5768 rdpdr - ok

    16:20:28.0605 5768 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

    16:20:28.0605 5768 RDPENCDD - ok

    16:20:28.0638 5768 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

    16:20:28.0641 5768 RDPWD - ok

    16:20:28.0665 5768 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll

    16:20:28.0666 5768 RemoteAccess - ok

    16:20:28.0688 5768 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll

    16:20:28.0689 5768 RemoteRegistry - ok

    16:20:28.0815 5768 [ A10B40CF9EB57D24E44717A2D38A00F4 ] RivaTuner64 C:\Program Files (x86)\RivaTuner v2.24\RivaTuner64.sys

    16:20:28.0815 5768 RivaTuner64 - ok

    16:20:28.0987 5768 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe

    16:20:28.0988 5768 RpcLocator - ok

    16:20:29.0174 5768 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll

    16:20:29.0177 5768 RpcSs - ok

    16:20:29.0182 5768 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

    16:20:29.0183 5768 rspndr - ok

    16:20:29.0226 5768 [ A2CBE070FBA458357ACEF41C3F3906CA ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys

    16:20:29.0227 5768 RTL8169 - ok

    16:20:29.0253 5768 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe

    16:20:29.0254 5768 SamSs - ok

    16:20:29.0302 5768 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

    16:20:29.0378 5768 sbp2port - ok

    16:20:29.0407 5768 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll

    16:20:29.0409 5768 SCardSvr - ok

    16:20:29.0806 5768 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll

    16:20:29.0810 5768 Schedule - ok

    16:20:29.0955 5768 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll

    16:20:29.0955 5768 SCPolicySvc - ok

    16:20:30.0156 5768 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll

    16:20:30.0157 5768 SDRSVC - ok

    16:20:30.0281 5768 [ CA7E42E0B8D117165ED553A7D681352A ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

    16:20:30.0282 5768 SeaPort - ok

    16:20:30.0443 5768 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

    16:20:30.0443 5768 secdrv - ok

    16:20:30.0577 5768 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll

    16:20:30.0578 5768 seclogon - ok

    16:20:30.0754 5768 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll

    16:20:30.0755 5768 SENS - ok

    16:20:30.0873 5768 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys

    16:20:30.0959 5768 Serenum - ok

    16:20:30.0976 5768 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys

    16:20:30.0978 5768 Serial - ok

    16:20:30.0988 5768 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys

    16:20:30.0989 5768 sermouse - ok

    16:20:31.0015 5768 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll

    16:20:31.0016 5768 SessionEnv - ok

    16:20:31.0024 5768 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

    16:20:31.0025 5768 sffdisk - ok

    16:20:31.0036 5768 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

    16:20:31.0036 5768 sffp_mmc - ok

    16:20:31.0043 5768 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

    16:20:31.0043 5768 sffp_sd - ok

    16:20:31.0053 5768 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

    16:20:31.0054 5768 sfloppy - ok

    16:20:31.0077 5768 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll

    16:20:31.0079 5768 SharedAccess - ok

    16:20:31.0220 5768 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

    16:20:31.0222 5768 ShellHWDetection - ok

    16:20:31.0279 5768 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys

    16:20:31.0299 5768 SiSRaid2 - ok

    16:20:31.0318 5768 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

    16:20:31.0319 5768 SiSRaid4 - ok

    16:20:32.0165 5768 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe

    16:20:32.0175 5768 slsvc - ok

    16:20:32.0191 5768 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll

    16:20:32.0193 5768 SLUINotify - ok

    16:20:32.0279 5768 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys

    16:20:32.0279 5768 Smb - ok

    16:20:32.0380 5768 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe

    16:20:32.0382 5768 SNMPTRAP - ok

    16:20:32.0476 5768 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys

    16:20:32.0536 5768 spldr - ok

    16:20:32.0667 5768 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe

    16:20:32.0669 5768 Spooler - ok

    16:20:32.0807 5768 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys

    16:20:32.0809 5768 srv - ok

    16:20:32.0877 5768 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

    16:20:32.0878 5768 srv2 - ok

    16:20:32.0925 5768 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

    16:20:32.0926 5768 srvnet - ok

    16:20:33.0100 5768 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

    16:20:33.0102 5768 SSDPSRV - ok

    16:20:33.0177 5768 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll

    16:20:33.0178 5768 SstpSvc - ok

    16:20:33.0199 5768 Steam Client Service - ok

    16:20:33.0255 5768 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

    16:20:33.0257 5768 Stereo Service - ok

    16:20:33.0329 5768 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll

    16:20:33.0332 5768 stisvc - ok

    16:20:33.0459 5768 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys

    16:20:33.0460 5768 swenum - ok

    16:20:33.0892 5768 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll

    16:20:33.0901 5768 swprv - ok

    16:20:33.0996 5768 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys

    16:20:34.0073 5768 Symc8xx - ok

    16:20:34.0095 5768 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys

    16:20:34.0097 5768 Sym_hi - ok

    16:20:34.0107 5768 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys

    16:20:34.0108 5768 Sym_u3 - ok

    16:20:34.0139 5768 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll

    16:20:34.0143 5768 SysMain - ok

    16:20:34.0167 5768 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll

    16:20:34.0168 5768 TabletInputService - ok

    16:20:34.0339 5768 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll

    16:20:34.0341 5768 TapiSrv - ok

    16:20:34.0500 5768 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll

    16:20:34.0502 5768 TBS - ok

    16:20:35.0212 5768 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys

    16:20:35.0218 5768 Tcpip - ok

    16:20:35.0235 5768 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys

    16:20:35.0241 5768 Tcpip6 - ok

    16:20:35.0365 5768 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

    16:20:35.0366 5768 tcpipreg - ok

    16:20:35.0508 5768 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

    16:20:35.0571 5768 TDPIPE - ok

    16:20:35.0588 5768 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

    16:20:35.0588 5768 TDTCP - ok

    16:20:35.0608 5768 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

    16:20:35.0609 5768 tdx - ok

    16:20:35.0664 5768 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

    16:20:35.0665 5768 TermDD - ok

    16:20:36.0140 5768 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll

    16:20:36.0144 5768 TermService - ok

    16:20:36.0166 5768 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll

    16:20:36.0168 5768 Themes - ok

    16:20:36.0177 5768 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll

    16:20:36.0177 5768 THREADORDER - ok

    16:20:36.0193 5768 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll

    16:20:36.0195 5768 TrkWks - ok

    16:20:36.0430 5768 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

    16:20:36.0430 5768 TrustedInstaller - ok

    16:20:36.0570 5768 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

    16:20:36.0628 5768 tssecsrv - ok

    16:20:36.0654 5768 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys

    16:20:36.0654 5768 tunmp - ok

    16:20:36.0678 5768 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

    16:20:36.0679 5768 tunnel - ok

    16:20:36.0718 5768 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

    16:20:36.0737 5768 uagp35 - ok

    16:20:36.0771 5768 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

    16:20:36.0775 5768 udfs - ok

    16:20:36.0784 5768 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe

    16:20:36.0785 5768 UI0Detect - ok

    16:20:36.0800 5768 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

    16:20:36.0801 5768 uliagpkx - ok

    16:20:36.0823 5768 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys

    16:20:36.0827 5768 uliahci - ok

    16:20:36.0841 5768 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys

    16:20:36.0843 5768 UlSata - ok

    16:20:36.0859 5768 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys

    16:20:36.0861 5768 ulsata2 - ok

    16:20:36.0874 5768 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

    16:20:36.0874 5768 umbus - ok

    16:20:36.0889 5768 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll

    16:20:36.0891 5768 upnphost - ok

    16:20:36.0910 5768 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

    16:20:36.0910 5768 USBAAPL64 - ok

    16:20:36.0989 5768 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

    16:20:37.0031 5768 usbaudio - ok

    16:20:37.0059 5768 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

    16:20:37.0060 5768 usbccgp - ok

    16:20:37.0083 5768 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys

    16:20:37.0105 5768 usbcir - ok

    16:20:37.0126 5768 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

    16:20:37.0127 5768 usbehci - ok

    16:20:37.0139 5768 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

    16:20:37.0140 5768 usbhub - ok

    16:20:37.0150 5768 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys

    16:20:37.0151 5768 usbohci - ok

    16:20:37.0163 5768 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

    16:20:37.0163 5768 usbprint - ok

    16:20:37.0174 5768 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

    16:20:37.0174 5768 usbscan - ok

    16:20:37.0191 5768 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

    16:20:37.0193 5768 USBSTOR - ok

    16:20:37.0217 5768 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

    16:20:37.0217 5768 usbuhci - ok

    16:20:37.0243 5768 [ 1E36BB1A3C5AAF2AA9FA9A126DF8C16C ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys

    16:20:37.0262 5768 usb_rndisx - ok

    16:20:37.0296 5768 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll

    16:20:37.0297 5768 UxSms - ok

    16:20:37.0400 5768 [ 72EC34F9999A5A48CFD43F5E6BD779E4 ] VBoxDrv C:\Windows\system32\DRIVERS\VBoxDrv.sys

    16:20:37.0401 5768 VBoxDrv - ok

    16:20:37.0549 5768 [ A2FE818D7F930C51ADA37C04DBCB015D ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys

    16:20:37.0550 5768 VBoxNetAdp - ok

    16:20:37.0752 5768 [ CD37A9264C404E48BCE162D37B117B45 ] VBoxNetFlt C:\Windows\system32\DRIVERS\VBoxNetFlt.sys

    16:20:37.0753 5768 VBoxNetFlt - ok

    16:20:37.0895 5768 [ B925B19718A435D86D1A0CF82E902D15 ] VBoxUSB C:\Windows\system32\Drivers\VBoxUSB.sys

    16:20:37.0954 5768 VBoxUSB - ok

    16:20:38.0083 5768 [ F649B3D30C6F40B04BDCCD0D11A43481 ] VBoxUSBMon C:\Windows\system32\DRIVERS\VBoxUSBMon.sys

    16:20:38.0084 5768 VBoxUSBMon - ok

    16:20:38.0154 5768 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe

    16:20:38.0157 5768 vds - ok

    16:20:38.0222 5768 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

    16:20:38.0226 5768 vga - ok

    16:20:38.0288 5768 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys

    16:20:38.0289 5768 VgaSave - ok

    16:20:38.0331 5768 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys

    16:20:38.0333 5768 viaide - ok

    16:20:38.0346 5768 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys

    16:20:38.0347 5768 volmgr - ok

    16:20:38.0518 5768 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

    16:20:38.0556 5768 volmgrx - ok

    16:20:38.0585 5768 [ 582F710097B46140F5A89A19A6573D4B ] volsnap C:\Windows\system32\drivers\volsnap.sys

    16:20:38.0588 5768 volsnap - ok

    16:20:38.0597 5768 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

    16:20:38.0599 5768 vsmraid - ok

    16:20:38.0631 5768 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe

    16:20:38.0637 5768 VSS - ok

    16:20:38.0790 5768 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll

    16:20:38.0793 5768 W32Time - ok

    16:20:38.0860 5768 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys

    16:20:38.0909 5768 WacomPen - ok

    16:20:38.0937 5768 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys

    16:20:38.0938 5768 Wanarp - ok

    16:20:38.0940 5768 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

    16:20:38.0940 5768 Wanarpv6 - ok

    16:20:38.0954 5768 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll

    16:20:38.0958 5768 wcncsvc - ok

    16:20:39.0041 5768 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

    16:20:39.0042 5768 WcsPlugInService - ok

    16:20:39.0099 5768 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys

    16:20:39.0100 5768 Wd - ok

    16:20:39.0132 5768 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys

    16:20:39.0133 5768 WDC_SAM - ok

    16:20:39.0154 5768 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

    16:20:39.0157 5768 Wdf01000 - ok

    16:20:39.0165 5768 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll

    16:20:39.0167 5768 WdiServiceHost - ok

    16:20:39.0191 5768 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll

    16:20:39.0192 5768 WdiSystemHost - ok

    16:20:39.0276 5768 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll

    16:20:39.0277 5768 WebClient - ok

    16:20:39.0465 5768 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll

    16:20:39.0467 5768 Wecsvc - ok

    16:20:39.0566 5768 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll

    16:20:39.0567 5768 wercplsupport - ok

    16:20:39.0664 5768 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll

    16:20:39.0665 5768 WerSvc - ok

    16:20:39.0806 5768 WinDefend - ok

    16:20:39.0808 5768 WinHttpAutoProxySvc - ok

    16:20:40.0233 5768 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

    16:20:40.0234 5768 Winmgmt - ok

    16:20:41.0195 5768 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll

    16:20:41.0204 5768 WinRM - ok

    16:20:41.0442 5768 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll

    16:20:41.0446 5768 Wlansvc - ok

    16:20:42.0200 5768 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    16:20:42.0209 5768 wlidsvc - ok

    16:20:42.0284 5768 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

    16:20:42.0284 5768 WmiAcpi - ok

    16:20:42.0458 5768 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

    16:20:42.0459 5768 wmiApSrv - ok

    16:20:42.0578 5768 WMPNetworkSvc - ok

    16:20:42.0758 5768 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll

    16:20:42.0760 5768 WPCSvc - ok

    16:20:42.0882 5768 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

    16:20:42.0884 5768 WPDBusEnum - ok

    16:20:42.0995 5768 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys

    16:20:42.0995 5768 WpdUsb - ok

    16:20:43.0646 5768 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe

    16:20:43.0684 5768 WPFFontCache_v0400 - ok

    16:20:43.0716 5768 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

    16:20:43.0716 5768 ws2ifsl - ok

    16:20:43.0731 5768 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll

    16:20:43.0733 5768 wscsvc - ok

    16:20:43.0734 5768 WSearch - ok

    16:20:44.0188 5768 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

    16:20:44.0198 5768 wuauserv - ok

    16:20:44.0283 5768 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

    16:20:44.0284 5768 WudfPf - ok

    16:20:44.0439 5768 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

    16:20:44.0440 5768 WUDFRd - ok

    16:20:44.0565 5768 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

    16:20:44.0567 5768 wudfsvc - ok

    16:20:44.0572 5768 ================ Scan global ===============================

    16:20:44.0667 5768 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll

    16:20:44.0854 5768 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll

    16:20:45.0063 5768 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll

    16:20:45.0380 5768 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe

    16:20:45.0383 5768 [Global] - ok

    16:20:45.0383 5768 ================ Scan MBR ==================================

    16:20:45.0445 5768 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0

    16:20:48.0379 5768 \Device\Harddisk0\DR0 - ok

    16:20:48.0400 5768 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1

    16:20:48.0434 5768 \Device\Harddisk1\DR1 - ok

    16:20:48.0434 5768 ================ Scan VBR ==================================

    16:20:48.0465 5768 [ AA196B102977ED3A5D7E43D93C935B97 ] \Device\Harddisk0\DR0\Partition1

    16:20:48.0531 5768 \Device\Harddisk0\DR0\Partition1 - ok

    16:20:48.0554 5768 [ 843733667AFDB121A2A52E03B536DA34 ] \Device\Harddisk1\DR1\Partition1

    16:20:48.0585 5768 \Device\Harddisk1\DR1\Partition1 - ok

    16:20:48.0585 5768 ============================================================

    16:20:48.0585 5768 Scan finished

    16:20:48.0585 5768 ============================================================

    16:20:48.0590 2564 Detected object count: 0

    16:20:48.0590 2564 Actual detected object count: 0
     
  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,986
    That's good.

    Please visit Combofix Guide & Instructions for instructions for installing the Recovery Console and downloading and running ComboFix.

    The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

    Post the log from ComboFix when you've accomplished that.

    Important notes regarding ComboFix:

    ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

    ComboFix also prevents autorun of ALL CDs, floppies and USB devices (don't worry, the keyboard and mouse will still function) to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.
     
  13. Franknj229

    Franknj229 Thread Starter

    Joined:
    Sep 21, 2009
    Messages:
    88
    When I click the "ComboFix Download Link", the page says the download is not available at this time and they hope to have it up and running again soon.

    I will keep checking and post the results as soon as possible.

    Thank you.
     
  14. Franknj229

    Franknj229 Thread Starter

    Joined:
    Sep 21, 2009
    Messages:
    88
    Just a heads up: The ComboFix website confirmed that the program was infected with the WIN32/Sality.AT virus and the link has been temporarily disabled until they can fix it. As far as they can tell, it has been infected since January 29th.
     
  15. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,986
    Yes, it was an unfortunate and isolated incident. We'll come back to that when ComboFix becomes available again.

    Download OTS.exe to your Desktop.
    1. Close any open browsers.
    2. If your Real protection or Antivirus interferes with OTS, allow it to run.
    3. Double-click on OTS.exe to start the program.
    4. At the top put a check mark in the box beside "Scan All Users".
    5. Under the Additional Scans section put a check in the box next to Disabled MS Config Items, NetSvcs and EventViewer logs (Last 10 errors)
    6. Now click the Run Scan button on the toolbar.
    7. Let it run unhindered until it finishes.
    8. When the scan is complete Notepad will open with the report file loaded in it.
    9. Save that notepad file.
    Use the Reply button, scroll down to the attachments section and attach the notepad file here.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1085183

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice