Win6\Patched virus detected in AVG

Solved
By rabmo
Feb 11, 2014
  1. Hello,
    I need help cleaning the Win64/Patched virus. I followed the instructions from AVG to create a bootable USB with AVG rescue CD and ran a command line AVG scan which detected nothing. I have downloaded and ran Malwarebytes which detected and removed 68 objects. Here is the log:
    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2014.02.11.08

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Nikky :: NIKKY-PC [administrator]

    Protection: Enabled

    2/11/2014 11:53:13 AM
    mbam-log-2014-02-11 (11-53-13).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 244683
    Time elapsed: 43 minute(s), 12 second(s)

    Memory Processes Detected: 2
    C:\Program Files (x86)\lucky leap\updateluckyleap.exe (PUP.Optional.LuckyLeap.A) -> 3012 -> Delete on reboot.
    C:\Program Files (x86)\lucky leap\bin\utilluckyleap.exe (PUP.Optional.LuckyLeap.A) -> 4728 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 29
    HKLM\SYSTEM\CurrentControlSet\Services\Update lucky leap (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\Util lucky leap (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully.
    HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    HKCR\CLSID\{d77aa852-def3-43cb-a3f5-bd679de72f32} (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{b8bfa10f-6ffd-44b5-9dbb-e17cbaa107ff} (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully.
    HKCR\Interface\{7F66829F-F442-431F-AF59-E4474505A67A} (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32} (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32} (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D77AA852-DEF3-43CB-A3F5-BD679DE72F32} (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully.
    HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
    HKCR\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7} (PUP.Optional.SearchQu) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    HKCU\Software\Datamngr (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
    HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    HKCU\Software\Systweak\RegClean Pro (PUP.Optional.RegCleanerPro.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\LUCKY LEAP (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Connect_DLC_2 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\lucky leap (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECT3306058 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    HKCR\CLSID\{515B2424-5911-40BD-8A2C-BDB20286D8F5} (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{515B2424-5911-40BD-8A2C-BDB20286D8F5} (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{515B2424-5911-40BD-8A2C-BDB20286D8F5} (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{515B2424-5911-40BD-8A2C-BDB20286D8F5} (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

    Registry Values Detected: 11
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> Data: Searchqu Toolbar -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{99079a25-328f-4bd4-be04-00955acaa0a7} (PUP.Optional.SearchQu) -> Data: -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BackgroundContainer (PUP.Optional.Conduit) -> Data: "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\Nikky\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun -> Quarantined and deleted successfully.
    HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0R2U1F1J0HtF0C -> Quarantined and deleted successfully.
    HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {C0EE047B-21CA-11E1-819F-60EB69064D47} -> Quarantined and deleted successfully.
    HKCU\Software\lucky leap|iid (PUP.Optional.LuckyLeap.A) -> Data: def_luckyleap -> Quarantined and deleted successfully.
    HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {C0EE047B-21CA-11E1-819F-60EB69064D47} -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{515B2424-5911-40BD-8A2C-BDB20286D8F5} (PUP.Optional.Conduit.A) -> Data: $$[QY½@Š,½²†Øõ -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{515B2424-5911-40BD-8A2C-BDB20286D8F5} (PUP.Optional.Conduit.A) -> Data: -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{515B2424-5911-40BD-8A2C-BDB20286D8F5} (PUP.Optional.Conduit.A) -> Data: Connect DLC 2 Toolbar -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{515B2424-5911-40BD-8A2C-BDB20286D8F5} (PUP.Optional.Conduit.A) -> Data: -> Quarantined and deleted successfully.

    Registry Data Items Detected: 2
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.Conduit.A) -> Bad: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) Good: () -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit.A) -> Bad: (http://search.conduit.com/?ctid=CT3...=SP8B15B6C2-15A9-431B-833E-63D189706C9B&SSPV=) Good: (http://www.google.com) -> Quarantined and repaired successfully.

    Folders Detected: 33
    C:\Program Files (x86)\lucky leap (PUP.Optional.LuckyLeap.A) -> Delete on reboot.
    C:\Program Files (x86)\lucky leap\bin (PUP.Optional.LuckyLeap.A) -> Delete on reboot.
    C:\Program Files (x86)\lucky leap\bin\plugins (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect (PUP.Optional.SearchProtect.A) -> Delete on reboot.
    C:\Program Files (x86)\SearchProtect\Main (PUP.Optional.SearchProtect.A) -> Delete on reboot.
    C:\Program Files (x86)\SearchProtect\Main\bin (PUP.Optional.SearchProtect.A) -> Delete on reboot.
    C:\Program Files (x86)\SearchProtect\Main\Logs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\Main\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\SearchProtect (PUP.Optional.SearchProtect.A) -> Delete on reboot.
    C:\Program Files (x86)\SearchProtect\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> Delete on reboot.
    C:\Program Files (x86)\SearchProtect\SearchProtect\Logs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\SearchProtect\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI (PUP.Optional.SearchProtect.A) -> Delete on reboot.
    C:\Program Files (x86)\SearchProtect\UI\bin (PUP.Optional.SearchProtect.A) -> Delete on reboot.
    C:\Program Files (x86)\SearchProtect\UI\dialogs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\libs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\protection (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\settings (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Users\Nikky\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
    C:\Users\Nikky\AppData\Roaming\OpenCandy\OpenCandy_265EFB58594C4E39A7BB41996D764115 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
    C:\Users\Nikky\AppData\Local\Temp\ct3306058 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Nikky\AppData\Local\Temp\ct3306058\plugins (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Nikky\AppData\Local\Temp\ct3306058\xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Nikky\AppData\Local\Temp\ct3306058\xpi\defaults (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Nikky\AppData\Local\Temp\ct3306058\xpi\defaults\preferences (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Conduit\IE (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Conduit\IE\CT3306058 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Connect_DLC_2 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

    Files Detected: 160
    C:\Program Files (x86)\lucky leap\updateluckyleap.exe (PUP.Optional.LuckyLeap.A) -> Delete on reboot.
    C:\Program Files (x86)\lucky leap\bin\utilluckyleap.exe (PUP.Optional.LuckyLeap.A) -> Delete on reboot.
    C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (PUP.Optional.Conduit.A) -> Delete on reboot.
    C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe (PUP.Optional.Conduit.A) -> Delete on reboot.
    C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe (PUP.Optional.Conduit.A) -> Delete on reboot.
    C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\lucky leap\luckyleapBHO.dll (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully.
    C:\Users\Nikky\AppData\Local\Temp\nsjB40B.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Nikky\AppData\Local\Temp\nsk3ED9.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Nikky\AppData\Local\Temp\nsoE5E4.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Nikky\AppData\Local\Temp\nst9928.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Nikky\AppData\Local\Temp\nsy711F.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Nikky\AppData\Local\Temp\nsz574B.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Nikky\AppData\Local\Temp\SPSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Nikky\AppData\Local\Temp\SPStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Nikky\AppData\Local\Temp\AU\SPSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Nikky\AppData\Local\Temp\ct3306058\chLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Nikky\AppData\Local\Temp\ct3306058\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Nikky\AppData\Local\Temp\ct3306058\ffLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Nikky\AppData\Local\Temp\ct3306058\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Nikky\AppData\Local\Temp\ct3306058\spch.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Nikky\AppData\Local\Temp\ct3306058\spff.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Nikky\AppData\Local\Temp\ct3306058\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Nikky\AppData\Local\Temp\ct3306058\stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Windows\Temp\nscAA1B.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Windows\Temp\nsd5303.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Windows\Temp\nsg2B3C.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Windows\Temp\nsj290D.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Windows\Temp\nslBD9E.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Windows\Temp\nsn5341.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Windows\Temp\nsn8DC2.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Windows\Temp\nsn912C.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Windows\Temp\nsnF5EA.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Windows\Temp\nsq3032.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Windows\Temp\nsq3B05.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Windows\Temp\nsr1C2D.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Windows\Temp\nsr30D6.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Windows\Temp\nsrC83E.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Windows\Temp\nsu2F25.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Windows\Temp\nsuB6FB.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Windows\Temp\nsv42C0.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Windows\Temp\nsz910.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Windows\Temp\89A2.tmp\bin\SPHook32.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Windows\Temp\89A2.tmp\bin\SPHook64.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Windows\Temp\89A2.tmp\bin\SPRunner.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Windows\Temp\89A2.tmp\bin\SPTool64.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Nikky\Downloads\SoftonicDownloader_for_windows-movie-maker(1).exe (PUP.Optional.Softonic.A) -> Quarantined and deleted successfully.
    C:\Users\Nikky\Downloads\SoftonicDownloader_for_windows-movie-maker.exe (PUP.Optional.Softonic.A) -> Quarantined and deleted successfully.
    C:\Users\Nikky\AppData\Local\Conduit\CT3306058\Connect_DLC_2AutoUpdateHelper.exe (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\lucky leap\luckyleap.ico (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\lucky leap\eiimolhnbbbdagljikeckdkldgemmmlj.crx (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\lucky leap\luckyleapUninstall.exe (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\lucky leap\sqlite3.exe (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\lucky leap\updateluckyleap.InstallState (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\lucky leap\bin\sqlite3.dll (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\lucky leap\bin\utilluckyleap.InstallState (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\lucky leap\bin\plugins\luckyleap.FFUpdate.dll (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\lucky leap\bin\plugins\luckyleap.GCUpdate.dll (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\lucky leap\bin\plugins\luckyleap.IEUpdate.dll (PUP.Optional.LuckyLeap.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\EULA.txt (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1389904140005 (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1389904142331 (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1390856547570 (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1391019953043 (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1391019953097 (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1391452255158 (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1391452255435 (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
    C:\Users\Nikky\AppData\Roaming\OpenCandy\OpenCandy_265EFB58594C4E39A7BB41996D764115\LatestDLMgr.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
    C:\Users\Nikky\AppData\Local\Temp\ct3306058\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Nikky\AppData\Local\Temp\ct3306058\conduit.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Nikky\AppData\Local\Temp\ct3306058\CT3306058.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Nikky\AppData\Local\Temp\ct3306058\CT3306058.xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Nikky\AppData\Local\Temp\ct3306058\initdata.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Nikky\AppData\Local\Temp\ct3306058\manifest.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Nikky\AppData\Local\Temp\ct3306058\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Nikky\AppData\Local\Temp\ct3306058\version.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Nikky\AppData\Local\Temp\ct3306058\plugins\TBVerifier.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Nikky\AppData\Local\Temp\ct3306058\xpi\install.rdf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Users\Nikky\AppData\Local\Temp\ct3306058\xpi\defaults\preferences\defaults.js (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Conduit\IE\CT3306058\configutaion.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Conduit\IE\CT3306058\SetupIcon.ico (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Conduit\IE\CT3306058\UninstallerUI.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Connect_DLC_2\Connect_DLC_2ToolbarHelper.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Connect_DLC_2\GottenAppsContextMenu.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Connect_DLC_2\hk64tbConn.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Connect_DLC_2\hktbConn.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Connect_DLC_2\ldrtbConn.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Connect_DLC_2\OtherAppsContextMenu.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Connect_DLC_2\prxtbConn.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Connect_DLC_2\SharedAppsContextMenu.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Connect_DLC_2\tbConn.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Connect_DLC_2\toolbar.cfg (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Connect_DLC_2\ToolbarContextMenu.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

    (end)
  2. rabmo

    rabmo Newcomer, in training Topic Starter Posts: 37

    DDS.txt log:
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.17.2
    Run by Nikky at 13:04:54 on 2014-02-11
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3831.933 [GMT -6:00]
    .
    AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    AV: Trend Micro Titanium *Disabled/Outdated* {68F968AC-2AA0-091D-848C-803E83E35902}
    SP: Trend Micro Titanium *Disabled/Outdated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    FW: AVG Internet Security 2013 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\system32\atiesrxx.exe
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\atieclxx.exe
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\windows\system32\taskhost.exe
    C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
    C:\windows\system32\Dwm.exe
    C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
    C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    C:\windows\Explorer.EXE
    C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\windows\system32\taskeng.exe
    C:\Program Files (x86)\Google\Google Media Server\GoogleMediaServer.exe
    C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
    C:\windows\SysWOW64\Rundll32.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\windows\System32\svchost.exe -k HPZ12
    C:\windows\System32\svchost.exe -k HPZ12
    C:\windows\SysWOW64\PSIService.exe
    C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\TOSHIBA\TECO\TecoService.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
    C:\windows\System32\Drivers\WTSRV.EXE
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\TOSHIBA\TECO\Teco.exe
    C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
    C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Users\Nikky\AppData\Local\Google\Update\1.3.22.3\GoogleCrashHandler.exe
    C:\Users\Nikky\AppData\Local\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
    C:\Program Files (x86)\Google\Google Media Server\GoogleMediaScanner.exe
    C:\Program Files (x86)\Adobe\Elements Organizer 8.0\ElementsOrganizerSyncAgent.exe
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\TechSmith\Jing\Jing.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    C:\Users\Nikky\AppData\Roaming\Smilebox\SmileboxTray.exe
    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
    C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Users\Nikky\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
    C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Windows\SysWOW64\WTClient.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    C:\windows\system32\svchost.exe -k HPService
    C:\windows\splwow64.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\windows\system32\sppsvc.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
    C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
    C:\windows\system32\svchost.exe -k SDRSVC
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\wuauclt.exe
    C:\windows\servicing\TrustedInstaller.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://www.bigseekpro.com/solidyoutube/{26E70FA3-B27A-45F7-B4BE-325C97BF4863}
    mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
    uProxyOverride = <local>;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    uURLSearchHooks: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - <orphaned>
    dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
    mWinlogon: Userinit = c:\windows\syswow64\userinit.exe,
    BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg32.dll
    BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll
    EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
    uRun: [Google Update] "C:\Users\Nikky\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    uRun: [Google Media Scanner] "C:\Program Files (x86)\Google\Google Media Server\GoogleMediaScanner.exe"
    uRun: [CAHeadless] C:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe
    uRun: [PhotoshopElements8SyncAgent] C:\Program Files (x86)\Adobe\Elements Organizer 8.0\ElementsOrganizerSyncAgent.exe
    uRun: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe
    uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    uRun: [SmileboxTray] "C:\Users\Nikky\AppData\Roaming\Smilebox\SmileboxTray.exe"
    uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
    uRun: [BackgroundContainer] "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\Nikky\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
    mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
    mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [WTClient] WTClient.exe
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
    dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect"
    StartupFolder: C:\Users\Nikky\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Nikky\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\Nikky\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    StartupFolder: C:\Users\Nikky\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HDWRIT~1.LNK - C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: DisableStartupSound = dword:1
    IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr/200
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
    IE: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {C6FAB351-8F12-4ED3-A9C1-4D3E86B0BB07} - hxxps://insite.mhhs.org/MHHS_Portal_Login_09.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: NameServer = 192.168.3.1 192.168.3.1
    TCP: Interfaces\{85FE93A7-5497-4D6D-8CC9-640622A0479B} : DHCPNameServer = 192.168.3.1 192.168.3.1
    TCP: Interfaces\{85FE93A7-5497-4D6D-8CC9-640622A0479B}\341627E6966716C6D275966496 : DHCPNameServer = 216.7.159.195 216.7.159.133
    TCP: Interfaces\{85FE93A7-5497-4D6D-8CC9-640622A0479B}\4454E4F59405143535 : DHCPNameServer = 172.19.255.254
    TCP: Interfaces\{85FE93A7-5497-4D6D-8CC9-640622A0479B}\4494146425545475946494 : DHCPNameServer = 172.19.255.254
    TCP: Interfaces\{85FE93A7-5497-4D6D-8CC9-640622A0479B}\65562796A7F6E602D496649623230303025393644302355636572756 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{85FE93A7-5497-4D6D-8CC9-640622A0479B}\662636C69626 : DHCPNameServer = 66.163.80.134 66.163.80.132
    TCP: Interfaces\{85FE93A7-5497-4D6D-8CC9-640622A0479B}\D697177756374743831393 : DHCPNameServer = 192.168.0.1 205.171.3.25
    TCP: Interfaces\{99233A99-545E-4AEF-8F7A-FB62315A12DC} : DHCPNameServer = 192.168.3.1 192.168.3.1
    TCP: Interfaces\{C25DC0D9-B4B5-4DDC-824F-BFAC088E1292} : DHCPNameServer = 192.168.3.1 192.168.3.1
    TCP: Interfaces\{C25DC0D9-B4B5-4DDC-824F-BFAC088E1292}\355524751495D202358656C6C6 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{C25DC0D9-B4B5-4DDC-824F-BFAC088E1292}\553594F52565F5051627B6F513 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{C25DC0D9-B4B5-4DDC-824F-BFAC088E1292}\65562796A7F6E602D496649623230303025393644302355636572756 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{C25DC0D9-B4B5-4DDC-824F-BFAC088E1292}\662636F6F6 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{C25DC0D9-B4B5-4DDC-824F-BFAC088E1292}\D697177756374743831393 : DHCPNameServer = 192.168.0.1 205.171.3.25
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    Handler: qv - {D6857445-6D99-4719-8C44-27A532D75AEE} - C:\Program Files (x86)\QuickVerse 2011\qvprotwrapper.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
    Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg32.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs= C:\PROGRA~2\Google\GOOGLE~4\GO36F4~1.DLL
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg.dll
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll
    x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
    x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
    x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
    x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
    x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
    x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
    x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
    x64-Run: [SmartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
    x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
    x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
    x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
    x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    x64-Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe -set Silent "1" SplashURL ""
    x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    x64-Handler: qv - {D6857445-6D99-4719-8C44-27A532D75AEE} - <orphaned>
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll
    x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1079\TmIEPlg.dll
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Nikky\AppData\Roaming\Mozilla\Firefox\Profiles\g1zbr0z6.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306058&CUI=UN18037891892094760&UM=2&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Conduit Search
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306058&SearchSource=2&CUI=UN18037891892094760&UM=2&q=
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
    FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\npsitesafety.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
    FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
    FF - plugin: C:\Users\Nikky\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Nikky\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Nikky\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Users\Nikky\AppData\Roaming\Mozilla\plugins\npo1d.dll
    FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
    FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
    FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2013-12-12 21:30; {3b232d24-d5de-4194-b4d7-d53b41a09748}; C:\Users\Nikky\AppData\Roaming\Mozilla\Firefox\Profiles\g1zbr0z6.default\extensions\{3b232d24-d5de-4194-b4d7-d53b41a09748}.xpi
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
    R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2013-7-20 311608]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2013-10-23 45880]
    R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2010-12-29 55856]
    R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2013-11-25 246072]
    R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
    R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
    R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2012-11-9 46368]
    R1 Eve;EVE Protocol Driver;C:\windows\System32\drivers\eve.sys [2013-11-8 41304]
    R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-8 169312]
    R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2010-8-13 202752]
    R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2010-12-26 256336]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-11-20 283136]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 Google MediaServer;Google MediaServer;C:\Program Files (x86)\Google\Google Media Server\GoogleMediaServer.exe [2011-9-15 622080]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-2-11 418376]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-2-11 701512]
    R2 tmevtmgr;tmevtmgr;C:\windows\System32\drivers\tmevtmgr.sys [2010-12-26 67664]
    R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-2-22 75304]
    R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2014-2-11 25928]
    R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2010-8-13 35008]
    R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
    R3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192Ce.sys [2010-8-13 877088]
    R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
    R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
    R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
    R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2010-12-26 517448]
    S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-7-22 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2011-9-12 30192]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
    S3 PTSimBus;PenTablet Bus Enumerator;C:\windows\System32\drivers\PTSimBus.sys [2011-12-25 27304]
    S3 PTSimHid;PenTablet Simulated HID MiniDriver;C:\windows\System32\drivers\PTSimHid.sys [2011-12-25 17064]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2010-8-13 239136]
    S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-7-4 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]
    .
    =============== File Associations ===============
    .
    FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\Dreamweaver.exe","%1"
    ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\dreamweaver.exe", "%1"
    .
    =============== Created Last 30 ================
    .
    2014-02-11 17:49:04 -------- d-----w- C:\Users\Nikky\AppData\Roaming\Malwarebytes
    2014-02-11 17:48:52 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-02-11 17:48:49 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
    2014-02-11 17:48:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-02-06 17:03:14 -------- d--h--w- C:\ProgramData\CanonIJEGV
    2014-01-14 05:16:35 -------- d-----w- C:\TDSSKiller_Quarantine
    .
    ==================== Find3M ====================
    .
    2014-02-11 18:24:56 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-02-11 18:24:56 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
    2013-11-25 07:48:36 246072 ----a-w- C:\windows\System32\drivers\avgidsdrivera.sys
    2012-07-22 18:34:04 4024320 ----a-w- C:\Program Files (x86)\GUTCFFB.tmp
    .
    ============= FINISH: 13:13:36.38 ===============
  3. Broni

    Broni Malware Annihilator Posts: 45,310   +243

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===============================

    [​IMG] You're running two AV programs, AVG and TrendMicro.
    You have to uninstall one of them.
    If AVG use AVG Remover: http://www.avg.com/us-en/utilities

    [​IMG] I still need Attach.txt log from DDS.
  4. rabmo

    rabmo Newcomer, in training Topic Starter Posts: 37

    Trying to uninstall Trend Micro.
    Here is the attach.txt
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/25/2010 8:43:52 AM
    System Uptime: 2/11/2014 12:53:08 PM (1 hours ago)
    .
    Motherboard: AMD Corp. | | Guam
    Processor: AMD Turion(tm) II P540 Dual-Core Processor | Socket S1G4 | 2400/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 454 GiB total, 188.62 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
    Description: PenTablet Bus Enumerator
    Device ID: ROOT\SYSTEM\0001
    Manufacturer: PenTablet
    Name: PenTablet Bus Enumerator
    PNP Device ID: ROOT\SYSTEM\0001
    Service: PTSimBus
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    4500_G510nz_Help_Web
    4500G510nz_Software_Min
    4500G510nz_web
    64 Bit HP CIO Components Installer
    Adobe Acrobat X Pro - English, Français, Deutsch
    Adobe AIR
    Adobe Community Help
    Adobe Connect Add-in
    Adobe Content Viewer
    Adobe Creative Suite 5.5 Design Premium
    Adobe Digital Editions
    Adobe Download Assistant
    Adobe Flash Player 12 ActiveX
    Adobe Flash Player 12 Plugin
    Adobe Media Player
    Adobe Photoshop CS5
    Adobe Photoshop Elements 7.0
    Adobe Photoshop.com Inspiration Browser
    Adobe Premiere Elements 8.0
    Adobe Reader X (10.1.9)
    Adobe Shockwave Player 11.6
    Adobe Widget Browser
    Amazon Kindle
    Amazon MP3 Downloader 1.0.12
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    ATI Catalyst Install Manager
    Audacity 1.3.14 (Unicode)
    AVG 2013
    AVG PC Tuneup 2011
    AVG Security Toolbar
    Best Buy pc app
    Bonjour
    BufferChm
    Canon Easy-PhotoPrint EX
    Canon Easy-WebPrint EX
    Canon IJ Network Scanner Selector EX
    Canon IJ Network Tool
    Canon Inkjet Printer/Scanner/Fax Extended Survey Program
    Canon MP Navigator EX 4.1
    Canon MX880 series MP Drivers
    Canon MX880 series User Registration
    Canon My Printer
    Canon Solution Menu EX
    Canon Speed Dial Utility
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Color Efex Pro 3.0 Wacom Edition 3
    Conexant HD Audio
    Corel Painter Essentials 4
    CorelDRAW Graphics Suite X3
    D3DX10
    Dell Driver Download Manager
    Dropbox
    EN
    Evernote v. 4.5.7
    ExamView Player
    FFmpeg v0.6.2 for Audacity
    FontNav
    Free Audio Dub version 1.7.9.908
    Garmin Training Center
    Garmin USB Drivers
    Google Calendar Sync
    Google Chrome
    Google Desktop
    Google Drive
    Google Media Server
    Google Talk Plugin
    Google Update Helper
    HandBrake 0.9.6
    HD Writer AE 3.0
    HP Deskjet 1000 J110 series Basic Device Software
    HP Deskjet 1000 J110 series Help
    HP Deskjet 1000 J110 series Product Improvement Study
    HP Officejet 4500 G510n-z
    HP Photo Creations
    HP Update
    iCloud
    iDailyDiary Professional 3.71 (30 day evaluation)
    iOffline
    iTunes
    Java 7 Update 17
    Java Auto Updater
    Java(TM) 6 Update 31
    Jing
    Jokosher version 0.11.4
    Junk Mail filter update
    Label@Once 1.0
    LAME v3.99.3 (for Windows)
    lucky leap 2013.11.07.203812
    Malwarebytes Anti-Malware version 1.75.0.1300
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2010
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Click-to-Run 2010
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Starter 2010 - English
    Microsoft Office Ultimate 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Works 6-9 Converter
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_ATL_x86_x64
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_CRT_x86_x64
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFC_x86_x64
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC80_MFCLOC_x86_x64
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_ATL_x86_x64
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_CRT_x86_x64
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFC_x86_x64
    Microsoft_VC90_MFCLOC_x86
    Microsoft_VC90_MFCLOC_x86_x64
    MobileMe Control Panel
    Mozilla Firefox 26.0 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Network64
    NOOK Study
    NRP Instructor DVD-ROM
    PDF Settings CS5
    Picasa 3
    PlayReady PC Runtime amd64
    PlayReady PC Runtime x86
    QuickTime
    QuickVerse 2011
    Rabbit Register
    RealDownloader
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealNetworks - Microsoft Visual C++ 2010 Runtime
    RealPlayer
    Realtek USB 2.0 Card Reader
    Realtek WLAN Driver
    RealUpgrade 1.1
    Safari
    Scan
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Skype Toolbars
    Skype™ 5.10
    SmartSound Quicktracks for Premiere Elements 8.0
    Smilebox
    swMSM
    Synaptics Pointing Device Driver
    Tablet Driver V5.02
    The Big Box of Art 410,000
    Toolbox
    TOSHIBA Application Installer
    TOSHIBA Assist
    Toshiba Book Place
    TOSHIBA Bulletin Board
    TOSHIBA Disc Creator
    TOSHIBA eco Utility
    TOSHIBA Face Recognition
    TOSHIBA Hardware Setup
    TOSHIBA HDD/SSD Alert
    TOSHIBA Media Controller
    TOSHIBA Media Controller Plug-in
    TOSHIBA PC Health Monitor
    TOSHIBA Quality Application
    TOSHIBA Recovery Media Creator
    TOSHIBA ReelTime
    TOSHIBA Service Station
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    TOSHIBA Web Camera Application
    ToshibaRegistration
    Trend Micro Titanium
    Trend Micro™ Titanium™
    Tutor.com Classroom
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768021) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update Manager
    Visual Studio 2008 x64 Redistributables
    Visual Studio 2010 x64 Redistributables
    VSO Downloader 3.1.0.50
    VSO EVE Network Driver version 0.4
    WebReg
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Movie Maker 2.6
    WinPcap 4.1.2
    WinSCP 4.3.3
    .
    ==== End Of File ===========================
  5. Broni

    Broni Malware Annihilator Posts: 45,310   +243

    What do you mean by "trying"?
  6. rabmo

    rabmo Newcomer, in training Topic Starter Posts: 37

    When I try to uninstall from control board>programs I get a message that it cannot be uninstalled while it is updating.
  7. Broni

    Broni Malware Annihilator Posts: 45,310   +243

  8. rabmo

    rabmo Newcomer, in training Topic Starter Posts: 37

    Trend Micro is now uninstalled
  9. Broni

    Broni Malware Annihilator Posts: 45,310   +243

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  10. rabmo

    rabmo Newcomer, in training Topic Starter Posts: 37

    Report from TDSSKILLER:

    00:35:09.0773 0x244c TDSS rootkit removing tool 3.0.0.23 Feb 10 2014 23:32:41
    00:35:16.0358 0x244c ============================================================
    00:35:16.0358 0x244c Current date / time: 2014/02/12 00:35:16.0358
    00:35:16.0358 0x244c SystemInfo:
    00:35:16.0358 0x244c
    00:35:16.0358 0x244c OS Version: 6.1.7601 ServicePack: 1.0
    00:35:16.0358 0x244c Product type: Workstation
    00:35:16.0358 0x244c ComputerName: NIKKY-PC
    00:35:16.0360 0x244c UserName: Nikky
    00:35:16.0360 0x244c Windows directory: C:\windows
    00:35:16.0360 0x244c System windows directory: C:\windows
    00:35:16.0360 0x244c Running under WOW64
    00:35:16.0361 0x244c Processor architecture: Intel x64
    00:35:16.0361 0x244c Number of processors: 2
    00:35:16.0361 0x244c Page size: 0x1000
    00:35:16.0361 0x244c Boot type: Normal boot
    00:35:16.0361 0x244c ============================================================
    00:35:20.0323 0x244c KLMD registered as C:\windows\system32\drivers\69739080.sys
    00:35:21.0201 0x244c System UUID: {A8E9F583-51BF-5938-991A-DD4CEE264FCD}
    00:35:24.0047 0x244c Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    00:35:24.0052 0x244c ============================================================
    00:35:24.0052 0x244c \Device\Harddisk0\DR0:
    00:35:24.0052 0x244c MBR partitions:
    00:35:24.0052 0x244c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x38C79000
    00:35:24.0052 0x244c ============================================================
    00:35:24.0072 0x244c C: <-> \Device\Harddisk0\DR0\Partition1
    00:35:24.0072 0x244c ============================================================
    00:35:24.0072 0x244c Initialize success
    00:35:24.0072 0x244c ============================================================
    00:35:27.0940 0x231c ============================================================
    00:35:27.0940 0x231c Scan started
    00:35:27.0940 0x231c Mode: Manual;
    00:35:27.0940 0x231c ============================================================
    00:35:27.0940 0x231c KSN ping started
    00:35:32.0826 0x231c KSN ping finished: true
    00:35:35.0471 0x231c ================ Scan system memory ========================
    00:35:35.0471 0x231c System memory - ok
    00:35:35.0471 0x231c ================ Scan services =============================
    00:35:35.0682 0x231c [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
    00:35:35.0689 0x231c 1394ohci - ok
    00:35:36.0384 0x231c [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\windows\system32\drivers\ACPI.sys
    00:35:36.0392 0x231c ACPI - ok
    00:35:36.0429 0x231c [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
    00:35:36.0430 0x231c AcpiPmi - ok
    00:35:36.0527 0x231c [ 6D9FC1E7EA3C548F4D3455F0C3FEEF8C, 0CDB4FE838AAE02BAD50F5284E3EEAD53A58366BF2D3B64903B4EE93C8506A98 ] AdobeActiveFileMonitor7.0 C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    00:35:36.0531 0x231c AdobeActiveFileMonitor7.0 - ok
    00:35:36.0651 0x231c [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    00:35:36.0654 0x231c AdobeARMservice - ok
    00:35:36.0846 0x231c [ C8C6C0D659734FDBF63F6F421A5416BC, 11C452D77D0A8A5E430D0D0C9949797FFC03D2E3DADB8FBB9B63EDA868AFF83C ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    00:35:36.0852 0x231c AdobeFlashPlayerUpdateSvc - ok
    00:35:37.0024 0x231c [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
    00:35:37.0037 0x231c adp94xx - ok
    00:35:37.0068 0x231c [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
    00:35:37.0077 0x231c adpahci - ok
    00:35:37.0123 0x231c [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
    00:35:37.0128 0x231c adpu320 - ok
    00:35:37.0210 0x231c [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
    00:35:37.0212 0x231c AeLookupSvc - ok
    00:35:37.0297 0x231c [ 1C7857B62DE5994A75B054A9FD4C3825, 83F963D7E636532B1AD30B1E727EC429317CA540F6EB3BB268FCC0B163B67767 ] AFD C:\windows\system32\drivers\afd.sys
    00:35:37.0309 0x231c AFD - ok
    00:35:37.0383 0x231c [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\windows\system32\drivers\agp440.sys
    00:35:37.0385 0x231c agp440 - ok
    00:35:37.0759 0x231c [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\windows\System32\alg.exe
    00:35:37.0762 0x231c ALG - ok
    00:35:37.0861 0x231c [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\windows\system32\drivers\aliide.sys
    00:35:37.0862 0x231c aliide - ok
    00:35:37.0898 0x231c [ 57B773D82E8CC3C6D7E02CC8A6632043, 8E3BEF76976E884E9E68BEC34963E4C6C0D523630D5FB1325B3A622B6369FF4E ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
    00:35:37.0904 0x231c AMD External Events Utility - ok
    00:35:37.0922 0x231c [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\windows\system32\drivers\amdide.sys
    00:35:37.0923 0x231c amdide - ok
    00:35:37.0963 0x231c [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
    00:35:37.0965 0x231c AmdK8 - ok
    00:35:38.0282 0x231c [ AEFAF27F1B7E52C705DF4FB6C96732F6, 83F8A4EB3B0EA02E4F6F648F93014A3BC10A25CB0557DE2D50A26F338B278165 ] amdkmdag C:\windows\system32\DRIVERS\atipmdag.sys
  11. rabmo

    rabmo Newcomer, in training Topic Starter Posts: 37

    00:35:38.0461 0x231c amdkmdag - ok
    00:35:38.0547 0x231c [ 8149DB73BE27950EC72767A1193153A6, 2EE3E241695C6EEE0C013E6E5DC2C0D71B0474032D138E9958E6A191C691B481 ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
    00:35:38.0551 0x231c amdkmdap - ok
    00:35:38.0609 0x231c [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
    00:35:38.0611 0x231c AmdPPM - ok
    00:35:38.0707 0x231c [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\windows\system32\drivers\amdsata.sys
    00:35:38.0710 0x231c amdsata - ok
    00:35:38.0846 0x231c [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
    00:35:38.0850 0x231c amdsbs - ok
    00:35:38.0894 0x231c [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\windows\system32\drivers\amdxata.sys
    00:35:38.0895 0x231c amdxata - ok
    00:35:38.0979 0x231c [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\windows\system32\drivers\appid.sys
    00:35:38.0981 0x231c AppID - ok
    00:35:39.0038 0x231c [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\windows\System32\appidsvc.dll
    00:35:39.0040 0x231c AppIDSvc - ok
    00:35:39.0113 0x231c [ 3977D4A871CA0D4F2ED1E7DB46829731, 2AF1C3225994769C3FD25CD7E9603964B035576F25B0B6D91545566E0722FFAA ] Appinfo C:\windows\System32\appinfo.dll
    00:35:39.0115 0x231c Appinfo - ok
    00:35:39.0202 0x231c [ 7EF47644B74EBE721CC32211D3C35E76, 1381908E70567AAE5A8C96C4B7BF8E68748F64DE3243FD0FA8CC0E72DEEDA9A7 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    00:35:39.0204 0x231c Apple Mobile Device - ok
    00:35:39.0344 0x231c [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\windows\system32\DRIVERS\arc.sys
    00:35:39.0346 0x231c arc - ok
    00:35:39.0393 0x231c [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
    00:35:39.0397 0x231c arcsas - ok
    00:35:39.0678 0x231c [ 9217D874131AE6FF8F642F124F00A555, BE2923D5AA7748FDAAED73AF567D015517B36F1C739C6E5637DD15112EFDF495 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    00:35:39.0680 0x231c aspnet_state - ok
    00:35:39.0739 0x231c [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
  12. rabmo

    rabmo Newcomer, in training Topic Starter Posts: 37

    00:35:39.0740 0x231c AsyncMac - ok
    00:35:39.0804 0x231c [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\windows\system32\drivers\atapi.sys
    00:35:39.0805 0x231c atapi - ok
    00:35:39.0897 0x231c [ 7C5D273E29DCC5505469B299C6F29163, 206CAB85CE12A3953F0861C811575DC7FD000147436219EEE334584A33370B3A ] AtiPcie C:\windows\system32\DRIVERS\AtiPcie.sys
    00:35:39.0898 0x231c AtiPcie - ok
    00:35:40.0015 0x231c [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
    00:35:40.0033 0x231c AudioEndpointBuilder - ok
    00:35:40.0067 0x231c [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\windows\System32\Audiosrv.dll
    00:35:40.0082 0x231c AudioSrv - ok
    00:35:40.0221 0x231c [ 632730EE9C0A6173BF2CD55FCC76EE5B, B36710C34AD5DEB4400CB7B7B460A778BAF265FCE79EB0466589429911DF4BCE ] AVG Security Toolbar Service C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
    00:35:40.0233 0x231c AVG Security Toolbar Service - ok
    00:35:40.0705 0x231c [ 4DB93F4DB7077801D2D82013506AC1D0, 3D71655D1557021D5D828E37EAFDBA35C631061E48D64B9D376746F8FCC760B3 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    00:35:40.0872 0x231c AVGIDSAgent - ok
    00:35:40.0989 0x231c [ 92B7689FBC131E143421A19C18320E34, D3A323015790355070A380731CA56547F518F8AF800BC71670481A646C8FEEB3 ] AVGIDSDriver C:\windows\system32\DRIVERS\avgidsdrivera.sys
    00:35:40.0995 0x231c AVGIDSDriver - ok
    00:35:41.0093 0x231c [ C8D9EEACF266512C1FA52E2ECF5AD944, 01972886F4324C55BE4450F2E18F263FBF0BE7525A9390714216E6C7A1827B1D ] AVGIDSHA C:\windows\system32\DRIVERS\avgidsha.sys
    00:35:41.0095 0x231c AVGIDSHA - ok
    00:35:41.0186 0x231c [ FACD18A89FDEBC35C85CAF762B294BE2, FD6EBE87ACA6CC017AB7ED886B2BC13CA05BDA38E4B7E8A63F33EF7E5C755BB8 ] Avgldx64 C:\windows\system32\DRIVERS\avgldx64.sys
    00:35:41.0193 0x231c Avgldx64 - ok
    00:35:41.0260 0x231c [ 29FCDEAC6086FB7E55344B51E35D99CE, 06408D79DF92B8A31DE0CA518BD93CA211D3192496CA3783762F289549F8F615 ] Avgloga C:\windows\system32\DRIVERS\avgloga.sys
    00:35:41.0268 0x231c Avgloga - ok
    00:35:41.0293 0x231c [ 85053293DCDE19829E8691A9E9E8A6FF, 1F115376DCF888C0ED928D5E7150CC4602510FDA785DE76912D415366D8D7393 ] Avgmfx64 C:\windows\system32\DRIVERS\avgmfx64.sys
    00:35:41.0297 0x231c Avgmfx64 - ok
    00:35:41.0398 0x231c [ E191E443B0F7B05E784279A1C29B9D2A, 24B2B048C2CE5520A6B0E6702F55B5B65411E3E3D0857301E430EF2F9D7ECAFE ] Avgrkx64 C:\windows\system32\DRIVERS\avgrkx64.sys
    00:35:41.0400 0x231c Avgrkx64 - ok
    00:35:41.0457 0x231c [ 69BD90E337625F96C718CACE7A9C9E29, 586948D6715ACB845D58BB5A73B8E5DA96A5415BC67D0508054F03D9A5C21768 ] Avgtdia C:\windows\system32\DRIVERS\avgtdia.sys
    00:35:41.0463 0x231c Avgtdia - ok
    00:35:41.0554 0x231c [ A1F53D2A00E64679A1D81B61D2333D06, 41D4F252693A2382A1C1FB85A49DF5AAB5B21620DC09A0E1A7F66A437E3A0B3B ] avgtp C:\windows\system32\drivers\avgtpx64.sys
    00:35:41.0556 0x231c avgtp - ok
    00:35:41.0590 0x231c [ D646FA5135A1CD795877AFE9D17FA9ED, 2F97FBCD7BD75727A77C17D75D2482AE819D5D2EB9760D96412F9C20AA7D9473 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    00:35:41.0597 0x231c avgwd - ok
    00:35:41.0645 0x231c [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\windows\System32\AxInstSV.dll
    00:35:41.0648 0x231c AxInstSV - ok
    00:35:41.0736 0x231c [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
    00:35:41.0747 0x231c b06bdrv - ok
    00:35:41.0808 0x231c [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
    00:35:41.0815 0x231c b57nd60a - ok
    00:35:41.0857 0x231c [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\windows\System32\bdesvc.dll
    00:35:41.0860 0x231c BDESVC - ok
    00:35:41.0910 0x231c [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\windows\system32\drivers\Beep.sys
    00:35:41.0911 0x231c Beep - ok
    00:35:42.0060 0x231c [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\windows\System32\bfe.dll
    00:35:42.0076 0x231c BFE - ok
    00:35:42.0204 0x231c [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\windows\System32\qmgr.dll
    00:35:42.0225 0x231c BITS - ok
    00:35:42.0272 0x231c [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
    00:35:42.0274 0x231c blbdrive - ok
    00:35:42.0475 0x231c [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    00:35:42.0485 0x231c Bonjour Service - ok
    00:35:42.0548 0x231c [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\windows\system32\DRIVERS\bowser.sys
    00:35:42.0551 0x231c bowser - ok
    00:35:42.0619 0x231c [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
    00:35:42.0620 0x231c BrFiltLo - ok
    00:35:42.0628 0x231c [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
    00:35:42.0628 0x231c BrFiltUp - ok
    00:35:42.0689 0x231c [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\windows\System32\browser.dll
    00:35:42.0693 0x231c Browser - ok
    00:35:42.0737 0x231c [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\windows\System32\Drivers\Brserid.sys
    00:35:42.0746 0x231c Brserid - ok
    00:35:42.0961 0x231c [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
    00:35:42.0967 0x231c BrSerWdm - ok
    00:35:43.0072 0x231c [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
    00:35:43.0073 0x231c BrUsbMdm - ok
    00:35:43.0136 0x231c [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
    00:35:43.0138 0x231c BrUsbSer - ok
    00:35:43.0293 0x231c [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
    00:35:43.0296 0x231c BTHMODEM - ok
    00:35:43.0365 0x231c [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\windows\system32\bthserv.dll
    00:35:43.0367 0x231c bthserv - ok
    00:35:43.0394 0x231c [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
    00:35:43.0396 0x231c cdfs - ok
    00:35:43.0483 0x231c [ F036CE71586E93D94DAB220D7BDF4416,
  13. rabmo

    rabmo Newcomer, in training Topic Starter Posts: 37

    BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
    00:35:43.0487 0x231c cdrom - ok
    00:35:43.0570 0x231c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\windows\System32\certprop.dll
    00:35:43.0599 0x231c CertPropSvc - ok
    00:35:43.0660 0x231c [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\windows\system32\DRIVERS\circlass.sys
    00:35:43.0661 0x231c circlass - ok
    00:35:43.0723 0x231c [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\windows\system32\CLFS.sys
    00:35:43.0733 0x231c CLFS - ok
    00:35:43.0800 0x231c [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    00:35:43.0802 0x231c clr_optimization_v2.0.50727_32 - ok
    00:35:43.0852 0x231c [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    00:35:43.0856 0x231c clr_optimization_v2.0.50727_64 - ok
    00:35:43.0927 0x231c [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    00:35:43.0931 0x231c clr_optimization_v4.0.30319_32 - ok
    00:35:43.0944 0x231c [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    00:35:43.0948 0x231c clr_optimization_v4.0.30319_64 - ok
    00:35:43.0987 0x231c [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
    00:35:43.0988 0x231c CmBatt - ok
    00:35:44.0068 0x231c [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\windows\system32\drivers\cmdide.sys
    00:35:44.0069 0x231c cmdide - ok
    00:35:44.0135 0x231c [ 9AC4F97C2D3E93367E2148EA940CD2CD, 530E089E5CF868AECDB2B5548EBE76E0CA98FC74A72897292AB2485734402E3B ] CNG C:\windows\system32\Drivers\cng.sys
    00:35:44.0146 0x231c CNG - ok
    00:35:44.0253 0x231c [ 25C58EE97BE0416A373E3E4F855206B5, 3AE7CA1E1ED56C2CE4BD11F2F89060DEF480009E4AA2128897C70E9E679E44BB ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
    00:35:44.0269 0x231c CnxtHdAudService - ok
    00:35:44.0353 0x231c [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
    00:35:44.0355 0x231c Compbatt - ok
    00:35:44.0430 0x231c [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
    00:35:44.0431 0x231c CompositeBus - ok
    00:35:44.0457 0x231c COMSysApp - ok
    00:35:44.0508 0x231c [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
    00:35:44.0509 0x231c crcdisk - ok
    00:35:44.0601 0x231c [ 9C01375BE382E834CC26D1B7EAF2C4FE, B1D1E36B91A3C3CD09428EE3403896F71390A2798323BB406B484D9DB064A219 ] CryptSvc C:\windows\system32\cryptsvc.dll
    00:35:44.0606 0x231c CryptSvc - ok
    00:35:44.0763 0x231c [ 72794D112CBAFF3BC0C29BF7350D4741, 060C207F27306A3464FBCD8B08BDC97E34923ECA349933ECB059848BD08F41ED ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    00:35:44.0783 0x231c cvhsvc - ok
    00:35:44.0893 0x231c [ E34E65A0DA368BFCF1B7C073CD669978, E830E8F5507D798004AF5698E7FF01278259092BEBAAAFF2A21BCF52E73F3E39 ] DcomLaunch C:\windows\system32\rpcss.dll
    00:35:44.0944 0x231c DcomLaunch - ok
    00:35:45.0027 0x231c [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\windows\System32\defragsvc.dll
    00:35:45.0034 0x231c defragsvc - ok
    00:35:45.0137 0x231c [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\windows\system32\Drivers\dfsc.sys
    00:35:45.0140 0x231c DfsC - ok
    00:35:45.0221 0x231c [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\windows\system32\dhcpcore.dll
    00:35:45.0233 0x231c Dhcp - ok
    00:35:45.0289 0x231c [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\windows\system32\drivers\discache.sys
    00:35:45.0352 0x231c discache - ok
    00:35:45.0550 0x231c [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\windows\system32\DRIVERS\disk.sys
    00:35:45.0579 0x231c Disk - ok
    00:35:45.0667 0x231c [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\windows\System32\dnsrslvr.dll
    00:35:45.0673 0x231c Dnscache - ok
    00:35:45.0738 0x231c [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\windows\System32\dot3svc.dll
    00:35:45.0774 0x231c dot3svc - ok
    00:35:45.0937 0x231c [ B42ED0320C6E41102FDE0005154849BB, 4DB872E23AD049C3C9FDC0759FC58BFA60DA91B18BC82B611BFA300D26DDFC7A ] Dot4 C:\windows\system32\DRIVERS\Dot4.sys
    00:35:45.0945 0x231c Dot4 - ok
    00:35:46.0018 0x231c [ E9F5969233C5D89F3C35E3A66A52A361, C4BD35795C78FB11E6022372CB25DEB570730EFDAD3DC1584368235FF622638C ] Dot4Print C:\windows\system32\DRIVERS\Dot4Prt.sys
     
  14. rabmo

    rabmo Newcomer, in training Topic Starter Posts: 37

    00:35:46.0052 0x231c Dot4Print - ok
    00:35:46.0115 0x231c [ FD05A02B0370BC3000F402E543CA5814, 089B1113E640F495F470E8F57060B89546270481B309DC8ED3C3D13A849076A3 ] dot4usb C:\windows\system32\DRIVERS\dot4usb.sys
    00:35:46.0136 0x231c dot4usb - ok
    00:35:46.0260 0x231c [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\windows\system32\dps.dll
    00:35:46.0265 0x231c DPS - ok
    00:35:46.0363 0x231c [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
    00:35:46.0485 0x231c drmkaud - ok
    00:35:46.0570 0x231c [ F5BEE30450E18E6B83A5012C100616FD, 44D0577D159FC2BDF4EAD1DC2C7FD14925D075225EF97608CAC52DEE405B08FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
    00:35:46.0662 0x231c DXGKrnl - ok
    00:35:47.0048 0x231c [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\windows\System32\eapsvc.dll
    00:35:47.0052 0x231c EapHost - ok
    00:35:47.0528 0x231c [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
    00:35:47.0698 0x231c ebdrv - ok
    00:35:47.0763 0x231c [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] EFS C:\windows\System32\lsass.exe
    00:35:47.0773 0x231c EFS - ok
    00:35:47.0916 0x231c [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\windows\ehome\ehRecvr.exe
    00:35:47.0939 0x231c ehRecvr - ok
    00:35:48.0103 0x231c [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\windows\ehome\ehsched.exe
    00:35:48.0106 0x231c ehSched - ok
    00:35:48.0193 0x231c [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
    00:35:48.0215 0x231c elxstor - ok
    00:35:48.0278 0x231c [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\windows\system32\drivers\errdev.sys
    00:35:48.0280 0x231c ErrDev - ok
    00:35:48.0435 0x231c [ 5C3BF188F182C26974646A13B0CA4715, 5115BDA0CEEF830DDF14AC9B95E328218EFEA35AED337DD936A2D8F275ADBFAF ] Eve C:\windows\system32\DRIVERS\eve.sys
    00:35:48.0483 0x231c Eve - ok
    00:35:48.0654 0x231c [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\windows\system32\es.dll
    00:35:48.0668 0x231c EventSystem - ok
    00:35:48.0707 0x231c [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\windows\system32\drivers\exfat.sys
    00:35:48.0756 0x231c exfat - ok
    00:35:48.0867 0x231c [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\windows\system32\drivers\fastfat.sys
    00:35:48.0873 0x231c fastfat - ok
    00:35:48.0975 0x231c [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\windows\system32\fxssvc.exe
    00:35:49.0009 0x231c Fax - ok
    00:35:49.0061 0x231c [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\windows\system32\DRIVERS\fdc.sys
    00:35:49.0147 0x231c fdc - ok
    00:35:49.0201 0x231c [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\windows\system32\fdPHost.dll
    00:35:49.0203 0x231c fdPHost - ok
    00:35:49.0236 0x231c [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\windows\system32\fdrespub.dll
    00:35:49.0238 0x231c FDResPub - ok
    00:35:49.0305 0x231c [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\windows\system32\drivers\fileinfo.sys
    00:35:49.0313 0x231c FileInfo - ok
    00:35:49.0329 0x231c [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\windows\system32\drivers\filetrace.sys
    00:35:49.0331 0x231c Filetrace - ok
    00:35:49.0439 0x231c [ ABEDFD48AC042C6AAAD32452E77217A1, BC45A1C36BDBC20EF4E7D3CFB5368912382D964CB34D050ED255F56307F4C910 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    00:35:49.0472 0x231c FLEXnet Licensing Service - ok
    00:35:49.0502 0x231c [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
    00:35:49.0505 0x231c flpydisk - ok
    00:35:49.0583 0x231c [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
    00:35:49.0598 0x231c FltMgr - ok
    00:35:49.0729 0x231c [ 5C4CB4086FB83115B153E47ADD961A0C, 0C3AB7D04BEB3A8FDE00B0C86E6FE064B1CEBB3E4DE1A29CD27830806FA300B3 ] FontCache C:\windows\system32\FntCache.dll
    00:35:49.0763 0x231c FontCache - ok
    00:35:49.0872 0x231c [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    00:35:49.0874 0x231c FontCache3.0.0.0 - ok
    00:35:49.0903 0x231c [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\windows\system32\drivers\FsDepends.sys
    00:35:49.0905 0x231c FsDepends - ok
    00:35:49.0978 0x231c [ 07DA62C960DDCCC2D35836AEAB4FC578, C67A29E928AF59BF7FB573FAC2176C5598F595406AA90DDB4A364A15BC89A6C4 ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys
    00:35:49.0981 0x231c fssfltr - ok
    00:35:50.0126 0x231c [ 28DDEEEC44E988657B732CF404D504CB, 47F83018E5449CDCED3DD447991788EBAAC92C418D4513FBA9408C45E9AB8E7E ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
    00:35:50.0184 0x231c fsssvc - ok
    00:35:50.0257 0x231c [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
    00:35:50.0263 0x231c Fs_Rec - ok
    00:35:50.0338 0x231c [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
    00:35:50.0347 0x231c fvevol - ok
    00:35:50.0431 0x231c [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
    00:35:50.0494 0x231c gagp30kx - ok
    00:35:50.0538 0x231c [ E403AACF8C7BB11375122D2464560311, 0427B8FFD999D256EA1A5135F218692959A7577CB32354D3087CF0FB4F0577DF ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
    00:35:50.0548 0x231c GEARAspiWDM - ok
    00:35:50.0851 0x231c [ 8DA602BE47C9DDCC725F57A6F89AF483, F7900DFE95F85B9936287EED9F7D6501A93A61C98B5F284F7215DC2DD83A9D7F ] Google MediaServer C:\Program Files (x86)\Google\Google Media Server\GoogleMediaServer.exe
    00:35:50.0869 0x231c Google MediaServer - ok
    00:35:51.0116 0x231c [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F, 6D2B301E77839FFF1C74425B37D02C3F3837CE50E856C21AE4CF7ABABB04ADDC ] GoogleDesktopManager-051210-111108 C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
    00:35:51.0142 0x231c GoogleDesktopManager-051210-111108 - ok
    00:35:51.0327 0x231c [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\windows\System32\gpsvc.dll
    00:35:51.0348 0x231c gpsvc - ok
    00:35:51.0437 0x231c [ 2ED7FF3E1ADA4092632393781518B3A7, FDB82CF74BE31806A6BFFC9724E54A74F822DFB4E137EEA38209418BDBCDAAB6 ] grmnusb C:\windows\system32\drivers\grmnusb.sys
    00:35:51.0439 0x231c grmnusb - ok
    00:35:51.0488 0x231c [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    00:35:51.0493 0x231c gupdate - ok
    00:35:51.0570 0x231c [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    00:35:51.0574 0x231c gupdatem - ok
    00:35:51.0623 0x231c [ CC839E8D766CC31A7710C9F38CF3E375, 327D57F18B4A2D1CB06C5682D3364097ECD3CF40C2719AA1F41D0B49A26003E4 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    00:35:51.0631 0x231c gusvc - ok
    00:35:51.0696 0x231c [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
    00:35:51.0728 0x231c hcw85cir - ok
    00:35:51.0808 0x231c [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
    00:35:51.0828 0x231c HdAudAddService - ok
    00:35:51.0863 0x231c [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
    00:35:51.0867 0x231c HDAudBus - ok
    00:35:51.0930 0x231c [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
    00:35:51.0933 0x231c HidBatt - ok
    00:35:51.0941 0x231c [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
    00:35:51.0945 0x231c HidBth - ok
    00:35:51.0952 0x231c [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\windows\system32\DRIVERS\hidir.sys
    00:35:51.0956 0x231c HidIr - ok
    00:35:52.0006 0x231c [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\windows\system32\hidserv.dll
    00:35:52.0008 0x231c hidserv - ok
    00:35:52.0087 0x231c [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
    00:35:52.0104 0x231c HidUsb - ok
    00:35:52.0168 0x231c [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\windows\system32\kmsvc.dll
    00:35:52.0172 0x231c hkmsvc - ok
    00:35:52.0247 0x231c [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
    00:35:52.0255 0x231c HomeGroupListener - ok
    00:35:52.0338 0x231c [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
    00:35:52.0345 0x231c HomeGroupProvider - ok
    00:35:52.0501 0x231c [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
    00:35:52.0504 0x231c HpSAMD - ok
    00:35:52.0783 0x231c [ F37882F128EFACEFE353E0BAE2766909, 2F9D21613500F092DFC0DB879180B549EE615D9B07408A5CC1A7F84663B2F47A ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
    00:35:52.0811 0x231c HPSLPSVC - ok
    00:35:52.0919 0x231c [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\windows\system32\drivers\HTTP.sys
    00:35:52.0942 0x231c HTTP - ok
    00:35:52.0993 0x231c [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
    00:35:52.0995 0x231c hwpolicy - ok
    00:35:53.0086 0x231c [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\windows\system32\drivers\i8042prt.sys
    00:35:53.0146 0x231c i8042prt - ok
    00:35:53.0284 0x231c [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
    00:35:53.0297 0x231c iaStorV - ok
    00:35:53.0381 0x231c [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    00:35:53.0385 0x231c IDriverT - ok
    00:35:53.0517 0x231c [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    00:35:53.0543 0x231c idsvc - ok
    00:35:53.0827 0x231c [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
    00:35:53.0845 0x231c iirsp - ok
    00:35:53.0970 0x231c [ F82BC30BB2B608AF8B5540CDBAEA93A6, 2C0F472D8458FA9FF754460FA490F3A40374172D108474A29207B851626AE671 ] IJPLMSVC C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
    00:35:53.0974 0x231c IJPLMSVC - ok
    00:35:54.0054 0x231c [ FCD84C381E0140AF901E58D48882D26B, 76955FFC230C801E8ED890E32076075F04CD6E5EC79E594FDE6D23797A36B406 ] IKEEXT C:\windows\System32\ikeext.dll
    00:35:54.0080 0x231c IKEEXT - ok
    00:35:54.0175 0x231c [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\windows\system32\drivers\intelide.sys
    00:35:54.0177 0x231c intelide - ok
    00:35:54.0220 0x231c [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
    00:35:54.0223 0x231c intelppm - ok
    00:35:54.0253 0x231c [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\windows\system32\ipbusenum.dll
    00:35:54.0258 0x231c IPBusEnum - ok
    00:35:54.0351 0x231c [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
    00:35:54.0356 0x231c IpFilterDriver - ok
    00:35:54.0429 0x231c [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\windows\System32\iphlpsvc.dll
    00:35:54.0445 0x231c iphlpsvc - ok
    00:35:54.0495 0x231c [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
    00:35:54.0500 0x231c IPMIDRV - ok
    00:35:54.0527 0x231c [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\windows\system32\drivers\ipnat.sys
    00:35:54.0562 0x231c IPNAT - ok
    00:35:54.0734 0x231c [ 50D6CCC6FF5561F9F56946B3E6164FB8, 27529E751D3CB13B651B54474F04A17DF5737AD0170CD41F601E779F90603D11 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    00:35:54.0756 0x231c iPod Service - ok
    00:35:54.0809 0x231c [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\windows\system32\drivers\irenum.sys
    00:35:54.0811 0x231c IRENUM - ok
    00:35:54.0959 0x231c is3srv - ok
    00:35:55.0019 0x231c [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\windows\system32\drivers\isapnp.sys
    00:35:55.0023 0x231c isapnp - ok
    00:35:55.0056 0x231c [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
    00:35:55.0088 0x231c iScsiPrt - ok
    00:35:55.0143 0x231c [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
    00:35:55.0170 0x231c kbdclass - ok
    00:35:55.0211 0x231c [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
    00:35:55.0216 0x231c kbdhid - ok
    00:35:55.0250 0x231c [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] KeyIso C:\windows\system32\lsass.exe
    00:35:55.0252 0x231c KeyIso - ok
    00:35:55.0315 0x231c [ 97A7070AEA4C058B6418519E869A63B4, 15345C2D6CA159BD498002974A0BD21CAB611124D85E3320248B47652AEF23C8 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
    00:35:55.0335 0x231c KSecDD - ok
    00:35:55.0453 0x231c [ 26C43A7C2862447EC59DEDA188D1DA07, 5363BF87E650FE2010ACA9417D6920FF4ED752256FF47732882E9B2BA1ED154B ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
    00:35:55.0460 0x231c KSecPkg - ok
    00:35:55.0491 0x231c [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\windows\system32\drivers\ksthunk.sys
    00:35:55.0497 0x231c ksthunk - ok
    00:35:55.0595 0x231c [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\windows\system32\msdtckrm.dll
    00:35:55.0606 0x231c KtmRm - ok
    00:35:55.0707 0x231c [ 55480B9C63F3F91A8EBBADCBF28FE581, 5B4BC3F0307B0697DD08DD8AAD4B9EAE99EDD3B33B85D9293D183684D5057293 ] L1C C:\windows\system32\DRIVERS\L1C62x64.sys
    00:35:55.0738 0x231c L1C - ok
    00:35:55.0812 0x231c [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\windows\system32\srvsvc.dll
    00:35:55.0820 0x231c LanmanServer - ok
    00:35:55.0898 0x231c [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
    00:35:55.0903 0x231c LanmanWorkstation - ok
    00:35:56.0020 0x231c [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
    00:35:56.0028 0x231c lltdio - ok
    00:35:56.0073 0x231c [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\windows\System32\lltdsvc.dll
    00:35:56.0094 0x231c lltdsvc - ok
    00:35:56.0141 0x231c [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\windows\System32\lmhsvc.dll
    00:35:56.0173 0x231c lmhosts - ok
    00:35:56.0233 0x231c [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
    00:35:56.0240 0x231c LSI_FC - ok
    00:35:56.0263 0x231c [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
    00:35:56.0269 0x231c LSI_SAS - ok
    00:35:56.0279 0x231c [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
    00:35:56.0282 0x231c LSI_SAS2 - ok
    00:35:56.0292 0x231c [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
    00:35:56.0308 0x231c LSI_SCSI - ok
    00:35:56.0343 0x231c [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\windows\system32\drivers\luafv.sys
    00:35:56.0371 0x231c luafv - ok
    00:35:56.0451 0x231c [ 0BB97D43299910CBFBA59C461B99B910, 27C22D9D9EE8A410D7396960DA93E9E260D4DCDD38DCE06E85E45C5E24C067DE ] MBAMProtector C:\windows\system32\drivers\mbam.sys
    00:35:56.0453 0x231c MBAMProtector - ok
    00:35:56.0621 0x231c [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    00:35:56.0632 0x231c MBAMScheduler - ok
    00:35:56.0691 0x231c [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    00:35:56.0721 0x231c MBAMService - ok
    00:35:56.0931 0x231c [ 22A7776C5D8EB5930EDF9C8DD0884259, 12D8D205D7D255BD799397CB8E0C88B9DE955E70B1A000171ECF6F8C2EC3DAA0 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
    00:35:56.0953 0x231c McComponentHostService - ok
    00:35:57.0035 0x231c [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
    00:35:57.0061 0x231c Mcx2Svc - ok
    00:35:57.0108 0x231c [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\windows\system32\DRIVERS\megasas.sys
    00:35:57.0111 0x231c megasas - ok
    00:35:57.0124 0x231c [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
    00:35:57.0134 0x231c MegaSR - ok
    00:35:57.0368 0x231c [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
    00:35:57.0377 0x231c Microsoft Office Groove Audit Service - ok
    00:35:57.0459 0x231c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\windows\system32\mmcss.dll
    00:35:57.0462 0x231c MMCSS - ok
    00:35:57.0494 0x231c [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\windows\system32\drivers\modem.sys
    00:35:57.0496 0x231c Modem - ok
    00:35:57.0520 0x231c [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\windows\system32\DRIVERS\monitor.sys
    00:35:57.0521 0x231c monitor - ok
    00:35:57.0603 0x231c [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
  15. rabmo

    rabmo Newcomer, in training Topic Starter Posts: 37

    00:35:57.0627 0x231c mouclass - ok
    00:35:57.0693 0x231c [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
    00:35:57.0724 0x231c mouhid - ok
    00:35:57.0779 0x231c [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\windows\system32\drivers\mountmgr.sys
    00:35:57.0784 0x231c mountmgr - ok
    00:35:57.0967 0x231c [ 3B9398E0146855B1DC0E3D9769C80F01, DF69DB5CA30A5577648635C27DD468AF98515D07DF379B3FFDCC6B40744EDE66 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    00:35:57.0975 0x231c MozillaMaintenance - ok
    00:35:58.0030 0x231c [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\windows\system32\drivers\mpio.sys
    00:35:58.0051 0x231c mpio - ok
    00:35:58.0177 0x231c [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
    00:35:58.0184 0x231c mpsdrv - ok
    00:35:58.0334 0x231c [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\windows\system32\mpssvc.dll
    00:35:58.0357 0x231c MpsSvc - ok
    00:35:58.0437 0x231c [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
    00:35:58.0442 0x231c MRxDAV - ok
    00:35:58.0628 0x231c [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
    00:35:58.0659 0x231c mrxsmb - ok
    00:35:58.0743 0x231c [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
    00:35:59.0037 0x231c mrxsmb10 - ok
    00:35:59.0111 0x231c [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
    00:35:59.0199 0x231c mrxsmb20 - ok
    00:35:59.0334 0x231c [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\windows\system32\drivers\msahci.sys
    00:35:59.0416 0x231c msahci - ok
    00:35:59.0443 0x231c [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\windows\system32\drivers\msdsm.sys
    00:35:59.0503 0x231c msdsm - ok
    00:35:59.0526 0x231c [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\windows\System32\msdtc.exe
    00:35:59.0546 0x231c MSDTC - ok
    00:35:59.0578 0x231c [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\windows\system32\drivers\Msfs.sys
    00:35:59.0609 0x231c Msfs - ok
    00:35:59.0649 0x231c [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
    00:35:59.0667 0x231c mshidkmdf - ok
    00:35:59.0680 0x231c [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\windows\system32\drivers\msisadrv.sys
    00:35:59.0694 0x231c msisadrv - ok
    00:35:59.0761 0x231c [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\windows\system32\iscsiexe.dll
    00:35:59.0809 0x231c MSiSCSI - ok
    00:35:59.0823 0x231c msiserver - ok
    00:35:59.0897 0x231c [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
    00:35:59.0905 0x231c MSKSSRV - ok
    00:35:59.0927 0x231c [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
    00:35:59.0963 0x231c MSPCLOCK - ok
    00:35:59.0993 0x231c [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\windows\system32\drivers\MSPQM.sys
    00:35:59.0994 0x231c MSPQM - ok
    00:36:00.0070 0x231c [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
    00:36:00.0172 0x231c MsRPC - ok
    00:36:00.0242 0x231c [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
    00:36:00.0243 0x231c mssmbios - ok
    00:36:00.0323 0x231c [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\windows\system32\drivers\MSTEE.sys
    00:36:00.0377 0x231c MSTEE - ok
    00:36:00.0389 0x231c [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
    00:36:00.0407 0x231c MTConfig - ok
    00:36:00.0478 0x231c [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\windows\system32\Drivers\mup.sys
    00:36:00.0488 0x231c Mup - ok
    00:36:00.0561 0x231c [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\windows\system32\qagentRT.dll
    00:36:00.0604 0x231c napagent - ok
    00:36:00.0684 0x231c [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
    00:36:00.0695 0x231c NativeWifiP - ok
    00:36:00.0802 0x231c [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\windows\system32\drivers\ndis.sys
    00:36:00.0863 0x231c NDIS - ok
    00:36:00.0959 0x231c [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
    00:36:00.0968 0x231c NdisCap - ok
    00:36:01.0024 0x231c [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
    00:36:01.0052 0x231c NdisTapi - ok
    00:36:01.0128 0x231c [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
    00:36:01.0191 0x231c Ndisuio - ok
    00:36:01.0251 0x231c [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
    00:36:01.0348 0x231c NdisWan - ok
    00:36:01.0422 0x231c [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
    00:36:01.0429 0x231c NDProxy - ok
    00:36:01.0616 0x231c [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
    00:36:01.0619 0x231c Net Driver HPZ12 - ok
    00:36:01.0679 0x231c [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
    00:36:01.0715 0x231c NetBIOS - ok
    00:36:01.0770 0x231c [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
    00:36:01.0787 0x231c NetBT - ok
    00:36:01.0806 0x231c [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] Netlogon C:\windows\system32\lsass.exe
    00:36:01.0941 0x231c Netlogon - ok
    00:36:01.0977 0x231c [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\windows\System32\netman.dll
    00:36:01.0988 0x231c Netman - ok
    00:36:02.0238 0x231c [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    00:36:02.0303 0x231c NetMsmqActivator - ok
    00:36:02.0340 0x231c [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    00:36:02.0345 0x231c NetPipeActivator - ok
    00:36:02.0455 0x231c [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\windows\System32\netprofm.dll
    00:36:02.0469 0x231c netprofm - ok
    00:36:02.0546 0x231c [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    00:36:02.0549 0x231c NetTcpActivator - ok
    00:36:02.0577 0x231c [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    00:36:02.0580 0x231c NetTcpPortSharing - ok
    00:36:02.0645 0x231c [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
    00:36:02.0663 0x231c nfrd960 - ok
    00:36:02.0744 0x231c [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\windows\System32\nlasvc.dll
    00:36:02.0753 0x231c NlaSvc - ok
    00:36:02.0915 0x231c [ 351533ACC2A069B94E80BBFC177E8FDF, 54B2749E0496ECC94CE65657627762B485CBC825767BAEDDAD0D2598820FFB9E ] npf C:\windows\system32\drivers\npf.sys
    00:36:02.0918 0x231c npf - ok
    00:36:02.0931 0x231c [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\windows\system32\drivers\Npfs.sys
    00:36:02.0958 0x231c Npfs - ok
    00:36:03.0002 0x231c [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\windows\system32\nsisvc.dll
    00:36:03.0005 0x231c nsi - ok
    00:36:03.0075 0x231c [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
    00:36:03.0107 0x231c nsiproxy - ok
    00:36:03.0231 0x231c [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\windows\system32\drivers\Ntfs.sys
    00:36:03.0279 0x231c Ntfs - ok
    00:36:03.0343 0x231c [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\windows\system32\drivers\Null.sys
    00:36:03.0344 0x231c Null - ok
    00:36:03.0424 0x231c [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\windows\system32\drivers\nvraid.sys
    00:36:03.0430 0x231c nvraid - ok
    00:36:03.0481 0x231c [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\windows\system32\drivers\nvstor.sys
    00:36:03.0556 0x231c nvstor - ok
    00:36:03.0599 0x231c [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\windows\system32\drivers\nv_agp.sys
    00:36:03.0667 0x231c nv_agp - ok
    00:36:03.0861 0x231c [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    00:36:03.0924 0x231c odserv - ok
    00:36:03.0972 0x231c [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
    00:36:03.0983 0x231c ohci1394 - ok
    00:36:04.0097 0x231c [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    00:36:04.0102 0x231c ose - ok
    00:36:04.0350 0x231c [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    00:36:04.0785 0x231c osppsvc - ok
    00:36:04.0903 0x231c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\windows\system32\pnrpsvc.dll
    00:36:04.0915 0x231c p2pimsvc - ok
    00:36:05.0032 0x231c [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\windows\system32\p2psvc.dll
    00:36:05.0047 0x231c p2psvc - ok
    00:36:05.0105 0x231c [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\windows\system32\DRIVERS\parport.sys
    00:36:05.0114 0x231c Parport - ok
    00:36:05.0191 0x231c [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\windows\system32\drivers\partmgr.sys
    00:36:05.0215 0x231c partmgr - ok
    00:36:05.0301 0x231c [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\windows\System32\pcasvc.dll
    00:36:05.0308 0x231c PcaSvc - ok
    00:36:05.0389 0x231c [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\windows\system32\drivers\pci.sys
    00:36:05.0411 0x231c pci - ok
    00:36:05.0452 0x231c [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\windows\system32\drivers\pciide.sys
    00:36:05.0468 0x231c pciide - ok
    00:36:05.0531 0x231c [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
    00:36:05.0539 0x231c pcmcia - ok
    00:36:05.0587 0x231c [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\windows\system32\drivers\pcw.sys
    00:36:05.0596 0x231c pcw - ok
    00:36:05.0657 0x231c [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\windows\system32\drivers\peauth.sys
    00:36:05.0679 0x231c PEAUTH - ok
    00:36:05.0942 0x231c [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\windows\SysWow64\perfhost.exe
    00:36:05.0944 0x231c PerfHost - ok
    00:36:06.0098 0x231c [ 663962900E7FEA522126BA287715BB4A, 95CE12CA11E705C293BE4E18845581037D819A7EC812349BCAF4EABC8E7087B1 ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
    00:36:06.0133 0x231c PGEffect - ok
    00:36:06.0244 0x231c [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\windows\system32\pla.dll
    00:36:06.0402 0x231c pla - ok
    00:36:06.0671 0x231c [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\windows\system32\umpnpmgr.dll
    00:36:06.0684 0x231c PlugPlay - ok
    00:36:06.0794 0x231c [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
    00:36:06.0802 0x231c Pml Driver HPZ12 - ok
    00:36:06.0834 0x231c [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
    00:36:06.0852 0x231c PNRPAutoReg - ok
    00:36:06.0886 0x231c [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\windows\system32\pnrpsvc.dll
    00:36:06.0895 0x231c PNRPsvc - ok
    00:36:06.0977 0x231c [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
    00:36:06.0991 0x231c PolicyAgent - ok
    00:36:07.0067 0x231c [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\windows\system32\umpo.dll
    00:36:07.0072 0x231c Power - ok
    00:36:07.0159 0x231c [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
    00:36:07.0165 0x231c PptpMiniport - ok
    00:36:07.0215 0x231c [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\windows\system32\DRIVERS\processr.sys
    00:36:07.0223 0x231c Processor - ok
    00:36:07.0315 0x231c [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\windows\system32\profsvc.dll
    00:36:07.0323 0x231c ProfSvc - ok
    00:36:07.0373 0x231c [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] ProtectedStorage C:\windows\system32\lsass.exe
    00:36:07.0375 0x231c ProtectedStorage - ok
    00:36:07.0470 0x231c [ F115AF58ABE5605D7D709CBFBD83F418, 4855FCD6E455D6E374CE92E5B37D61E7E6D8A861BA76521E7CC2542621853471 ] ProtexisLicensing C:\windows\SysWOW64\PSIService.exe
    00:36:07.0476 0x231c ProtexisLicensing - ok
    00:36:07.0581 0x231c [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\windows\system32\DRIVERS\pacer.sys
    00:36:07.0585 0x231c Psched - ok
    00:36:07.0679 0x231c [ 225D3660F926FE761BC8CE10C512AA02, EAA2241E858CD0FF7A1F159FB03D0DF87735EAD1F245F0A569FB6A0330D1B007 ] PTSimBus C:\windows\system32\DRIVERS\PTSimBus.sys
    00:36:07.0680 0x231c PTSimBus - ok
    00:36:07.0755 0x231c [ BD2194786ABAF4860F41118C0C103E7B, 204C17CF91ADD84635907EC5B77FE02F25A098F0B2174D006610859F930E909E ] PTSimHid C:\windows\system32\DRIVERS\PTSimHid.sys
    00:36:07.0779 0x231c PTSimHid - ok
    00:36:07.0926 0x231c [ 87B04878A6D59D6C79251DC960C674C1, 3EB8DB0624E646F0A65D0381408D35CF9FDC5ABFC30DF6431F4070A8EB68447C ] PxHlpa64 C:\windows\system32\Drivers\PxHlpa64.sys
    00:36:07.0963 0x231c PxHlpa64 - ok
    00:36:08.0083 0x231c [ C8FCB4899F8B70CC34E0D9876A80963C, E4CFC69C3EE1BC5C0FFF96CE034EAD8DD9727DA165A790CB57979AA0A6CEE350 ] QIOMem C:\windows\system32\DRIVERS\QIOMem.sys
    00:36:08.0095 0x231c QIOMem - ok
    00:36:08.0196 0x231c [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
    00:36:08.0238 0x231c ql2300 - ok
    00:36:08.0280 0x231c [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
    00:36:08.0303 0x231c ql40xx - ok
    00:36:08.0346 0x231c [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\windows\system32\qwave.dll
    00:36:08.0399 0x231c QWAVE - ok
    00:36:08.0421 0x231c [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
    00:36:08.0428 0x231c QWAVEdrv - ok
    00:36:08.0474 0x231c [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
    00:36:08.0478 0x231c RasAcd - ok
    00:36:08.0534 0x231c [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
    00:36:08.0547 0x231c RasAgileVpn - ok
    00:36:08.0770 0x231c [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\windows\System32\rasauto.dll
    00:36:08.0779 0x231c RasAuto - ok
    00:36:08.0857 0x231c [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
    00:36:08.0868 0x231c Rasl2tp - ok
    00:36:08.0939 0x231c [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\windows\System32\rasmans.dll
    00:36:08.0951 0x231c RasMan - ok
    00:36:09.0019 0x231c [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
    00:36:09.0059 0x231c RasPppoe - ok
    00:36:09.0102 0x231c [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
    00:36:09.0106 0x231c RasSstp - ok
    00:36:09.0171 0x231c [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
    00:36:09.0183 0x231c rdbss - ok
    00:36:09.0217 0x231c [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
    00:36:09.0225 0x231c rdpbus - ok
    00:36:09.0268 0x231c [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
    00:36:09.0284 0x231c RDPCDD - ok
    00:36:09.0374 0x231c [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
    00:36:09.0478 0x231c RDPENCDD - ok
    00:36:09.0523 0x231c [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
    00:36:09.0544 0x231c RDPREFMP - ok
    00:36:09.0751 0x231c [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
    00:36:09.0775 0x231c RDPWD - ok
    00:36:09.0950 0x231c [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\windows\system32\drivers\rdyboost.sys
    00:36:10.0045 0x231c rdyboost - ok
    00:36:10.0318 0x231c [ B2D01290C0E0465ACA54C2088E947823, 6FB6E6CFAF3F2F948B753A0CFF6F9058BF3ED0E421204EE58848F0DFD694A747 ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    00:36:10.0320 0x231c RealNetworks Downloader Resolver Service - ok
    00:36:10.0347 0x231c [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\windows\System32\mprdim.dll
    00:36:10.0352 0x231c RemoteAccess - ok
    00:36:10.0382 0x231c [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\windows\system32\regsvc.dll
    00:36:10.0399 0x231c RemoteRegistry - ok
    00:36:10.0492 0x231c [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
    00:36:10.0496 0x231c RpcEptMapper - ok
    00:36:10.0511 0x231c [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\windows\system32\locator.exe
    00:36:10.0513 0x231c RpcLocator - ok
    00:36:10.0583 0x231c [ E34E65A0DA368BFCF1B7C073CD669978, E830E8F5507D798004AF5698E7FF01278259092BEBAAAFF2A21BCF52E73F3E39 ] RpcSs C:\windows\system32\rpcss.dll
    00:36:10.0707 0x231c RpcSs - ok
    00:36:10.0786 0x231c [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
    00:36:10.0794 0x231c rspndr - ok
    00:36:10.0855 0x231c [ 3CEEE53BBF8BA284FF44585CEC0162FE, 5725A47BE8B7A9116983895FCB82CB2808B7B9C57BC285F3DFD7352E72DBC1FE ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
    00:36:10.0875 0x231c RSUSBSTOR - ok
    00:36:10.0955 0x231c [ B89C0601A05E1140AC96FA965D94C340, 3EE4CA9F0E90934D6D31358CA6F78A0820A9419C0CDC950631A48F12B7CA53DA ] rtl8192Ce C:\windows\system32\DRIVERS\rtl8192Ce.sys
    00:36:11.0027 0x231c rtl8192Ce - ok
    00:36:11.0062 0x231c [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] SamSs C:\windows\system32\lsass.exe
    00:36:11.0064 0x231c SamSs - ok
    00:36:11.0136 0x231c [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\windows\system32\drivers\sbp2port.sys
    00:36:11.0151 0x231c sbp2port - ok
    00:36:11.0266 0x231c [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\windows\System32\SCardSvr.dll
    00:36:11.0336 0x231c SCardSvr - ok
    00:36:11.0405 0x231c [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
    00:36:11.0425 0x231c scfilter - ok
    00:36:11.0885 0x231c [ 262F6592C3299C005FD6BEC90FC4463A,
  16. rabmo

    rabmo Newcomer, in training Topic Starter Posts: 37

    54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\windows\system32\schedsvc.dll
    00:36:11.0923 0x231c Schedule - ok
    00:36:11.0982 0x231c [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\windows\System32\certprop.dll
    00:36:11.0985 0x231c SCPolicySvc - ok
    00:36:12.0049 0x231c [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\windows\System32\SDRSVC.dll
    00:36:12.0055 0x231c SDRSVC - ok
    00:36:12.0139 0x231c [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\windows\system32\drivers\secdrv.sys
    00:36:12.0141 0x231c secdrv - ok
    00:36:12.0193 0x231c [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\windows\system32\seclogon.dll
    00:36:12.0196 0x231c seclogon - ok
    00:36:12.0258 0x231c [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\windows\System32\sens.dll
    00:36:12.0262 0x231c SENS - ok
    00:36:12.0329 0x231c [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\windows\system32\sensrsvc.dll
    00:36:12.0332 0x231c SensrSvc - ok
    00:36:12.0380 0x231c [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\windows\system32\DRIVERS\serenum.sys
    00:36:12.0382 0x231c Serenum - ok
    00:36:12.0392 0x231c [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\windows\system32\DRIVERS\serial.sys
    00:36:12.0399 0x231c Serial - ok
    00:36:12.0465 0x231c [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
    00:36:12.0494 0x231c sermouse - ok
    00:36:12.0613 0x231c [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\windows\system32\sessenv.dll
    00:36:12.0661 0x231c SessionEnv - ok
    00:36:12.0730 0x231c [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\windows\system32\drivers\sffdisk.sys
    00:36:12.0732 0x231c sffdisk - ok
    00:36:12.0789 0x231c [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
    00:36:12.0793 0x231c sffp_mmc - ok
    00:36:13.0179 0x231c [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
    00:36:13.0210 0x231c sffp_sd - ok
    00:36:13.0261 0x231c [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
    00:36:13.0270 0x231c sfloppy - ok
    00:36:13.0356 0x231c [ C6CC9297BD53E5229653303E556AA539, 921E21EDED244FEE15B56564B97C97785F45AB862C1012BFA0B96B121DC90076 ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
    00:36:13.0378 0x231c Sftfs - ok
    00:36:13.0534 0x231c [ 13693B6354DD6E72DC5131DA7D764B90, 447EFDA7CFB1F62EA316219D996406C8DC374097DB903F362D6E945227D8BB2D ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    00:36:13.0567 0x231c sftlist - ok
    00:36:13.0637 0x231c [ 390AA7BC52CEE43F6790CDEA1E776703, 0D008289E4B14EF56D5233B7C8C789A36503FBAA8896660776557D6F08808FA7 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
    00:36:13.0663 0x231c Sftplay - ok
    00:36:13.0739 0x231c [ 617E29A0B0A2807466560D4C4E338D3E, 5E95D38DB9A6776EB4A15A952FA7949831D6F660EED8C3E79BD09D102BAC5D67 ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
    00:36:13.0741 0x231c Sftredir - ok
    00:36:13.0791 0x231c [ 8F571F016FA1976F445147E9E6C8AE9B, 527AB960F2E08F598D1B953BDA4EA749831DD3C765DA278044B8AB22365F02B5 ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
    00:36:13.0793 0x231c Sftvol - ok
    00:36:13.0825 0x231c [ C3CDDD18F43D44AB713CF8C4916F7696, 38093295825AFDD08D7E32CC4EF2A6C447F6D6E3C6F7EA5554C25E7C3F16FC92 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    00:36:13.0831 0x231c sftvsa - ok
    00:36:13.0921 0x231c [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\windows\System32\ipnathlp.dll
    00:36:13.0932 0x231c SharedAccess - ok
    00:36:13.0999 0x231c [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll
    00:36:14.0011 0x231c ShellHWDetection - ok
    00:36:14.0064 0x231c [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
    00:36:14.0066 0x231c SiSRaid2 - ok
    00:36:14.0095 0x231c [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
    00:36:14.0098 0x231c SiSRaid4 - ok
    00:36:14.0224 0x231c [ F07AF60B152221472FBDB2FECEC4896D, A18FDCE8462A48429E249C44F0E49F844F2E3A4B5215349DE104F34D935EF983 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    00:36:14.0235 0x231c SkypeUpdate - ok
    00:36:14.0257 0x231c [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\windows\system32\DRIVERS\smb.sys
    00:36:14.0262 0x231c Smb - ok
    00:36:14.0310 0x231c [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\windows\System32\snmptrap.exe
    00:36:14.0313 0x231c SNMPTRAP - ok
    00:36:14.0330 0x231c [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\windows\system32\drivers\spldr.sys
    00:36:14.0333 0x231c spldr - ok
    00:36:14.0453 0x231c [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\windows\System32\spoolsv.exe
    00:36:14.0471 0x231c Spooler - ok
    00:36:14.0651 0x231c [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\windows\system32\sppsvc.exe
    00:36:14.0805 0x231c sppsvc - ok
    00:36:14.0905 0x231c [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\windows\system32\sppuinotify.dll
    00:36:14.0909 0x231c sppuinotify - ok
    00:36:14.0976 0x231c [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\windows\system32\DRIVERS\srv.sys
    00:36:14.0991 0x231c srv - ok
    00:36:15.0062 0x231c [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
    00:36:15.0073 0x231c srv2 - ok
    00:36:15.0146 0x231c [ 0C4540311E11664B245A263E1154CEF8, 63376322BFFAFF2F166AF3FDD3F1A346C21FAE21F406F659F8630779D1D6525D ] SrvHsfHDA C:\windows\system32\DRIVERS\VSTAZL6.SYS
    00:36:15.0159 0x231c SrvHsfHDA - ok
    00:36:15.0273 0x231c [ 02071D207A9858FBE3A48CBFD59C4A04, FEA4DEBAEC3465E0C7C1E8B721805922F6BBCB96A60A193B11688F4252F4B89E ] SrvHsfV92 C:\windows\system32\DRIVERS\VSTDPV6.SYS
    00:36:15.0316 0x231c SrvHsfV92 - ok
    00:36:15.0412 0x231c [ 18E40C245DBFAF36FD0134A7EF2DF396, 0138A68958112101A5D3BD94114F320CE80B0C9A93E009AC78DE7415FCCC7DE7 ] SrvHsfWinac C:\windows\system32\DRIVERS\VSTCNXT6.SYS
    00:36:15.0440 0x231c SrvHsfWinac - ok
    00:36:15.0468 0x231c [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
    00:36:15.0476 0x231c srvnet - ok
    00:36:15.0500 0x231c [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
    00:36:15.0508 0x231c SSDPSRV - ok
    00:36:15.0526 0x231c [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\windows\system32\sstpsvc.dll
    00:36:15.0550 0x231c SstpSvc - ok
    00:36:15.0579 0x231c [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
    00:36:15.0590 0x231c stexstor - ok
    00:36:15.0762 0x231c [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\windows\System32\wiaservc.dll
    00:36:15.0781 0x231c stisvc - ok
    00:36:15.0833 0x231c [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\windows\system32\drivers\swenum.sys
    00:36:15.0846 0x231c swenum - ok
    00:36:16.0063 0x231c [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    00:36:16.0078 0x231c SwitchBoard - ok
    00:36:16.0136 0x231c [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\windows\System32\swprv.dll
    00:36:16.0166 0x231c swprv - ok
    00:36:16.0261 0x231c [ 470C47DABA9CA3966F0AB3F835D7D135, BF98E48B05F37F8ABE264BF77355391A08955057E24AE456A5637D56BDFD40A5 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
    00:36:16.0306 0x231c SynTP - ok
    00:36:16.0434 0x231c [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\windows\system32\sysmain.dll
    00:36:16.0480 0x231c SysMain - ok
    00:36:16.0506 0x231c szkg5 - ok
    00:36:16.0543 0x231c Tablet2k - ok
    00:36:16.0601 0x231c [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll
    00:36:16.0631 0x231c TabletInputService - ok
    00:36:16.0684 0x231c [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\windows\System32\tapisrv.dll
    00:36:16.0727 0x231c TapiSrv - ok
    00:36:16.0799 0x231c [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\windows\System32\tbssvc.dll
    00:36:16.0803 0x231c TBS - ok
    00:36:16.0919 0x231c [ 530A7F0966493DD437E4342F12CCD63B, 080B107F11CB9CFB315872846106224FA4190A6742B5B68C0E188A0229729EF3 ] TClass2k C:\windows\system32\DRIVERS\TClass2k.sys
    00:36:16.0942 0x231c TClass2k - ok
    00:36:17.0107 0x231c [ B62A953F2BF3922C8764A29C34A22899, 4A117FF9D1BD58C6A1787DDA7402BAE30E4BA7A70FE3A144F41DD647AA7A3901 ] Tcpip C:\windows\system32\drivers\tcpip.sys
    00:36:17.0181 0x231c Tcpip - ok
    00:36:17.0367 0x231c [ B62A953F2BF3922C8764A29C34A22899, 4A117FF9D1BD58C6A1787DDA7402BAE30E4BA7A70FE3A144F41DD647AA7A3901 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
    00:36:17.0416 0x231c TCPIP6 - ok
    00:36:17.0503 0x231c [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
    00:36:17.0506 0x231c tcpipreg - ok
    00:36:17.0585 0x231c [ FD542B661BD22FA69CA789AD0AC58C29, 75FFAF1834B1E22DF37608ED451F161052FF1FE3C681B4E20A68DCA92CC7FD8C ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
    00:36:17.0603 0x231c tdcmdpst - ok
    00:36:17.0637 0x231c [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
    00:36:17.0643 0x231c TDPIPE - ok
    00:36:17.0703 0x231c [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
    00:36:17.0716 0x231c TDTCP - ok
    00:36:17.0801 0x231c [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\windows\system32\DRIVERS\tdx.sys
    00:36:17.0823 0x231c tdx - ok
    00:36:17.0922 0x231c [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\windows\system32\drivers\termdd.sys
    00:36:17.0926 0x231c TermDD - ok
    00:36:18.0008 0x231c [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\windows\System32\termsrv.dll
    00:36:18.0041 0x231c TermService - ok
    00:36:18.0092 0x231c [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\windows\system32\themeservice.dll
    00:36:18.0095 0x231c Themes - ok
    00:36:18.0149 0x231c [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\windows\system32\mmcss.dll
    00:36:18.0152 0x231c THREADORDER - ok
    00:36:18.0245 0x231c [ F120967184A27E927052E8DDBB727851, B54A1D2B4D52C0DF19AC81617A26CA164C5779C568DB86A6FD97D0A14D5FEEB4 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    00:36:18.0247 0x231c TMachInfo - ok
    00:36:18.0297 0x231c [ ED32035BDFECED1AD66D459FD9CC1140, B82A15FAB4CBB5A633B9BF722441D5B20D946B63DD10BBE2A89D3A8BA3BE3339 ] TODDSrv C:\Windows\system32\TODDSrv.exe
    00:36:18.0303 0x231c TODDSrv - ok
    00:36:18.0391 0x231c [ 98C864481D62F86EC8AF65BE3419A95B, 61F0C7CBFAB151FBB62081A37C655D4E818A558E140F3F3BA5C26B024AE24EBB ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    00:36:18.0409 0x231c TosCoSrv - ok
    00:36:18.0496 0x231c [ 2AB7A4697462EDB0C9DFAFC529746BA9, 4EAF4839CA35C8FCE9C086D43E7417E52F0714A2227AE983C0B5C88A66A1B554 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
    00:36:18.0519 0x231c TOSHIBA eco Utility Service - ok
    00:36:18.0635 0x231c [ 74C2FA8C3765EE71A9C22182EC108457, A7073FAB6CE6FB9824544A9CDCCA441D08FD87D68EB564DCB1186FC257776221 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    00:36:18.0639 0x231c TOSHIBA HDD SSD Alert Service - ok
    00:36:18.0850 0x231c [ 97687D094AA597DA366E1194B218CC6C, 8A617E1901235518FDB7504FCDCE641D9F7C5D256A11D5FEFD35E7696972E2B8 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    00:36:18.0885 0x231c TPCHSrv - ok
    00:36:18.0963 0x231c [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\windows\System32\trkwks.dll
    00:36:18.0968 0x231c TrkWks - ok
    00:36:19.0178 0x231c [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
    00:36:19.0203 0x231c TrustedInstaller - ok
    00:36:19.0253 0x231c [ CE18B2CDFC837C99E5FAE9CA6CBA5D30, CA302C2ED6A6BF4670BAAA4F5C14C0238CF0C80316856AA0DB053F4D593033AC ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
    00:36:19.0274 0x231c tssecsrv - ok
    00:36:19.0339 0x231c [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
    00:36:19.0341 0x231c TsUsbFlt - ok
    00:36:19.0418 0x231c [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
    00:36:19.0441 0x231c tunnel - ok
    00:36:19.0583 0x231c [ 550B567F9364D8F7684C3FB3EA665A72, A214BBBBAB9F0DD525FA5A818CEB8E9294B4A96676317255D7ACF6049049C933 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
    00:36:19.0649 0x231c TVALZ - ok
    00:36:19.0719 0x231c [ 9C7191F4B2E49BFF47A6C1144B5923FA, DF4E663499946F4E68B7528CA399574D1EB69797FF81F681943B84F3E5E6A40E ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
    00:36:19.0727 0x231c TVALZFL - ok
    00:36:19.0792 0x231c [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
    00:36:19.0821 0x231c uagp35 - ok
    00:36:19.0894 0x231c [ 01662B4865FDB282677B11CF416757CE, AF85FA61B2560E8387388C7CC4F9F4DDFA52E30631DAB1396B2186E7DF80F9E5 ] UCTblHid C:\windows\system32\DRIVERS\UCTblHid.sys
    00:36:19.0904 0x231c UCTblHid - ok
    00:36:19.0972 0x231c [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\windows\system32\DRIVERS\udfs.sys
    00:36:20.0017 0x231c udfs - ok
    00:36:20.0137 0x231c [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\windows\system32\UI0Detect.exe
    00:36:20.0163 0x231c UI0Detect - ok
    00:36:20.0202 0x231c [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
    00:36:20.0355 0x231c uliagpkx - ok
    00:36:20.0524 0x231c [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\windows\system32\drivers\umbus.sys
    00:36:20.0550 0x231c umbus - ok
    00:36:20.0666 0x231c [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\windows\system32\DRIVERS\umpass.sys
    00:36:20.0896 0x231c UmPass - ok
    00:36:20.0981 0x231c [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\windows\System32\upnphost.dll
    00:36:20.0993 0x231c upnphost - ok
    00:36:21.0053 0x231c [ AA33FC47ED58C34E6E9261E4F850B7EB, C6388127CAA695434ABFB6C59A53C8544E67E414012DE5F21B36D035BB1BACC8 ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
    00:36:21.0088 0x231c USBAAPL64 - ok
    00:36:21.0174 0x231c [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A, DE1CDDEEF2285CC8387E88ACB13C000576DC8819DF6DC648C988068B5C83BB15 ] usbaudio C:\windows\system32\drivers\usbaudio.sys
    00:36:21.0202 0x231c usbaudio - ok
    00:36:21.0259 0x231c [ 6F1A3157A1C89435352CEB543CDB359C, 325B46220779C5FE3B6F19FF794474837FAB9675D9C98ACB68CCE47B1CFE5F12 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
    00:36:21.0319 0x231c usbccgp - ok
    00:36:21.0417 0x231c [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir C:\windows\system32\drivers\usbcir.sys
    00:36:21.0475 0x231c usbcir - ok
    00:36:21.0570 0x231c [ C025055FE7B87701EB042095DF1A2D7B, D7B34B6C2C5BD3C8141895AC21BB637EA5E3C4F7A85EEF4C4C36E6BB2045A3D9 ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
    00:36:21.0587 0x231c usbehci - ok
    00:36:21.0628 0x231c [ 287C6C9410B111B68B52CA298F7B8C24, 98900C08FE662A00DF8B37837B2BEBF9ACB7989C387AF36B2109B05A4F462D4E ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
    00:36:21.0660 0x231c usbhub - ok
    00:36:21.0679 0x231c [ 9840FC418B4CBD632D3D0A667A725C31, 776D86A032DCA2842EF7AADB35473193CA80547223EFAA7F110F296C377077B0 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
    00:36:21.0715 0x231c usbohci - ok
    00:36:21.0819 0x231c [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
    00:36:21.0829 0x231c usbprint - ok
    00:36:21.0907 0x231c [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
    00:36:21.0941 0x231c usbscan - ok
    00:36:21.0985 0x231c [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
    00:36:22.0015 0x231c USBSTOR - ok
    00:36:22.0107 0x231c [ 62069A34518BCF9C1FD9E74B3F6DB7CD, C58E21424718729324B285BEE1C96551540FCC3FD650B2D10895EBA48D981E25 ] usbuhci C:\windows\system32\drivers\usbuhci.sys
    00:36:22.0137 0x231c usbuhci - ok
    00:36:22.0200 0x231c [ 454800C2BC7F3927CE030141EE4F4C50, 10901E62DAA70657C499AD590DECCCA6E46FDDF4A193B2F19279E1B8ED7B1E44 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
    00:36:22.0235 0x231c usbvideo - ok
    00:36:22.0280 0x231c [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\windows\System32\uxsms.dll
    00:36:22.0283 0x231c UxSms - ok
    00:36:22.0296 0x231c [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] VaultSvc C:\windows\system32\lsass.exe
    00:36:22.0298 0x231c VaultSvc - ok
    00:36:22.0360 0x231c [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
    00:36:22.0447 0x231c vdrvroot - ok
    00:36:22.0526 0x231c [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\windows\System32\vds.exe
    00:36:22.0560 0x231c vds - ok
    00:36:22.0584 0x231c [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
    00:36:22.0643 0x231c vga - ok
    00:36:22.0682 0x231c [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\windows\System32\drivers\vga.sys
    00:36:22.0714 0x231c VgaSave - ok
    00:36:22.0784 0x231c [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\windows\system32\drivers\vhdmp.sys
    00:36:22.0819 0x231c vhdmp - ok
    00:36:22.0883 0x231c [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\windows\system32\drivers\viaide.sys
    00:36:22.0923 0x231c viaide - ok
    00:36:22.0970 0x231c [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\windows\system32\drivers\volmgr.sys
    00:36:22.0984 0x231c volmgr - ok
    00:36:23.0078 0x231c [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\windows\system32\drivers\volmgrx.sys
    00:36:23.0121 0x231c volmgrx - ok
    00:36:23.0229 0x231c [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\windows\system32\drivers\volsnap.sys
    00:36:23.0264 0x231c volsnap - ok
    00:36:23.0333 0x231c [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
    00:36:23.0342 0x231c vsmraid - ok
    00:36:23.0512 0x231c [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\windows\system32\vssvc.exe
    00:36:23.0595 0x231c VSS - ok
    00:36:23.0841 0x231c [ 2BF7C653F12F0C0F8EAD0C40EF710F4D, 55F61921645013FC53402169A2EB5C9FF1431621CA05145E4288ABC8069C2862 ] vToolbarUpdater17.3.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
    00:36:23.0888 0x231c vToolbarUpdater17.3.0 - ok
    00:36:23.0948 0x231c [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
    00:36:23.0956 0x231c vwifibus - ok
    00:36:23.0975 0x231c [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
    00:36:23.0978 0x231c vwififlt - ok
    00:36:24.0043 0x231c [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
    00:36:24.0045 0x231c vwifimp - ok
    00:36:24.0111 0x231c [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\windows\system32\w32time.dll
    00:36:24.0173 0x231c W32Time - ok
    00:36:24.0200 0x231c [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
    00:36:24.0202 0x231c WacomPen - ok
    00:36:24.0289 0x231c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
    00:36:24.0325 0x231c WANARP - ok
    00:36:24.0332 0x231c [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
    00:36:24.0335 0x231c Wanarpv6 - ok
    00:36:24.0503 0x231c [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
    00:36:24.0548 0x231c WatAdminSvc - ok
    00:36:24.0695 0x231c [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\windows\system32\wbengine.exe
    00:36:24.0794 0x231c wbengine - ok
    00:36:24.0895 0x231c [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\windows\System32\wbiosrvc.dll
    00:36:24.0963 0x231c WbioSrvc - ok
    00:36:25.0058 0x231c [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\windows\System32\wcncsvc.dll
    00:36:25.0070 0x231c wcncsvc - ok
    00:36:25.0108 0x231c [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
    00:36:25.0129 0x231c WcsPlugInService - ok
    00:36:25.0227 0x231c [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\windows\system32\DRIVERS\wd.sys
    00:36:25.0244 0x231c Wd - ok
    00:36:25.0341 0x231c [ 442783E2CB0DA19873B7A63833FF4CB4, 09254970265476214F3187CC22A4F9C7C2769D419600E83FBE302C3A103E527F ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
    00:36:25.0371 0x231c Wdf01000 - ok
    00:36:25.0447 0x231c [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\windows\system32\wdi.dll
    00:36:25.0469 0x231c WdiServiceHost - ok
    00:36:25.0477 0x231c [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\windows\system32\wdi.dll
    00:36:25.0481 0x231c WdiSystemHost - ok
    00:36:25.0589 0x231c [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient C:\windows\System32\webclnt.dll
    00:36:25.0630 0x231c WebClient - ok
    00:36:25.0707 0x231c [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\windows\system32\wecsvc.dll
    00:36:25.0733 0x231c Wecsvc - ok
    00:36:25.0776 0x231c [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\windows\System32\wercplsupport.dll
    00:36:25.0782 0x231c wercplsupport - ok
    00:36:25.0868 0x231c [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\windows\System32\WerSvc.dll
    00:36:25.0958 0x231c WerSvc - ok
    00:36:26.0182 0x231c [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
    00:36:26.0189 0x231c WfpLwf - ok
    00:36:26.0328 0x231c [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\windows\system32\drivers\wimmount.sys
    00:36:26.0345 0x231c WIMMount - ok
    00:36:26.0470 0x231c WinDefend - ok
    00:36:26.0483 0x231c WinHttpAutoProxySvc - ok
    00:36:27.0490 0x231c [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
    00:36:27.0505 0x231c Winmgmt - ok
    00:36:28.0100 0x231c [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\windows\system32\WsmSvc.dll
    00:36:28.0201 0x231c WinRM - ok
    00:36:28.0501 0x231c [ CB539777611F6D816CECECE060DC6ECF, 38EAD7CD630B0E93B89D7B810DE55F9D1FBB620F8BF9BDCCAF1195498B242A64 ] WinTabService C:\windows\System32\Drivers\WTSRV.EXE
    00:36:28.0514 0x231c WinTabService - ok
    00:36:28.0770 0x231c [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
    00:36:28.0778 0x231c WinUsb - ok
    00:36:29.0427 0x231c [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\windows\System32\wlansvc.dll
    00:36:29.0524 0x231c Wlansvc - ok
    00:36:29.0852 0x231c [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    00:36:29.0880 0x231c wlcrasvc - ok
    00:36:30.0230 0x231c [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    00:36:30.0371 0x231c wlidsvc - ok
    00:36:30.0468 0x231c [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
    00:36:30.0470 0x231c WmiAcpi - ok
    00:36:30.0508 0x231c [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
    00:36:30.0518 0x231c wmiApSrv - ok
    00:36:30.0605 0x231c WMPNetworkSvc - ok
    00:36:30.0666 0x231c [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\windows\System32\wpcsvc.dll
    00:36:30.0673 0x231c WPCSvc - ok
    00:36:30.0728 0x231c [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
    00:36:30.0734 0x231c WPDBusEnum - ok
    00:36:30.0782 0x231c [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
    00:36:30.0784 0x231c ws2ifsl - ok
    00:36:30.0837 0x231c [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\windows\System32\wscsvc.dll
    00:36:30.0841 0x231c wscsvc - ok
    00:36:30.0846 0x231c WSearch - ok
    00:36:30.0997 0x231c [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\windows\system32\wuaueng.dll
    00:36:31.0070 0x231c wuauserv - ok
    00:36:31.0129 0x231c [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
    00:36:31.0148 0x231c WudfPf - ok
    00:36:31.0203 0x231c [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
    00:36:31.0212 0x231c WUDFRd - ok
    00:36:31.0268 0x231c [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\windows\System32\WUDFSvc.dll
    00:36:31.0284 0x231c wudfsvc - ok
    00:36:31.0343 0x231c [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc C:\windows\System32\wwansvc.dll
    00:36:31.0353 0x231c WwanSvc - ok
    00:36:31.0444 0x231c ================ Scan global ===============================
    00:36:31.0489 0x231c [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll
    00:36:31.0559 0x231c [ 0C27239FEA4DB8A2AAC9E502186B7264, 102AA14D7A3CCCE913D9887AF4CCE87EA649A21BEF5196DFFCAD7E8F0B6A7293 ] C:\windows\system32\winsrv.dll
    00:36:31.0592 0x231c [ 0C27239FEA4DB8A2AAC9E502186B7264, 102AA14D7A3CCCE913D9887AF4CCE87EA649A21BEF5196DFFCAD7E8F0B6A7293 ] C:\windows\system32\winsrv.dll
    00:36:31.0655 0x231c [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
    00:36:31.0690 0x231c [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\windows\system32\services.exe
    00:36:31.0700 0x231c [ Global ] - ok
    00:36:31.0701 0x231c ================ Scan MBR ==================================
    00:36:31.0719 0x231c [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
    00:36:32.0109 0x231c \Device\Harddisk0\DR0 - ok
    00:36:32.0109 0x231c ================ Scan VBR ==================================
    00:36:32.0114 0x231c [ 9D27508D50D41C33CC20E2E64430A6D8 ] \Device\Harddisk0\DR0\Partition1
    00:36:32.0115 0x231c \Device\Harddisk0\DR0\Partition1 - ok
    00:36:32.0118 0x231c Waiting for KSN requests completion. In queue: 124
    00:36:33.0118 0x231c Waiting for KSN requests completion. In queue: 124
    00:36:34.0118 0x231c Waiting for KSN requests completion. In queue: 124
    00:36:35.0118 0x231c Waiting for KSN requests completion. In queue: 124
    00:36:36.0118 0x231c Waiting for KSN requests completion. In queue: 124
    00:36:37.0155 0x231c AV detected via SS2: AVG AntiVirus Free Edition 2013, C:\Program Files (x86)\AVG\AVG2013\avgwsc.exe ( 13.0.0.3300 ), 0x41000 ( enabled : updated )
    00:36:37.0163 0x231c FW detected via SS2: AVG Internet Security 2013, C:\Program Files (x86)\AVG\AVG2013\avgwsc.exe ( 13.0.0.3300 ), 0x40010 ( disabled )
    00:36:37.0171 0x231c Win FW state via NFP2: enabled
    00:36:39.0902 0x231c ============================================================
    00:36:39.0902 0x231c Scan finished
    00:36:39.0902 0x231c ============================================================
    00:36:39.0918 0x16d8 Detected object count: 0
    00:36:39.0918 0x16d8 Actual detected object count: 0
  17. rabmo

    rabmo Newcomer, in training Topic Starter Posts: 37

    AVG is still popping up with the same message about the threat
    win64\patched
    Object name: c:\Windows\System32\rpcss.dll

    Malwarebytes frequently pops up announcing that it has blocked a malicious website.
  18. Broni

    Broni Malware Annihilator Posts: 45,310   +243

    Please download Rkill (courtesy of BleepingComputer.com) to your Desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    If normal mode still doesn't work, run the tool from safe mode.

    When the scan is done Notepad will open with rKill log.
    Post it in your next reply.

    NOTE. rKill.txt log will also be present on your desktop.
  19. rabmo

    rabmo Newcomer, in training Topic Starter Posts: 37

    Log from RKill:

    Rkill 2.6.5 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2014 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 02/12/2014 11:28:26 AM in x64 mode.
    Windows Version: Windows 7 Home Premium Service Pack 1

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * C:\windows\System32\Drivers\WTSRV.EXE (PID: 3904) [WD-HEUR]
    * C:\Windows\SysWOW64\WTClient.exe (PID: 5164) [WD-HEUR]

    2 proccesses terminated!

    Checking Registry for malware related settings:

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
    * HKLM\Software\Classes\.exe\shell found and deleted!

    * HKCU\SOFTWARE\Classes\.exe "@" exists and is set to exefile!
    * HKCU\SOFTWARE\Classes\.exe has been deleted!

    Performing miscellaneous checks:

    * No issues found.

    Checking Windows Service Integrity:

    * No issues found.

    Searching for Missing Digital Signatures:

    * C:\windows\System32\rpcss.dll : 512,512 : 11/20/2010 07:27 AM : e34e65a0da368bfcf1b7c073cd669978 [NoSig]
    +-> C:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll : 509,440 : 07/13/2009 07:41 PM : 7266972e86890e2b30c0c322e906b027 [Pos Repl]
    +-> C:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll : 512,000 : 11/20/2010 07:27 AM : 5c627d1b1138676c0a7ab2c2c190d123 [Pos Repl]

    Checking HOSTS File:

    * HOSTS file entries found:

    127.0.0.1 localhost
    ::1 localhost

    Program finished at: 02/12/2014 11:33:58 AM
    Execution time: 0 hours(s), 5 minute(s), and 31 seconds(s)
  20. Broni

    Broni Malware Annihilator Posts: 45,310   +243

    Download BlitzBlank and save it to your desktop.
    Double click on Blitzblank.exe

    • Click OK at the warning.
    • Click the Script tab and copy/paste the following text there:
    Code:
    CopyFile:
    C:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\windows\System32\rpcss.dll
    
    • Click Execute Now. Your computer will need to reboot in order to replace the files.
    • When done, post the report created by Blitzblank.
      You can find it in the root of the drive, normally C:\
  21. rabmo

    rabmo Newcomer, in training Topic Starter Posts: 37

    I have copied and pasted :
    CopyFile:
    C:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\windows\System32\rpcss.dll

    in the window that opens under the script tab, but I click on execute now, nothing seems to happen.
  22. rabmo

    rabmo Newcomer, in training Topic Starter Posts: 37

    Will I get some sort of confirmation from the program that it has copied the file or do I simply reboot the computer?
  23. Broni

    Broni Malware Annihilator Posts: 45,310   +243

    Restart computer and see if you can find report.
  24. rabmo

    rabmo Newcomer, in training Topic Starter Posts: 37

    Restarted, lost the touchpad and network adapter, then the computer restarted on its own and touchpad and network adapter were working again. I could not find the Blitzbank report. Repeated the process of copying the file in the script tab of Blitzbank. This time a message popped up instructing me to reboot and when I did, I found the Blitzbank report. I was getting a little nervous, but glad I hung in there.

    Here is the report:
    BlitzBlank 1.0.0.32

    File/Registry Modification Engine native application
    CopyFileOnReboot: sourceFile = "\??\c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll", destinationFile = "\??\c:\windows\system32\rpcss.dll"
  25. Broni

    Broni Malware Annihilator Posts: 45,310   +243

    Good.
    Is AVG still complaining?

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.