Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG reports win64/patch - C:\windows\system32\rpcss.dll


  • This topic is locked This topic is locked
11 replies to this topic

#1 Old Ford Guy

Old Ford Guy

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norfolk, NE USA
  • Local time:07:33 AM

Posted 24 June 2014 - 10:03 PM

Lenovo laptop, win7 64bit.  If rpcss.dll replaced with downloaded one get black screen, restore corupted dll and it runs but background ads play through speakers with no video and it tries to phone home to 88.214.193.212 which shows as a Natcoweb Corp. in London England?  Any known fix

 

downloaded dll is about 370k, corupt one is 520k ....



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 PM

Posted 25 June 2014 - 03:51 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
 
 
 
Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please attach this file to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Old Ford Guy

Old Ford Guy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norfolk, NE USA
  • Local time:07:33 AM

Posted 25 June 2014 - 11:17 AM

Here is the result of the 1st scan   -  

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-06-2014
Ran by Tim (administrator) on TIM-PC on 25-06-2014 10:51:35
Running from C:\Users\Tim\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Bitdefender) C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Bitdefender) C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2741544 2011-04-07] (Synaptics Incorporated)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2012-02-20] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2012-02-20] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-02-20] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [548864 2011-06-15] (Vimicro)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-28] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-28] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-02-20] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2571288 2014-06-22] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ApnUpdater] => C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1564872 2012-06-06] (Ask)
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-147226328-174327221-1001966454-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-02-20] (Google Inc.)
HKU\S-1-5-21-147226328-174327221-1001966454-1000\...\Run: [pdiface] => C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe [283608 2013-10-30] (Bitdefender)
HKU\S-1-5-21-147226328-174327221-1001966454-1000\...\MountPoints2: {00739482-40e2-11e3-b6d3-dc0ea185037a} - E:\LaunchU3.exe -a
ShellIconOverlayIdentifiers: VeriFace Enc -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=17
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_enUS488
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={5C36D567-F20B-44EE-A01A-3464A5FD628A}&mid=655a47ebe98247d0ae5a0d47e761ea89-1cb357080bcf755786f183fc6480756c7a5bc433&lang=en&ds=AVG&pr=fr&d=2012-10-05 22:27:56&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.7.644\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: CutePDF Editor Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.7.644\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - CutePDF Editor Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.7\\npsitesafety.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\17.3.0.49

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN", "hxxp://google.co/", "hxxp://google.com/"
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File
CHR Plugin: (registryAccess) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaandfbcihcbimjeehajifhciaocmbi\7.15.4.23955_0\background/registryAccess.dll No File
CHR Plugin: (AVG Internet Security) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2191_0\plugins/avgnpss.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll (AVG Technologies)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (CutePDF Editor Toolbar) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaandfbcihcbimjeehajifhciaocmbi [2012-07-03]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-19]
CHR Extension: (AVG Security Toolbar) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-07-03]
CHR Extension: (Google Wallet) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR HKLM-x32\...\Chrome\Extension: [aaaandfbcihcbimjeehajifhciaocmbi] - C:\Users\Tim\AppData\Local\APN\GoogleCRXs\aaaandfbcihcbimjeehajifhciaocmbi_7.15.4.0.crx [2012-06-16]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\18.1.0.443\avg.crx [2014-04-30]

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [520192 2010-11-20] (Microsoft Corporation) [File not signed]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
R2 pdserv; C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe [1445424 2013-11-11] (Bitdefender)
R2 RpcSs; C:\Windows\system32\rpcss.dll [520192 2010-11-20] (Microsoft Corporation) [File not signed]
R2 vToolbarUpdater18.1.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe [1813528 2014-06-22] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [273176 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50464 2014-06-22] (AVG Technologies)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [250752 2011-06-14] (Vimicro Corporation)
R3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-08-16] (Vimicro Corporation)
U3 BcmSqlStartupSvc;
U2 CLKMSVC10_3A60B698;
U2 CLKMSVC10_C3B3B687;
U2 DriverService;
U2 iATAgentService;
U2 idealife Update Service;
U3 IGRS;
U2 IviRegMgr;
S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]
U2 nvUpdatusService;
U2 Oasis2Service;
U2 PCCarerService;
U2 ReadyComm.DirectRouter;
U2 RichVideo;
U2 RtLedService;
U2 SeaPort;
U2 SoftwareService;
U3 SQLWriter;
U2 Stereo Service;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-25 10:51 - 2014-06-25 10:51 - 00017119 _____ () C:\Users\Tim\Downloads\FRST.txt
2014-06-25 10:51 - 2014-06-25 10:51 - 00000000 ____D () C:\FRST
2014-06-25 10:50 - 2014-06-25 10:50 - 02082816 _____ (Farbar) C:\Users\Tim\Downloads\FRST64.exe
2014-06-24 19:06 - 2014-06-24 19:06 - 00395776 _____ (Microsoft Corporation) C:\Users\Tim\Downloads\rpcss.dll
2014-06-24 19:04 - 2014-06-24 19:04 - 16578402 _____ ( ) C:\Users\Tim\Downloads\DLLSuite_Setup_2013.exe
2014-06-24 18:51 - 2014-06-24 18:51 - 00049729 _____ () C:\ProgramData\1403653885.bdinstall.bin
2014-06-24 18:51 - 2014-06-24 18:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 60-Second Virus Scanner
2014-06-24 18:51 - 2014-06-24 18:51 - 00000000 ____D () C:\ProgramData\Bitdefender
2014-06-24 18:51 - 2014-06-24 18:51 - 00000000 ____D () C:\Program Files\Bitdefender
2014-06-24 18:30 - 2014-06-24 18:30 - 00000505 _____ () C:\Users\Tim\Desktop\Devices and Printers - Shortcut.lnk
2014-06-24 18:04 - 2010-11-20 22:24 - 00520192 _____ (Microsoft Corporation) C:\windows\system32\rpcss.dll
2014-06-24 17:12 - 2014-06-24 17:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-24 17:11 - 2014-06-24 17:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Tim\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-06-24 17:10 - 2014-06-24 17:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Tim\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-24 15:29 - 2014-06-24 15:29 - 00003190 _____ () C:\windows\System32\Tasks\{32BF2B20-B002-4F2D-9E27-08ABE3B76856}
2014-06-24 15:16 - 2014-06-24 17:34 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Philipp Winterberg
2014-06-09 15:47 - 2014-06-09 15:47 - 00037376 _____ () C:\windows\system32\snobpl.nnp

==================== One Month Modified Files and Folders =======

2014-06-25 10:51 - 2014-06-25 10:51 - 00017119 _____ () C:\Users\Tim\Downloads\FRST.txt
2014-06-25 10:51 - 2014-06-25 10:51 - 00000000 ____D () C:\FRST
2014-06-25 10:50 - 2014-06-25 10:50 - 02082816 _____ (Farbar) C:\Users\Tim\Downloads\FRST64.exe
2014-06-25 10:49 - 2009-07-14 00:13 - 00782510 _____ () C:\windows\system32\PerfStringBackup.INI
2014-06-25 10:49 - 2009-07-13 23:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-25 10:49 - 2009-07-13 23:45 - 00021280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-25 10:47 - 2012-06-16 01:52 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-25 10:47 - 2012-02-20 20:56 - 01221658 _____ () C:\windows\WindowsUpdate.log
2014-06-25 10:42 - 2013-06-02 21:47 - 00000350 _____ () C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-06-25 10:42 - 2012-06-16 01:33 - 01583583 _____ () C:\FaceProv.log
2014-06-25 10:42 - 2012-02-20 21:37 - 00453643 _____ () C:\windows\system32\fastboot.set
2014-06-25 10:42 - 2012-02-20 21:36 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-25 10:42 - 2012-02-20 21:30 - 00000000 ____D () C:\ProgramData\VeriFace
2014-06-25 10:41 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-06-25 10:41 - 2009-07-13 23:51 - 00069017 _____ () C:\windows\setupact.log
2014-06-24 19:07 - 2014-05-24 16:26 - 00000082 _____ () C:\windows\system32\gykibf.rhi
2014-06-24 19:06 - 2014-06-24 19:06 - 00395776 _____ (Microsoft Corporation) C:\Users\Tim\Downloads\rpcss.dll
2014-06-24 19:04 - 2014-06-24 19:04 - 16578402 _____ ( ) C:\Users\Tim\Downloads\DLLSuite_Setup_2013.exe
2014-06-24 18:57 - 2012-02-20 21:36 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-24 18:51 - 2014-06-24 18:51 - 00049729 _____ () C:\ProgramData\1403653885.bdinstall.bin
2014-06-24 18:51 - 2014-06-24 18:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 60-Second Virus Scanner
2014-06-24 18:51 - 2014-06-24 18:51 - 00000000 ____D () C:\ProgramData\Bitdefender
2014-06-24 18:51 - 2014-06-24 18:51 - 00000000 ____D () C:\Program Files\Bitdefender
2014-06-24 18:33 - 2010-11-20 22:47 - 00176884 _____ () C:\windows\PFRO.log
2014-06-24 18:30 - 2014-06-24 18:30 - 00000505 _____ () C:\Users\Tim\Desktop\Devices and Printers - Shortcut.lnk
2014-06-24 17:34 - 2014-06-24 15:16 - 00000000 ____D () C:\Users\Tim\AppData\Roaming\Philipp Winterberg
2014-06-24 17:12 - 2014-06-24 17:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-24 17:11 - 2014-06-24 17:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Tim\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-06-24 17:11 - 2014-06-24 17:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Tim\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-24 15:29 - 2014-06-24 15:29 - 00003190 _____ () C:\windows\System32\Tasks\{32BF2B20-B002-4F2D-9E27-08ABE3B76856}
2014-06-22 15:46 - 2014-04-30 22:36 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-06-22 15:46 - 2012-10-05 22:27 - 00000000 ____D () C:\Program Files (x86)\AVG Secure Search
2014-06-22 15:46 - 2012-09-03 17:52 - 00050464 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx64.sys
2014-06-19 16:28 - 2013-09-23 15:53 - 00000000 ____D () C:\Users\Tim\AppData\Local\Avg2014
2014-06-19 16:07 - 2012-02-20 21:36 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-19 15:52 - 2012-02-20 21:36 - 00003908 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-19 15:52 - 2012-02-20 21:36 - 00003656 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-13 18:45 - 2013-08-14 23:21 - 00000000 ____D () C:\windows\system32\MRT
2014-06-13 18:34 - 2012-06-16 12:32 - 95414520 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-06-13 17:18 - 2014-05-24 16:16 - 00000066 _____ () C:\windows\system32\wljh.cve
2014-06-09 15:47 - 2014-06-09 15:47 - 00037376 _____ () C:\windows\system32\snobpl.nnp
2014-06-09 15:10 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache

Some content of TEMP:
====================
C:\Users\Tim\AppData\Local\Temp\avguidx.dll
C:\Users\Tim\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Tim\AppData\Local\Temp\iGearedHelper.dll
C:\Users\Tim\AppData\Local\Temp\install_reader11_en_chrd_awa_aih.exe
C:\Users\Tim\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Tim\AppData\Local\Temp\oi_{9097C7AB-9499-4E59-95F6-041352B0C3B0}.exe
C:\Users\Tim\AppData\Local\Temp\oi_{E91DBD4A-4E59-49CE-B9FD-E0A78F2DC043}.exe
C:\Users\Tim\AppData\Local\Temp\ToolbarInstaller.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll
[2014-06-24 18:04] - [2010-11-20 22:24] - 0520192 ____A (Microsoft Corporation) 7D86756A49B408BD050D4E806A0E207F

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-09 15:02

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-06-2014
Ran by Tim at 2014-06-25 10:52:13
Running from C:\Users\Tim\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.4.0 - Ask.com) <==== ATTENTION
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4592 - AVG Technologies)
AVG 2014 (Version: 14.0.3986 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4592 - AVG Technologies) Hidden
AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.1.7.644 - AVG Technologies)
Bitdefender 60-Second Virus Scanner (HKLM\...\{CCEA2053-D975-4E38-AC09-4D5E6DAC6B6F}) (Version: 1.0.3.76 - Bitdefender)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.4.51 - Conexant)
CutePDF Editor Toolbar Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.2.23821 - Ask.com) <==== ATTENTION
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.0 - Lenovo)
Energy Management (x32 Version: 6.0.2.0 - Lenovo) Hidden
Flixster (HKCU\...\404b9336c7552828) (Version: 2.0.0.233 - Flixster)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hoyle Card Games 4 (HKLM-x32\...\Hoyle Card Games 4) (Version:  - )
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 13.11.616.1 - Vimicro)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.6 - Lenovo)
Lenovo Games Console (HKLM-x32\...\Lenovo Games Console) (Version: 1.2.6.436 - Oberon Media Inc.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3728 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3728 - CyberLink Corp.) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 2.2.4.25 - ooVoo LLC.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10003 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.0.0 - Synaptics Incorporated)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.0.1224 - Lenovo)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

21-04-2014 01:15:12 Windows Update
01-05-2014 06:32:28 Windows Update
04-05-2014 22:57:00 Windows Update
11-05-2014 03:20:24 Installed AVG 2014
11-05-2014 05:44:41 Windows Update
17-05-2014 04:38:22 Windows Update
09-06-2014 20:09:43 Scheduled Checkpoint
13-06-2014 23:30:12 Windows Update

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1A50EAB4-B5EA-4F79-8D6B-940C231AD30C} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\windows\TEMP\{582009DE-327F-4A32-8337-82813ACF1094}.exe
Task: {68FD3487-F70C-4CF3-A3B9-CDF7D9D2B6C9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-20] (Google Inc.)
Task: {91EC6B3B-B864-449D-86F8-62DE781AAD92} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-20] (Google Inc.)
Task: {9383D8CC-02C8-4A9F-808F-D530FD6F6A04} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-06-06] () <==== ATTENTION
Task: {DDFB5E94-5B98-4B66-874A-4904A5A1CE5D} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-28] (CyberLink)
Task: C:\windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\windows\TEMP\{582009DE-327F-4A32-8337-82813ACF1094}.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-06-16 03:04 - 2012-03-11 14:56 - 00086608 _____ () C:\windows\System32\cpwmon64.dll
2012-06-16 03:24 - 2010-03-04 16:56 - 00289280 _____ () C:\windows\System32\HP1100LM.DLL
2012-06-16 03:24 - 2010-03-04 16:56 - 00074240 _____ () C:\windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2012-02-20 21:30 - 2012-02-20 21:30 - 01508192 _____ () C:\windows\system32\IcnOvrly.dll
2014-06-22 15:46 - 2014-06-22 15:46 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe
2012-02-20 21:06 - 2011-03-25 04:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2008-12-19 22:20 - 2012-02-20 21:39 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2008-12-19 22:20 - 2012-02-20 21:39 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2012-10-05 22:27 - 2014-06-22 15:46 - 02571288 _____ () C:\Program Files (x86)\AVG Secure Search\vprot.exe
2014-06-22 15:46 - 2014-06-22 15:46 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\log4cplusU.dll
2012-02-20 21:30 - 2012-02-20 21:30 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
2009-08-04 17:23 - 2009-08-04 17:23 - 00063032 _____ () C:\Program Files (x86)\HP\HP UT LEDM\bin\HPTools.dll
2009-08-04 17:23 - 2009-08-04 17:23 - 00075320 _____ () C:\Program Files (x86)\HP\HP UT LEDM\bin\HPToolkit.dll
2009-08-04 17:22 - 2009-08-04 17:22 - 00136248 _____ () C:\Program Files (x86)\HP\HP UT LEDM\bin\DMBaseObjects.dll
2009-08-04 17:22 - 2009-08-04 17:22 - 00678968 _____ () C:\Program Files (x86)\HP\HP UT LEDM\bin\LEDMXMLObjects.dll
2013-12-13 22:40 - 2014-03-21 18:27 - 01603608 _____ () C:\Program Files (x86)\AVG Secure Search\TBAPI.dll
2014-03-01 18:42 - 2014-03-01 18:42 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\aeb07412ad41bff851002a4cd8ed97d1\IsdiInterop.ni.dll
2012-02-20 21:05 - 2011-02-18 03:16 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/25/2014 10:43:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/24/2014 11:09:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/24/2014 06:58:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/24/2014 06:35:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/24/2014 05:31:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/24/2014 04:51:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/24/2014 04:00:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/24/2014 02:38:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/22/2014 03:47:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/19/2014 09:29:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17041 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2e00

Start Time: 01cf8c2e09d496f7

Termination Time: 332

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

System errors:
=============
Error: (06/25/2014 10:43:00 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (06/25/2014 10:41:59 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (06/24/2014 11:09:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (06/24/2014 11:08:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (06/24/2014 06:58:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (06/24/2014 06:57:10 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (06/24/2014 06:35:34 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (06/24/2014 06:35:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (06/24/2014 06:34:27 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (06/24/2014 05:31:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Microsoft Office Sessions:
=========================
Error: (06/25/2014 10:43:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/24/2014 11:09:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/24/2014 06:58:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/24/2014 06:35:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/24/2014 05:31:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/24/2014 04:51:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/24/2014 04:00:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/24/2014 02:38:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/22/2014 03:47:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/19/2014 09:29:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.170412e0001cf8c2e09d496f7332C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

==================== Memory info ===========================

Percentage of memory in use: 54%
Total physical RAM: 4039.86 MB
Available physical RAM: 1822.71 MB
Total Pagefile: 8077.9 MB
Available Pagefile: 5765.29 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:421.81 GB) (Free:371.17 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:26.81 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: B4AF96BF)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=422 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15 GB) - (Type=12)

==================== End Of Log ============================

 



#4 Old Ford Guy

Old Ford Guy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norfolk, NE USA
  • Local time:07:33 AM

Posted 25 June 2014 - 11:33 AM

TDSSKiller log

 

11:23:53.0455 0x15bc  TDSS rootkit removing tool 3.0.0.39 Jun  5 2014 20:35:54
11:24:49.0601 0x15bc  ============================================================
11:24:49.0601 0x15bc  Current date / time: 2014/06/25 11:24:49.0601
11:24:49.0601 0x15bc  SystemInfo:
11:24:49.0601 0x15bc 
11:24:49.0601 0x15bc  OS Version: 6.1.7601 ServicePack: 1.0
11:24:49.0601 0x15bc  Product type: Workstation
11:24:49.0601 0x15bc  ComputerName: TIM-PC
11:24:49.0601 0x15bc  UserName: Tim
11:24:49.0601 0x15bc  Windows directory: C:\windows
11:24:49.0601 0x15bc  System windows directory: C:\windows
11:24:49.0601 0x15bc  Running under WOW64
11:24:49.0601 0x15bc  Processor architecture: Intel x64
11:24:49.0601 0x15bc  Number of processors: 4
11:24:49.0601 0x15bc  Page size: 0x1000
11:24:49.0601 0x15bc  Boot type: Normal boot
11:24:49.0601 0x15bc  ============================================================
11:24:50.0121 0x15bc  KLMD registered as C:\windows\system32\drivers\66967295.sys
11:24:50.0843 0x15bc  System UUID: {A8DEB91C-B1E7-C8EA-8E39-BBE4B6DE314F}
11:24:51.0465 0x15bc  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:24:51.0465 0x15bc  ============================================================
11:24:51.0465 0x15bc  \Device\Harddisk0\DR0:
11:24:51.0465 0x15bc  MBR partitions:
11:24:51.0465 0x15bc  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
11:24:51.0465 0x15bc  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x34BA1000
11:24:51.0495 0x15bc  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x34C06000, BlocksNum 0x39FD800
11:24:51.0495 0x15bc  ============================================================
11:24:51.0535 0x15bc  C: <-> \Device\Harddisk0\DR0\Partition2
11:24:51.0615 0x15bc  D: <-> \Device\Harddisk0\DR0\Partition3
11:24:51.0615 0x15bc  ============================================================
11:24:51.0615 0x15bc  Initialize success
11:24:51.0615 0x15bc  ============================================================
11:25:00.0633 0x104c  ============================================================
11:25:00.0633 0x104c  Scan started
11:25:00.0633 0x104c  Mode: Manual;
11:25:00.0633 0x104c  ============================================================
11:25:00.0633 0x104c  KSN ping started
11:25:23.0739 0x104c  KSN ping finished: true
11:25:26.0593 0x104c  ================ Scan system memory ========================
11:25:26.0593 0x104c  System memory - ok
11:25:26.0593 0x104c  ================ Scan services =============================
11:25:26.0765 0x104c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
11:25:26.0765 0x104c  1394ohci - ok
11:25:26.0835 0x104c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\windows\system32\drivers\ACPI.sys
11:25:26.0845 0x104c  ACPI - ok
11:25:26.0895 0x104c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
11:25:26.0905 0x104c  AcpiPmi - ok
11:25:26.0945 0x104c  [ 5BBFF8B826EC38D32C26334E079C7EFC, 673D46409F0225A804B55FFB77E82AF34F8C7A93BEEF92DC3DFAC7EFCC5F09B6 ] ACPIVPC         C:\windows\system32\DRIVERS\AcpiVpc.sys
11:25:26.0945 0x104c  ACPIVPC - ok
11:25:27.0045 0x104c  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:25:27.0045 0x104c  AdobeARMservice - ok
11:25:27.0145 0x104c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
11:25:27.0155 0x104c  adp94xx - ok
11:25:27.0235 0x104c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\windows\system32\drivers\adpahci.sys
11:25:27.0245 0x104c  adpahci - ok
11:25:27.0285 0x104c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\windows\system32\drivers\adpu320.sys
11:25:27.0295 0x104c  adpu320 - ok
11:25:27.0325 0x104c  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
11:25:27.0325 0x104c  AeLookupSvc - ok
11:25:27.0405 0x104c  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD             C:\windows\system32\drivers\afd.sys
11:25:27.0425 0x104c  AFD - ok
11:25:27.0455 0x104c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\windows\system32\drivers\agp440.sys
11:25:27.0465 0x104c  agp440 - ok
11:25:27.0495 0x104c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\windows\System32\alg.exe
11:25:27.0505 0x104c  ALG - ok
11:25:27.0597 0x104c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\windows\system32\drivers\aliide.sys
11:25:27.0607 0x104c  aliide - ok
11:25:27.0637 0x104c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\windows\system32\drivers\amdide.sys
11:25:27.0637 0x104c  amdide - ok
11:25:27.0697 0x104c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\windows\system32\drivers\amdk8.sys
11:25:27.0697 0x104c  AmdK8 - ok
11:25:27.0707 0x104c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\windows\system32\drivers\amdppm.sys
11:25:27.0707 0x104c  AmdPPM - ok
11:25:27.0739 0x104c  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\windows\system32\drivers\amdsata.sys
11:25:27.0749 0x104c  amdsata - ok
11:25:27.0809 0x104c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
11:25:27.0809 0x104c  amdsbs - ok
11:25:27.0849 0x104c  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\windows\system32\drivers\amdxata.sys
11:25:27.0849 0x104c  amdxata - ok
11:25:27.0869 0x104c  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\windows\system32\drivers\appid.sys
11:25:27.0869 0x104c  AppID - ok
11:25:27.0909 0x104c  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\windows\System32\appidsvc.dll
11:25:27.0909 0x104c  AppIDSvc - ok
11:25:27.0939 0x104c  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\windows\System32\appinfo.dll
11:25:27.0939 0x104c  Appinfo - ok
11:25:27.0949 0x104c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\windows\system32\drivers\arc.sys
11:25:27.0949 0x104c  arc - ok
11:25:28.0019 0x104c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\windows\system32\drivers\arcsas.sys
11:25:28.0029 0x104c  arcsas - ok
11:25:28.0149 0x104c  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:25:28.0159 0x104c  aspnet_state - ok
11:25:28.0179 0x104c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
11:25:28.0179 0x104c  AsyncMac - ok
11:25:28.0209 0x104c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\windows\system32\drivers\atapi.sys
11:25:28.0229 0x104c  atapi - ok
11:25:28.0289 0x104c  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
11:25:28.0321 0x104c  AudioEndpointBuilder - ok
11:25:28.0351 0x104c  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\windows\System32\Audiosrv.dll
11:25:28.0370 0x104c  AudioSrv - ok
11:25:28.0461 0x104c  [ D89F8E4E025DAA0C39FF61AC0199E101, 0A80A572D93DBDE14CD5494EF3F866B44E9BC259D43EE23185E4FC227D08DE69 ] Avgdiska        C:\windows\system32\DRIVERS\avgdiska.sys
11:25:28.0461 0x104c  Avgdiska - ok
11:25:28.0701 0x104c  [ 561CE09C52F6E945ED4CE7E173D1F542, 25FB1B55E22D4DF3B03B6D395B6C4749C03B950139767FA095C24234BD962782 ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
11:25:28.0955 0x104c  AVGIDSAgent - ok
11:25:29.0005 0x104c  [ F9984B8432204D000E15DE0A40D6F9AD, EBF0AAAFC9793F1EDCF3502CAE265CC012A60FA2B5DAD35A66DAD19ACFE206FC ] AVGIDSDriver    C:\windows\system32\DRIVERS\avgidsdrivera.sys
11:25:29.0015 0x104c  AVGIDSDriver - ok
11:25:29.0057 0x104c  [ 73B684F26AD82BABC2A1B3E539ED027A, B164C0C395FF285ED31615E7DB5F43B31A2F1CB6156A68BB5F3802AFCA7B8887 ] AVGIDSHA        C:\windows\system32\DRIVERS\avgidsha.sys
11:25:29.0067 0x104c  AVGIDSHA - ok
11:25:29.0087 0x104c  [ 18A542A22A31DFFEA51666E75393E7A5, 7EFA508ECE7266446B2A5E12DB7461D328F2B47E2A70A8AA2C9D0E42898C71AC ] Avgldx64        C:\windows\system32\DRIVERS\avgldx64.sys
11:25:29.0097 0x104c  Avgldx64 - ok
11:25:29.0167 0x104c  [ EC0E347F6C95541504CCF1B85D74F91F, F0819BF489C8776696D9DD89AC9673717BAF957DFAA071DA3911560172C6D952 ] Avgloga         C:\windows\system32\DRIVERS\avgloga.sys
11:25:29.0167 0x104c  Avgloga - ok
11:25:29.0207 0x104c  [ ADC65C6074A994D91CA9C6339C3DC978, A736BF94E41B9B06E826E3F2BBA7B305990DF68CF17DA8F661AE952FB240DDE1 ] Avgmfx64        C:\windows\system32\DRIVERS\avgmfx64.sys
11:25:29.0217 0x104c  Avgmfx64 - ok
11:25:29.0287 0x104c  [ 7D206FA06603E95984EFF9822C9FC958, 11863D7A5A14C852594F90FD3A54E55CBE8C27075E640C9B222102AD9DA91F35 ] Avgrkx64        C:\windows\system32\DRIVERS\avgrkx64.sys
11:25:29.0287 0x104c  Avgrkx64 - ok
11:25:29.0317 0x104c  [ 6FB25E61AC5885F5BD8BC5202D129BDF, 2644612402A8F7EDF8EB98537D10BCF0284B89797EC17A426DE94CE6922C1F4A ] Avgtdia         C:\windows\system32\DRIVERS\avgtdia.sys
11:25:29.0327 0x104c  Avgtdia - ok
11:25:29.0367 0x104c  [ 7688C67BDF55500C1FDC8291230C397D, 68A4C3D7F7043C73113B1EE7A3DD8E98BC1D6F54CA7E4E1BFB2333A75CDE2DE0 ] avgtp           C:\windows\system32\drivers\avgtpx64.sys
11:25:29.0367 0x104c  avgtp - ok
11:25:29.0387 0x104c  [ E5C581D358B62CF65776B8E4E17B9E5C, 955E4ECFD036330B139476CCCC7564B082C197D5E7577853E0C3D7B707EDB090 ] avgwd           C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
11:25:29.0397 0x104c  avgwd - ok
11:25:29.0447 0x104c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\windows\System32\AxInstSV.dll
11:25:29.0447 0x104c  AxInstSV - ok
11:25:29.0497 0x104c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
11:25:29.0517 0x104c  b06bdrv - ok
11:25:29.0554 0x104c  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
11:25:29.0559 0x104c  b57nd60a - ok
11:25:29.0759 0x104c  [ B5D54119CE0BB77872C33A717CB76386, 9FFCEE1BB04FD595553F83CE98A16AE9AFDF7DDB4B7390F57DFAA80CCF36459E ] BCM43XX         C:\windows\system32\DRIVERS\bcmwl664.sys
11:25:29.0939 0x104c  BCM43XX - ok
11:25:29.0999 0x104c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\windows\System32\bdesvc.dll
11:25:30.0009 0x104c  BDESVC - ok
11:25:30.0039 0x104c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\windows\system32\drivers\Beep.sys
11:25:30.0039 0x104c  Beep - ok
11:25:30.0109 0x104c  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\windows\System32\bfe.dll
11:25:30.0119 0x104c  BFE - ok
11:25:30.0179 0x104c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\windows\System32\qmgr.dll
11:25:30.0199 0x104c  BITS - ok
11:25:30.0229 0x104c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
11:25:30.0229 0x104c  blbdrive - ok
11:25:30.0269 0x104c  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
11:25:30.0269 0x104c  bowser - ok
11:25:30.0309 0x104c  [ AAA4F992F879977A000FE8B8C730CD2C, A109D3F7CA9D49B98FDA5CA34C60055690F72400CCC96D48076FA86086E4C74D ] BPntDrv         C:\windows\system32\drivers\BPntDrv.sys
11:25:30.0309 0x104c  BPntDrv - ok
11:25:30.0329 0x104c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
11:25:30.0329 0x104c  BrFiltLo - ok
11:25:30.0339 0x104c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
11:25:30.0339 0x104c  BrFiltUp - ok
11:25:30.0369 0x104c  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\windows\System32\browser.dll
11:25:30.0369 0x104c  Browser - ok
11:25:30.0419 0x104c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\windows\System32\Drivers\Brserid.sys
11:25:30.0429 0x104c  Brserid - ok
11:25:30.0429 0x104c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
11:25:30.0429 0x104c  BrSerWdm - ok
11:25:30.0449 0x104c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
11:25:30.0449 0x104c  BrUsbMdm - ok
11:25:30.0459 0x104c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
11:25:30.0459 0x104c  BrUsbSer - ok
11:25:30.0499 0x104c  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
11:25:30.0499 0x104c  BthEnum - ok
11:25:30.0529 0x104c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
11:25:30.0529 0x104c  BTHMODEM - ok
11:25:30.0556 0x104c  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
11:25:30.0561 0x104c  BthPan - ok
11:25:30.0605 0x104c  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
11:25:30.0623 0x104c  BTHPORT - ok
11:25:30.0674 0x104c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\windows\system32\bthserv.dll
11:25:30.0678 0x104c  bthserv - ok
11:25:30.0721 0x104c  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
11:25:30.0721 0x104c  BTHUSB - ok
11:25:30.0771 0x104c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
11:25:30.0771 0x104c  cdfs - ok
11:25:30.0821 0x104c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
11:25:30.0821 0x104c  cdrom - ok
11:25:30.0851 0x104c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\windows\System32\certprop.dll
11:25:30.0861 0x104c  CertPropSvc - ok
11:25:30.0881 0x104c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\windows\system32\drivers\circlass.sys
11:25:30.0881 0x104c  circlass - ok
11:25:30.0921 0x104c  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\windows\system32\CLFS.sys
11:25:30.0931 0x104c  CLFS - ok
11:25:30.0991 0x104c  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:25:31.0001 0x104c  clr_optimization_v2.0.50727_32 - ok
11:25:31.0031 0x104c  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:25:31.0041 0x104c  clr_optimization_v2.0.50727_64 - ok
11:25:31.0091 0x104c  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:25:31.0101 0x104c  clr_optimization_v4.0.30319_32 - ok
11:25:31.0121 0x104c  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:25:31.0141 0x104c  clr_optimization_v4.0.30319_64 - ok
11:25:31.0181 0x104c  [ 50F92C943F18B070F166D019DFAB3D9A, A997EAFFC1598B1D0A9E1A4475F25418CA8AA6B703B53A71B1AF028E247C9950 ] clwvd           C:\windows\system32\DRIVERS\clwvd.sys
11:25:31.0181 0x104c  clwvd - ok
11:25:31.0211 0x104c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
11:25:31.0211 0x104c  CmBatt - ok
11:25:31.0231 0x104c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\windows\system32\drivers\cmdide.sys
11:25:31.0231 0x104c  cmdide - ok
11:25:31.0261 0x104c  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\windows\system32\Drivers\cng.sys
11:25:31.0281 0x104c  CNG - ok
11:25:31.0361 0x104c  [ A260BE645DD096D90318C8CF98536720, ACFDC643485AAAB40ABB3A00C8D9F2E962AF273B95118F0CD19FB8E93E8BF032 ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
11:25:31.0421 0x104c  CnxtHdAudService - ok
11:25:31.0471 0x104c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\windows\system32\drivers\compbatt.sys
11:25:31.0471 0x104c  Compbatt - ok
11:25:31.0491 0x104c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys
11:25:31.0501 0x104c  CompositeBus - ok
11:25:31.0501 0x104c  COMSysApp - ok
11:25:31.0521 0x104c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
11:25:31.0521 0x104c  crcdisk - ok
11:25:31.0561 0x104c  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\windows\system32\cryptsvc.dll
11:25:31.0571 0x104c  CryptSvc - ok
11:25:31.0635 0x104c  [ 7D86756A49B408BD050D4E806A0E207F, C639BCE6428F9F9663A956CF93EA22587F6D8125E60E24F93A417E5F10FA1D90 ] DcomLaunch      C:\windows\system32\rpcss.dll
11:25:31.0683 0x104c  DcomLaunch - detected Trojan.Win64.Patched.bj ( 0 )
11:25:34.0435 0x104c  DcomLaunch ( Trojan.Win64.Patched.bj ) - infected
11:25:34.0435 0x104c  Force sending object to P2P due to detect: DcomLaunch
11:25:47.0913 0x104c  Object send P2P result: true
11:25:50.0525 0x104c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\windows\System32\defragsvc.dll
11:25:50.0535 0x104c  defragsvc - ok
11:25:50.0565 0x104c  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\windows\system32\Drivers\dfsc.sys
11:25:50.0565 0x104c  DfsC - ok
11:25:50.0595 0x104c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\windows\system32\dhcpcore.dll
11:25:50.0605 0x104c  Dhcp - ok
11:25:50.0635 0x104c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\windows\system32\drivers\discache.sys
11:25:50.0635 0x104c  discache - ok
11:25:50.0665 0x104c  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\windows\system32\drivers\disk.sys
11:25:50.0665 0x104c  Disk - ok
11:25:50.0705 0x104c  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\windows\System32\dnsrslvr.dll
11:25:50.0715 0x104c  Dnscache - ok
11:25:50.0735 0x104c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\windows\System32\dot3svc.dll
11:25:50.0735 0x104c  dot3svc - ok
11:25:50.0785 0x104c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\windows\system32\dps.dll
11:25:50.0785 0x104c  DPS - ok
11:25:50.0825 0x104c  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
11:25:50.0825 0x104c  drmkaud - ok
11:25:50.0895 0x104c  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
11:25:50.0915 0x104c  DXGKrnl - ok
11:25:50.0965 0x104c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\windows\System32\eapsvc.dll
11:25:50.0965 0x104c  EapHost - ok
11:25:51.0105 0x104c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\windows\system32\drivers\evbda.sys
11:25:51.0235 0x104c  ebdrv - ok
11:25:51.0265 0x104c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\windows\System32\lsass.exe
11:25:51.0265 0x104c  EFS - ok
11:25:51.0335 0x104c  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
11:25:51.0355 0x104c  ehRecvr - ok
11:25:51.0375 0x104c  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\windows\ehome\ehsched.exe
11:25:51.0375 0x104c  ehSched - ok
11:25:51.0435 0x104c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\windows\system32\drivers\elxstor.sys
11:25:51.0445 0x104c  elxstor - ok
11:25:51.0455 0x104c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\windows\system32\drivers\errdev.sys
11:25:51.0455 0x104c  ErrDev - ok
11:25:51.0505 0x104c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\windows\system32\es.dll
11:25:51.0515 0x104c  EventSystem - ok
11:25:51.0555 0x104c  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\windows\system32\drivers\exfat.sys
11:25:51.0565 0x104c  exfat - ok
11:25:51.0575 0x104c  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\windows\system32\drivers\fastfat.sys
11:25:51.0575 0x104c  fastfat - ok
11:25:51.0625 0x104c  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\windows\system32\fxssvc.exe
11:25:51.0645 0x104c  Fax - ok
11:25:51.0665 0x104c  [ 3191ACA33088EE2481044FC0DB736442, 9311069BCA14FB7D5FDFFDB29566D045AB55A8657574C8BD864F8ED9527DEAF5 ] fbfmon          C:\windows\system32\drivers\fbfmon.sys
11:25:51.0665 0x104c  fbfmon - ok
11:25:51.0685 0x104c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\windows\system32\drivers\fdc.sys
11:25:51.0685 0x104c  fdc - ok
11:25:51.0715 0x104c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\windows\system32\fdPHost.dll
11:25:51.0725 0x104c  fdPHost - ok
11:25:51.0745 0x104c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\windows\system32\fdrespub.dll
11:25:51.0745 0x104c  FDResPub - ok
11:25:51.0755 0x104c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
11:25:51.0755 0x104c  FileInfo - ok
11:25:51.0765 0x104c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
11:25:51.0765 0x104c  Filetrace - ok
11:25:51.0795 0x104c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
11:25:51.0795 0x104c  flpydisk - ok
11:25:51.0825 0x104c  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
11:25:51.0835 0x104c  FltMgr - ok
11:25:51.0915 0x104c  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\windows\system32\FntCache.dll
11:25:51.0955 0x104c  FontCache - ok
11:25:52.0015 0x104c  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:25:52.0015 0x104c  FontCache3.0.0.0 - ok
11:25:52.0055 0x104c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
11:25:52.0055 0x104c  FsDepends - ok
11:25:52.0085 0x104c  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
11:25:52.0095 0x104c  Fs_Rec - ok
11:25:52.0155 0x104c  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
11:25:52.0165 0x104c  fvevol - ok
11:25:52.0195 0x104c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
11:25:52.0195 0x104c  gagp30kx - ok
11:25:52.0245 0x104c  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\windows\System32\gpsvc.dll
11:25:52.0265 0x104c  gpsvc - ok
11:25:52.0355 0x104c  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:25:52.0355 0x104c  gupdate - ok
11:25:52.0375 0x104c  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:25:52.0375 0x104c  gupdatem - ok
11:25:52.0405 0x104c  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:25:52.0415 0x104c  gusvc - ok
11:25:52.0435 0x104c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
11:25:52.0435 0x104c  hcw85cir - ok
11:25:52.0465 0x104c  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
11:25:52.0475 0x104c  HdAudAddService - ok
11:25:52.0495 0x104c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
11:25:52.0505 0x104c  HDAudBus - ok
11:25:52.0515 0x104c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\windows\system32\drivers\HidBatt.sys
11:25:52.0515 0x104c  HidBatt - ok
11:25:52.0535 0x104c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\windows\system32\drivers\hidbth.sys
11:25:52.0535 0x104c  HidBth - ok
11:25:52.0535 0x104c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\windows\system32\drivers\hidir.sys
11:25:52.0545 0x104c  HidIr - ok
11:25:52.0565 0x104c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\windows\system32\hidserv.dll
11:25:52.0565 0x104c  hidserv - ok
11:25:52.0595 0x104c  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\windows\system32\drivers\hidusb.sys
11:25:52.0595 0x104c  HidUsb - ok
11:25:52.0635 0x104c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\windows\system32\kmsvc.dll
11:25:52.0635 0x104c  hkmsvc - ok
11:25:52.0655 0x104c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
11:25:52.0655 0x104c  HomeGroupListener - ok
11:25:52.0695 0x104c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
11:25:52.0705 0x104c  HomeGroupProvider - ok
11:25:52.0755 0x104c  [ 53DCA61931847E35C950504BFB7559C6, 3F57CE29B52D32F7061407B63C4A9786F5B623E9F9F1121B02182DE044110D08 ] HP LaserJet Service C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
11:25:52.0755 0x104c  HP LaserJet Service - ok
11:25:52.0795 0x104c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
11:25:52.0805 0x104c  HpSAMD - ok
11:25:52.0835 0x104c  [ 5A539A3CBD6EC1609D5333B486D5F74C, C43B4F085C0F7938E0771140B7D02B087F4EA086FC3FF4B4F9F2D18BCE0BFD88 ] HPSIService     C:\windows\system32\HPSIsvc.exe
11:25:52.0835 0x104c  HPSIService - ok
11:25:52.0885 0x104c  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\windows\system32\drivers\HTTP.sys
11:25:52.0905 0x104c  HTTP - ok
11:25:52.0915 0x104c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
11:25:52.0915 0x104c  hwpolicy - ok
11:25:52.0955 0x104c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
11:25:52.0955 0x104c  i8042prt - ok
11:25:53.0035 0x104c  [ 53CC5BF8B5A219119953C7ABB19A7705, F342A9732978D893729EA2591CB72E5F5BD1B3E6C9E4DBFFE54EC866E534A8C0 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
11:25:53.0045 0x104c  iaStor - ok
11:25:53.0095 0x104c  [ F5C0317AF600F8C0D7E4202EB04232B1, D83824ED829E3C4BCA6DB17A5DEF1450856ABE17B27AE6B791E40B8C3F2CCB44 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
11:25:53.0095 0x104c  IAStorDataMgrSvc - ok
11:25:53.0145 0x104c  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
11:25:53.0155 0x104c  iaStorV - ok
11:25:53.0265 0x104c  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:25:53.0295 0x104c  idsvc - ok
11:25:53.0335 0x104c  IEEtwCollectorService - ok
11:25:53.0885 0x104c  [ 795C99DC4F574C97C03D0BB39CF099EE, 67310B52F7A1B83A66872B961F347B1BD104C8A83A01F60507705B2ACEA76B71 ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
11:25:54.0337 0x104c  igfx - ok
11:25:54.0407 0x104c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\windows\system32\drivers\iirsp.sys
11:25:54.0407 0x104c  iirsp - ok
11:25:54.0477 0x104c  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\windows\System32\ikeext.dll
11:25:54.0507 0x104c  IKEEXT - ok
11:25:54.0577 0x104c  [ FC727061C0F47C8059E88E05D5C8E381, C7A3782F5D86C7FDE57AA1F2EE81638C5FC3072ACC6E572BA2EC7B3CFF389800 ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
11:25:54.0587 0x104c  IntcDAud - ok
11:25:54.0607 0x104c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\windows\system32\drivers\intelide.sys
11:25:54.0617 0x104c  intelide - ok
11:25:54.0657 0x104c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
11:25:54.0657 0x104c  intelppm - ok
11:25:54.0687 0x104c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\windows\system32\ipbusenum.dll
11:25:54.0697 0x104c  IPBusEnum - ok
11:25:54.0717 0x104c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
11:25:54.0717 0x104c  IpFilterDriver - ok
11:25:54.0767 0x104c  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
11:25:54.0777 0x104c  iphlpsvc - ok
11:25:54.0807 0x104c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
11:25:54.0807 0x104c  IPMIDRV - ok
11:25:54.0827 0x104c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\windows\system32\drivers\ipnat.sys
11:25:54.0837 0x104c  IPNAT - ok
11:25:54.0857 0x104c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\windows\system32\drivers\irenum.sys
11:25:54.0857 0x104c  IRENUM - ok
11:25:54.0867 0x104c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\windows\system32\drivers\isapnp.sys
11:25:54.0867 0x104c  isapnp - ok
11:25:54.0907 0x104c  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
11:25:54.0917 0x104c  iScsiPrt - ok
11:25:54.0947 0x104c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
11:25:54.0947 0x104c  kbdclass - ok
11:25:54.0977 0x104c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
11:25:54.0977 0x104c  kbdhid - ok
11:25:54.0997 0x104c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\windows\system32\lsass.exe
11:25:55.0007 0x104c  KeyIso - ok
11:25:55.0027 0x104c  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
11:25:55.0037 0x104c  KSecDD - ok
11:25:55.0067 0x104c  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
11:25:55.0067 0x104c  KSecPkg - ok
11:25:55.0127 0x104c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
11:25:55.0127 0x104c  ksthunk - ok
11:25:55.0167 0x104c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\windows\system32\msdtckrm.dll
11:25:55.0177 0x104c  KtmRm - ok
11:25:55.0217 0x104c  [ 95CA93FC12BE372BB952669F37FFF9C5, 5B4EE910E676ABD0E12B6AD72DBB564DBEB05D63C43AFFC24CE155D0DF8A3820 ] L1C             C:\windows\system32\DRIVERS\L1C62x64.sys
11:25:55.0227 0x104c  L1C - ok
11:25:55.0297 0x104c  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\windows\system32\srvsvc.dll
11:25:55.0307 0x104c  LanmanServer - ok
11:25:55.0357 0x104c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
11:25:55.0367 0x104c  LanmanWorkstation - ok
11:25:55.0417 0x104c  [ BE166935083F9C38EDFDC21B9A7A679B, 89C64DBE58E1B974208AAAA5CC757C599B1439C205C3C48BF16BA054A06DBC94 ] LHDmgr          C:\windows\system32\DRIVERS\LhdX64.sys
11:25:55.0417 0x104c  LHDmgr - ok
11:25:55.0447 0x104c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
11:25:55.0447 0x104c  lltdio - ok
11:25:55.0507 0x104c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\windows\System32\lltdsvc.dll
11:25:55.0517 0x104c  lltdsvc - ok
11:25:55.0537 0x104c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\windows\System32\lmhsvc.dll
11:25:55.0537 0x104c  lmhosts - ok
11:25:55.0587 0x104c  [ 2ED1786B7542CDA261029F6B526EDF44, C6131B65B045EF5B4F62CF6CF089DF0921BA6A8EFC83BCBA45D5DDE78E9D78E2 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
11:25:55.0597 0x104c  LMS - ok
11:25:55.0647 0x104c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
11:25:55.0647 0x104c  LSI_FC - ok
11:25:55.0657 0x104c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
11:25:55.0667 0x104c  LSI_SAS - ok
11:25:55.0667 0x104c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
11:25:55.0677 0x104c  LSI_SAS2 - ok
11:25:55.0707 0x104c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
11:25:55.0717 0x104c  LSI_SCSI - ok
11:25:55.0747 0x104c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\windows\system32\drivers\luafv.sys
11:25:55.0747 0x104c  luafv - ok
11:25:55.0807 0x104c  MBAMSwissArmy - ok
11:25:55.0857 0x104c  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
11:25:55.0857 0x104c  Mcx2Svc - ok
11:25:55.0877 0x104c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\windows\system32\drivers\megasas.sys
11:25:55.0877 0x104c  megasas - ok
11:25:55.0907 0x104c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
11:25:55.0917 0x104c  MegaSR - ok
11:25:55.0947 0x104c  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\windows\system32\DRIVERS\HECIx64.sys
11:25:55.0947 0x104c  MEIx64 - ok
11:25:55.0967 0x104c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\windows\system32\mmcss.dll
11:25:55.0977 0x104c  MMCSS - ok
11:25:56.0007 0x104c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\windows\system32\drivers\modem.sys
11:25:56.0007 0x104c  Modem - ok
11:25:56.0027 0x104c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
11:25:56.0027 0x104c  monitor - ok
11:25:56.0047 0x104c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
11:25:56.0047 0x104c  mouclass - ok
11:25:56.0077 0x104c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
11:25:56.0077 0x104c  mouhid - ok
11:25:56.0087 0x104c  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
11:25:56.0087 0x104c  mountmgr - ok
11:25:56.0117 0x104c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\windows\system32\drivers\mpio.sys
11:25:56.0117 0x104c  mpio - ok
11:25:56.0167 0x104c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
11:25:56.0177 0x104c  mpsdrv - ok
11:25:56.0257 0x104c  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\windows\system32\mpssvc.dll
11:25:56.0277 0x104c  MpsSvc - ok
11:25:56.0327 0x104c  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
11:25:56.0327 0x104c  MRxDAV - ok
11:25:56.0357 0x104c  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
11:25:56.0357 0x104c  mrxsmb - ok
11:25:56.0397 0x104c  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
11:25:56.0407 0x104c  mrxsmb10 - ok
11:25:56.0417 0x104c  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
11:25:56.0417 0x104c  mrxsmb20 - ok
11:25:56.0447 0x104c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\windows\system32\drivers\msahci.sys
11:25:56.0447 0x104c  msahci - ok
11:25:56.0467 0x104c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\windows\system32\drivers\msdsm.sys
11:25:56.0477 0x104c  msdsm - ok
11:25:56.0497 0x104c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\windows\System32\msdtc.exe
11:25:56.0497 0x104c  MSDTC - ok
11:25:56.0517 0x104c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\windows\system32\drivers\Msfs.sys
11:25:56.0517 0x104c  Msfs - ok
11:25:56.0537 0x104c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
11:25:56.0537 0x104c  mshidkmdf - ok
11:25:56.0537 0x104c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
11:25:56.0537 0x104c  msisadrv - ok
11:25:56.0587 0x104c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
11:25:56.0587 0x104c  MSiSCSI - ok
11:25:56.0587 0x104c  msiserver - ok
11:25:56.0627 0x104c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
11:25:56.0627 0x104c  MSKSSRV - ok
11:25:56.0637 0x104c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
11:25:56.0637 0x104c  MSPCLOCK - ok
11:25:56.0647 0x104c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
11:25:56.0647 0x104c  MSPQM - ok
11:25:56.0677 0x104c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
11:25:56.0697 0x104c  MsRPC - ok
11:25:56.0717 0x104c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
11:25:56.0717 0x104c  mssmbios - ok
11:25:56.0737 0x104c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
11:25:56.0737 0x104c  MSTEE - ok
11:25:56.0757 0x104c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
11:25:56.0757 0x104c  MTConfig - ok
11:25:56.0797 0x104c  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\windows\system32\Drivers\mup.sys
11:25:56.0807 0x104c  Mup - ok
11:25:56.0837 0x104c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\windows\system32\qagentRT.dll
11:25:56.0857 0x104c  napagent - ok
11:25:56.0927 0x104c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
11:25:56.0927 0x104c  NativeWifiP - ok
11:25:56.0997 0x104c  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\windows\system32\drivers\ndis.sys
11:25:57.0027 0x104c  NDIS - ok
11:25:57.0087 0x104c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
11:25:57.0087 0x104c  NdisCap - ok
11:25:57.0167 0x104c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
11:25:57.0167 0x104c  NdisTapi - ok
11:25:57.0207 0x104c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
11:25:57.0217 0x104c  Ndisuio - ok
11:25:57.0267 0x104c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
11:25:57.0267 0x104c  NdisWan - ok
11:25:57.0277 0x104c  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
11:25:57.0287 0x104c  NDProxy - ok
11:25:57.0317 0x104c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
11:25:57.0317 0x104c  NetBIOS - ok
11:25:57.0337 0x104c  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
11:25:57.0337 0x104c  NetBT - ok
11:25:57.0347 0x104c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\windows\system32\lsass.exe
11:25:57.0347 0x104c  Netlogon - ok
11:25:57.0377 0x104c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\windows\System32\netman.dll
11:25:57.0387 0x104c  Netman - ok
11:25:57.0427 0x104c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:25:57.0437 0x104c  NetMsmqActivator - ok
11:25:57.0447 0x104c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:25:57.0447 0x104c  NetPipeActivator - ok
11:25:57.0467 0x104c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\windows\System32\netprofm.dll
11:25:57.0487 0x104c  netprofm - ok
11:25:57.0527 0x104c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:25:57.0527 0x104c  NetTcpActivator - ok
11:25:57.0537 0x104c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:25:57.0537 0x104c  NetTcpPortSharing - ok
11:25:57.0577 0x104c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
11:25:57.0587 0x104c  nfrd960 - ok
11:25:57.0617 0x104c  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\windows\System32\nlasvc.dll
11:25:57.0627 0x104c  NlaSvc - ok
11:25:57.0637 0x104c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\windows\system32\drivers\Npfs.sys
11:25:57.0637 0x104c  Npfs - ok
11:25:57.0657 0x104c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\windows\system32\nsisvc.dll
11:25:57.0657 0x104c  nsi - ok
11:25:57.0667 0x104c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
11:25:57.0667 0x104c  nsiproxy - ok
11:25:57.0787 0x104c  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
11:25:57.0897 0x104c  Ntfs - ok
11:25:57.0927 0x104c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\windows\system32\drivers\Null.sys
11:25:57.0927 0x104c  Null - ok
11:25:57.0947 0x104c  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\windows\system32\drivers\nvraid.sys
11:25:57.0957 0x104c  nvraid - ok
11:25:57.0967 0x104c  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\windows\system32\drivers\nvstor.sys
11:25:57.0967 0x104c  nvstor - ok
11:25:57.0987 0x104c  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
11:25:57.0997 0x104c  nv_agp - ok
11:25:58.0027 0x104c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
11:25:58.0027 0x104c  ohci1394 - ok
11:25:58.0067 0x104c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
11:25:58.0077 0x104c  p2pimsvc - ok
11:25:58.0097 0x104c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\windows\system32\p2psvc.dll
11:25:58.0117 0x104c  p2psvc - ok
11:25:58.0137 0x104c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\windows\system32\drivers\parport.sys
11:25:58.0137 0x104c  Parport - ok
11:25:58.0147 0x104c  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\windows\system32\drivers\partmgr.sys
11:25:58.0157 0x104c  partmgr - ok
11:25:58.0177 0x104c  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\windows\System32\pcasvc.dll
11:25:58.0177 0x104c  PcaSvc - ok
11:25:58.0197 0x104c  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\windows\system32\drivers\pci.sys
11:25:58.0207 0x104c  pci - ok
11:25:58.0227 0x104c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\windows\system32\drivers\pciide.sys
11:25:58.0227 0x104c  pciide - ok
11:25:58.0257 0x104c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
11:25:58.0267 0x104c  pcmcia - ok
11:25:58.0277 0x104c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\windows\system32\drivers\pcw.sys
11:25:58.0287 0x104c  pcw - ok
11:25:58.0357 0x104c  pdserv - ok
11:25:58.0397 0x104c  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\windows\system32\drivers\peauth.sys
11:25:58.0417 0x104c  PEAUTH - ok
11:25:58.0467 0x104c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\windows\SysWow64\perfhost.exe
11:25:58.0467 0x104c  PerfHost - ok
11:25:58.0557 0x104c  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\windows\system32\pla.dll
11:25:58.0597 0x104c  pla - ok
11:25:58.0677 0x104c  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
11:25:58.0687 0x104c  PlugPlay - ok
11:25:58.0707 0x104c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
11:25:58.0707 0x104c  PNRPAutoReg - ok
11:25:58.0737 0x104c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
11:25:58.0747 0x104c  PNRPsvc - ok
11:25:58.0787 0x104c  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
11:25:58.0797 0x104c  PolicyAgent - ok
11:25:58.0807 0x104c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\windows\system32\umpo.dll
11:25:58.0817 0x104c  Power - ok
11:25:58.0857 0x104c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
11:25:58.0857 0x104c  PptpMiniport - ok
11:25:58.0877 0x104c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\windows\system32\drivers\processr.sys
11:25:58.0877 0x104c  Processor - ok
11:25:58.0917 0x104c  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\windows\system32\profsvc.dll
11:25:58.0917 0x104c  ProfSvc - ok
11:25:58.0937 0x104c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\windows\system32\lsass.exe
11:25:58.0937 0x104c  ProtectedStorage - ok
11:25:58.0957 0x104c  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\windows\system32\DRIVERS\pacer.sys
11:25:58.0967 0x104c  Psched - ok
11:25:59.0047 0x104c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\windows\system32\drivers\ql2300.sys
11:25:59.0087 0x104c  ql2300 - ok
11:25:59.0117 0x104c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
11:25:59.0117 0x104c  ql40xx - ok
11:25:59.0169 0x104c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\windows\system32\qwave.dll
11:25:59.0179 0x104c  QWAVE - ok
11:25:59.0199 0x104c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
11:25:59.0209 0x104c  QWAVEdrv - ok
11:25:59.0239 0x104c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
11:25:59.0249 0x104c  RasAcd - ok
11:25:59.0289 0x104c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
11:25:59.0289 0x104c  RasAgileVpn - ok
11:25:59.0299 0x104c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\windows\System32\rasauto.dll
11:25:59.0299 0x104c  RasAuto - ok
11:25:59.0319 0x104c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
11:25:59.0329 0x104c  Rasl2tp - ok
11:25:59.0389 0x104c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\windows\System32\rasmans.dll
11:25:59.0399 0x104c  RasMan - ok
11:25:59.0429 0x104c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
11:25:59.0429 0x104c  RasPppoe - ok
11:25:59.0449 0x104c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
11:25:59.0449 0x104c  RasSstp - ok
11:25:59.0489 0x104c  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
11:25:59.0499 0x104c  rdbss - ok
11:25:59.0519 0x104c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\windows\system32\drivers\rdpbus.sys
11:25:59.0519 0x104c  rdpbus - ok
11:25:59.0529 0x104c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
11:25:59.0529 0x104c  RDPCDD - ok
11:25:59.0559 0x104c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
11:25:59.0559 0x104c  RDPENCDD - ok
11:25:59.0579 0x104c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
11:25:59.0579 0x104c  RDPREFMP - ok
11:25:59.0619 0x104c  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
11:25:59.0639 0x104c  RDPWD - ok
11:25:59.0669 0x104c  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
11:25:59.0679 0x104c  rdyboost - ok
11:25:59.0719 0x104c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\windows\System32\mprdim.dll
11:25:59.0719 0x104c  RemoteAccess - ok
11:25:59.0749 0x104c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\windows\system32\regsvc.dll
11:25:59.0749 0x104c  RemoteRegistry - ok
11:25:59.0829 0x104c  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
11:25:59.0859 0x104c  RFCOMM - ok
11:25:59.0889 0x104c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
11:25:59.0889 0x104c  RpcEptMapper - ok
11:25:59.0929 0x104c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\windows\system32\locator.exe
11:25:59.0929 0x104c  RpcLocator - ok
11:25:59.0969 0x104c  [ 7D86756A49B408BD050D4E806A0E207F, C639BCE6428F9F9663A956CF93EA22587F6D8125E60E24F93A417E5F10FA1D90 ] RpcSs           C:\windows\system32\rpcss.dll
11:26:00.0039 0x104c  RpcSs - detected Trojan.Win64.Patched.bj ( 0 )
11:26:00.0039 0x104c  RpcSs ( Trojan.Win64.Patched.bj ) - infected
11:26:00.0039 0x104c  Force sending object to P2P due to detect: RpcSs
11:26:02.0795 0x104c  Object send P2P result: true
11:26:05.0387 0x104c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
11:26:05.0387 0x104c  rspndr - ok
11:26:05.0407 0x104c  [ 89DFB71B370D82DFE75183F677043CEE, 448798010AB86040D7A4A8956D7139951A9BD3517942DE2C4B82041B0408D78A ] RSUSBVSTOR      C:\windows\system32\Drivers\RtsUVStor.sys
11:26:05.0427 0x104c  RSUSBVSTOR - ok
11:26:05.0457 0x104c  [ BAEFEE35D27A5440D35092CE10267BEC, FB550D38C01E07B1170C52C1441874B56DD3BECB10CBE8E132EE3276A05C796E ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys
11:26:05.0467 0x104c  RTL8167 - ok
11:26:05.0477 0x104c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\windows\system32\lsass.exe
11:26:05.0487 0x104c  SamSs - ok
11:26:05.0497 0x104c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
11:26:05.0497 0x104c  sbp2port - ok
11:26:05.0517 0x104c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\windows\System32\SCardSvr.dll
11:26:05.0527 0x104c  SCardSvr - ok
11:26:05.0547 0x104c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
11:26:05.0547 0x104c  scfilter - ok
11:26:05.0597 0x104c  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\windows\system32\schedsvc.dll
11:26:05.0627 0x104c  Schedule - ok
11:26:05.0657 0x104c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\windows\System32\certprop.dll
11:26:05.0657 0x104c  SCPolicySvc - ok
11:26:05.0687 0x104c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\windows\System32\SDRSVC.dll
11:26:05.0697 0x104c  SDRSVC - ok
11:26:05.0727 0x104c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\windows\system32\drivers\secdrv.sys
11:26:05.0727 0x104c  secdrv - ok
11:26:05.0737 0x104c  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\windows\system32\seclogon.dll
11:26:05.0737 0x104c  seclogon - ok
11:26:05.0757 0x104c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\windows\System32\sens.dll
11:26:05.0757 0x104c  SENS - ok
11:26:05.0817 0x104c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\windows\system32\sensrsvc.dll
11:26:05.0817 0x104c  SensrSvc - ok
11:26:05.0837 0x104c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\windows\system32\drivers\serenum.sys
11:26:05.0837 0x104c  Serenum - ok
11:26:05.0847 0x104c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\windows\system32\drivers\serial.sys
11:26:05.0847 0x104c  Serial - ok
11:26:05.0847 0x104c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\windows\system32\drivers\sermouse.sys
11:26:05.0857 0x104c  sermouse - ok
11:26:05.0887 0x104c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\windows\system32\sessenv.dll
11:26:05.0887 0x104c  SessionEnv - ok
11:26:05.0907 0x104c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
11:26:05.0907 0x104c  sffdisk - ok
11:26:05.0917 0x104c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
11:26:05.0917 0x104c  sffp_mmc - ok
11:26:05.0927 0x104c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
11:26:05.0927 0x104c  sffp_sd - ok
11:26:05.0937 0x104c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys
11:26:05.0937 0x104c  sfloppy - ok
11:26:05.0977 0x104c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\windows\System32\ipnathlp.dll
11:26:05.0987 0x104c  SharedAccess - ok
11:26:06.0017 0x104c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll
11:26:06.0027 0x104c  ShellHWDetection - ok
11:26:06.0037 0x104c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
11:26:06.0047 0x104c  SiSRaid2 - ok
11:26:06.0067 0x104c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
11:26:06.0067 0x104c  SiSRaid4 - ok
11:26:06.0097 0x104c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\windows\system32\DRIVERS\smb.sys
11:26:06.0097 0x104c  Smb - ok
11:26:06.0127 0x104c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
11:26:06.0137 0x104c  SNMPTRAP - ok
11:26:06.0157 0x104c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\windows\system32\drivers\spldr.sys
11:26:06.0157 0x104c  spldr - ok
11:26:06.0217 0x104c  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\windows\System32\spoolsv.exe
11:26:06.0227 0x104c  Spooler - ok
11:26:06.0377 0x104c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\windows\system32\sppsvc.exe
11:26:06.0507 0x104c  sppsvc - ok
11:26:06.0527 0x104c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\windows\system32\sppuinotify.dll
11:26:06.0527 0x104c  sppuinotify - ok
11:26:06.0567 0x104c  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\windows\system32\DRIVERS\srv.sys
11:26:06.0577 0x104c  srv - ok
11:26:06.0617 0x104c  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
11:26:06.0627 0x104c  srv2 - ok
11:26:06.0647 0x104c  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
11:26:06.0647 0x104c  srvnet - ok
11:26:06.0677 0x104c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
11:26:06.0687 0x104c  SSDPSRV - ok
11:26:06.0707 0x104c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\windows\system32\sstpsvc.dll
11:26:06.0707 0x104c  SstpSvc - ok
11:26:06.0737 0x104c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\windows\system32\drivers\stexstor.sys
11:26:06.0737 0x104c  stexstor - ok
11:26:06.0767 0x104c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\windows\System32\wiaservc.dll
11:26:06.0787 0x104c  stisvc - ok
11:26:06.0817 0x104c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\windows\system32\DRIVERS\swenum.sys
11:26:06.0817 0x104c  swenum - ok
11:26:06.0857 0x104c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\windows\System32\swprv.dll
11:26:06.0876 0x104c  swprv - ok
11:26:06.0969 0x104c  [ 9643991B5CFD7A9BA68626B7A005F7E6, C256A7AC1B2FD98F85D3BB920374C70F65D4A6E3EE420F5AD8E114001BD10822 ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
11:26:07.0009 0x104c  SynTP - ok
11:26:07.0089 0x104c  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\windows\system32\sysmain.dll
11:26:07.0139 0x104c  SysMain - ok
11:26:07.0159 0x104c  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll
11:26:07.0159 0x104c  TabletInputService - ok
11:26:07.0199 0x104c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\windows\System32\tapisrv.dll
11:26:07.0209 0x104c  TapiSrv - ok
11:26:07.0229 0x104c  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\windows\System32\tbssvc.dll
11:26:07.0229 0x104c  TBS - ok
11:26:07.0329 0x104c  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip           C:\windows\system32\drivers\tcpip.sys
11:26:07.0379 0x104c  Tcpip - ok
11:26:07.0469 0x104c  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
11:26:07.0528 0x104c  TCPIP6 - ok
11:26:07.0551 0x104c  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
11:26:07.0561 0x104c  tcpipreg - ok
11:26:07.0591 0x104c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
11:26:07.0591 0x104c  TDPIPE - ok
11:26:07.0611 0x104c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
11:26:07.0611 0x104c  TDTCP - ok
11:26:07.0621 0x104c  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
11:26:07.0631 0x104c  tdx - ok
11:26:07.0641 0x104c  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\windows\system32\DRIVERS\termdd.sys
11:26:07.0641 0x104c  TermDD - ok
11:26:07.0691 0x104c  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\windows\System32\termsrv.dll
11:26:07.0711 0x104c  TermService - ok
11:26:07.0721 0x104c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\windows\system32\themeservice.dll
11:26:07.0731 0x104c  Themes - ok
11:26:07.0741 0x104c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\windows\system32\mmcss.dll
11:26:07.0741 0x104c  THREADORDER - ok
11:26:07.0761 0x104c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\windows\System32\trkwks.dll
11:26:07.0771 0x104c  TrkWks - ok
11:26:07.0811 0x104c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
11:26:07.0821 0x104c  TrustedInstaller - ok
11:26:07.0851 0x104c  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
11:26:07.0861 0x104c  tssecsrv - ok
11:26:07.0881 0x104c  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
11:26:07.0881 0x104c  TsUsbFlt - ok
11:26:07.0911 0x104c  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys
11:26:07.0911 0x104c  TsUsbGD - ok
11:26:07.0941 0x104c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
11:26:07.0951 0x104c  tunnel - ok
11:26:07.0961 0x104c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\windows\system32\drivers\uagp35.sys
11:26:07.0961 0x104c  uagp35 - ok
11:26:07.0981 0x104c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
11:26:07.0991 0x104c  udfs - ok
11:26:08.0011 0x104c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\windows\system32\UI0Detect.exe
11:26:08.0011 0x104c  UI0Detect - ok
11:26:08.0041 0x104c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
11:26:08.0051 0x104c  uliagpkx - ok
11:26:08.0071 0x104c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\windows\system32\DRIVERS\umbus.sys
11:26:08.0071 0x104c  umbus - ok
11:26:08.0091 0x104c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\windows\system32\drivers\umpass.sys
11:26:08.0091 0x104c  UmPass - ok
11:26:08.0211 0x104c  [ 7E5E1603D0FF2D240AE70295C5C3FEFC, 1E5F8E415ACE3C6DFBE636473DBE051329174F2A085516B6FC1515A54014D02B ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
11:26:08.0281 0x104c  UNS - ok
11:26:08.0321 0x104c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\windows\System32\upnphost.dll
11:26:08.0341 0x104c  upnphost - ok
11:26:08.0371 0x104c  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
11:26:08.0371 0x104c  usbccgp - ok
11:26:08.0411 0x104c  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\windows\system32\drivers\usbcir.sys
11:26:08.0411 0x104c  usbcir - ok
11:26:08.0451 0x104c  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\windows\system32\drivers\usbehci.sys
11:26:08.0451 0x104c  usbehci - ok
11:26:08.0511 0x104c  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
11:26:08.0521 0x104c  usbhub - ok
11:26:08.0551 0x104c  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\windows\system32\drivers\usbohci.sys
11:26:08.0551 0x104c  usbohci - ok
11:26:08.0571 0x104c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\windows\system32\drivers\usbprint.sys
11:26:08.0571 0x104c  usbprint - ok
11:26:08.0581 0x104c  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
11:26:08.0581 0x104c  USBSTOR - ok
11:26:08.0601 0x104c  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
11:26:08.0601 0x104c  usbuhci - ok
11:26:08.0661 0x104c  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
11:26:08.0661 0x104c  usbvideo - ok
11:26:08.0691 0x104c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\windows\System32\uxsms.dll
11:26:08.0691 0x104c  UxSms - ok
11:26:08.0701 0x104c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\windows\system32\lsass.exe
11:26:08.0701 0x104c  VaultSvc - ok
11:26:08.0741 0x104c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
11:26:08.0751 0x104c  vdrvroot - ok
11:26:08.0782 0x104c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\windows\System32\vds.exe
11:26:08.0803 0x104c  vds - ok
11:26:08.0820 0x104c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
11:26:08.0823 0x104c  vga - ok
11:26:08.0833 0x104c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\windows\System32\drivers\vga.sys
11:26:08.0833 0x104c  VgaSave - ok
11:26:08.0843 0x104c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
11:26:08.0853 0x104c  vhdmp - ok
11:26:08.0873 0x104c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\windows\system32\drivers\viaide.sys
11:26:08.0883 0x104c  viaide - ok
11:26:08.0913 0x104c  [ 2355B35BF277965EFA3DAE43B7D78239, F75D1F4B9CCB63121F2030E0DE0CC05475DEA90E45F223BA58CFEED63CB2AD7D ] vm331avs        C:\windows\system32\Drivers\vm331avs.sys
11:26:08.0923 0x104c  vm331avs - ok
11:26:08.0943 0x104c  [ 40C39413A2458016FF43444750F467CA, 7753B8C622F15D851FC65851586E8C0FDDD0B00D66C54C5222BB1BD06DCD2A90 ] vmuvcflt        C:\windows\system32\Drivers\vmuvcflt.sys
11:26:08.0943 0x104c  vmuvcflt - ok
11:26:08.0963 0x104c  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\windows\system32\drivers\volmgr.sys
11:26:08.0973 0x104c  volmgr - ok
11:26:09.0003 0x104c  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
11:26:09.0023 0x104c  volmgrx - ok
11:26:09.0063 0x104c  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\windows\system32\drivers\volsnap.sys
11:26:09.0073 0x104c  volsnap - ok
11:26:09.0113 0x104c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
11:26:09.0123 0x104c  vsmraid - ok
11:26:09.0203 0x104c  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\windows\system32\vssvc.exe
11:26:09.0253 0x104c  VSS - ok
11:26:09.0453 0x104c  [ 7570288275D80F5472AE3147487FF0B5, 45204AC1DFEEE18913081FEE1FA55D6C2A13689525641F468AA7BB12850246D5 ] vToolbarUpdater18.1.7 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe
11:26:09.0503 0x104c  vToolbarUpdater18.1.7 - ok
11:26:09.0523 0x104c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
11:26:09.0523 0x104c  vwifibus - ok
11:26:09.0553 0x104c  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
11:26:09.0563 0x104c  vwififlt - ok
11:26:09.0613 0x104c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\windows\system32\w32time.dll
11:26:09.0638 0x104c  W32Time - ok
11:26:09.0673 0x104c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\windows\system32\drivers\wacompen.sys
11:26:09.0676 0x104c  WacomPen - ok
11:26:09.0695 0x104c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
11:26:09.0695 0x104c  WANARP - ok
11:26:09.0705 0x104c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
11:26:09.0715 0x104c  Wanarpv6 - ok
11:26:09.0785 0x104c  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
11:26:09.0835 0x104c  WatAdminSvc - ok
11:26:09.0915 0x104c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\windows\system32\wbengine.exe
11:26:09.0955 0x104c  wbengine - ok
11:26:09.0975 0x104c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
11:26:09.0985 0x104c  WbioSrvc - ok
11:26:10.0015 0x104c  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\windows\System32\wcncsvc.dll
11:26:10.0025 0x104c  wcncsvc - ok
11:26:10.0035 0x104c  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
11:26:10.0035 0x104c  WcsPlugInService - ok
11:26:10.0065 0x104c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\windows\system32\drivers\wd.sys
11:26:10.0065 0x104c  Wd - ok
11:26:10.0125 0x104c  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
11:26:10.0145 0x104c  Wdf01000 - ok
11:26:10.0175 0x104c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\windows\system32\wdi.dll
11:26:10.0175 0x104c  WdiServiceHost - ok
11:26:10.0185 0x104c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\windows\system32\wdi.dll
11:26:10.0185 0x104c  WdiSystemHost - ok
11:26:10.0215 0x104c  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\windows\System32\webclnt.dll
11:26:10.0225 0x104c  WebClient - ok
11:26:10.0255 0x104c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\windows\system32\wecsvc.dll
11:26:10.0265 0x104c  Wecsvc - ok
11:26:10.0285 0x104c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\windows\System32\wercplsupport.dll
11:26:10.0295 0x104c  wercplsupport - ok
11:26:10.0315 0x104c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\windows\System32\WerSvc.dll
11:26:10.0325 0x104c  WerSvc - ok
11:26:10.0375 0x104c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
11:26:10.0375 0x104c  WfpLwf - ok
11:26:10.0395 0x104c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\windows\system32\drivers\wimmount.sys
11:26:10.0395 0x104c  WIMMount - ok
11:26:10.0415 0x104c  WinDefend - ok
11:26:10.0445 0x104c  WinHttpAutoProxySvc - ok
11:26:10.0505 0x104c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
11:26:10.0515 0x104c  Winmgmt - ok
11:26:10.0605 0x104c  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\windows\system32\WsmSvc.dll
11:26:10.0665 0x104c  WinRM - ok
11:26:10.0725 0x104c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\windows\System32\wlansvc.dll
11:26:10.0755 0x104c  Wlansvc - ok
11:26:10.0805 0x104c  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:26:10.0805 0x104c  wlcrasvc - ok
11:26:10.0935 0x104c  [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:26:10.0995 0x104c  wlidsvc - ok
11:26:11.0025 0x104c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
11:26:11.0025 0x104c  WmiAcpi - ok
11:26:11.0045 0x104c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
11:26:11.0055 0x104c  wmiApSrv - ok
11:26:11.0095 0x104c  WMPNetworkSvc - ok
11:26:11.0115 0x104c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\windows\System32\wpcsvc.dll
11:26:11.0125 0x104c  WPCSvc - ok
11:26:11.0155 0x104c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
11:26:11.0155 0x104c  WPDBusEnum - ok
11:26:11.0195 0x104c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
11:26:11.0195 0x104c  ws2ifsl - ok
11:26:11.0235 0x104c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\windows\System32\wscsvc.dll
11:26:11.0235 0x104c  wscsvc - ok
11:26:11.0265 0x104c  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\windows\system32\DRIVERS\WSDPrint.sys
11:26:11.0265 0x104c  WSDPrintDevice - ok
11:26:11.0275 0x104c  WSearch - ok
11:26:11.0325 0x104c  [ 83575C43B2BFE9AB0661A7F957E843C0, 6FCE62721902A4F35F1A4CED8AF60A0346CFAB657ED92DE4CEFF19BDB830D32D ] wsvd            C:\windows\system32\DRIVERS\wsvd.sys
11:26:11.0325 0x104c  wsvd - ok
11:26:11.0435 0x104c  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\windows\system32\wuaueng.dll
11:26:11.0505 0x104c  wuauserv - ok
11:26:11.0545 0x104c  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
11:26:11.0545 0x104c  WudfPf - ok
11:26:11.0585 0x104c  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
11:26:11.0595 0x104c  WUDFRd - ok
11:26:11.0615 0x104c  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
11:26:11.0615 0x104c  wudfsvc - ok
11:26:11.0645 0x104c  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\windows\System32\wwansvc.dll
11:26:11.0655 0x104c  WwanSvc - ok
11:26:11.0675 0x104c  ================ Scan global ===============================
11:26:11.0705 0x104c  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll
11:26:11.0725 0x104c  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
11:26:11.0745 0x104c  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
11:26:11.0775 0x104c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
11:26:11.0815 0x104c  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\windows\system32\services.exe
11:26:11.0825 0x104c  [ Global ] - ok
11:26:11.0825 0x104c  ================ Scan MBR ==================================
11:26:11.0835 0x104c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:26:12.0025 0x104c  \Device\Harddisk0\DR0 - ok
11:26:12.0025 0x104c  ================ Scan VBR ==================================
11:26:12.0035 0x104c  [ 4AB970332439005D716741178C7F654F ] \Device\Harddisk0\DR0\Partition1
11:26:12.0035 0x104c  \Device\Harddisk0\DR0\Partition1 - ok
11:26:12.0035 0x104c  [ B9D3B52847E78A2A28A94999046FBAAC ] \Device\Harddisk0\DR0\Partition2
11:26:12.0035 0x104c  \Device\Harddisk0\DR0\Partition2 - ok
11:26:12.0055 0x104c  [ 950506FF838CE05AD5F0ADCAB7A54924 ] \Device\Harddisk0\DR0\Partition3
11:26:12.0065 0x104c  \Device\Harddisk0\DR0\Partition3 - ok
11:26:12.0065 0x104c  ================ Scan generic autorun ======================
11:26:12.0105 0x104c  [ 364EE28F279BDB459149052E0CD8CAE7, 31637F02F472C704F0C9D15760453F2B17FE66E4995E52865FA1DDDDB4CB13DA ] C:\windows\system32\igfxtray.exe
11:26:12.0105 0x104c  IgfxTray - ok
11:26:12.0125 0x104c  [ A09D2FD3420339CE532D7F671163FB50, F6D9C174EC335F024755E6361BC8072D733D18F70689E761C4B5360DB1D01223 ] C:\windows\system32\hkcmd.exe
11:26:12.0135 0x104c  HotKeysCmds - ok
11:26:12.0155 0x104c  [ 1387EB032E1A67C5FAC3AFEA9F4A3C9E, 02F74BF10796CC02E4E458AF4C594C33EFF07585B7A3E6B9537A214E419B24A8 ] C:\windows\system32\igfxpers.exe
11:26:12.0175 0x104c  Persistence - ok
11:26:12.0175 0x104c  SynTPEnh - ok
11:26:12.0225 0x104c  [ 03998CA1B0F0B50A5062A38D35CFDB4D, 359907A8B7EC0C693FA95F296DF7BB70451EBA865C0CF5BB9C55720FEFB5936E ] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
11:26:12.0225 0x104c  Lenovo EE Boot Optimizer - ok
11:26:12.0615 0x104c  [ 5464183DE5B496390DE92C1D92009FB1, 50A10707461D2BF5067CCE9E0AED2F34F7A96B4AD1CFA25CA1B19A9C7CA2ECB6 ] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
11:26:13.0005 0x104c  Energy Management - ok
11:26:13.0255 0x104c  [ F43AB67D41349AD8BB1FE045C5C49832, E79C50F6EA022AA41A502D780CB72232AC094FD008C31EDC51A1F58EF00B1F08 ] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
11:26:13.0465 0x104c  EnergyUtility - ok
11:26:13.0545 0x104c  [ 26C49FA8BF063A51FBEF8F1E2C839A90, C338F88051A53D61D60AAAA9E5E93144E6FA2515CD0C8B8F6097710B35BC66AE ] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
11:26:13.0555 0x104c  IAStorIcon - ok
11:26:13.0595 0x104c  [ 61A2DBA2126BA1425CC5AECC8E8AD055, 08F07F52FF5C157F00EFEA74AB621F5E47465CD0A3359C5A513B9A01DDB9FEF0 ] C:\Program Files (x86)\USB Camera\VM331_STI.EXE
11:26:13.0615 0x104c  331BigDog - ok
11:26:13.0675 0x104c  [ A01FB0B0C58319FB350A53EDAA947D36, F096607CEA3EB1D569B9767B98C1409F54332A97B78848BC3CBEB92FDFAAB787 ] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe
11:26:13.0675 0x104c  UpdateP2GShortCut - ok
11:26:13.0725 0x104c  [ B00F98FF6FE8682FF941BEB2559BF191, EB443E294C5609F426BF6EE388F3A4B71EFE2C6A8216C0F6DE7AE6DB382BF620 ] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
11:26:13.0735 0x104c  YouCam Mirage - ok
11:26:13.0745 0x104c  [ 7CD9BF0A5F47F9584E59BDF674FD1C5D, 821F2A5380B1E64B0629D67259BA92A923D5D405526CB6C44BC422294C031C1F ] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe
11:26:13.0755 0x104c  YouCam Tray - ok
11:26:13.0825 0x104c  [ BDB70EA0834EEC93927D9ABF95D11CB7, 6B92A96BFD08B4CFBBE3E983019E17029E4E886FDE821D06C94D0D9946B69964 ] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
11:26:13.0835 0x104c  VeriFaceManager - ok
11:26:13.0895 0x104c  [ 3FB4E7E2069F0FD9E15ABC18D605E427, 2FFC218E575DA9E8C86E468227B302752C73EA3246CC0A599D7BCC41ED404F4D ] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe
11:26:13.0895 0x104c  UpdatePRCShortCut - ok
11:26:14.0055 0x104c  [ 4EB4194DA96D36B865FAACC11FE51A25, 285C7BB3B70A40A9D57988FE4619D2CE66284F028CF427D175BC97221C0CDAA4 ] C:\Program Files (x86)\AVG Secure Search\vprot.exe
11:26:14.0175 0x104c  vProt - ok
11:26:14.0275 0x104c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
11:26:14.0385 0x104c  Sidebar - ok
11:26:14.0415 0x104c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
11:26:14.0435 0x104c  mctadmin - ok
11:26:14.0465 0x104c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
11:26:14.0505 0x104c  Sidebar - ok
11:26:14.0515 0x104c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
11:26:14.0515 0x104c  mctadmin - ok
11:26:14.0575 0x104c  [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
11:26:14.0575 0x104c  swg - ok
11:26:14.0625 0x104c  [ 0D50AF2DC652B4864BC5EBCF99C6FE34, 0FC3161EB177FCE659F46E778FB058691944B0FCA07F43C62807089399589E1D ] C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe
11:26:14.0635 0x104c  pdiface - ok
11:26:14.0635 0x104c  Waiting for KSN requests completion. In queue: 150
11:26:15.0635 0x104c  Waiting for KSN requests completion. In queue: 150
11:26:16.0635 0x104c  Waiting for KSN requests completion. In queue: 150
11:26:17.0795 0x104c  AV detected via SS2: AVG AntiVirus Free Edition 2014, C:\Program Files (x86)\AVG\AVG2014\avgwsc.exe ( 14.0.0.4592 ), 0x41000 ( enabled : updated )
11:26:17.0835 0x104c  Win FW state via NFP2: enabled
11:26:20.0397 0x104c  ============================================================
11:26:20.0397 0x104c  Scan finished
11:26:20.0397 0x104c  ============================================================
11:26:20.0397 0x1e28  Detected object count: 2
11:26:20.0397 0x1e28  Actual detected object count: 2
11:27:25.0449 0x1e28  DcomLaunch ( Trojan.Win64.Patched.bj ) - skipped by user
11:27:25.0449 0x1e28  DcomLaunch ( Trojan.Win64.Patched.bj ) - User select action: Skip
11:27:25.0449 0x1e28  RpcSs ( Trojan.Win64.Patched.bj ) - skipped by user
11:27:25.0449 0x1e28  RpcSs ( Trojan.Win64.Patched.bj ) - User select action: Skip
11:28:09.0258 0x1cc8  Deinitialize success
 


TDSSKiller log

 

11:23:53.0455 0x15bc  TDSS rootkit removing tool 3.0.0.39 Jun  5 2014 20:35:54
11:24:49.0601 0x15bc  ============================================================
11:24:49.0601 0x15bc  Current date / time: 2014/06/25 11:24:49.0601
11:24:49.0601 0x15bc  SystemInfo:
11:24:49.0601 0x15bc 
11:24:49.0601 0x15bc  OS Version: 6.1.7601 ServicePack: 1.0
11:24:49.0601 0x15bc  Product type: Workstation
11:24:49.0601 0x15bc  ComputerName: TIM-PC
11:24:49.0601 0x15bc  UserName: Tim
11:24:49.0601 0x15bc  Windows directory: C:\windows
11:24:49.0601 0x15bc  System windows directory: C:\windows
11:24:49.0601 0x15bc  Running under WOW64
11:24:49.0601 0x15bc  Processor architecture: Intel x64
11:24:49.0601 0x15bc  Number of processors: 4
11:24:49.0601 0x15bc  Page size: 0x1000
11:24:49.0601 0x15bc  Boot type: Normal boot
11:24:49.0601 0x15bc  ============================================================
11:24:50.0121 0x15bc  KLMD registered as C:\windows\system32\drivers\66967295.sys
11:24:50.0843 0x15bc  System UUID: {A8DEB91C-B1E7-C8EA-8E39-BBE4B6DE314F}
11:24:51.0465 0x15bc  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:24:51.0465 0x15bc  ============================================================
11:24:51.0465 0x15bc  \Device\Harddisk0\DR0:
11:24:51.0465 0x15bc  MBR partitions:
11:24:51.0465 0x15bc  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
11:24:51.0465 0x15bc  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x34BA1000
11:24:51.0495 0x15bc  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x34C06000, BlocksNum 0x39FD800
11:24:51.0495 0x15bc  ============================================================
11:24:51.0535 0x15bc  C: <-> \Device\Harddisk0\DR0\Partition2
11:24:51.0615 0x15bc  D: <-> \Device\Harddisk0\DR0\Partition3
11:24:51.0615 0x15bc  ============================================================
11:24:51.0615 0x15bc  Initialize success
11:24:51.0615 0x15bc  ============================================================
11:25:00.0633 0x104c  ============================================================
11:25:00.0633 0x104c  Scan started
11:25:00.0633 0x104c  Mode: Manual;
11:25:00.0633 0x104c  ============================================================
11:25:00.0633 0x104c  KSN ping started
11:25:23.0739 0x104c  KSN ping finished: true
11:25:26.0593 0x104c  ================ Scan system memory ========================
11:25:26.0593 0x104c  System memory - ok
11:25:26.0593 0x104c  ================ Scan services =============================
11:25:26.0765 0x104c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
11:25:26.0765 0x104c  1394ohci - ok
11:25:26.0835 0x104c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\windows\system32\drivers\ACPI.sys
11:25:26.0845 0x104c  ACPI - ok
11:25:26.0895 0x104c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
11:25:26.0905 0x104c  AcpiPmi - ok
11:25:26.0945 0x104c  [ 5BBFF8B826EC38D32C26334E079C7EFC, 673D46409F0225A804B55FFB77E82AF34F8C7A93BEEF92DC3DFAC7EFCC5F09B6 ] ACPIVPC         C:\windows\system32\DRIVERS\AcpiVpc.sys
11:25:26.0945 0x104c  ACPIVPC - ok
11:25:27.0045 0x104c  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:25:27.0045 0x104c  AdobeARMservice - ok
11:25:27.0145 0x104c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
11:25:27.0155 0x104c  adp94xx - ok
11:25:27.0235 0x104c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\windows\system32\drivers\adpahci.sys
11:25:27.0245 0x104c  adpahci - ok
11:25:27.0285 0x104c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\windows\system32\drivers\adpu320.sys
11:25:27.0295 0x104c  adpu320 - ok
11:25:27.0325 0x104c  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
11:25:27.0325 0x104c  AeLookupSvc - ok
11:25:27.0405 0x104c  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD             C:\windows\system32\drivers\afd.sys
11:25:27.0425 0x104c  AFD - ok
11:25:27.0455 0x104c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\windows\system32\drivers\agp440.sys
11:25:27.0465 0x104c  agp440 - ok
11:25:27.0495 0x104c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\windows\System32\alg.exe
11:25:27.0505 0x104c  ALG - ok
11:25:27.0597 0x104c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\windows\system32\drivers\aliide.sys
11:25:27.0607 0x104c  aliide - ok
11:25:27.0637 0x104c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\windows\system32\drivers\amdide.sys
11:25:27.0637 0x104c  amdide - ok
11:25:27.0697 0x104c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\windows\system32\drivers\amdk8.sys
11:25:27.0697 0x104c  AmdK8 - ok
11:25:27.0707 0x104c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\windows\system32\drivers\amdppm.sys
11:25:27.0707 0x104c  AmdPPM - ok
11:25:27.0739 0x104c  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\windows\system32\drivers\amdsata.sys
11:25:27.0749 0x104c  amdsata - ok
11:25:27.0809 0x104c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
11:25:27.0809 0x104c  amdsbs - ok
11:25:27.0849 0x104c  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\windows\system32\drivers\amdxata.sys
11:25:27.0849 0x104c  amdxata - ok
11:25:27.0869 0x104c  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\windows\system32\drivers\appid.sys
11:25:27.0869 0x104c  AppID - ok
11:25:27.0909 0x104c  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\windows\System32\appidsvc.dll
11:25:27.0909 0x104c  AppIDSvc - ok
11:25:27.0939 0x104c  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\windows\System32\appinfo.dll
11:25:27.0939 0x104c  Appinfo - ok
11:25:27.0949 0x104c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\windows\system32\drivers\arc.sys
11:25:27.0949 0x104c  arc - ok
11:25:28.0019 0x104c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\windows\system32\drivers\arcsas.sys
11:25:28.0029 0x104c  arcsas - ok
11:25:28.0149 0x104c  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:25:28.0159 0x104c  aspnet_state - ok
11:25:28.0179 0x104c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
11:25:28.0179 0x104c  AsyncMac - ok
11:25:28.0209 0x104c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\windows\system32\drivers\atapi.sys
11:25:28.0229 0x104c  atapi - ok
11:25:28.0289 0x104c  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
11:25:28.0321 0x104c  AudioEndpointBuilder - ok
11:25:28.0351 0x104c  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\windows\System32\Audiosrv.dll
11:25:28.0370 0x104c  AudioSrv - ok
11:25:28.0461 0x104c  [ D89F8E4E025DAA0C39FF61AC0199E101, 0A80A572D93DBDE14CD5494EF3F866B44E9BC259D43EE23185E4FC227D08DE69 ] Avgdiska        C:\windows\system32\DRIVERS\avgdiska.sys
11:25:28.0461 0x104c  Avgdiska - ok
11:25:28.0701 0x104c  [ 561CE09C52F6E945ED4CE7E173D1F542, 25FB1B55E22D4DF3B03B6D395B6C4749C03B950139767FA095C24234BD962782 ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
11:25:28.0955 0x104c  AVGIDSAgent - ok
11:25:29.0005 0x104c  [ F9984B8432204D000E15DE0A40D6F9AD, EBF0AAAFC9793F1EDCF3502CAE265CC012A60FA2B5DAD35A66DAD19ACFE206FC ] AVGIDSDriver    C:\windows\system32\DRIVERS\avgidsdrivera.sys
11:25:29.0015 0x104c  AVGIDSDriver - ok
11:25:29.0057 0x104c  [ 73B684F26AD82BABC2A1B3E539ED027A, B164C0C395FF285ED31615E7DB5F43B31A2F1CB6156A68BB5F3802AFCA7B8887 ] AVGIDSHA        C:\windows\system32\DRIVERS\avgidsha.sys
11:25:29.0067 0x104c  AVGIDSHA - ok
11:25:29.0087 0x104c  [ 18A542A22A31DFFEA51666E75393E7A5, 7EFA508ECE7266446B2A5E12DB7461D328F2B47E2A70A8AA2C9D0E42898C71AC ] Avgldx64        C:\windows\system32\DRIVERS\avgldx64.sys
11:25:29.0097 0x104c  Avgldx64 - ok
11:25:29.0167 0x104c  [ EC0E347F6C95541504CCF1B85D74F91F, F0819BF489C8776696D9DD89AC9673717BAF957DFAA071DA3911560172C6D952 ] Avgloga         C:\windows\system32\DRIVERS\avgloga.sys
11:25:29.0167 0x104c  Avgloga - ok
11:25:29.0207 0x104c  [ ADC65C6074A994D91CA9C6339C3DC978, A736BF94E41B9B06E826E3F2BBA7B305990DF68CF17DA8F661AE952FB240DDE1 ] Avgmfx64        C:\windows\system32\DRIVERS\avgmfx64.sys
11:25:29.0217 0x104c  Avgmfx64 - ok
11:25:29.0287 0x104c  [ 7D206FA06603E95984EFF9822C9FC958, 11863D7A5A14C852594F90FD3A54E55CBE8C27075E640C9B222102AD9DA91F35 ] Avgrkx64        C:\windows\system32\DRIVERS\avgrkx64.sys
11:25:29.0287 0x104c  Avgrkx64 - ok
11:25:29.0317 0x104c  [ 6FB25E61AC5885F5BD8BC5202D129BDF, 2644612402A8F7EDF8EB98537D10BCF0284B89797EC17A426DE94CE6922C1F4A ] Avgtdia         C:\windows\system32\DRIVERS\avgtdia.sys
11:25:29.0327 0x104c  Avgtdia - ok
11:25:29.0367 0x104c  [ 7688C67BDF55500C1FDC8291230C397D, 68A4C3D7F7043C73113B1EE7A3DD8E98BC1D6F54CA7E4E1BFB2333A75CDE2DE0 ] avgtp           C:\windows\system32\drivers\avgtpx64.sys
11:25:29.0367 0x104c  avgtp - ok
11:25:29.0387 0x104c  [ E5C581D358B62CF65776B8E4E17B9E5C, 955E4ECFD036330B139476CCCC7564B082C197D5E7577853E0C3D7B707EDB090 ] avgwd           C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
11:25:29.0397 0x104c  avgwd - ok
11:25:29.0447 0x104c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\windows\System32\AxInstSV.dll
11:25:29.0447 0x104c  AxInstSV - ok
11:25:29.0497 0x104c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
11:25:29.0517 0x104c  b06bdrv - ok
11:25:29.0554 0x104c  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
11:25:29.0559 0x104c  b57nd60a - ok
11:25:29.0759 0x104c  [ B5D54119CE0BB77872C33A717CB76386, 9FFCEE1BB04FD595553F83CE98A16AE9AFDF7DDB4B7390F57DFAA80CCF36459E ] BCM43XX         C:\windows\system32\DRIVERS\bcmwl664.sys
11:25:29.0939 0x104c  BCM43XX - ok
11:25:29.0999 0x104c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\windows\System32\bdesvc.dll
11:25:30.0009 0x104c  BDESVC - ok
11:25:30.0039 0x104c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\windows\system32\drivers\Beep.sys
11:25:30.0039 0x104c  Beep - ok
11:25:30.0109 0x104c  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\windows\System32\bfe.dll
11:25:30.0119 0x104c  BFE - ok
11:25:30.0179 0x104c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\windows\System32\qmgr.dll
11:25:30.0199 0x104c  BITS - ok
11:25:30.0229 0x104c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
11:25:30.0229 0x104c  blbdrive - ok
11:25:30.0269 0x104c  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
11:25:30.0269 0x104c  bowser - ok
11:25:30.0309 0x104c  [ AAA4F992F879977A000FE8B8C730CD2C, A109D3F7CA9D49B98FDA5CA34C60055690F72400CCC96D48076FA86086E4C74D ] BPntDrv         C:\windows\system32\drivers\BPntDrv.sys
11:25:30.0309 0x104c  BPntDrv - ok
11:25:30.0329 0x104c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
11:25:30.0329 0x104c  BrFiltLo - ok
11:25:30.0339 0x104c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
11:25:30.0339 0x104c  BrFiltUp - ok
11:25:30.0369 0x104c  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\windows\System32\browser.dll
11:25:30.0369 0x104c  Browser - ok
11:25:30.0419 0x104c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\windows\System32\Drivers\Brserid.sys
11:25:30.0429 0x104c  Brserid - ok
11:25:30.0429 0x104c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
11:25:30.0429 0x104c  BrSerWdm - ok
11:25:30.0449 0x104c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
11:25:30.0449 0x104c  BrUsbMdm - ok
11:25:30.0459 0x104c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
11:25:30.0459 0x104c  BrUsbSer - ok
11:25:30.0499 0x104c  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys
11:25:30.0499 0x104c  BthEnum - ok
11:25:30.0529 0x104c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
11:25:30.0529 0x104c  BTHMODEM - ok
11:25:30.0556 0x104c  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys
11:25:30.0561 0x104c  BthPan - ok
11:25:30.0605 0x104c  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys
11:25:30.0623 0x104c  BTHPORT - ok
11:25:30.0674 0x104c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\windows\system32\bthserv.dll
11:25:30.0678 0x104c  bthserv - ok
11:25:30.0721 0x104c  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys
11:25:30.0721 0x104c  BTHUSB - ok
11:25:30.0771 0x104c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
11:25:30.0771 0x104c  cdfs - ok
11:25:30.0821 0x104c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
11:25:30.0821 0x104c  cdrom - ok
11:25:30.0851 0x104c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\windows\System32\certprop.dll
11:25:30.0861 0x104c  CertPropSvc - ok
11:25:30.0881 0x104c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\windows\system32\drivers\circlass.sys
11:25:30.0881 0x104c  circlass - ok
11:25:30.0921 0x104c  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\windows\system32\CLFS.sys
11:25:30.0931 0x104c  CLFS - ok
11:25:30.0991 0x104c  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:25:31.0001 0x104c  clr_optimization_v2.0.50727_32 - ok
11:25:31.0031 0x104c  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:25:31.0041 0x104c  clr_optimization_v2.0.50727_64 - ok
11:25:31.0091 0x104c  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:25:31.0101 0x104c  clr_optimization_v4.0.30319_32 - ok
11:25:31.0121 0x104c  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:25:31.0141 0x104c  clr_optimization_v4.0.30319_64 - ok
11:25:31.0181 0x104c  [ 50F92C943F18B070F166D019DFAB3D9A, A997EAFFC1598B1D0A9E1A4475F25418CA8AA6B703B53A71B1AF028E247C9950 ] clwvd           C:\windows\system32\DRIVERS\clwvd.sys
11:25:31.0181 0x104c  clwvd - ok
11:25:31.0211 0x104c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
11:25:31.0211 0x104c  CmBatt - ok
11:25:31.0231 0x104c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\windows\system32\drivers\cmdide.sys
11:25:31.0231 0x104c  cmdide - ok
11:25:31.0261 0x104c  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\windows\system32\Drivers\cng.sys
11:25:31.0281 0x104c  CNG - ok
11:25:31.0361 0x104c  [ A260BE645DD096D90318C8CF98536720, ACFDC643485AAAB40ABB3A00C8D9F2E962AF273B95118F0CD19FB8E93E8BF032 ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
11:25:31.0421 0x104c  CnxtHdAudService - ok
11:25:31.0471 0x104c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\windows\system32\drivers\compbatt.sys
11:25:31.0471 0x104c  Compbatt - ok
11:25:31.0491 0x104c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys
11:25:31.0501 0x104c  CompositeBus - ok
11:25:31.0501 0x104c  COMSysApp - ok
11:25:31.0521 0x104c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
11:25:31.0521 0x104c  crcdisk - ok
11:25:31.0561 0x104c  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\windows\system32\cryptsvc.dll
11:25:31.0571 0x104c  CryptSvc - ok
11:25:31.0635 0x104c  [ 7D86756A49B408BD050D4E806A0E207F, C639BCE6428F9F9663A956CF93EA22587F6D8125E60E24F93A417E5F10FA1D90 ] DcomLaunch      C:\windows\system32\rpcss.dll
11:25:31.0683 0x104c  DcomLaunch - detected Trojan.Win64.Patched.bj ( 0 )
11:25:34.0435 0x104c  DcomLaunch ( Trojan.Win64.Patched.bj ) - infected
11:25:34.0435 0x104c  Force sending object to P2P due to detect: DcomLaunch
11:25:47.0913 0x104c  Object send P2P result: true
11:25:50.0525 0x104c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\windows\System32\defragsvc.dll
11:25:50.0535 0x104c  defragsvc - ok
11:25:50.0565 0x104c  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\windows\system32\Drivers\dfsc.sys
11:25:50.0565 0x104c  DfsC - ok
11:25:50.0595 0x104c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\windows\system32\dhcpcore.dll
11:25:50.0605 0x104c  Dhcp - ok
11:25:50.0635 0x104c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\windows\system32\drivers\discache.sys
11:25:50.0635 0x104c  discache - ok
11:25:50.0665 0x104c  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\windows\system32\drivers\disk.sys
11:25:50.0665 0x104c  Disk - ok
11:25:50.0705 0x104c  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\windows\System32\dnsrslvr.dll
11:25:50.0715 0x104c  Dnscache - ok
11:25:50.0735 0x104c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\windows\System32\dot3svc.dll
11:25:50.0735 0x104c  dot3svc - ok
11:25:50.0785 0x104c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\windows\system32\dps.dll
11:25:50.0785 0x104c  DPS - ok
11:25:50.0825 0x104c  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
11:25:50.0825 0x104c  drmkaud - ok
11:25:50.0895 0x104c  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
11:25:50.0915 0x104c  DXGKrnl - ok
11:25:50.0965 0x104c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\windows\System32\eapsvc.dll
11:25:50.0965 0x104c  EapHost - ok
11:25:51.0105 0x104c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\windows\system32\drivers\evbda.sys
11:25:51.0235 0x104c  ebdrv - ok
11:25:51.0265 0x104c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\windows\System32\lsass.exe
11:25:51.0265 0x104c  EFS - ok
11:25:51.0335 0x104c  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
11:25:51.0355 0x104c  ehRecvr - ok
11:25:51.0375 0x104c  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\windows\ehome\ehsched.exe
11:25:51.0375 0x104c  ehSched - ok
11:25:51.0435 0x104c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\windows\system32\drivers\elxstor.sys
11:25:51.0445 0x104c  elxstor - ok
11:25:51.0455 0x104c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\windows\system32\drivers\errdev.sys
11:25:51.0455 0x104c  ErrDev - ok
11:25:51.0505 0x104c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\windows\system32\es.dll
11:25:51.0515 0x104c  EventSystem - ok
11:25:51.0555 0x104c  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\windows\system32\drivers\exfat.sys
11:25:51.0565 0x104c  exfat - ok
11:25:51.0575 0x104c  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\windows\system32\drivers\fastfat.sys
11:25:51.0575 0x104c  fastfat - ok
11:25:51.0625 0x104c  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\windows\system32\fxssvc.exe
11:25:51.0645 0x104c  Fax - ok
11:25:51.0665 0x104c  [ 3191ACA33088EE2481044FC0DB736442, 9311069BCA14FB7D5FDFFDB29566D045AB55A8657574C8BD864F8ED9527DEAF5 ] fbfmon          C:\windows\system32\drivers\fbfmon.sys
11:25:51.0665 0x104c  fbfmon - ok
11:25:51.0685 0x104c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\windows\system32\drivers\fdc.sys
11:25:51.0685 0x104c  fdc - ok
11:25:51.0715 0x104c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\windows\system32\fdPHost.dll
11:25:51.0725 0x104c  fdPHost - ok
11:25:51.0745 0x104c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\windows\system32\fdrespub.dll
11:25:51.0745 0x104c  FDResPub - ok
11:25:51.0755 0x104c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
11:25:51.0755 0x104c  FileInfo - ok
11:25:51.0765 0x104c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
11:25:51.0765 0x104c  Filetrace - ok
11:25:51.0795 0x104c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
11:25:51.0795 0x104c  flpydisk - ok
11:25:51.0825 0x104c  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
11:25:51.0835 0x104c  FltMgr - ok
11:25:51.0915 0x104c  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\windows\system32\FntCache.dll
11:25:51.0955 0x104c  FontCache - ok
11:25:52.0015 0x104c  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:25:52.0015 0x104c  FontCache3.0.0.0 - ok
11:25:52.0055 0x104c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
11:25:52.0055 0x104c  FsDepends - ok
11:25:52.0085 0x104c  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
11:25:52.0095 0x104c  Fs_Rec - ok
11:25:52.0155 0x104c  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
11:25:52.0165 0x104c  fvevol - ok
11:25:52.0195 0x104c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
11:25:52.0195 0x104c  gagp30kx - ok
11:25:52.0245 0x104c  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\windows\System32\gpsvc.dll
11:25:52.0265 0x104c  gpsvc - ok
11:25:52.0355 0x104c  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:25:52.0355 0x104c  gupdate - ok
11:25:52.0375 0x104c  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:25:52.0375 0x104c  gupdatem - ok
11:25:52.0405 0x104c  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:25:52.0415 0x104c  gusvc - ok
11:25:52.0435 0x104c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
11:25:52.0435 0x104c  hcw85cir - ok
11:25:52.0465 0x104c  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
11:25:52.0475 0x104c  HdAudAddService - ok
11:25:52.0495 0x104c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
11:25:52.0505 0x104c  HDAudBus - ok
11:25:52.0515 0x104c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\windows\system32\drivers\HidBatt.sys
11:25:52.0515 0x104c  HidBatt - ok
11:25:52.0535 0x104c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\windows\system32\drivers\hidbth.sys
11:25:52.0535 0x104c  HidBth - ok
11:25:52.0535 0x104c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\windows\system32\drivers\hidir.sys
11:25:52.0545 0x104c  HidIr - ok
11:25:52.0565 0x104c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\windows\system32\hidserv.dll
11:25:52.0565 0x104c  hidserv - ok
11:25:52.0595 0x104c  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\windows\system32\drivers\hidusb.sys
11:25:52.0595 0x104c  HidUsb - ok
11:25:52.0635 0x104c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\windows\system32\kmsvc.dll
11:25:52.0635 0x104c  hkmsvc - ok
11:25:52.0655 0x104c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
11:25:52.0655 0x104c  HomeGroupListener - ok
11:25:52.0695 0x104c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
11:25:52.0705 0x104c  HomeGroupProvider - ok
11:25:52.0755 0x104c  [ 53DCA61931847E35C950504BFB7559C6, 3F57CE29B52D32F7061407B63C4A9786F5B623E9F9F1121B02182DE044110D08 ] HP LaserJet Service C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
11:25:52.0755 0x104c  HP LaserJet Service - ok
11:25:52.0795 0x104c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
11:25:52.0805 0x104c  HpSAMD - ok
11:25:52.0835 0x104c  [ 5A539A3CBD6EC1609D5333B486D5F74C, C43B4F085C0F7938E0771140B7D02B087F4EA086FC3FF4B4F9F2D18BCE0BFD88 ] HPSIService     C:\windows\system32\HPSIsvc.exe
11:25:52.0835 0x104c  HPSIService - ok
11:25:52.0885 0x104c  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\windows\system32\drivers\HTTP.sys
11:25:52.0905 0x104c  HTTP - ok
11:25:52.0915 0x104c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
11:25:52.0915 0x104c  hwpolicy - ok
11:25:52.0955 0x104c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
11:25:52.0955 0x104c  i8042prt - ok
11:25:53.0035 0x104c  [ 53CC5BF8B5A219119953C7ABB19A7705, F342A9732978D893729EA2591CB72E5F5BD1B3E6C9E4DBFFE54EC866E534A8C0 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
11:25:53.0045 0x104c  iaStor - ok
11:25:53.0095 0x104c  [ F5C0317AF600F8C0D7E4202EB04232B1, D83824ED829E3C4BCA6DB17A5DEF1450856ABE17B27AE6B791E40B8C3F2CCB44 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
11:25:53.0095 0x104c  IAStorDataMgrSvc - ok
11:25:53.0145 0x104c  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
11:25:53.0155 0x104c  iaStorV - ok
11:25:53.0265 0x104c  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:25:53.0295 0x104c  idsvc - ok
11:25:53.0335 0x104c  IEEtwCollectorService - ok
11:25:53.0885 0x104c  [ 795C99DC4F574C97C03D0BB39CF099EE, 67310B52F7A1B83A66872B961F347B1BD104C8A83A01F60507705B2ACEA76B71 ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
11:25:54.0337 0x104c  igfx - ok
11:25:54.0407 0x104c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\windows\system32\drivers\iirsp.sys
11:25:54.0407 0x104c  iirsp - ok
11:25:54.0477 0x104c  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\windows\System32\ikeext.dll
11:25:54.0507 0x104c  IKEEXT - ok
11:25:54.0577 0x104c  [ FC727061C0F47C8059E88E05D5C8E381, C7A3782F5D86C7FDE57AA1F2EE81638C5FC3072ACC6E572BA2EC7B3CFF389800 ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
11:25:54.0587 0x104c  IntcDAud - ok
11:25:54.0607 0x104c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\windows\system32\drivers\intelide.sys
11:25:54.0617 0x104c  intelide - ok
11:25:54.0657 0x104c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
11:25:54.0657 0x104c  intelppm - ok
11:25:54.0687 0x104c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\windows\system32\ipbusenum.dll
11:25:54.0697 0x104c  IPBusEnum - ok
11:25:54.0717 0x104c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
11:25:54.0717 0x104c  IpFilterDriver - ok
11:25:54.0767 0x104c  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
11:25:54.0777 0x104c  iphlpsvc - ok
11:25:54.0807 0x104c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
11:25:54.0807 0x104c  IPMIDRV - ok
11:25:54.0827 0x104c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\windows\system32\drivers\ipnat.sys
11:25:54.0837 0x104c  IPNAT - ok
11:25:54.0857 0x104c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\windows\system32\drivers\irenum.sys
11:25:54.0857 0x104c  IRENUM - ok
11:25:54.0867 0x104c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\windows\system32\drivers\isapnp.sys
11:25:54.0867 0x104c  isapnp - ok
11:25:54.0907 0x104c  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
11:25:54.0917 0x104c  iScsiPrt - ok
11:25:54.0947 0x104c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
11:25:54.0947 0x104c  kbdclass - ok
11:25:54.0977 0x104c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
11:25:54.0977 0x104c  kbdhid - ok
11:25:54.0997 0x104c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\windows\system32\lsass.exe
11:25:55.0007 0x104c  KeyIso - ok
11:25:55.0027 0x104c  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
11:25:55.0037 0x104c  KSecDD - ok
11:25:55.0067 0x104c  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
11:25:55.0067 0x104c  KSecPkg - ok
11:25:55.0127 0x104c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
11:25:55.0127 0x104c  ksthunk - ok
11:25:55.0167 0x104c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\windows\system32\msdtckrm.dll
11:25:55.0177 0x104c  KtmRm - ok
11:25:55.0217 0x104c  [ 95CA93FC12BE372BB952669F37FFF9C5, 5B4EE910E676ABD0E12B6AD72DBB564DBEB05D63C43AFFC24CE155D0DF8A3820 ] L1C             C:\windows\system32\DRIVERS\L1C62x64.sys
11:25:55.0227 0x104c  L1C - ok
11:25:55.0297 0x104c  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\windows\system32\srvsvc.dll
11:25:55.0307 0x104c  LanmanServer - ok
11:25:55.0357 0x104c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
11:25:55.0367 0x104c  LanmanWorkstation - ok
11:25:55.0417 0x104c  [ BE166935083F9C38EDFDC21B9A7A679B, 89C64DBE58E1B974208AAAA5CC757C599B1439C205C3C48BF16BA054A06DBC94 ] LHDmgr          C:\windows\system32\DRIVERS\LhdX64.sys
11:25:55.0417 0x104c  LHDmgr - ok
11:25:55.0447 0x104c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
11:25:55.0447 0x104c  lltdio - ok
11:25:55.0507 0x104c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\windows\System32\lltdsvc.dll
11:25:55.0517 0x104c  lltdsvc - ok
11:25:55.0537 0x104c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\windows\System32\lmhsvc.dll
11:25:55.0537 0x104c  lmhosts - ok
11:25:55.0587 0x104c  [ 2ED1786B7542CDA261029F6B526EDF44, C6131B65B045EF5B4F62CF6CF089DF0921BA6A8EFC83BCBA45D5DDE78E9D78E2 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
11:25:55.0597 0x104c  LMS - ok
11:25:55.0647 0x104c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
11:25:55.0647 0x104c  LSI_FC - ok
11:25:55.0657 0x104c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
11:25:55.0667 0x104c  LSI_SAS - ok
11:25:55.0667 0x104c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
11:25:55.0677 0x104c  LSI_SAS2 - ok
11:25:55.0707 0x104c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
11:25:55.0717 0x104c  LSI_SCSI - ok
11:25:55.0747 0x104c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\windows\system32\drivers\luafv.sys
11:25:55.0747 0x104c  luafv - ok
11:25:55.0807 0x104c  MBAMSwissArmy - ok
11:25:55.0857 0x104c  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
11:25:55.0857 0x104c  Mcx2Svc - ok
11:25:55.0877 0x104c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\windows\system32\drivers\megasas.sys
11:25:55.0877 0x104c  megasas - ok
11:25:55.0907 0x104c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
11:25:55.0917 0x104c  MegaSR - ok
11:25:55.0947 0x104c  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\windows\system32\DRIVERS\HECIx64.sys
11:25:55.0947 0x104c  MEIx64 - ok
11:25:55.0967 0x104c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\windows\system32\mmcss.dll
11:25:55.0977 0x104c  MMCSS - ok
11:25:56.0007 0x104c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\windows\system32\drivers\modem.sys
11:25:56.0007 0x104c  Modem - ok
11:25:56.0027 0x104c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
11:25:56.0027 0x104c  monitor - ok
11:25:56.0047 0x104c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
11:25:56.0047 0x104c  mouclass - ok
11:25:56.0077 0x104c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
11:25:56.0077 0x104c  mouhid - ok
11:25:56.0087 0x104c  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
11:25:56.0087 0x104c  mountmgr - ok
11:25:56.0117 0x104c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\windows\system32\drivers\mpio.sys
11:25:56.0117 0x104c  mpio - ok
11:25:56.0167 0x104c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
11:25:56.0177 0x104c  mpsdrv - ok
11:25:56.0257 0x104c  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\windows\system32\mpssvc.dll
11:25:56.0277 0x104c  MpsSvc - ok
11:25:56.0327 0x104c  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
11:25:56.0327 0x104c  MRxDAV - ok
11:25:56.0357 0x104c  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
11:25:56.0357 0x104c  mrxsmb - ok
11:25:56.0397 0x104c  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
11:25:56.0407 0x104c  mrxsmb10 - ok
11:25:56.0417 0x104c  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
11:25:56.0417 0x104c  mrxsmb20 - ok
11:25:56.0447 0x104c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\windows\system32\drivers\msahci.sys
11:25:56.0447 0x104c  msahci - ok
11:25:56.0467 0x104c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\windows\system32\drivers\msdsm.sys
11:25:56.0477 0x104c  msdsm - ok
11:25:56.0497 0x104c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\windows\System32\msdtc.exe
11:25:56.0497 0x104c  MSDTC - ok
11:25:56.0517 0x104c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\windows\system32\drivers\Msfs.sys
11:25:56.0517 0x104c  Msfs - ok
11:25:56.0537 0x104c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
11:25:56.0537 0x104c  mshidkmdf - ok
11:25:56.0537 0x104c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
11:25:56.0537 0x104c  msisadrv - ok
11:25:56.0587 0x104c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
11:25:56.0587 0x104c  MSiSCSI - ok
11:25:56.0587 0x104c  msiserver - ok
11:25:56.0627 0x104c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
11:25:56.0627 0x104c  MSKSSRV - ok
11:25:56.0637 0x104c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
11:25:56.0637 0x104c  MSPCLOCK - ok
11:25:56.0647 0x104c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
11:25:56.0647 0x104c  MSPQM - ok
11:25:56.0677 0x104c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
11:25:56.0697 0x104c  MsRPC - ok
11:25:56.0717 0x104c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
11:25:56.0717 0x104c  mssmbios - ok
11:25:56.0737 0x104c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
11:25:56.0737 0x104c  MSTEE - ok
11:25:56.0757 0x104c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
11:25:56.0757 0x104c  MTConfig - ok
11:25:56.0797 0x104c  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\windows\system32\Drivers\mup.sys
11:25:56.0807 0x104c  Mup - ok
11:25:56.0837 0x104c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\windows\system32\qagentRT.dll
11:25:56.0857 0x104c  napagent - ok
11:25:56.0927 0x104c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
11:25:56.0927 0x104c  NativeWifiP - ok
11:25:56.0997 0x104c  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\windows\system32\drivers\ndis.sys
11:25:57.0027 0x104c  NDIS - ok
11:25:57.0087 0x104c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
11:25:57.0087 0x104c  NdisCap - ok
11:25:57.0167 0x104c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
11:25:57.0167 0x104c  NdisTapi - ok
11:25:57.0207 0x104c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
11:25:57.0217 0x104c  Ndisuio - ok
11:25:57.0267 0x104c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
11:25:57.0267 0x104c  NdisWan - ok
11:25:57.0277 0x104c  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
11:25:57.0287 0x104c  NDProxy - ok
11:25:57.0317 0x104c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
11:25:57.0317 0x104c  NetBIOS - ok
11:25:57.0337 0x104c  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
11:25:57.0337 0x104c  NetBT - ok
11:25:57.0347 0x104c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\windows\system32\lsass.exe
11:25:57.0347 0x104c  Netlogon - ok
11:25:57.0377 0x104c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\windows\System32\netman.dll
11:25:57.0387 0x104c  Netman - ok
11:25:57.0427 0x104c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:25:57.0437 0x104c  NetMsmqActivator - ok
11:25:57.0447 0x104c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:25:57.0447 0x104c  NetPipeActivator - ok
11:25:57.0467 0x104c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\windows\System32\netprofm.dll
11:25:57.0487 0x104c  netprofm - ok
11:25:57.0527 0x104c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:25:57.0527 0x104c  NetTcpActivator - ok
11:25:57.0537 0x104c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:25:57.0537 0x104c  NetTcpPortSharing - ok
11:25:57.0577 0x104c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
11:25:57.0587 0x104c  nfrd960 - ok
11:25:57.0617 0x104c  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\windows\System32\nlasvc.dll
11:25:57.0627 0x104c  NlaSvc - ok
11:25:57.0637 0x104c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\windows\system32\drivers\Npfs.sys
11:25:57.0637 0x104c  Npfs - ok
11:25:57.0657 0x104c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\windows\system32\nsisvc.dll
11:25:57.0657 0x104c  nsi - ok
11:25:57.0667 0x104c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
11:25:57.0667 0x104c  nsiproxy - ok
11:25:57.0787 0x104c  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
11:25:57.0897 0x104c  Ntfs - ok
11:25:57.0927 0x104c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\windows\system32\drivers\Null.sys
11:25:57.0927 0x104c  Null - ok
11:25:57.0947 0x104c  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\windows\system32\drivers\nvraid.sys
11:25:57.0957 0x104c  nvraid - ok
11:25:57.0967 0x104c  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\windows\system32\drivers\nvstor.sys
11:25:57.0967 0x104c  nvstor - ok
11:25:57.0987 0x104c  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
11:25:57.0997 0x104c  nv_agp - ok
11:25:58.0027 0x104c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
11:25:58.0027 0x104c  ohci1394 - ok
11:25:58.0067 0x104c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
11:25:58.0077 0x104c  p2pimsvc - ok
11:25:58.0097 0x104c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\windows\system32\p2psvc.dll
11:25:58.0117 0x104c  p2psvc - ok
11:25:58.0137 0x104c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\windows\system32\drivers\parport.sys
11:25:58.0137 0x104c  Parport - ok
11:25:58.0147 0x104c  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\windows\system32\drivers\partmgr.sys
11:25:58.0157 0x104c  partmgr - ok
11:25:58.0177 0x104c  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\windows\System32\pcasvc.dll
11:25:58.0177 0x104c  PcaSvc - ok
11:25:58.0197 0x104c  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\windows\system32\drivers\pci.sys
11:25:58.0207 0x104c  pci - ok
11:25:58.0227 0x104c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\windows\system32\drivers\pciide.sys
11:25:58.0227 0x104c  pciide - ok
11:25:58.0257 0x104c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
11:25:58.0267 0x104c  pcmcia - ok
11:25:58.0277 0x104c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\windows\system32\drivers\pcw.sys
11:25:58.0287 0x104c  pcw - ok
11:25:58.0357 0x104c  pdserv - ok
11:25:58.0397 0x104c  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\windows\system32\drivers\peauth.sys
11:25:58.0417 0x104c  PEAUTH - ok
11:25:58.0467 0x104c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\windows\SysWow64\perfhost.exe
11:25:58.0467 0x104c  PerfHost - ok
11:25:58.0557 0x104c  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\windows\system32\pla.dll
11:25:58.0597 0x104c  pla - ok
11:25:58.0677 0x104c  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
11:25:58.0687 0x104c  PlugPlay - ok
11:25:58.0707 0x104c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
11:25:58.0707 0x104c  PNRPAutoReg - ok
11:25:58.0737 0x104c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
11:25:58.0747 0x104c  PNRPsvc - ok
11:25:58.0787 0x104c  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
11:25:58.0797 0x104c  PolicyAgent - ok
11:25:58.0807 0x104c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\windows\system32\umpo.dll
11:25:58.0817 0x104c  Power - ok
11:25:58.0857 0x104c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
11:25:58.0857 0x104c  PptpMiniport - ok
11:25:58.0877 0x104c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\windows\system32\drivers\processr.sys
11:25:58.0877 0x104c  Processor - ok
11:25:58.0917 0x104c  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\windows\system32\profsvc.dll
11:25:58.0917 0x104c  ProfSvc - ok
11:25:58.0937 0x104c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\windows\system32\lsass.exe
11:25:58.0937 0x104c  ProtectedStorage - ok
11:25:58.0957 0x104c  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\windows\system32\DRIVERS\pacer.sys
11:25:58.0967 0x104c  Psched - ok
11:25:59.0047 0x104c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\windows\system32\drivers\ql2300.sys
11:25:59.0087 0x104c  ql2300 - ok
11:25:59.0117 0x104c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
11:25:59.0117 0x104c  ql40xx - ok
11:25:59.0169 0x104c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\windows\system32\qwave.dll
11:25:59.0179 0x104c  QWAVE - ok
11:25:59.0199 0x104c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
11:25:59.0209 0x104c  QWAVEdrv - ok
11:25:59.0239 0x104c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
11:25:59.0249 0x104c  RasAcd - ok
11:25:59.0289 0x104c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
11:25:59.0289 0x104c  RasAgileVpn - ok
11:25:59.0299 0x104c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\windows\System32\rasauto.dll
11:25:59.0299 0x104c  RasAuto - ok
11:25:59.0319 0x104c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
11:25:59.0329 0x104c  Rasl2tp - ok
11:25:59.0389 0x104c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\windows\System32\rasmans.dll
11:25:59.0399 0x104c  RasMan - ok
11:25:59.0429 0x104c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
11:25:59.0429 0x104c  RasPppoe - ok
11:25:59.0449 0x104c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
11:25:59.0449 0x104c  RasSstp - ok
11:25:59.0489 0x104c  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
11:25:59.0499 0x104c  rdbss - ok
11:25:59.0519 0x104c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\windows\system32\drivers\rdpbus.sys
11:25:59.0519 0x104c  rdpbus - ok
11:25:59.0529 0x104c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
11:25:59.0529 0x104c  RDPCDD - ok
11:25:59.0559 0x104c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
11:25:59.0559 0x104c  RDPENCDD - ok
11:25:59.0579 0x104c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
11:25:59.0579 0x104c  RDPREFMP - ok
11:25:59.0619 0x104c  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
11:25:59.0639 0x104c  RDPWD - ok
11:25:59.0669 0x104c  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
11:25:59.0679 0x104c  rdyboost - ok
11:25:59.0719 0x104c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\windows\System32\mprdim.dll
11:25:59.0719 0x104c  RemoteAccess - ok
11:25:59.0749 0x104c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\windows\system32\regsvc.dll
11:25:59.0749 0x104c  RemoteRegistry - ok
11:25:59.0829 0x104c  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys
11:25:59.0859 0x104c  RFCOMM - ok
11:25:59.0889 0x104c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
11:25:59.0889 0x104c  RpcEptMapper - ok
11:25:59.0929 0x104c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\windows\system32\locator.exe
11:25:59.0929 0x104c  RpcLocator - ok
11:25:59.0969 0x104c  [ 7D86756A49B408BD050D4E806A0E207F, C639BCE6428F9F9663A956CF93EA22587F6D8125E60E24F93A417E5F10FA1D90 ] RpcSs           C:\windows\system32\rpcss.dll
11:26:00.0039 0x104c  RpcSs - detected Trojan.Win64.Patched.bj ( 0 )
11:26:00.0039 0x104c  RpcSs ( Trojan.Win64.Patched.bj ) - infected
11:26:00.0039 0x104c  Force sending object to P2P due to detect: RpcSs
11:26:02.0795 0x104c  Object send P2P result: true
11:26:05.0387 0x104c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
11:26:05.0387 0x104c  rspndr - ok
11:26:05.0407 0x104c  [ 89DFB71B370D82DFE75183F677043CEE, 448798010AB86040D7A4A8956D7139951A9BD3517942DE2C4B82041B0408D78A ] RSUSBVSTOR      C:\windows\system32\Drivers\RtsUVStor.sys
11:26:05.0427 0x104c  RSUSBVSTOR - ok
11:26:05.0457 0x104c  [ BAEFEE35D27A5440D35092CE10267BEC, FB550D38C01E07B1170C52C1441874B56DD3BECB10CBE8E132EE3276A05C796E ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys
11:26:05.0467 0x104c  RTL8167 - ok
11:26:05.0477 0x104c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\windows\system32\lsass.exe
11:26:05.0487 0x104c  SamSs - ok
11:26:05.0497 0x104c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
11:26:05.0497 0x104c  sbp2port - ok
11:26:05.0517 0x104c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\windows\System32\SCardSvr.dll
11:26:05.0527 0x104c  SCardSvr - ok
11:26:05.0547 0x104c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
11:26:05.0547 0x104c  scfilter - ok
11:26:05.0597 0x104c  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\windows\system32\schedsvc.dll
11:26:05.0627 0x104c  Schedule - ok
11:26:05.0657 0x104c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\windows\System32\certprop.dll
11:26:05.0657 0x104c  SCPolicySvc - ok
11:26:05.0687 0x104c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\windows\System32\SDRSVC.dll
11:26:05.0697 0x104c  SDRSVC - ok
11:26:05.0727 0x104c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\windows\system32\drivers\secdrv.sys
11:26:05.0727 0x104c  secdrv - ok
11:26:05.0737 0x104c  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\windows\system32\seclogon.dll
11:26:05.0737 0x104c  seclogon - ok
11:26:05.0757 0x104c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\windows\System32\sens.dll
11:26:05.0757 0x104c  SENS - ok
11:26:05.0817 0x104c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\windows\system32\sensrsvc.dll
11:26:05.0817 0x104c  SensrSvc - ok
11:26:05.0837 0x104c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\windows\system32\drivers\serenum.sys
11:26:05.0837 0x104c  Serenum - ok
11:26:05.0847 0x104c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\windows\system32\drivers\serial.sys
11:26:05.0847 0x104c  Serial - ok
11:26:05.0847 0x104c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\windows\system32\drivers\sermouse.sys
11:26:05.0857 0x104c  sermouse - ok
11:26:05.0887 0x104c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\windows\system32\sessenv.dll
11:26:05.0887 0x104c  SessionEnv - ok
11:26:05.0907 0x104c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
11:26:05.0907 0x104c  sffdisk - ok
11:26:05.0917 0x104c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
11:26:05.0917 0x104c  sffp_mmc - ok
11:26:05.0927 0x104c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
11:26:05.0927 0x104c  sffp_sd - ok
11:26:05.0937 0x104c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys
11:26:05.0937 0x104c  sfloppy - ok
11:26:05.0977 0x104c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\windows\System32\ipnathlp.dll
11:26:05.0987 0x104c  SharedAccess - ok
11:26:06.0017 0x104c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll
11:26:06.0027 0x104c  ShellHWDetection - ok
11:26:06.0037 0x104c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
11:26:06.0047 0x104c  SiSRaid2 - ok
11:26:06.0067 0x104c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
11:26:06.0067 0x104c  SiSRaid4 - ok
11:26:06.0097 0x104c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\windows\system32\DRIVERS\smb.sys
11:26:06.0097 0x104c  Smb - ok
11:26:06.0127 0x104c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
11:26:06.0137 0x104c  SNMPTRAP - ok
11:26:06.0157 0x104c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\windows\system32\drivers\spldr.sys
11:26:06.0157 0x104c  spldr - ok
11:26:06.0217 0x104c  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\windows\System32\spoolsv.exe
11:26:06.0227 0x104c  Spooler - ok
11:26:06.0377 0x104c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\windows\system32\sppsvc.exe
11:26:06.0507 0x104c  sppsvc - ok
11:26:06.0527 0x104c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\windows\system32\sppuinotify.dll
11:26:06.0527 0x104c  sppuinotify - ok
11:26:06.0567 0x104c  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\windows\system32\DRIVERS\srv.sys
11:26:06.0577 0x104c  srv - ok
11:26:06.0617 0x104c  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
11:26:06.0627 0x104c  srv2 - ok
11:26:06.0647 0x104c  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
11:26:06.0647 0x104c  srvnet - ok
11:26:06.0677 0x104c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
11:26:06.0687 0x104c  SSDPSRV - ok
11:26:06.0707 0x104c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\windows\system32\sstpsvc.dll
11:26:06.0707 0x104c  SstpSvc - ok
11:26:06.0737 0x104c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\windows\system32\drivers\stexstor.sys
11:26:06.0737 0x104c  stexstor - ok
11:26:06.0767 0x104c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\windows\System32\wiaservc.dll
11:26:06.0787 0x104c  stisvc - ok
11:26:06.0817 0x104c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\windows\system32\DRIVERS\swenum.sys
11:26:06.0817 0x104c  swenum - ok
11:26:06.0857 0x104c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\windows\System32\swprv.dll
11:26:06.0876 0x104c  swprv - ok
11:26:06.0969 0x104c  [ 9643991B5CFD7A9BA68626B7A005F7E6, C256A7AC1B2FD98F85D3BB920374C70F65D4A6E3EE420F5AD8E114001BD10822 ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
11:26:07.0009 0x104c  SynTP - ok
11:26:07.0089 0x104c  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\windows\system32\sysmain.dll
11:26:07.0139 0x104c  SysMain - ok
11:26:07.0159 0x104c  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll
11:26:07.0159 0x104c  TabletInputService - ok
11:26:07.0199 0x104c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\windows\System32\tapisrv.dll
11:26:07.0209 0x104c  TapiSrv - ok
11:26:07.0229 0x104c  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\windows\System32\tbssvc.dll
11:26:07.0229 0x104c  TBS - ok
11:26:07.0329 0x104c  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip           C:\windows\system32\drivers\tcpip.sys
11:26:07.0379 0x104c  Tcpip - ok
11:26:07.0469 0x104c  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
11:26:07.0528 0x104c  TCPIP6 - ok
11:26:07.0551 0x104c  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
11:26:07.0561 0x104c  tcpipreg - ok
11:26:07.0591 0x104c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
11:26:07.0591 0x104c  TDPIPE - ok
11:26:07.0611 0x104c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
11:26:07.0611 0x104c  TDTCP - ok
11:26:07.0621 0x104c  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
11:26:07.0631 0x104c  tdx - ok
11:26:07.0641 0x104c  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\windows\system32\DRIVERS\termdd.sys
11:26:07.0641 0x104c  TermDD - ok
11:26:07.0691 0x104c  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\windows\System32\termsrv.dll
11:26:07.0711 0x104c  TermService - ok
11:26:07.0721 0x104c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\windows\system32\themeservice.dll
11:26:07.0731 0x104c  Themes - ok
11:26:07.0741 0x104c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\windows\system32\mmcss.dll
11:26:07.0741 0x104c  THREADORDER - ok
11:26:07.0761 0x104c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\windows\System32\trkwks.dll
11:26:07.0771 0x104c  TrkWks - ok
11:26:07.0811 0x104c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
11:26:07.0821 0x104c  TrustedInstaller - ok
11:26:07.0851 0x104c  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
11:26:07.0861 0x104c  tssecsrv - ok
11:26:07.0881 0x104c  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
11:26:07.0881 0x104c  TsUsbFlt - ok
11:26:07.0911 0x104c  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys
11:26:07.0911 0x104c  TsUsbGD - ok
11:26:07.0941 0x104c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
11:26:07.0951 0x104c  tunnel - ok
11:26:07.0961 0x104c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\windows\system32\drivers\uagp35.sys
11:26:07.0961 0x104c  uagp35 - ok
11:26:07.0981 0x104c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
11:26:07.0991 0x104c  udfs - ok
11:26:08.0011 0x104c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\windows\system32\UI0Detect.exe
11:26:08.0011 0x104c  UI0Detect - ok
11:26:08.0041 0x104c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
11:26:08.0051 0x104c  uliagpkx - ok
11:26:08.0071 0x104c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\windows\system32\DRIVERS\umbus.sys
11:26:08.0071 0x104c  umbus - ok
11:26:08.0091 0x104c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\windows\system32\drivers\umpass.sys
11:26:08.0091 0x104c  UmPass - ok
11:26:08.0211 0x104c  [ 7E5E1603D0FF2D240AE70295C5C3FEFC, 1E5F8E415ACE3C6DFBE636473DBE051329174F2A085516B6FC1515A54014D02B ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
11:26:08.0281 0x104c  UNS - ok
11:26:08.0321 0x104c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\windows\System32\upnphost.dll
11:26:08.0341 0x104c  upnphost - ok
11:26:08.0371 0x104c  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
11:26:08.0371 0x104c  usbccgp - ok
11:26:08.0411 0x104c  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\windows\system32\drivers\usbcir.sys
11:26:08.0411 0x104c  usbcir - ok
11:26:08.0451 0x104c  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\windows\system32\drivers\usbehci.sys
11:26:08.0451 0x104c  usbehci - ok
11:26:08.0511 0x104c  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
11:26:08.0521 0x104c  usbhub - ok
11:26:08.0551 0x104c  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\windows\system32\drivers\usbohci.sys
11:26:08.0551 0x104c  usbohci - ok
11:26:08.0571 0x104c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\windows\system32\drivers\usbprint.sys
11:26:08.0571 0x104c  usbprint - ok
11:26:08.0581 0x104c  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
11:26:08.0581 0x104c  USBSTOR - ok
11:26:08.0601 0x104c  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
11:26:08.0601 0x104c  usbuhci - ok
11:26:08.0661 0x104c  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
11:26:08.0661 0x104c  usbvideo - ok
11:26:08.0691 0x104c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\windows\System32\uxsms.dll
11:26:08.0691 0x104c  UxSms - ok
11:26:08.0701 0x104c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\windows\system32\lsass.exe
11:26:08.0701 0x104c  VaultSvc - ok
11:26:08.0741 0x104c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
11:26:08.0751 0x104c  vdrvroot - ok
11:26:08.0782 0x104c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\windows\System32\vds.exe
11:26:08.0803 0x104c  vds - ok
11:26:08.0820 0x104c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
11:26:08.0823 0x104c  vga - ok
11:26:08.0833 0x104c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\windows\System32\drivers\vga.sys
11:26:08.0833 0x104c  VgaSave - ok
11:26:08.0843 0x104c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
11:26:08.0853 0x104c  vhdmp - ok
11:26:08.0873 0x104c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\windows\system32\drivers\viaide.sys
11:26:08.0883 0x104c  viaide - ok
11:26:08.0913 0x104c  [ 2355B35BF277965EFA3DAE43B7D78239, F75D1F4B9CCB63121F2030E0DE0CC05475DEA90E45F223BA58CFEED63CB2AD7D ] vm331avs        C:\windows\system32\Drivers\vm331avs.sys
11:26:08.0923 0x104c  vm331avs - ok
11:26:08.0943 0x104c  [ 40C39413A2458016FF43444750F467CA, 7753B8C622F15D851FC65851586E8C0FDDD0B00D66C54C5222BB1BD06DCD2A90 ] vmuvcflt        C:\windows\system32\Drivers\vmuvcflt.sys
11:26:08.0943 0x104c  vmuvcflt - ok
11:26:08.0963 0x104c  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\windows\system32\drivers\volmgr.sys
11:26:08.0973 0x104c  volmgr - ok
11:26:09.0003 0x104c  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
11:26:09.0023 0x104c  volmgrx - ok
11:26:09.0063 0x104c  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\windows\system32\drivers\volsnap.sys
11:26:09.0073 0x104c  volsnap - ok
11:26:09.0113 0x104c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
11:26:09.0123 0x104c  vsmraid - ok
11:26:09.0203 0x104c  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\windows\system32\vssvc.exe
11:26:09.0253 0x104c  VSS - ok
11:26:09.0453 0x104c  [ 7570288275D80F5472AE3147487FF0B5, 45204AC1DFEEE18913081FEE1FA55D6C2A13689525641F468AA7BB12850246D5 ] vToolbarUpdater18.1.7 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe
11:26:09.0503 0x104c  vToolbarUpdater18.1.7 - ok
11:26:09.0523 0x104c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
11:26:09.0523 0x104c  vwifibus - ok
11:26:09.0553 0x104c  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
11:26:09.0563 0x104c  vwififlt - ok
11:26:09.0613 0x104c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\windows\system32\w32time.dll
11:26:09.0638 0x104c  W32Time - ok
11:26:09.0673 0x104c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\windows\system32\drivers\wacompen.sys
11:26:09.0676 0x104c  WacomPen - ok
11:26:09.0695 0x104c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
11:26:09.0695 0x104c  WANARP - ok
11:26:09.0705 0x104c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
11:26:09.0715 0x104c  Wanarpv6 - ok
11:26:09.0785 0x104c  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
11:26:09.0835 0x104c  WatAdminSvc - ok
11:26:09.0915 0x104c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\windows\system32\wbengine.exe
11:26:09.0955 0x104c  wbengine - ok
11:26:09.0975 0x104c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
11:26:09.0985 0x104c  WbioSrvc - ok
11:26:10.0015 0x104c  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\windows\System32\wcncsvc.dll
11:26:10.0025 0x104c  wcncsvc - ok
11:26:10.0035 0x104c  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
11:26:10.0035 0x104c  WcsPlugInService - ok
11:26:10.0065 0x104c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\windows\system32\drivers\wd.sys
11:26:10.0065 0x104c  Wd - ok
11:26:10.0125 0x104c  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
11:26:10.0145 0x104c  Wdf01000 - ok
11:26:10.0175 0x104c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\windows\system32\wdi.dll
11:26:10.0175 0x104c  WdiServiceHost - ok
11:26:10.0185 0x104c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\windows\system32\wdi.dll
11:26:10.0185 0x104c  WdiSystemHost - ok
11:26:10.0215 0x104c  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\windows\System32\webclnt.dll
11:26:10.0225 0x104c  WebClient - ok
11:26:10.0255 0x104c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\windows\system32\wecsvc.dll
11:26:10.0265 0x104c  Wecsvc - ok
11:26:10.0285 0x104c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\windows\System32\wercplsupport.dll
11:26:10.0295 0x104c  wercplsupport - ok
11:26:10.0315 0x104c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\windows\System32\WerSvc.dll
11:26:10.0325 0x104c  WerSvc - ok
11:26:10.0375 0x104c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
11:26:10.0375 0x104c  WfpLwf - ok
11:26:10.0395 0x104c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\windows\system32\drivers\wimmount.sys
11:26:10.0395 0x104c  WIMMount - ok
11:26:10.0415 0x104c  WinDefend - ok
11:26:10.0445 0x104c  WinHttpAutoProxySvc - ok
11:26:10.0505 0x104c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
11:26:10.0515 0x104c  Winmgmt - ok
11:26:10.0605 0x104c  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\windows\system32\WsmSvc.dll
11:26:10.0665 0x104c  WinRM - ok
11:26:10.0725 0x104c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\windows\System32\wlansvc.dll
11:26:10.0755 0x104c  Wlansvc - ok
11:26:10.0805 0x104c  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:26:10.0805 0x104c  wlcrasvc - ok
11:26:10.0935 0x104c  [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:26:10.0995 0x104c  wlidsvc - ok
11:26:11.0025 0x104c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
11:26:11.0025 0x104c  WmiAcpi - ok
11:26:11.0045 0x104c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
11:26:11.0055 0x104c  wmiApSrv - ok
11:26:11.0095 0x104c  WMPNetworkSvc - ok
11:26:11.0115 0x104c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\windows\System32\wpcsvc.dll
11:26:11.0125 0x104c  WPCSvc - ok
11:26:11.0155 0x104c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
11:26:11.0155 0x104c  WPDBusEnum - ok
11:26:11.0195 0x104c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
11:26:11.0195 0x104c  ws2ifsl - ok
11:26:11.0235 0x104c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\windows\System32\wscsvc.dll
11:26:11.0235 0x104c  wscsvc - ok
11:26:11.0265 0x104c  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\windows\system32\DRIVERS\WSDPrint.sys
11:26:11.0265 0x104c  WSDPrintDevice - ok
11:26:11.0275 0x104c  WSearch - ok
11:26:11.0325 0x104c  [ 83575C43B2BFE9AB0661A7F957E843C0, 6FCE62721902A4F35F1A4CED8AF60A0346CFAB657ED92DE4CEFF19BDB830D32D ] wsvd            C:\windows\system32\DRIVERS\wsvd.sys
11:26:11.0325 0x104c  wsvd - ok
11:26:11.0435 0x104c  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\windows\system32\wuaueng.dll
11:26:11.0505 0x104c  wuauserv - ok
11:26:11.0545 0x104c  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
11:26:11.0545 0x104c  WudfPf - ok
11:26:11.0585 0x104c  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
11:26:11.0595 0x104c  WUDFRd - ok
11:26:11.0615 0x104c  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
11:26:11.0615 0x104c  wudfsvc - ok
11:26:11.0645 0x104c  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\windows\System32\wwansvc.dll
11:26:11.0655 0x104c  WwanSvc - ok
11:26:11.0675 0x104c  ================ Scan global ===============================
11:26:11.0705 0x104c  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll
11:26:11.0725 0x104c  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
11:26:11.0745 0x104c  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
11:26:11.0775 0x104c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
11:26:11.0815 0x104c  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\windows\system32\services.exe
11:26:11.0825 0x104c  [ Global ] - ok
11:26:11.0825 0x104c  ================ Scan MBR ==================================
11:26:11.0835 0x104c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:26:12.0025 0x104c  \Device\Harddisk0\DR0 - ok
11:26:12.0025 0x104c  ================ Scan VBR ==================================
11:26:12.0035 0x104c  [ 4AB970332439005D716741178C7F654F ] \Device\Harddisk0\DR0\Partition1
11:26:12.0035 0x104c  \Device\Harddisk0\DR0\Partition1 - ok
11:26:12.0035 0x104c  [ B9D3B52847E78A2A28A94999046FBAAC ] \Device\Harddisk0\DR0\Partition2
11:26:12.0035 0x104c  \Device\Harddisk0\DR0\Partition2 - ok
11:26:12.0055 0x104c  [ 950506FF838CE05AD5F0ADCAB7A54924 ] \Device\Harddisk0\DR0\Partition3
11:26:12.0065 0x104c  \Device\Harddisk0\DR0\Partition3 - ok
11:26:12.0065 0x104c  ================ Scan generic autorun ======================
11:26:12.0105 0x104c  [ 364EE28F279BDB459149052E0CD8CAE7, 31637F02F472C704F0C9D15760453F2B17FE66E4995E52865FA1DDDDB4CB13DA ] C:\windows\system32\igfxtray.exe
11:26:12.0105 0x104c  IgfxTray - ok
11:26:12.0125 0x104c  [ A09D2FD3420339CE532D7F671163FB50, F6D9C174EC335F024755E6361BC8072D733D18F70689E761C4B5360DB1D01223 ] C:\windows\system32\hkcmd.exe
11:26:12.0135 0x104c  HotKeysCmds - ok
11:26:12.0155 0x104c  [ 1387EB032E1A67C5FAC3AFEA9F4A3C9E, 02F74BF10796CC02E4E458AF4C594C33EFF07585B7A3E6B9537A214E419B24A8 ] C:\windows\system32\igfxpers.exe
11:26:12.0175 0x104c  Persistence - ok
11:26:12.0175 0x104c  SynTPEnh - ok
11:26:12.0225 0x104c  [ 03998CA1B0F0B50A5062A38D35CFDB4D, 359907A8B7EC0C693FA95F296DF7BB70451EBA865C0CF5BB9C55720FEFB5936E ] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
11:26:12.0225 0x104c  Lenovo EE Boot Optimizer - ok
11:26:12.0615 0x104c  [ 5464183DE5B496390DE92C1D92009FB1, 50A10707461D2BF5067CCE9E0AED2F34F7A96B4AD1CFA25CA1B19A9C7CA2ECB6 ] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
11:26:13.0005 0x104c  Energy Management - ok
11:26:13.0255 0x104c  [ F43AB67D41349AD8BB1FE045C5C49832, E79C50F6EA022AA41A502D780CB72232AC094FD008C31EDC51A1F58EF00B1F08 ] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
11:26:13.0465 0x104c  EnergyUtility - ok
11:26:13.0545 0x104c  [ 26C49FA8BF063A51FBEF8F1E2C839A90, C338F88051A53D61D60AAAA9E5E93144E6FA2515CD0C8B8F6097710B35BC66AE ] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
11:26:13.0555 0x104c  IAStorIcon - ok
11:26:13.0595 0x104c  [ 61A2DBA2126BA1425CC5AECC8E8AD055, 08F07F52FF5C157F00EFEA74AB621F5E47465CD0A3359C5A513B9A01DDB9FEF0 ] C:\Program Files (x86)\USB Camera\VM331_STI.EXE
11:26:13.0615 0x104c  331BigDog - ok
11:26:13.0675 0x104c  [ A01FB0B0C58319FB350A53EDAA947D36, F096607CEA3EB1D569B9767B98C1409F54332A97B78848BC3CBEB92FDFAAB787 ] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe
11:26:13.0675 0x104c  UpdateP2GShortCut - ok
11:26:13.0725 0x104c  [ B00F98FF6FE8682FF941BEB2559BF191, EB443E294C5609F426BF6EE388F3A4B71EFE2C6A8216C0F6DE7AE6DB382BF620 ] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
11:26:13.0735 0x104c  YouCam Mirage - ok
11:26:13.0745 0x104c  [ 7CD9BF0A5F47F9584E59BDF674FD1C5D, 821F2A5380B1E64B0629D67259BA92A923D5D405526CB6C44BC422294C031C1F ] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe
11:26:13.0755 0x104c  YouCam Tray - ok
11:26:13.0825 0x104c  [ BDB70EA0834EEC93927D9ABF95D11CB7, 6B92A96BFD08B4CFBBE3E983019E17029E4E886FDE821D06C94D0D9946B69964 ] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
11:26:13.0835 0x104c  VeriFaceManager - ok
11:26:13.0895 0x104c  [ 3FB4E7E2069F0FD9E15ABC18D605E427, 2FFC218E575DA9E8C86E468227B302752C73EA3246CC0A599D7BCC41ED404F4D ] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe
11:26:13.0895 0x104c  UpdatePRCShortCut - ok
11:26:14.0055 0x104c  [ 4EB4194DA96D36B865FAACC11FE51A25, 285C7BB3B70A40A9D57988FE4619D2CE66284F028CF427D175BC97221C0CDAA4 ] C:\Program Files (x86)\AVG Secure Search\vprot.exe
11:26:14.0175 0x104c  vProt - ok
11:26:14.0275 0x104c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
11:26:14.0385 0x104c  Sidebar - ok
11:26:14.0415 0x104c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
11:26:14.0435 0x104c  mctadmin - ok
11:26:14.0465 0x104c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
11:26:14.0505 0x104c  Sidebar - ok
11:26:14.0515 0x104c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
11:26:14.0515 0x104c  mctadmin - ok
11:26:14.0575 0x104c  [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
11:26:14.0575 0x104c  swg - ok
11:26:14.0625 0x104c  [ 0D50AF2DC652B4864BC5EBCF99C6FE34, 0FC3161EB177FCE659F46E778FB058691944B0FCA07F43C62807089399589E1D ] C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe
11:26:14.0635 0x104c  pdiface - ok
11:26:14.0635 0x104c  Waiting for KSN requests completion. In queue: 150
11:26:15.0635 0x104c  Waiting for KSN requests completion. In queue: 150
11:26:16.0635 0x104c  Waiting for KSN requests completion. In queue: 150
11:26:17.0795 0x104c  AV detected via SS2: AVG AntiVirus Free Edition 2014, C:\Program Files (x86)\AVG\AVG2014\avgwsc.exe ( 14.0.0.4592 ), 0x41000 ( enabled : updated )
11:26:17.0835 0x104c  Win FW state via NFP2: enabled
11:26:20.0397 0x104c  ============================================================
11:26:20.0397 0x104c  Scan finished
11:26:20.0397 0x104c  ============================================================
11:26:20.0397 0x1e28  Detected object count: 2
11:26:20.0397 0x1e28  Actual detected object count: 2
11:27:25.0449 0x1e28  DcomLaunch ( Trojan.Win64.Patched.bj ) - skipped by user
11:27:25.0449 0x1e28  DcomLaunch ( Trojan.Win64.Patched.bj ) - User select action: Skip
11:27:25.0449 0x1e28  RpcSs ( Trojan.Win64.Patched.bj ) - skipped by user
11:27:25.0449 0x1e28  RpcSs ( Trojan.Win64.Patched.bj ) - User select action: Skip
11:28:09.0258 0x1cc8  Deinitialize success
 



#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 PM

Posted 26 June 2014 - 03:22 AM

Search for files with FRST (Recovery Environment)


Run FRST.

Type the following in the edit box after "Search:"

rpcss.dll

Click Search button and post the log (Search.txt) it makes to your reply.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#6 Old Ford Guy

Old Ford Guy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norfolk, NE USA
  • Local time:07:33 AM

Posted 26 June 2014 - 03:11 PM

Farbar Recovery Scan Tool (x64) Version: 25-06-2014
Ran by Tim at 2014-06-26 15:00:22
Running from C:\Users\Tim\Downloads
Boot Mode: Normal

================== Search Files: "rpcss.dll" =============

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2010-11-20 22:24][2010-11-20 22:24] 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123 [File is signed]

C:\Windows\System32\rpcss.dll
[2014-06-24 18:04][2010-11-20 22:24] 0520192 ____A (Microsoft Corporation) 7D86756A49B408BD050D4E806A0E207F

C:\Users\Tim\Downloads\rpcss.dll
[2014-06-24 19:06][2014-06-24 19:06] 0395776 ____A (Microsoft Corporation) 5C83A4408604F737717AB96371201680

====== End Of Search ======

#7 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,622 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:33 AM

Posted 29 June 2014 - 10:05 PM

----------------------------


Edited by TB-Psychotic, 30 June 2014 - 06:04 AM.


#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 PM

Posted 30 June 2014 - 06:10 AM

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs
 

ask toolbar

CutePDF Editor Toolbar Updater


Close the window.

 

 

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 Old Ford Guy

Old Ford Guy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norfolk, NE USA
  • Local time:07:33 AM

Posted 30 June 2014 - 03:29 PM

Farbar Recovery Scan Tool (x64) Version: 25-06-2014
Ran by Tim at 2014-06-26 15:00:22
Running from C:\Users\Tim\Downloads
Boot Mode: Normal

================== Search Files: "rpcss.dll" =============

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2010-11-20 22:24][2010-11-20 22:24] 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123 [File is signed]

C:\Windows\System32\rpcss.dll
[2014-06-24 18:04][2010-11-20 22:24] 0520192 ____A (Microsoft Corporation) 7D86756A49B408BD050D4E806A0E207F

C:\Users\Tim\Downloads\rpcss.dll
[2014-06-24 19:06][2014-06-24 19:06] 0395776 ____A (Microsoft Corporation) 5C83A4408604F737717AB96371201680

====== End Of Search ======
*************************************************************************
AVG Detection: X ... Virus found Win64/Patched *
... c:\Windows\System32\rpcss.dll Infected*
================================================================================

Windows 7 Home Premium
Copywright c Microsoft corporitian
Service Pack 1 [ I do not have sys disc ]
______________________________________________________
System---------------
Manufacturer Lenovo
Model Lenovo Win7PC
Rating 4.7 Windows Experience Index
Processor Intel®Core™i3-2350CPU @ 2.30GHz
2.30 GHz
installed memory 4.00 GB
System Type 64-bit Operating System
Pen and Touch No Pen or Touch Input is available for this display

====================================================================================

as well as warning poping up on screen, random ads or what sounds like tv or radio show audio comes through
the speakers, with no ad or video showing on screen, (not continusly)
==================================================
tried downloading repair disk from AVG, made the cd from their iso and had no luck. Downloaded new rpcss.dll file
from net and re-named rpcss.dll as rpcss.dll.bad and re-started the laptop, windows only came up to a blank
screen. Started with repair cd and re-named rpcss.dll.bad back to rpcss.dll and moved the new downloaded copy to the download
folder and left it there. Back to original files boots up as before and still get warning everytime rpcss.dll is accessed.
at that time involved Bleeping Computer and have been trying to follow your directions. Nothing yet has changed any thing.
================================================

#10 Old Ford Guy

Old Ford Guy
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norfolk, NE USA
  • Local time:07:33 AM

Posted 30 June 2014 - 03:30 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041
Run by Tim at 15:14:40 on 2014-06-30
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4040.2240 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
C:\windows\system32\HPSIsvc.exe
C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\USB Camera\VM331_STI.EXE
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\SysWOW64\ctfmon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Users\Tim\Downloads\FRST64.exe
C:\windows\system32\notepad.exe
C:\windows\system32\taskhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=17
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
mWinlogon: Userinit = userinit.exe,
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.7.644\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: CutePDF Editor Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.7.644\AVG Secure Search_toolbar.dll
TB: CutePDF Editor Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [pdiface] C:\Program Files\Bitdefender\60-Second Virus Scanner\pdiface.exe -noshow
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [HPUsageTrackingLEDM] "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{A2EB22BE-9EED-409C-8CC3-A0F34CBCBBFF} : DHCPNameServer = 192.168.2.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2014-5-13 191768]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2014-5-13 323352]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2014-5-13 130328]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2014-5-13 31512]
R0 fbfmon;fbfmon;C:\windows\System32\drivers\fbfmon.sys [2012-2-20 57952]
R0 LHDmgr;LHDmgr;C:\windows\System32\drivers\LhdX64.sys [2012-2-20 39008]
R1 Avgdiska;AVG Disk Driver;C:\windows\System32\drivers\avgdiska.sys [2014-5-13 152344]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2014-5-13 236312]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2014-5-13 235800]
R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2014-5-13 273176]
R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2012-9-3 50464]
R1 BPntDrv;BPntDrv;C:\windows\System32\drivers\BPntDrv.sys [2012-2-20 13408]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-5-13 3644432]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-5-13 292424]
R2 HP LaserJet Service;HP LaserJet Service;C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2009-6-24 136704]
R2 HPSIService;HP SI Service;C:\windows\System32\HPSIsvc.exe [2012-6-16 127800]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-2-20 13336]
R2 pdserv;Bitdefender 60-Second Virus Scanner Service;C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe \svc --> C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe \svc [?]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-2-20 2656280]
R2 vToolbarUpdater18.1.7;vToolbarUpdater18.1.7;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe [2014-6-22 1813528]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2010-10-25 29792]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2011-1-28 31088]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-2-20 317440]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2012-2-20 76912]
R3 vm331avs;Digital Camera 1;C:\windows\System32\drivers\vm331avs.sys [2012-2-20 250752]
R3 vmuvcflt;Vimicro USB Camera Filter;C:\windows\System32\drivers\vmuvcflt.sys [2012-2-20 8320]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-5-1 111616]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2012-2-20 299520]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-6-16 1255736]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-06-25 15:51:26 -------- d-----w- C:\FRST
2014-06-24 23:51:48 49729 ----a-w- C:\ProgramData\1403653885.bdinstall.bin
2014-06-24 23:51:36 -------- d-----w- C:\ProgramData\Bitdefender
2014-06-24 23:51:34 -------- d-----w- C:\Program Files\Bitdefender
2014-06-24 23:04:50 520192 ----a-w- C:\windows\System32\rpcss.dll
2014-06-24 22:12:40 -------- d-----w- C:\ProgramData\Malwarebytes
2014-06-24 22:12:00 -------- d-----w- C:\Users\Tim\AppData\Local\Programs
2014-06-24 20:16:58 -------- d-----w- C:\Users\Tim\AppData\Roaming\Philipp Winterberg
.
==================== Find3M  ====================
.
2014-06-22 20:46:08 50464 ----a-w- C:\windows\System32\drivers\avgtpx64.sys
2014-05-13 19:20:26 235800 ----a-w- C:\windows\System32\drivers\avgldx64.sys
2014-05-13 19:20:06 273176 ----a-w- C:\windows\System32\drivers\avgtdia.sys
2014-05-13 19:06:06 323352 ----a-w- C:\windows\System32\drivers\avgloga.sys
2014-05-13 19:05:40 191768 ----a-w- C:\windows\System32\drivers\avgidsha.sys
2014-05-13 19:05:08 152344 ----a-w- C:\windows\System32\drivers\avgdiska.sys
2014-05-13 19:05:06 130328 ----a-w- C:\windows\System32\drivers\avgmfx64.sys
2014-05-13 19:04:56 236312 ----a-w- C:\windows\System32\drivers\avgidsdrivera.sys
2014-05-13 19:04:30 31512 ----a-w- C:\windows\System32\drivers\avgrkx64.sys
2014-05-09 06:14:03 477184 ----a-w- C:\windows\System32\aepdu.dll
2014-05-09 06:11:23 424448 ----a-w- C:\windows\System32\aeinv.dll
2014-05-06 04:17:53 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-05-06 03:07:39 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-04-12 02:22:05 95680 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
.
============= FINISH: 15:17:48.60 ===============
 



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 PM

Posted 02 July 2014 - 06:51 AM

Please follow my instructions here: http://www.bleepingcomputer.com/forums/t/538920/avg-reports-win64patch-cwindowssystem32rpcssdll/#entry3409376


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 PM

Posted 15 July 2014 - 07:39 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users