captainslow Posted March 24, 2014 ID:807509 Share Posted March 24, 2014 Hi,Ive noticed that i get the same 'league of angels' popup on sites which would usually have none. It seems to be quite random and occuring for 4+ days, so i suspect i have adware. I searched on the internet, and found alot of sites claiming to help with removal, however their manual removal advice was always very vague and not practical, and all written in the same style (probably the sites were bogus).Im still in the process of deleting some programmes that may be causing the infection (there are no obvious candidates), but in the meantime i have tried Malware bytes, Hitman pro, adware cleaner, combofix, jrt, and the following day the ad always returns. In fact, Malware bytes or Hitman never find anything on the scans. Adware remover always suggests delted the 'prefs file' in appdata>Firefox>roaming, but i think firefox automatically creates this on opening. I have also reinstalled/reset firefox, updated pluggins, ad disabled system restore....not sure how esle to proceed.Is it a harmless popup? Firefox vulnerability? Or something concerning on the computer?Thanks a lot for your help in advance Link to post Share on other sites More sharing options...
kevinf80 Posted March 24, 2014 ID:807516 Share Posted March 24, 2014 Hello and P2P/Piracy Warning: If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy. Run Malwarebytes, Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.Please Update and run a Quick scanMake sure that everything is checked, and click Remove Selected on any found items. Post the produced log Next, Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Let me see those logs.. Kevin Link to post Share on other sites More sharing options...
captainslow Posted March 25, 2014 Author ID:807716 Share Posted March 25, 2014 Hello Kevin,Thanks for your help.Malwarebytes scan:----------------------------------------------------Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.orgDatabase version: v2014.03.25.02Windows 8 x64 NTFSInternet Explorer 10.0.9200.16843John :: LAPTOP [administrator]25/03/2014 07:46:29mbam-log-2014-03-25 (07-46-29).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2PScan options disabled:Objects scanned: 226737Time elapsed: 4 minute(s), 15 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)---------------------------------------------------------Farbar scan:The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe(F-Secure Corporation) C:\Program Files (x86)\TalkTalk\Security\fshoster32.exe(Microsoft Corporation) C:\Windows\system32\dashost.exe(F-Secure Corporation) C:\Program Files (x86)\TalkTalk\Security\apps\CCF_Reputation\fsorsp.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe(F-Secure Corporation) C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe() C:\Windows\SysWOW64\PnkBstrA.exe(Seiko Epson Corporation) C:\Windows\system32\EscSvc64.exe(F-Secure Corporation) C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Common\FSMA32.EXE(F-Secure Corporation) C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\fssm32.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(WinZip Computing International, LLC) C:\Program Files\File Association Helper\FAHWindow.exe(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIIME.EXE(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe(F-Secure Corporation) C:\Program Files (x86)\TalkTalk\Security\fshoster32.exe(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe(F-Secure Corporation) C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Common\FSLAUNCH.EXE==================== Registry (Whitelisted) ==================HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-22] (IDT, Inc.)HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)HKLM\...\Run: [FAHConsole] - C:\Program Files\File Association Helper\FAHConsole.exe [216248 2013-09-26] (WinZip Computing International, LLC)HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2185032 2009-10-19] (CANON INC.)HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.)HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)HKLM-x32\...\Run: [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [F-Secure Hoster (44515)] - C:\Program Files (x86)\TalkTalk\Security\fshoster32.exe [183864 2012-11-26] (F-Secure Corporation)HKLM-x32\...\Run: [F-Secure Manager] - C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Common\FSM32.EXE [310992 2012-10-18] (F-Secure Corporation)HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-12] (Hewlett-Packard)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\.DEFAULT\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIME.EXE [283232 2012-11-02] (SEIKO EPSON CORPORATION)HKU\S-1-5-21-1935344830-3333155245-2583117102-1001\...\Run: [steam] - C:\Program Files (x86)\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation)HKU\S-1-5-21-1935344830-3333155245-2583117102-1001\...\Run: [EPLTarget\P0000000000000001] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIME.EXE [283232 2012-11-02] (SEIKO EPSON CORPORATION)HKU\S-1-5-21-1935344830-3333155245-2583117102-1001\...\Run: [sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)HKU\S-1-5-21-1935344830-3333155245-2583117102-1001\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)==================== Internet (Whitelisted) ====================HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT13/2HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT13/2HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT13/2HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT13/2StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKLM - DefaultScope value is missing.SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJSSearchScopes: HKLM - {C5366604-2FED-4B35-9AEB-30FC4DA8F5B8} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}SearchScopes: HKLM-x32 - {C5366604-2FED-4B35-9AEB-30FC4DA8F5B8} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJSSearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No FileToolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No FileHandler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - No FileHandler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1FireFox:========FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\vjg0qiq9.default-1395655567045FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn\==================== Services (Whitelisted) =================R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)R2 fshoster; C:\Program Files (x86)\TalkTalk\Security\fshoster32.exe [183864 2012-11-26] (F-Secure Corporation)R3 FSMA; C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Common\FSMA32.EXE [208592 2012-10-18] (F-Secure Corporation)R2 FSORSPClient; C:\Program Files (x86)\TalkTalk\Security\apps\CCF_Reputation\fsorsp.exe [60352 2013-09-03] (F-Secure Corporation)R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-10-24] ()R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120 2014-03-19] (Trusteer Ltd.)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)==================== Drivers (Whitelisted) ====================U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)R3 F-Secure Gatekeeper; C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [203304 2014-03-04] (F-Secure Corporation)R1 F-Secure HIPS; C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\HIPS\drivers\fshs.sys [69480 2014-03-04] (F-Secure Corporation)R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2013-09-03] ()R0 fsbts; C:\Windows\SysWOW64\Drivers\fsbts.sys [42672 2013-09-03] ()R3 fsni; C:\Program Files (x86)\TalkTalk\Security\apps\CCF_Scanning\fsni64.sys [80832 2013-04-25] (F-Secure Corporation)R1 fsvista; C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [14032 2012-10-18] ()R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)S3 pfc; C:\Windows\SysWOW64\drivers\pfc.sys [10368 2004-04-01] (Padus, Inc.)R1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [606672 2013-11-14] ()R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [282712 2014-03-19] (Trusteer Ltd.)R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [273592 2014-03-19] (Trusteer Ltd.)R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [316312 2014-03-19] (Trusteer Ltd.)R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [397848 2014-03-19] (Trusteer Ltd.)S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-06-27] (Hewlett-Packard Development Company, L.P.)S3 catchme; \??\C:\ComboFix\catchme.sys [X]S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2014-03-25 07:53 - 2014-03-25 07:56 - 00018804 _____ () C:\Users\John\Downloads\FRST.txt2014-03-25 07:53 - 2014-03-25 07:54 - 00029732 _____ () C:\Users\John\Downloads\Addition.txt2014-03-25 07:52 - 2014-03-25 07:56 - 00000000 ____D () C:\FRST2014-03-25 07:43 - 2014-03-25 07:43 - 02157056 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe2014-03-24 21:42 - 2014-03-24 21:42 - 00000552 _____ () C:\Windows\PFRO.log2014-03-24 21:33 - 2014-03-24 21:33 - 00019724 _____ () C:\ComboFix.txt2014-03-24 21:07 - 2011-06-26 06:45 - 00256000 _____ () C:\Windows\PEV.exe2014-03-24 21:07 - 2010-11-07 17:20 - 00208896 _____ () C:\Windows\MBR.exe2014-03-24 21:07 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2014-03-24 21:07 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2014-03-24 21:07 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2014-03-24 21:07 - 2000-08-31 00:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe2014-03-24 21:07 - 2000-08-31 00:00 - 00098816 _____ () C:\Windows\sed.exe2014-03-24 21:07 - 2000-08-31 00:00 - 00080412 _____ () C:\Windows\grep.exe2014-03-24 21:07 - 2000-08-31 00:00 - 00068096 _____ () C:\Windows\zip.exe2014-03-24 21:03 - 2014-03-24 21:33 - 00000000 ____D () C:\Qoobox2014-03-24 21:02 - 2014-03-24 21:31 - 00000000 ____D () C:\Windows\erdnt2014-03-24 21:01 - 2014-03-24 21:02 - 05192353 ____R (Swearware) C:\Users\John\Downloads\ComboFix.exe2014-03-24 20:56 - 2014-03-24 20:56 - 12589848 _____ (Malwarebytes Corp.) C:\Users\John\Downloads\mbar-1.07.0.1009.exe2014-03-24 20:54 - 2014-03-24 20:54 - 00001063 _____ () C:\Users\John\Desktop\JRT.txt2014-03-24 20:32 - 2014-03-24 20:32 - 00000030 _____ () C:\Users\John\AppData\Roaming\mbam.context.scan2014-03-24 10:06 - 2014-03-24 10:06 - 00000000 ____D () C:\Users\John\Desktop\Old Firefox Data2014-03-24 09:56 - 2014-03-24 21:41 - 00000000 ____D () C:\AdwCleaner2014-03-24 09:36 - 2014-03-24 09:37 - 01950720 _____ () C:\Users\John\Downloads\AdwCleaner.exe2014-03-24 09:32 - 2014-03-24 09:32 - 04134240 _____ (Kaspersky Lab ZAO) C:\Users\John\Downloads\tdsskiller.exe2014-03-24 09:13 - 2014-03-24 09:13 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk2014-03-24 09:13 - 2014-03-24 09:13 - 00000000 ____D () C:\Users\John\AppData\Roaming\Mozilla2014-03-24 09:13 - 2014-03-24 09:13 - 00000000 ____D () C:\Users\John\AppData\Local\Mozilla2014-03-24 09:13 - 2014-03-24 09:13 - 00000000 ____D () C:\ProgramData\Mozilla2014-03-24 09:13 - 2014-03-24 09:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service2014-03-24 09:13 - 2014-03-24 09:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-03-24 08:34 - 2014-03-24 08:34 - 01038974 _____ (Thisisu) C:\Users\John\Downloads\JRT.exe2014-03-24 08:08 - 2014-03-24 08:09 - 00000000 ____D () C:\Users\John\Desktop\cccleaner reg files edit2014-03-24 07:53 - 2014-03-24 07:53 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC2014-03-24 07:53 - 2014-03-24 07:53 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk2014-03-24 07:53 - 2014-03-24 07:53 - 00000000 ____D () C:\Program Files\CCleaner2014-03-24 07:51 - 2014-03-24 07:52 - 04765152 _____ (Piriform Ltd) C:\Users\John\Downloads\ccsetup411.exe2014-03-22 21:56 - 2014-03-22 21:56 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe2014-03-22 21:45 - 2014-03-22 21:45 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk2014-03-22 21:43 - 2014-03-22 21:43 - 10820032 _____ (SurfRight B.V.) C:\Users\John\Downloads\HitmanPro_x64.exe2014-03-22 21:42 - 2014-03-22 21:42 - 09988304 _____ (SurfRight B.V.) C:\Users\John\Downloads\HitmanPro.exe2014-03-22 17:15 - 2014-03-22 17:15 - 00000000 ____D () C:\ProgramData\GridinSoft2014-03-22 14:45 - 2014-03-22 14:45 - 00000000 ____D () C:\Program Files\Enigma Software Group2014-03-22 14:45 - 2014-03-22 14:45 - 00000000 _____ () C:\autoexec.bat2014-03-22 14:44 - 2014-03-22 15:38 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP2014-03-20 15:33 - 2014-03-20 15:33 - 00000000 ____D () C:\Users\John\Desktop\Santander2014-03-20 15:31 - 2014-03-24 21:58 - 00000000 ____D () C:\Users\John\Desktop\Job info2014-03-15 16:59 - 2014-03-15 16:59 - 00360968 _____ () C:\Windows\system32\FNTCACHE.DAT2014-03-13 09:30 - 2013-10-25 07:34 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys2014-03-13 09:30 - 2013-10-24 22:34 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys2014-03-13 09:29 - 2014-02-23 08:12 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-03-13 09:29 - 2014-02-08 04:34 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-03-13 09:28 - 2014-02-23 08:13 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-03-13 09:28 - 2014-02-23 08:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-03-13 09:28 - 2014-02-23 08:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll2014-03-13 09:28 - 2014-02-23 08:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll2014-03-13 09:28 - 2014-02-23 08:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-03-13 09:28 - 2014-02-23 08:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-03-13 09:28 - 2014-02-23 08:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-03-13 09:28 - 2014-02-23 08:11 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-03-13 09:28 - 2014-02-23 08:11 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-03-13 09:28 - 2014-02-23 08:11 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-03-13 09:28 - 2014-02-23 08:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2014-03-13 09:28 - 2014-02-23 08:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll2014-03-13 09:28 - 2014-02-23 08:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-03-13 09:28 - 2014-02-23 08:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-03-13 09:28 - 2014-02-23 08:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-03-13 09:28 - 2014-02-23 06:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-03-13 09:28 - 2014-02-23 06:54 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-03-13 09:28 - 2014-02-23 06:54 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll2014-03-13 09:28 - 2014-02-23 06:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-03-13 09:28 - 2014-02-23 06:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-03-13 09:28 - 2014-02-23 06:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-03-13 09:28 - 2014-02-23 06:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-03-13 09:28 - 2014-02-23 06:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2014-03-13 09:28 - 2014-02-23 06:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-03-13 09:28 - 2014-02-23 06:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-03-13 09:28 - 2014-02-23 06:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2014-03-13 09:28 - 2014-02-23 06:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-03-13 09:28 - 2014-02-23 06:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-03-13 09:28 - 2014-02-23 06:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-03-13 09:28 - 2014-02-23 06:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-03-13 09:28 - 2014-02-23 06:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-03-13 09:28 - 2014-02-23 04:06 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll2014-03-13 09:27 - 2014-02-05 23:41 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll2014-03-13 09:27 - 2014-02-05 23:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll2014-03-13 09:27 - 2014-01-31 00:48 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll2014-03-13 09:27 - 2014-01-31 00:06 - 01628160 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll2014-03-13 09:27 - 2013-12-07 06:36 - 19751936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll2014-03-13 09:27 - 2013-12-07 05:15 - 17560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2014-03-11 21:22 - 2014-03-11 21:22 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe2014-03-03 14:43 - 2014-03-24 08:09 - 00000000 ____D () C:\Users\John\Desktop\UKVI2014-03-01 12:49 - 2014-03-01 12:49 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk2014-03-01 12:49 - 2014-03-01 12:49 - 00000000 ____D () C:\Users\John\AppData\Local\Skype2014-03-01 12:01 - 2014-03-01 12:01 - 00000000 ____D () C:\Users\John\AppData\Local\Windows Live2014-02-27 20:35 - 2014-02-28 10:45 - 00000000 ____D () C:\Users\John\AppData\Roaming\vlc2014-02-27 20:25 - 2014-02-27 20:25 - 00001070 _____ () C:\Users\Public\Desktop\VLC media player.lnk2014-02-27 20:25 - 2014-02-27 20:25 - 00000000 ____D () C:\Program Files (x86)\VideoLAN2014-02-23 19:54 - 2014-03-03 17:32 - 00000000 ____D () C:\Users\John\Desktop\New folder==================== One Month Modified Files and Folders =======2014-03-25 07:56 - 2014-03-25 07:53 - 00018804 _____ () C:\Users\John\Downloads\FRST.txt2014-03-25 07:56 - 2014-03-25 07:52 - 00000000 ____D () C:\FRST2014-03-25 07:54 - 2014-03-25 07:53 - 00029732 _____ () C:\Users\John\Downloads\Addition.txt2014-03-25 07:44 - 2013-01-11 14:28 - 01696160 _____ () C:\Windows\WindowsUpdate.log2014-03-25 07:43 - 2014-03-25 07:43 - 02157056 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe2014-03-25 07:41 - 2013-01-11 23:41 - 00000000 ____D () C:\Users\John\Documents\My Games2014-03-25 07:22 - 2013-06-29 14:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-03-25 07:21 - 2013-01-18 14:18 - 00000000 ____D () C:\Program Files (x86)\Steam2014-03-25 07:12 - 2012-07-26 08:12 - 00000000 ____D () C:\Windows\system32\sru2014-03-24 21:58 - 2014-03-20 15:31 - 00000000 ____D () C:\Users\John\Desktop\Job info2014-03-24 21:58 - 2013-01-16 19:43 - 00010980 _____ () C:\Users\John\AppData\Roaming\wklnhst.dat2014-03-24 21:42 - 2014-03-24 21:42 - 00000552 _____ () C:\Windows\PFRO.log2014-03-24 21:42 - 2012-07-26 07:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-03-24 21:41 - 2014-03-24 09:56 - 00000000 ____D () C:\AdwCleaner2014-03-24 21:41 - 2012-07-26 05:26 - 00262144 ___SH () C:\Windows\system32\config\BBI2014-03-24 21:33 - 2014-03-24 21:33 - 00019724 _____ () C:\ComboFix.txt2014-03-24 21:33 - 2014-03-24 21:03 - 00000000 ____D () C:\Qoobox2014-03-24 21:31 - 2014-03-24 21:02 - 00000000 ____D () C:\Windows\erdnt2014-03-24 21:30 - 2012-07-26 05:26 - 00000215 _____ () C:\Windows\system.ini2014-03-24 21:02 - 2014-03-24 21:01 - 05192353 ____R (Swearware) C:\Users\John\Downloads\ComboFix.exe2014-03-24 20:56 - 2014-03-24 20:56 - 12589848 _____ (Malwarebytes Corp.) C:\Users\John\Downloads\mbar-1.07.0.1009.exe2014-03-24 20:54 - 2014-03-24 20:54 - 00001063 _____ () C:\Users\John\Desktop\JRT.txt2014-03-24 20:32 - 2014-03-24 20:32 - 00000030 _____ () C:\Users\John\AppData\Roaming\mbam.context.scan2014-03-24 12:01 - 2013-01-11 14:39 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1935344830-3333155245-2583117102-10012014-03-24 10:06 - 2014-03-24 10:06 - 00000000 ____D () C:\Users\John\Desktop\Old Firefox Data2014-03-24 09:37 - 2014-03-24 09:36 - 01950720 _____ () C:\Users\John\Downloads\AdwCleaner.exe2014-03-24 09:32 - 2014-03-24 09:32 - 04134240 _____ (Kaspersky Lab ZAO) C:\Users\John\Downloads\tdsskiller.exe2014-03-24 09:18 - 2013-06-29 14:25 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-03-24 09:18 - 2013-06-29 14:25 - 00000000 ____D () C:\Users\John\AppData\Local\Adobe2014-03-24 09:13 - 2014-03-24 09:13 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk2014-03-24 09:13 - 2014-03-24 09:13 - 00000000 ____D () C:\Users\John\AppData\Roaming\Mozilla2014-03-24 09:13 - 2014-03-24 09:13 - 00000000 ____D () C:\Users\John\AppData\Local\Mozilla2014-03-24 09:13 - 2014-03-24 09:13 - 00000000 ____D () C:\ProgramData\Mozilla2014-03-24 09:13 - 2014-03-24 09:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service2014-03-24 09:13 - 2014-03-24 09:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-03-24 08:56 - 2013-01-19 12:03 - 00000342 _____ () C:\Windows\Tasks\HPCeeScheduleForJohn.job2014-03-24 08:34 - 2014-03-24 08:34 - 01038974 _____ (Thisisu) C:\Users\John\Downloads\JRT.exe2014-03-24 08:09 - 2014-03-24 08:08 - 00000000 ____D () C:\Users\John\Desktop\cccleaner reg files edit2014-03-24 08:09 - 2014-03-03 14:43 - 00000000 ____D () C:\Users\John\Desktop\UKVI2014-03-24 08:09 - 2014-01-12 09:45 - 00000000 ____D () C:\Users\John\Desktop\ideas2014-03-24 07:57 - 2013-01-13 22:19 - 01137664 ___SH () C:\Users\John\Desktop\Thumbs.db2014-03-24 07:55 - 2012-08-03 23:21 - 00000000 ____D () C:\Windows\Panther2014-03-24 07:53 - 2014-03-24 07:53 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC2014-03-24 07:53 - 2014-03-24 07:53 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk2014-03-24 07:53 - 2014-03-24 07:53 - 00000000 ____D () C:\Program Files\CCleaner2014-03-24 07:52 - 2014-03-24 07:51 - 04765152 _____ (Piriform Ltd) C:\Users\John\Downloads\ccsetup411.exe2014-03-23 22:01 - 2013-01-15 19:13 - 00000000 ___RD () C:\Program Files (x86)\Skype2014-03-23 12:55 - 2013-01-19 12:03 - 00003154 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJohn2014-03-23 12:55 - 2013-01-11 14:28 - 00000000 ____D () C:\Users\John2014-03-23 12:46 - 2012-07-26 07:28 - 00941050 _____ () C:\Windows\system32\PerfStringBackup.INI2014-03-22 21:56 - 2014-03-22 21:56 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe2014-03-22 21:56 - 2013-08-25 10:39 - 00000000 ____D () C:\ProgramData\HitmanPro2014-03-22 21:45 - 2014-03-22 21:45 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk2014-03-22 21:45 - 2013-08-25 16:34 - 00000000 ____D () C:\Program Files\HitmanPro2014-03-22 21:43 - 2014-03-22 21:43 - 10820032 _____ (SurfRight B.V.) C:\Users\John\Downloads\HitmanPro_x64.exe2014-03-22 21:42 - 2014-03-22 21:42 - 09988304 _____ (SurfRight B.V.) C:\Users\John\Downloads\HitmanPro.exe2014-03-22 21:16 - 2013-08-20 19:40 - 00360960 ___SH () C:\Users\John\Downloads\Thumbs.db2014-03-22 17:15 - 2014-03-22 17:15 - 00000000 ____D () C:\ProgramData\GridinSoft2014-03-22 15:38 - 2014-03-22 14:44 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP2014-03-22 15:24 - 2014-02-08 17:20 - 00000000 ____D () C:\Windows\Minidump2014-03-22 14:45 - 2014-03-22 14:45 - 00000000 ____D () C:\Program Files\Enigma Software Group2014-03-22 14:45 - 2014-03-22 14:45 - 00000000 _____ () C:\autoexec.bat2014-03-21 14:18 - 2013-03-12 16:40 - 00000000 ____D () C:\Users\John\Documents\John2014-03-20 15:33 - 2014-03-20 15:33 - 00000000 ____D () C:\Users\John\Desktop\Santander2014-03-20 15:33 - 2014-01-12 09:42 - 00000000 ____D () C:\Users\John\Desktop\terrazza2014-03-20 15:14 - 2013-01-18 17:53 - 00000000 ____D () C:\Users\John\AppData\Roaming\Tropico 32014-03-20 07:44 - 2013-07-23 15:20 - 00000000 ____D () C:\Windows\system32\MRT2014-03-20 07:40 - 2012-07-26 05:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM2014-03-20 07:39 - 2013-01-12 17:18 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-03-20 07:28 - 2012-07-26 08:12 - 00000000 ____D () C:\Windows\AUInstallAgent2014-03-19 21:27 - 2013-01-15 10:58 - 00316312 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportKE64.sys2014-03-19 21:27 - 2013-01-15 10:58 - 00273592 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportHades64.sys2014-03-19 13:12 - 2012-07-26 08:12 - 00000000 ____D () C:\Windows\system32\FxsTmp2014-03-18 08:28 - 2013-01-15 19:12 - 00000000 ____D () C:\ProgramData\Skype2014-03-15 17:48 - 2012-07-26 08:12 - 00000000 ____D () C:\Windows\rescache2014-03-15 16:59 - 2014-03-15 16:59 - 00360968 _____ () C:\Windows\system32\FNTCACHE.DAT2014-03-15 12:54 - 2013-01-12 12:45 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log2014-03-15 12:54 - 2013-01-12 12:44 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt2014-03-15 10:03 - 2013-01-11 14:31 - 00000000 ___RD () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-03-15 10:03 - 2013-01-11 14:31 - 00000000 ___RD () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools2014-03-14 22:26 - 2012-07-26 08:12 - 00000000 ___RD () C:\Windows\ToastData2014-03-14 22:26 - 2012-07-26 08:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2014-03-14 22:26 - 2012-07-26 08:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2014-03-14 22:26 - 2012-07-26 08:12 - 00000000 ____D () C:\Program Files\Windows Defender2014-03-14 22:26 - 2012-07-26 08:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender2014-03-14 14:30 - 2013-01-15 19:13 - 00000000 ____D () C:\Users\John\AppData\Roaming\Skype2014-03-11 21:22 - 2014-03-11 21:22 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe2014-03-11 12:57 - 2013-01-11 14:28 - 00000000 ____D () C:\Users\John\AppData\Local\Packages2014-03-11 12:10 - 2013-09-19 11:43 - 00000000 ____D () C:\Users\John\AppData\Local\ABBYY2014-03-04 22:52 - 2013-11-14 21:23 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-03-04 22:52 - 2013-11-14 21:23 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-03-03 17:32 - 2014-02-23 19:54 - 00000000 ____D () C:\Users\John\Desktop\New folder2014-03-01 12:49 - 2014-03-01 12:49 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk2014-03-01 12:49 - 2014-03-01 12:49 - 00000000 ____D () C:\Users\John\AppData\Local\Skype2014-03-01 12:19 - 2014-01-12 20:58 - 00000000 ____D () C:\Users\John\Desktop\english teaching2014-03-01 12:01 - 2014-03-01 12:01 - 00000000 ____D () C:\Users\John\AppData\Local\Windows Live2014-02-28 10:45 - 2014-02-27 20:35 - 00000000 ____D () C:\Users\John\AppData\Roaming\vlc2014-02-27 20:25 - 2014-02-27 20:25 - 00001070 _____ () C:\Users\Public\Desktop\VLC media player.lnk2014-02-27 20:25 - 2014-02-27 20:25 - 00000000 ____D () C:\Program Files (x86)\VideoLAN2014-02-23 08:13 - 2014-03-13 09:28 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-02-23 08:13 - 2014-03-13 09:28 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-02-23 08:13 - 2014-03-13 09:28 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll2014-02-23 08:13 - 2014-03-13 09:28 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll2014-02-23 08:13 - 2014-03-13 09:28 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-02-23 08:12 - 2014-03-13 09:29 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-02-23 08:12 - 2014-03-13 09:28 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-02-23 08:12 - 2014-03-13 09:28 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-02-23 08:11 - 2014-03-13 09:28 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-02-23 08:11 - 2014-03-13 09:28 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-02-23 08:11 - 2014-03-13 09:28 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-02-23 08:11 - 2014-03-13 09:28 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2014-02-23 08:11 - 2014-03-13 09:28 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll2014-02-23 08:11 - 2014-03-13 09:28 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-02-23 08:11 - 2014-03-13 09:28 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-02-23 08:11 - 2014-03-13 09:28 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-02-23 06:54 - 2014-03-13 09:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-02-23 06:54 - 2014-03-13 09:28 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-02-23 06:54 - 2014-03-13 09:28 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll2014-02-23 06:53 - 2014-03-13 09:28 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-02-23 06:53 - 2014-03-13 09:28 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-02-23 06:53 - 2014-03-13 09:28 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-02-23 06:53 - 2014-03-13 09:28 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-02-23 06:53 - 2014-03-13 09:28 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2014-02-23 06:53 - 2014-03-13 09:28 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-02-23 06:53 - 2014-03-13 09:28 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-02-23 06:53 - 2014-03-13 09:28 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2014-02-23 06:53 - 2014-03-13 09:28 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-02-23 06:53 - 2014-03-13 09:28 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-02-23 06:53 - 2014-03-13 09:28 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-02-23 06:35 - 2014-03-13 09:28 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-02-23 06:31 - 2014-03-13 09:28 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-02-23 04:06 - 2014-03-13 09:28 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dllSome content of TEMP:====================C:\Users\John\AppData\Local\temp\Quarantine.exe==================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legitLastRegBack: 2014-03-18 09:04==================== End Of Log ============================Farbar Addition==================== Security Center ========================AV: Computer Security (Disabled - Up to date) {15414183-282E-D62C-CA37-EF24860A2F17}AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Computer Security (Disabled - Up to date) {AE20A067-0E14-D9A2-F087-D456FD8D65AA}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}==================== Installed Programs ======================7 Wonders II (x32 Version: 2.2.0.98 - WildTangent) HiddenABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) HiddenAdobe Audition 1.5 (HKLM-x32\...\{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}) (Version: 1.5 - Adobe Systems)Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) HiddenAssassin's Creed Brotherhood (HKLM-x32\...\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}) (Version: 1.03 - Ubisoft)Assassin's Creed II (HKLM-x32\...\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}) (Version: 1.01 - Ubisoft)Assassin's Creed Revelations (HKLM-x32\...\Steam App 201870) (Version: - Ubisoft Montreal)Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) HiddenBonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) HiddenCanon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version: - )Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version: - )Canon MP250 series User Registration (HKLM-x32\...\Canon MP250 series User Registration) (Version: - )Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) HiddenComputer Security 12.71.102.0 (release) (x32 Version: 12.71.102.0 - F-Secure Corporation) HiddenConnected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) HiddenCrazy Chicken Soccer (x32 Version: 2.2.0.98 - WildTangent) HiddenCyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.6326 - CyberLink Corp.)CyberLink LabelPrint (x32 Version: 2.5.3.6326 - CyberLink Corp.) HiddenCyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.2928 - CyberLink Corp.)CyberLink Media Suite 10 (x32 Version: 10.0.4.2928 - CyberLink Corp.) HiddenCyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)CyberLink PhotoDirector (x32 Version: 2.0.1.3119 - CyberLink Corp.) HiddenCyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)CyberLink PowerDirector 10 (x32 Version: 10.0.1.1925 - CyberLink Corp.) HiddenCyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)CyberLink PowerDVD (x32 Version: 10.0.6.4319 - CyberLink Corp.) HiddenCyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)CyberLink YouCam (x32 Version: 3.5.4.5527 - CyberLink Corp.) HiddenD3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDownload Navigator (HKLM-x32\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION)Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)Epson Easy Photo Print 2 (HKLM-x32\...\{30E01116-5666-4807-8EF1-D80E9FF16717}) (Version: 2.3.2.0 - SEIKO EPSON CORPORATION)Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)Epson Event Manager (HKLM-x32\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation)EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)EPSON XP-202 203 206 Series Printer Uninstall (HKLM\...\EPSON XP-202 203 206 Series) (Version: - SEIKO EPSON Corporation)EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)Europa Universalis III (HKLM-x32\...\Steam App 25800) (Version: - Paradox Development Studio)Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) HiddenFile Association Helper (HKLM\...\{572D0504-2C67-4016-801F-D70879A3026A}) (Version: 1.1.6.53763 - WinZip Computing International, LLC)Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) HiddenFootball Manager 2010 (HKLM-x32\...\Steam App 34000) (Version: - SI Games)F-Secure CCF Reputation (x32 Version: 1.0.25.1877 - F-Secure) HiddenF-Secure CCF Scanning 1.23.124.8831 (release) (x32 Version: 1.23.124.8831 - F-Secure Corporation) HiddenF-Secure Network CCF 1.02.126 (x32 Version: 1.02.126 - F-Secure Corporation) HiddenGovernor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) HiddenHewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) HiddenHitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.212 - SurfRight B.V.)HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) HiddenHP Documentation (HKLM-x32\...\{1AC082E0-049D-4C5C-9ECF-9473AD5A949D}) (Version: 1.1.0.0 - Hewlett-Packard)HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)HP Postscript Converter (Version: 3.1.3554 - Hewlett-Packard) HiddenHP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)HP Recovery Manager (x32 Version: 7.00 - Hewlett-Packard) HiddenHP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6417.0 - IDT)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) HiddenJava 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) HiddenJewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) HiddenJewel Quest II (x32 Version: 2.2.0.97 - WildTangent) HiddenJewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) HiddenMahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) HiddenMalwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Word 2002 (HKLM-x32\...\{911B0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)Microsoft Works (HKLM-x32\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)Microsoft Works 2005 Setup Launcher (HKLM-x32\...\Works2005Setup) (Version: - )Microsoft Works Suite Add-in for Microsoft Word (HKLM-x32\...\{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}) (Version: 8.0.0.0000 - Microsoft Corporation)Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) HiddenNetwork Guide EPSON XP-202 203 206 Series (HKLM-x32\...\EPSON XP-202 203 206 Series Netg) (Version: - )Online Safety 2.71.927.655 (x32 Version: 2.71.927.655 - F-Secure Corporation) HiddenPolar Bowler (x32 Version: 2.2.0.97 - WildTangent) HiddenPower2Go (x32 Version: 8.0 - CyberLink Corp.) HiddenPunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink)Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) HiddenRapport (x32 Version: 3.5.1304.61 - Trusteer) HiddenRealtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)Shockwave (HKLM-x32\...\Shockwave) (Version: - )Sid Meier's Civilization 4 - Beyond the Sword (HKCU\...\{32E4F0D2-C135-475E-A841-1D59A0D22989}) (Version: 3.19 - Firaxis Games)Sid Meier's Civilization 4 (HKCU\...\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}) (Version: 1.74 - Firaxis Games)Sid Meier's Civilization 4 (x32 Version: 1.00.0000 - Firaxis Games) HiddenSid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)Sid Meier's Civilization V SDK (HKLM-x32\...\Steam App 16830) (Version: - Firaxis Games)Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)Sony PC Companion 2.10.188 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.188 - Sony)Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)Super Safe Boost (HKLM-x32\...\F-Secure ServiceEnabler 44515) (Version: 1.71.340.0 - F-Secure Corporation)Super Safe Boost (x32 Version: 1.71.340.0 - F-Secure Corporation) HiddenswMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) HiddenSynaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) HiddenTropico 3 1.02 (HKLM-x32\...\Tropico3) (Version: 1.02 - Kalypso Media)Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1304.61 - Trusteer)Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)Update Installer for WildTangent Games App (x32 Version: - WildTangent) HiddenUser's Guide EPSON XP-202 203 206 Series (HKLM-x32\...\EPSON XP-202 203 206 Series Useg) (Version: - )Virtual Families (x32 Version: 2.2.0.98 - WildTangent) HiddenVLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) HiddenWildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) HiddenWindows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) HiddenWindows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWorks Upgrade (x32 Version: 8.0.0.0000 - Microsoft Corporation) HiddenZuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden==================== Restore Points ============================================= Hosts content: ==========================2012-07-26 05:26 - 2014-03-24 21:30 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost==================== Scheduled Tasks (whitelisted) =============Task: {06088D2F-2BE5-477A-95F9-77F2CD852DED} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exeTask: {0926AAFF-7EA1-40DC-9422-E2844D06FF14} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)Task: {0AF97890-F738-4B4A-A3B4-62A10BA825EA} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)Task: {12593FFB-CA2E-4AB6-8A69-81AA705560CA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTaskTask: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsListTask: {522A4505-103D-443A-A1A8-22E41D397211} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)Task: {588FA457-B78A-40F9-AAC5-8D0DB127FFF5} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)Task: {633962BC-8504-4B7C-AB86-388C595CDC6C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-02-10] (Hewlett-Packard)Task: {9E71F6AB-8F90-44BA-B587-184F7FD352F5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-24] (Adobe Systems Incorporated)Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensingTask: {B15FC8DC-D0C4-4C0D-BA28-DDB95B77924D} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated)Task: {BBEBA448-95D2-487F-B482-0D1566AD8E77} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryStateTask: {CCB69D09-B70A-41CD-AFB0-4A38293EAC9F} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exeTask: {DCA39277-1CCA-4CC5-B439-590B58442440} - System32\Tasks\HPCeeScheduleForJohn => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)Task: {E681D283-29C8-4BC4-87E7-EF92C0D6676B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-02-10] (Hewlett-Packard)Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTaskTask: {F2983181-7450-450E-BAD9-3F61B3E53A60} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exeTask: {F6E0ED5B-7A46-45BD-842E-4918CF2248EF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\HPCeeScheduleForJohn.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe==================== Loaded Modules (whitelisted) =============2013-09-17 14:05 - 2013-10-24 10:54 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe2013-06-01 07:46 - 2013-06-01 07:46 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll2012-08-08 05:17 - 2012-08-08 05:17 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2013-12-26 19:38 - 2013-10-31 11:35 - 00070880 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe2013-01-15 10:58 - 2014-02-08 17:24 - 01125592 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll2012-11-26 12:49 - 2012-11-26 12:49 - 00216632 _____ () C:\Program Files (x86)\TalkTalk\Security\daas2.dll2013-09-03 14:10 - 2013-09-03 14:10 - 00030888 _____ () C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\minifilter\hashlib_x86.dll2013-09-03 13:59 - 2013-12-11 08:27 - 00212008 _____ () C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Spam Control\fsas.dll2013-09-03 13:58 - 2014-03-04 07:20 - 00949288 _____ () C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\fm4av.dll2012-10-22 09:47 - 2012-06-25 18:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll2012-06-27 14:09 - 2012-06-27 14:09 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll2013-12-26 19:38 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll2013-12-26 19:38 - 2013-09-13 10:02 - 00208896 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll2013-09-03 12:25 - 2013-09-03 12:25 - 00593464 _____ () C:\Windows\WinSxS\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.482.65_none_b59e1e0911fd55ab\QtMultimediaKit1.dll2014-03-24 09:13 - 2014-03-15 08:40 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll==================== Alternate Data Streams (whitelisted) ============================= Safe Mode (whitelisted) ======================================= Disabled items from MSCONFIG ================================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (03/25/2014 07:53:52 AM) (Source: FSecure-FSecure-F-Secure DeepGuard) (User: )Description: 1 2014-03-25 07:53:52+01:00 LAPTOP SYSTEM F-Secure DeepGuard Application was blocked. This was determined to be a high-risk application by system control heuristics. Application path: \\?\c:\windows\mod_frst.exe File hash: 4bb423ae4bf7b46ba1cd43c521cf9314c03cf8c4Error: (03/25/2014 07:20:37 AM) (Source: Customer Experience Improvement Program) (User: )Description: 80070005Error: (03/25/2014 07:10:54 AM) (Source: Steam Client Service) (User: )Description: Error: Failed to poke open firewallError: (03/24/2014 09:43:58 PM) (Source: Steam Client Service) (User: )Description: Error: Failed to poke open firewallError: (03/24/2014 10:18:32 AM) (Source: Steam Client Service) (User: )Description: Error: Failed to poke open firewallError: (03/24/2014 08:57:49 AM) (Source: Steam Client Service) (User: )Description: Error: Failed to poke open firewallError: (03/24/2014 07:35:30 AM) (Source: Steam Client Service) (User: )Description: Error: Failed to poke open firewallError: (03/23/2014 00:40:13 PM) (Source: Steam Client Service) (User: )Description: Error: Failed to poke open firewallError: (03/23/2014 08:07:09 AM) (Source: Microsoft-Windows-CAPI2) (User: )Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Illegal operation attempted on a registry key that has been marked for deletion.Error: (03/23/2014 07:31:38 AM) (Source: Steam Client Service) (User: )Description: Error: Failed to poke open firewallSystem errors:=============Error: (03/24/2014 09:42:19 PM) (Source: Application Popup) (User: )Description: \SystemRoot\SysWow64\drivers\pfc.sysError: (03/24/2014 09:30:47 PM) (Source: Service Control Manager) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.Error: (03/24/2014 09:30:17 PM) (Source: Application Popup) (User: )Description: \??\C:\ComboFix\catchme.sysError: (03/24/2014 09:25:00 PM) (Source: Service Control Manager) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.Error: (03/24/2014 10:17:17 AM) (Source: Application Popup) (User: )Description: \SystemRoot\SysWow64\drivers\pfc.sysError: (03/24/2014 08:56:35 AM) (Source: Application Popup) (User: )Description: \SystemRoot\SysWow64\drivers\pfc.sysError: (03/23/2014 00:38:49 PM) (Source: Application Popup) (User: )Description: \SystemRoot\SysWow64\drivers\pfc.sysError: (03/23/2014 00:37:56 PM) (Source: DCOM) (User: LAPTOP)Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}Error: (03/23/2014 00:37:56 PM) (Source: DCOM) (User: LAPTOP)Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}Error: (03/23/2014 00:37:56 PM) (Source: DCOM) (User: LAPTOP)Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}Microsoft Office Sessions:=========================Error: (03/25/2014 07:53:52 AM) (Source: FSecure-FSecure-F-Secure DeepGuard)(User: )Description: 1 2014-03-25 07:53:52+01:00 LAPTOP SYSTEM F-Secure DeepGuard Application was blocked. This was determined to be a high-risk application by system control heuristics. Application path: \\?\c:\windows\mod_frst.exe File hash: 4bb423ae4bf7b46ba1cd43c521cf9314c03cf8c4Error: (03/25/2014 07:20:37 AM) (Source: Customer Experience Improvement Program)(User: )Description: 80070005Error: (03/25/2014 07:10:54 AM) (Source: Steam Client Service)(User: )Description: Failed to poke open firewallError: (03/24/2014 09:43:58 PM) (Source: Steam Client Service)(User: )Description: Failed to poke open firewallError: (03/24/2014 10:18:32 AM) (Source: Steam Client Service)(User: )Description: Failed to poke open firewallError: (03/24/2014 08:57:49 AM) (Source: Steam Client Service)(User: )Description: Failed to poke open firewallError: (03/24/2014 07:35:30 AM) (Source: Steam Client Service)(User: )Description: Failed to poke open firewallError: (03/23/2014 00:40:13 PM) (Source: Steam Client Service)(User: )Description: Failed to poke open firewallError: (03/23/2014 08:07:09 AM) (Source: Microsoft-Windows-CAPI2)(User: )Description: Illegal operation attempted on a registry key that has been marked for deletion.Error: (03/23/2014 07:31:38 AM) (Source: Steam Client Service)(User: )Description: Failed to poke open firewallCodeIntegrity Errors:=================================== Date: 2014-03-25 07:56:34.982 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system. Date: 2014-03-25 07:56:00.838 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system. Date: 2014-03-25 07:56:00.790 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system. Date: 2014-03-25 07:52:25.100 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system. Date: 2014-03-25 07:52:22.489 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system. Date: 2014-03-25 07:51:53.659 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system. Date: 2014-03-25 07:50:45.381 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system. Date: 2014-03-25 07:46:21.416 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system. Date: 2014-03-25 07:44:49.017 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system. Date: 2014-03-25 07:44:14.791 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.==================== Memory info ===========================Percentage of memory in use: 32%Total physical RAM: 6036.27 MBAvailable physical RAM: 4072.65 MBTotal Pagefile: 7124.27 MBAvailable Pagefile: 4931.28 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.78 MB==================== Drives ================================Drive c: () (Fixed) (Total:910.64 GB) (Free:803.73 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (RECOVERY) (Fixed) (Total:20.11 GB) (Free:2.49 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive e: (CIV4BTS_303) (CDROM) (Total:0.65 GB) (Free:0 GB) CDFS==================== MBR & Partition Table ==========================================================================Disk: 0 (Size: 932 GB) (Disk ID: 2D842E40)Partition: GPT Partition Type.==================== End Of Log ============================ Link to post Share on other sites More sharing options...
captainslow Posted March 25, 2014 Author ID:807717 Share Posted March 25, 2014 Should, in addition, mention that Rapport has picked up some suspicious activity on my bank ip address since the possible infection, which worries me.... Link to post Share on other sites More sharing options...
kevinf80 Posted March 25, 2014 ID:807752 Share Posted March 25, 2014 I see you have used Combofix, can you post that log please.. Will be here :- C:\Combofix.txt Next, 1.Download Malwarebytes Anti-Rootkit from this link: http://www.malwarebytes.org/products/mbar/ 2. Unzip the File to a convenient location. (Recommend the Desktop)3. Open the folder where the contents were unzipped to run mbar.exe 4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image: 5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.) 6. The following image opens, select Next. 7. The following image opens, select Update 8. When the update completes select Next. 9. In the following window ensure "Targets" are ticked. Then select "Scan" 10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed. 11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process.12. If no threats were found you will see the following image, Select Exit: 13. Verify that your system is now running normally, making sure that the following items are functional: Internet access Windows Update Windows Firewall 14. If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder. 15. Select "Y" from your Keyboard, tap Enter. 16. The fix will be applied, select any key to Exit. 17. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder: System - logMbar - log Date and time of scan will also be shown Thanks, Kevin... Link to post Share on other sites More sharing options...
captainslow Posted March 25, 2014 Author ID:807888 Share Posted March 25, 2014 Hello,Combo fix (from yesterday)ComboFix 14-03-24.01 - John 24/03/2014 21:08:44.1.4 - x64Microsoft Windows 8 6.2.9200.0.1252.44.2057.18.6036.4225 [GMT 0:00]Running from: c:\users\John\Downloads\ComboFix.exeAV: Computer Security *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Computer Security *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\John\AppData\Roaming\Microsoft\Windows\Recent\Thumbs.db..((((((((((((((((((((((((( Files Created from 2014-02-24 to 2014-03-24 )))))))))))))))))))))))))))))))..2014-03-24 09:56 . 2014-03-24 10:16 -------- d-----w- C:\AdwCleaner2014-03-24 09:13 . 2014-03-24 09:13 -------- d-----w- c:\users\John\AppData\Local\Mozilla2014-03-24 09:13 . 2014-03-24 09:13 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service2014-03-24 08:57 . 2014-03-24 08:57 -------- d-----w- c:\windows\ServiceProfiles\LocalService\winhttp2014-03-24 07:53 . 2014-03-24 07:53 -------- d-----w- c:\program files\CCleaner2014-03-22 21:56 . 2014-03-22 21:56 12872 ----a-w- c:\windows\system32\bootdelete.exe2014-03-22 17:15 . 2014-03-22 17:15 -------- d-----w- c:\programdata\GridinSoft2014-03-22 14:45 . 2014-03-22 14:45 -------- d-----w- c:\program files\Enigma Software Group2014-03-22 14:44 . 2014-03-22 15:38 -------- d-----w- c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP2014-03-22 14:44 . 2014-03-22 14:44 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard2014-03-15 10:27 . 2014-03-15 10:27 254640 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10236.bin2014-03-13 09:29 . 2014-02-08 04:34 4036608 ----a-w- c:\windows\system32\win32k.sys2014-03-13 09:29 . 2014-02-23 08:12 19273216 ----a-w- c:\windows\system32\mshtml.dll2014-03-13 09:27 . 2013-12-07 06:36 19751936 ----a-w- c:\windows\system32\shell32.dll2014-03-13 09:27 . 2014-02-05 23:41 595968 ----a-w- c:\windows\system32\qedit.dll2014-03-13 09:27 . 2014-02-05 23:37 496640 ----a-w- c:\windows\SysWow64\qedit.dll2014-03-13 09:27 . 2014-01-31 00:06 1628160 ----a-w- c:\windows\system32\WindowsCodecs.dll2014-03-13 09:27 . 2014-01-31 00:48 1339392 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll2014-03-11 21:22 . 2014-03-11 21:22 5777288 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe2014-03-01 12:49 . 2014-03-01 12:49 -------- d-----w- c:\users\John\AppData\Local\Skype2014-03-01 12:49 . 2014-03-01 12:49 -------- d-----w- c:\program files (x86)\Common Files\Skype2014-03-01 12:01 . 2014-03-01 12:01 -------- d-----w- c:\users\John\AppData\Local\Windows Live2014-02-27 20:35 . 2014-02-28 10:45 -------- d-----w- c:\users\John\AppData\Roaming\vlc2014-02-27 20:25 . 2014-02-27 20:25 -------- d-----w- c:\program files (x86)\VideoLAN...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-03-20 07:39 . 2013-01-12 17:18 90015360 ----a-w- c:\windows\system32\MRT.exe2014-03-19 21:27 . 2013-01-15 10:58 273592 ----a-w- c:\windows\system32\drivers\RapportHades64.sys2014-03-19 21:27 . 2013-01-15 10:58 316312 ----a-w- c:\windows\system32\drivers\RapportKE64.sys2014-03-04 22:52 . 2013-11-14 21:23 78304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-03-04 22:52 . 2013-11-14 21:23 694240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2014-01-12 23:30 . 2014-02-12 18:34 2032640 ----a-w- c:\windows\SysWow64\d3d10warp.dll2014-01-12 23:30 . 2014-02-12 18:34 2238976 ----a-w- c:\windows\system32\d3d10warp.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Steam"="c:\program files (x86)\Steam\Steam.exe" [2014-02-25 1821888]"EPLTarget\P0000000000000001"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIIME.EXE" [2012-11-02 283232]"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2013-10-31 449760]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-02-10 20922016].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-28 91432]"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2012-11-05 1343904]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]"F-Secure Hoster (44515)"="c:\program files (x86)\TalkTalk\Security\fshoster32.exe" [2012-11-26 183864]"F-Secure Manager"="c:\program files (x86)\TalkTalk\Security\apps\ComputerSecurity\Common\FSM32.EXE" [2012-10-18 310992]"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2011-10-31 1058400]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-09-07 581024].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIIME.EXE" [2012-11-02 283232].c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"EnableUIADesktopToggle"= 0 (0x0)"EnableCursorSuppression"= 1 (0x1)"ConsentPromptBehaviorUser"= 3 (0x3).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]@="".R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]R3 WSDScan;WSD Scan Support;c:\windows\System32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys;c:\windows\SYSNATIVE\Drivers\fsbts.sys [x]S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]S0 RapportHades64;RapportHades64;c:\windows\System32\Drivers\RapportHades64.sys;c:\windows\SYSNATIVE\Drivers\RapportHades64.sys [x]S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x]S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\TalkTalk\Security\apps\ComputerSecurity\HIPS\drivers\fshs.sys;c:\program files (x86)\TalkTalk\Security\apps\ComputerSecurity\HIPS\drivers\fshs.sys [x]S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys;c:\program files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [x]S1 RapportCerberus_59849;RapportCerberus_59849;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [x]S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]S2 fshoster;F-Secure Dll Hoster;c:\program files (x86)\TalkTalk\Security\fshoster32.exe;c:\program files (x86)\TalkTalk\Security\fshoster32.exe [x]S2 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\TalkTalk\Security\apps\CCF_Reputation\fsorsp.exe;c:\program files (x86)\TalkTalk\Security\apps\CCF_Reputation\fsorsp.exe [x]S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys;c:\program files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [x]S3 fsni;fsni;c:\program files (x86)\TalkTalk\Security\apps\CCF_Scanning\fsni64.sys;c:\program files (x86)\TalkTalk\Security\apps\CCF_Scanning\fsni64.sys [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]apphost REG_MULTI_SZ apphostsvciissvcs REG_MULTI_SZ w3svc was.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]2013-09-05 14:04 215416 ----a-w- c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll.Contents of the 'Scheduled Tasks' folder.2014-03-24 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-11 09:18].2014-03-24 c:\windows\Tasks\HPCeeScheduleForJohn.job- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-08 170304]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-08 398656]"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-08 440640]"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-07-22 1425408]"FAHConsole"="c:\program files\File Association Helper\FAHConsole.exe" [2013-09-26 216248]"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 2185032]"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-03-12 21720].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmTCP: DhcpNameServer = 192.168.1.1 192.168.1.1FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\vjg0qiq9.default-1395655567045\.- - - - ORPHANS REMOVED - - - -.HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exeAddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exeAddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXEAddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fshoster]"ImagePath"="\"c:\program files (x86)\TalkTalk\Security\fshoster32.exe\" -hosterid:0".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-1935344830-3333155245-2583117102-1001CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\G*e*n*i*e*"!\FM Genie Scout 10]"GameDir"="c:\\Users\\John\\Documents\\Sports Interactive\\Football Manager 2010\\games""ShortlistDir"="c:\\Users\\John\\Documents\\Sports Interactive\\Football Manager 2010\\shortlists""ScreenshotsDir"="c:\\Users\\John\\Documents\\Sports Interactive\\Football Manager 2010""SaveDir"="c:\\Users\\John\\Documents\\Sports Interactive\\Football Manager 2010\\""HistoryDir"="c:\\Users\\John\\Desktop\\FM Genie Scout 10\\History Points""LangDB"="c:\\Program Files (x86)\\Steam\\steamapps\\common\\Football Manager 2010\\data\\updates\\update-1030\\db\\1030\\lang_db.dat""LastSaveGame"="""Language"="English""LoadLangDB"=dword:00000001"CompressHistoryPoints"=dword:00000000"HighlightedAttributes"=dword:00000000"MinCondition"=dword:00000050"GraphStep"=dword:00000000"SkinName"="Steklo Black""LastUpdateCheck"=dword:0000a237"HighQualityGUI"=dword:00000001"AutomaticallyUpdateCheck"=dword:00000001"AdvancedGeneration"=dword:00000000"TranslateStaffSkills"=dword:00000001"TranslatePlayerSkills"=dword:00000001"TranslatePositions"=dword:00000001"ShowHistory"=dword:00000001"Version"=dword:00000074"UniqueID"="E7-A2B0-ECDF""Currency"=dword:00000056"UseProxy"=dword:00000000"ProxyHost"="""ProxyPort"="""UseAuthentication"=dword:00000000"UserName"="""UserPassword"="".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]@Denied: (A 2) (Everyone)@="IFlashBroker3".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]@="{6EF568F4-D437-4466-AA63-A3645136D93E}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]@Denied: (A 2) (Everyone)@="IFlashBroker".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]@="{6EF568F4-D437-4466-AA63-A3645136D93E}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]@Denied: (A 2) (Everyone)@="IFlashBroker2".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]@="{6EF568F4-D437-4466-AA63-A3645136D93E}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\F-Secure\My Services Agent\Protected]@Denied: ) (Everyone)"AgentIdentifier"="95dd369f-d924-40fc-b740-3bb3a9f5dc99""AuthorizationCode"="""44515_AgentIdentifier"="95dd369f-d924-40fc-b740-3bb3a9f5dc99".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone)@SACL=(02 0000).Completion time: 2014-03-24 21:33:08ComboFix-quarantined-files.txt 2014-03-24 21:33.Pre-Run: 855,217,975,296 bytes freePost-Run: 855,269,617,664 bytes free.- - End Of File - - DC471C5FD656D5B5E3E7A16AFC0B4C10system log---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1009© Malwarebytes Corporation 2011-2012OS version: 6.2.9200 Windows 8 x64Account is AdministrativeInternet Explorer version: 10.0.9200.16843File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXEDCPU speed: 2.494000 GHzMemory total: 6329487360, free: 4468797440Downloaded database version: v2014.03.25.04Downloaded database version: v2014.03.18.01=======================================Initializing...------------ Kernel report ------------ 03/25/2014 14:48:16------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kd.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\System32\drivers\CLFS.SYS\SystemRoot\System32\drivers\tm.sys\SystemRoot\system32\PSHED.dll\SystemRoot\system32\BOOTVID.dll\SystemRoot\system32\CI.dll\SystemRoot\System32\drivers\msrpc.sys\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\System32\Drivers\acpiex.sys\SystemRoot\System32\Drivers\WppRecorder.sys\SystemRoot\System32\drivers\ACPI.sys\SystemRoot\System32\drivers\WMILIB.SYS\SystemRoot\System32\drivers\msisadrv.sys\SystemRoot\System32\drivers\pci.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\system32\drivers\tpm.sys\SystemRoot\System32\drivers\vdrvroot.sys\SystemRoot\system32\drivers\pdc.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\System32\drivers\spaceport.sys\SystemRoot\System32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\System32\drivers\iaStorA.sys\SystemRoot\System32\drivers\storport.sys\SystemRoot\System32\drivers\EhStorClass.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\System32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\DRIVERS\wfplwfs.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\hpdskflt.sys\SystemRoot\System32\drivers\wd.sys\SystemRoot\System32\drivers\volsnap.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\RapportKE64.sys\SystemRoot\System32\Drivers\RapportHades64.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\system32\Drivers\fsbts.sys\SystemRoot\System32\drivers\disk.sys\SystemRoot\System32\drivers\CLASSPNP.SYS\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\drivers\cdrom.sys\??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys\??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\BasicRender.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\System32\drivers\BasicDisplay.sys\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\drivers\ws2ifsl.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\DRIVERS\wanarp.sys\??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\System32\drivers\npsvctrig.sys\SystemRoot\System32\drivers\mssmbios.sys\??\C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys\??\C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\HIPS\drivers\fshs.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\System32\drivers\CompositeBus.sys\SystemRoot\system32\DRIVERS\kdnic.sys\SystemRoot\System32\drivers\umbus.sys\SystemRoot\System32\drivers\CmBatt.sys\SystemRoot\System32\drivers\BATTC.SYS\SystemRoot\system32\DRIVERS\igdkmd64.sys\SystemRoot\System32\drivers\USBXHCI.SYS\SystemRoot\System32\drivers\ucx01000.sys\SystemRoot\System32\drivers\HECIx64.sys\SystemRoot\System32\drivers\usbehci.sys\SystemRoot\System32\drivers\USBPORT.SYS\SystemRoot\System32\drivers\HDAudBus.sys\SystemRoot\system32\DRIVERS\netr28x.sys\SystemRoot\System32\Drivers\fastfat.SYS\SystemRoot\System32\drivers\vwifibus.sys\SystemRoot\system32\DRIVERS\Rt630x64.sys\SystemRoot\System32\drivers\i8042prt.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\System32\drivers\kbdclass.sys\SystemRoot\System32\drivers\mouclass.sys\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys\SystemRoot\system32\DRIVERS\Accelerometer.sys\SystemRoot\System32\drivers\WirelessButtonDriver64.sys\SystemRoot\System32\drivers\HIDCLASS.SYS\SystemRoot\System32\drivers\HIDPARSE.SYS\SystemRoot\System32\drivers\wmiacpi.sys\SystemRoot\System32\drivers\intelppm.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\System32\drivers\swenum.sys\SystemRoot\System32\drivers\ks.sys\SystemRoot\System32\drivers\rdpbus.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\System32\drivers\usbhub.sys\SystemRoot\System32\drivers\UsbHub3.sys\SystemRoot\system32\DRIVERS\stwrt64.sys\SystemRoot\system32\DRIVERS\portcls.sys\SystemRoot\system32\DRIVERS\drmk.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\DRIVERS\IntcDAud.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\drivers\monitor.sys\SystemRoot\System32\drivers\usbccgp.sys\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\system32\DRIVERS\cdfs.sys\SystemRoot\System32\Drivers\dump_diskdump.sys\SystemRoot\System32\Drivers\dump_iaStorA.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\system32\drivers\luafv.sys\??\C:\Windows\system32\drivers\mbam.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\vwifimp.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\system32\drivers\Ndu.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\System32\drivers\condrv.sys\??\C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys\??\C:\Program Files (x86)\TalkTalk\Security\apps\CCF_Scanning\fsni64.sys\SystemRoot\System32\drivers\rdpvideominiport.sys\SystemRoot\System32\cdd.dll\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa80071fb060Upper Device Driver Name: \Driver\disk\Lower Device Name: \Device\00000040\Lower Device Object: 0xfffffa800655d400Lower Device Driver Name: \Driver\iaStorA\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa80071fb060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\--------- Disk Stack ------DevicePointer: 0xfffffa80071fbb10, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa80071fb060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\DevicePointer: 0xfffffa8007138950, DeviceName: Unknown, DriverName: \Driver\hpdskflt\DevicePointer: 0xfffffa800655d400, DeviceName: \Device\00000040\, DriverName: \Driver\iaStorA\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesRead File: File "C:\Windows\System32\Drivers\vwifibus.sys" is compressed (flags = 1)Read File: File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)Done!Drive 0Scanning MBR on drive 0...Inspecting partition table:This drive is a GPT Drive.MBR Signature: 55AADisk Signature: 2D842E40GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 1953525167 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 2316418003 GPT Header CurrentLba = 1 BackupLba 1953525167 GPT Header FirstUsableLba 34 LastUsableLba 1953525134 GPT Header Guid 8974fe1f-f013-4fd4-9231-2e03b224ed9 GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 2316418003 Backup GPT header CurrentLba = 1953525167 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 1953525134 Backup GPT header Guid 8974fe1f-f013-4fd4-9231-2e03b224ed9 Backup GPT header Contains 128 partition entries starting at LBA 1953525135 Backup GPT header Partition entry size = 128 Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID 14a2ec7a-314a-4bda-86ad-fbec98e9628a FirstLBA 2048 Last LBA 821247 Attributes 1 Partition Name Basic data partition Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b Partition ID bf254a3e-4074-44ca-878b-891710bcf732 FirstLBA 821248 Last LBA 1353727 Attributes 0 Partition Name EFI system partition GPT Partition 1 is bootable Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae Partition ID a2ec2995-d31f-4f2d-93f2-d1d7e090a3e7 FirstLBA 1353728 Last LBA 1615871 Attributes 0 Partition Name Microsoft reserved partition Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID 464fc413-fef9-44b9-8848-6250aed889e7 FirstLBA 1615872 Last LBA 1911357439 Attributes 0 Partition Name Basic data partition Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID 99e3b03f-eb2-4e73-ae3c-54ef59c5dcfa FirstLBA 1911357440 Last LBA 1953523711 Attributes 1 Partition Name Basic data partitionDisk Size: 1000204886016 bytesSector size: 512 bytesDone!Scan finished=======================================Removal queue found; removal startedRemoving C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...Removal finishedmbar logMalwarebytes Anti-Rootkit BETA 1.07.0.1009www.malwarebytes.orgDatabase version: v2014.03.25.04Windows 8 x64 NTFSInternet Explorer 10.0.9200.16843John :: LAPTOP [administrator]25/03/2014 14:48:19mbar-log-2014-03-25 (14-48-19).txtScan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled:Objects scanned: 247412Time elapsed: 27 minute(s), 17 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)Physical Sectors Detected: 0(No malicious items detected)(end)Thanks Link to post Share on other sites More sharing options...
captainslow Posted March 25, 2014 Author ID:807907 Share Posted March 25, 2014 System seems fine btw, no probs with internet, firewall, or updater after anti rootkit. Thanks Link to post Share on other sites More sharing options...
captainslow Posted March 25, 2014 Author ID:808005 Share Posted March 25, 2014 Still getting the popup though.... Link to post Share on other sites More sharing options...
kevinf80 Posted March 25, 2014 ID:808172 Share Posted March 25, 2014 Download Zoek.zip from here http://www.hijackthis.nl/smeenk/220813/zoek.zip and save the zip file to your Desktop. Double click zip file and extract to your Desktop: you will now have 3 versions of the tool on the Desktop: http://i121.photobucket.com/albums/o239/kevinf80/Zoek%20Scanner/Capture.png[/img] Before running Zoek make sure all Browsers are closed and Security is turned OFF. Check at the following link: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/] Double click on each in turn until one version of Zoek will run (accept UAC) The following window will open: Copy and paste the following script from the code box and paste into the field. standardsearch;autoruns;autoclean;emptyclsid;emptyalltemp;installedprogs;firefoxlook; Chromelook; Select the "Run Script" tab. The following window will open: Please be patient and do not use the PC when the scan is in progress. When complete you maybe asked to re-boot your PC, if so please do Post the produced log in your next reply….. Link to post Share on other sites More sharing options...
captainslow Posted March 26, 2014 Author ID:808423 Share Posted March 26, 2014 Hello,I will post the log in 2 messages, as it says 'post is too long':Zoek.exe v5.0.0.0 Updated 07-March-2014Tool run by John on 26/03/2014 at 9:25:12.01.Microsoft Windows 8 6.2.9200 x64Running in: Normal Mode Internet Access DetectedLaunched: C:\Users\John\Desktop\zoek\zoek.com [scan all users] [script inserted]==== System Restore Info ======================26/03/2014 09:27:02 Zoek.exe System Restore Point Created Succesfully.==== Deleting CLSID Registry Keys ======================HKEY_USERS\S-1-5-21-1935344830-3333155245-2583117102-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} deleted successfullyHKEY_USERS\S-1-5-21-1935344830-3333155245-2583117102-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} deleted successfullyHKEY_CLASSES_ROOT\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} deleted successfully==== Deleting CLSID Registry Values ======================HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfullyHKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62} deleted successfullyHKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{BBDA0591-3099-440a-AA10-41764D9DB4DB} deleted successfully==== Installed Programs ======================7 Wonders II ABBYY FineReader 9.0 Sprint Adobe Audition 1.5 Adobe Flash Player 12 Plugin Adobe Reader XI (11.0.06) Adobe Shockwave Player 12.1 Aloha TriPeaks Assassin's Creed Brotherhood Assassin's Creed II Assassin's Creed Revelations Bejeweled 3 Bonjour Build-a-lot 4 - Power Source Canon Easy-WebPrint EX Canon MP Navigator EX 3.0 Canon MP250 series MP Drivers Canon MP250 series User Registration Canon Utilities Easy-PhotoPrint EX Canon Utilities My Printer Canon Utilities Solution Menu CCleaner Chuzzle Deluxe Computer Security 12.71.102.0 (release) Connected Music powered by Universal Music Group version 1.0 Cradle of Rome 2 Crazy Chicken Soccer CyberLink LabelPrint CyberLink Media Suite 10 CyberLink PhotoDirector CyberLink PowerDirector 10 CyberLink PowerDVD CyberLink YouCam D3DX10 Download Navigator Energy Star Epson Easy Photo Print 2 Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) Epson Event Manager EPSON Scan EPSON XP-202 203 206 Series Printer Uninstall EpsonNet Print Europa Universalis III F-Secure CCF Reputation F-Secure CCF Scanning 1.23.124.8831 (release) F-Secure Network CCF 1.02.126 Farm Frenzy File Association Helper Final Drive Fury Football Manager 2010 Governor of Poker 2 Premium Edition Hewlett-Packard ACLM.NET v1.2.1.1 HitmanPro 3.7 HP 3D DriveGuard HP Connected Music (Meridian - installer) HP CoolSense HP Customer Experience Enhancements HP Documentation HP Games HP Postscript Converter HP Quick Launch HP Recovery Manager HP Registration Service HP Software Framework HP Support Assistant HP Utility Center HP Wireless Button Driver IDT Audio Intel® Management Engine Components Intel® Processor Graphics Intel® SDK for OpenCL - CPU Only Runtime Package Intel© Trusted Connect Service Client Java 7 Update 51 Java Auto Updater Jewel Match 3 Jewel Quest II Jewel Quest Solitaire 2 Mahjongg Artifacts Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft Application Error Reporting Microsoft Office Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Word 2002 Microsoft Works Microsoft Works 2005 Setup Launcher Microsoft Works Suite Add-in for Microsoft Word More Games from WildTangent Games Mozilla Firefox 28.0 (x86 en-US) Mozilla Maintenance Service MSVCRT Mystery of Mortlake Mansion Network Guide EPSON XP-202 203 206 Series Online Safety 2.71.927.655 Polar Bowler Power2Go Ralink RT5390R 802.11bgn Wi-Fi Adapter Ranch Rush 2 - Premium Edition Rapport Realtek Ethernet Controller Driver Realtek PCIE Card Reader Shockwave Shockwave Director 8.0 Shockwave Flash Sid Meier's Civilization 4 - Beyond the Sword Sid Meier's Civilization 4 Sid Meier's Civilization V Sid Meier's Civilization V SDK SkypeT 6.14 Sony PC Companion 2.10.197 Steam Super Safe Boost swMSM Synaptics Pointing Device Driver Trinklit Supreme Tropico 3 1.02 Trusteer Endpoint Protection Ubisoft Game Launcher Update Installer for WildTangent Games App User's Guide EPSON XP-202 203 206 Series Virtual Families VLC media player 2.1.3 Wedding Dash Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Language Selector Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Works Upgrade Zuma's Revenge ==== Running Processes ======================C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exeC:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exeC:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exeC:\Program Files (x86)\TalkTalk\Security\fshoster32.exeC:\Program Files (x86)\TalkTalk\Security\apps\CCF_Reputation\fsorsp.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exeC:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\FSGK32.EXEC:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exeC:\Windows\SysWOW64\PnkBstrA.exeC:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Common\FSMA32.EXEC:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\fssm32.exeC:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exeC:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exeC:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exeC:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exeC:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exeC:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exeC:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exeC:\Program Files (x86)\TalkTalk\Security\fshoster32.exeC:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exeC:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXEC:\Program Files (x86)\Microsoft Works\WkDStore.exeC:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Common\FSLAUNCH.EXEC:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe==== Deleting Services ========================== Deleting Files \ Folders ======================C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deletedC:\Users\John\ia_remove.sh1104.tmp deletedC:\Users\John\ia_remove.sh1491.tmp deletedC:\Users\John\ia_remove.sh4674.tmp deletedC:\Users\John\ia_remove.sh7167.tmp deletedC:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted==== System Specs ======================Windows: Windows Version 6.2 (Build 9200)Memory (RAM): 6037 MBCPU Info: Intel® Core i5-3210M CPU @ 2.50GHzCPU Speed: 2521.2 MHzSound Card: Speakers and Headphones (IDT Hi |Display Adapters: Intel® HD Graphics 4000 | Intel® HD Graphics 4000 | Intel® HD Graphics 4000Monitors: 1x; Generic PnP Monitor |Screen Resolution: 1366 X 768 - 32 bitNetwork: Network PresentNetwork Adapters: Microsoft Wi-Fi Direct Virtual Adapter | Ralink RT5390R 802.11bgn Wi-Fi Adapter | Realtek PCIe FE Family ControllerCD / DVD Drives: 1x (E: | ) E: hp DVD-RAM UJ8D1Ports: COM Ports NOT Present. LPT Port NOT Present.Mouse: 5 Button Wheel Mouse PresentHard Disks: C: 910.6GB | D: 20.1GBHard Disks - Free: C: 803.2GB | D: 2.5GBManufacturer *: InsydeBIOS Info: AT/AT COMPATIBLE | | HPQOEM - 1Time Zone: GMT Standard TimeMotherboard *: Hewlett-Packard 183FCountry: United KingdomLanguage: ENG==== System Specs (Software) ======================Anti-Virus: Computer Security On-access scanning disabled (Outdated)Anti-Virus: Windows Defender On-access scanning disabled (Outdated)Anti-Spyware: Computer Security disabled (Outdated)Anti-Spyware: Windows Defender disabled (Outdated)Default Browser: Firefox 28.0Internet Explorer Version: 10.0.9200.16843Mozilla Firefox version: 28.0 (x86 en-US)Adobe Reader version: 11.0.06.70Sun Java version: 1.7.0_51 (32-bit)Flash Player version: 12.0.0.77Shockwave Player version: 12.1r150==== Files Recently Created / Modified ============================ C:\Windows ====2014-03-24 21:07:00 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe2014-03-24 21:07:00 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe2014-03-24 21:07:00 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe2014-03-24 21:07:00 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe2014-03-24 21:07:00 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe====== C:\Users\John\AppData\Local\Temp ====2014-03-25 12:13:50 53D4253E1E2BA2974C0EE16A659ED296 20270608 ----a-w- C:\Users\John\AppData\Local\temp\Sony\Sony PC Companion\AutoUpdate\Sony PC Companion_2.10.197_NetStorage.exe====== Java Cache =====2014-03-23 07:25:18 04673311002E12BCE8560B2BABB3F230 34 ----a-w- C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\splash\splash.xml====== C:\Windows\SysWOW64 =====2014-03-13 09:28:59 9F378D86F983E84A0212678C1D18D7FC 14358016 ----a-w- C:\Windows\SysWOW64\mshtml.dll2014-03-13 09:28:48 67B5955F5F2F36D58993EB87101B3D2B 13761024 ----a-w- C:\Windows\SysWOW64\ieframe.dll2014-03-13 09:28:46 D7B1721B587698D495079B28758F13B3 1140736 ----a-w- C:\Windows\SysWOW64\urlmon.dll2014-03-13 09:28:46 9284BA6C27D360D71A5C0ECC8456E78E 1767936 ----a-w- C:\Windows\SysWOW64\wininet.dll2014-03-13 09:28:45 BE2E9A1E68FB4EC3603037DEFEE54ACE 109056 ----a-w- C:\Windows\SysWOW64\iesysprep.dll2014-03-13 09:28:45 24E07A483C6FA35F91E9D2F84495819E 2049024 ----a-w- C:\Windows\SysWOW64\iertutil.dll2014-03-13 09:28:44 803063FFA8F118D8F4CB9161F02B7B84 493056 ----a-w- C:\Windows\SysWOW64\msfeeds.dll2014-03-13 09:28:44 3F2FD720B6C4EF55B25B330808121069 2877952 ----a-w- C:\Windows\SysWOW64\jscript9.dll2014-03-13 09:28:43 CAF4F8373A49BF979F2F296966E7E2A0 690688 ----a-w- C:\Windows\SysWOW64\jscript.dll2014-03-13 09:28:42 0F3B6590824D9C61B107A4134BB13A2F 163840 ----a-w- C:\Windows\SysWOW64\msrating.dll2014-03-13 09:28:41 B22641984AFD3D4B7D7478761C32FBCD 44032 ----a-w- C:\Windows\SysWOW64\UXInit.dll2014-03-13 09:28:41 006345E0F3F4C34CFFDA6CE0DB59E2F6 33280 ----a-w- C:\Windows\SysWOW64\iernonce.dll2014-03-13 09:28:40 CA0398A7BEB5DB12594EF4ABDB078A5D 39936 ----a-w- C:\Windows\SysWOW64\jsproxy.dll2014-03-13 09:28:40 ABB14EEA787B326975C53E7ED05B91F6 61440 ----a-w- C:\Windows\SysWOW64\iesetup.dll2014-03-13 09:28:40 640DE326C818DEAA57C11F97A4E20BCC 534528 ----a-w- C:\Windows\SysWOW64\uxtheme.dll2014-03-13 09:28:38 03430E5004CFEBAE4BC8C47A366F869A 2706432 ----a-w- C:\Windows\SysWOW64\mshtml.tlb2014-03-13 09:27:35 2B529B7B7109BE07A9156B198F812E21 17560576 ----a-w- C:\Windows\SysWOW64\shell32.dll2014-03-13 09:27:13 82EABFF4B896E5D3CD5F51E38E23B56B 496640 ----a-w- C:\Windows\SysWOW64\qedit.dll2014-03-13 09:27:08 7E25073A2E14B0628F9325859F8D7D48 1339392 ----a-w- C:\Windows\SysWOW64\WindowsCodecs.dll====== C:\Windows\SysWOW64\drivers =========== C:\Windows\Sysnative =====2014-03-22 21:56:56 5614386D4CFDF9E56F355C45BEEBC976 12872 ----a-w- C:\Windows\Sysnative\bootdelete.exe2014-03-15 16:59:40 397B448E57B24C5AF9178D07EB0DD662 360968 ----a-w- C:\Windows\Sysnative\FNTCACHE.DAT2014-03-13 09:29:56 126D6B3B7E8339A2537C4E1FEFA454A7 4036608 ----a-w- C:\Windows\Sysnative\win32k.sys2014-03-13 09:29:12 87478BFD51053034E45AAB2740285AF1 19273216 ----a-w- C:\Windows\Sysnative\mshtml.dll2014-03-13 09:28:53 EC8AE061C8F2134B9BD89634C156F425 15404032 ----a-w- C:\Windows\Sysnative\ieframe.dll2014-03-13 09:28:47 8D06EB11925D312D276C672CF5E8EE9C 2648576 ----a-w- C:\Windows\Sysnative\iertutil.dll2014-03-13 09:28:46 7D3FD710460FC0155C0F6A877AE46A48 1365504 ----a-w- C:\Windows\Sysnative\urlmon.dll2014-03-13 09:28:46 1CF15F7C401B901AC21C0F9D5D302C23 915968 ----a-w- C:\Windows\Sysnative\uxtheme.dll2014-03-13 09:28:45 79EDF01FA13D886F8E1B655D542011FB 2241536 ----a-w- C:\Windows\Sysnative\wininet.dll2014-03-13 09:28:45 10322D8C1BC36CA7EAA5C754A54045F8 136704 ----a-w- C:\Windows\Sysnative\iesysprep.dll2014-03-13 09:28:44 5EA008B3EEEC19ED0AB6A5345C811499 3960320 ----a-w- C:\Windows\Sysnative\jscript9.dll2014-03-13 09:28:43 2BFCEB6DC571E3277927D2E7C051C922 603136 ----a-w- C:\Windows\Sysnative\msfeeds.dll2014-03-13 09:28:42 EB9402ABE2A48993A829964FA55625CC 51712 ----a-w- C:\Windows\Sysnative\ie4uinit.exe2014-03-13 09:28:42 97FE0CAE98FCCAF5BB97681F38A01CEC 197120 ----a-w- C:\Windows\Sysnative\msrating.dll2014-03-13 09:28:42 3D08744AD10BF721361214D88462F094 855552 ----a-w- C:\Windows\Sysnative\jscript.dll2014-03-13 09:28:41 BE16B6EA1F7549DFB458CC200F4978FD 53760 ----a-w- C:\Windows\Sysnative\UXInit.dll2014-03-13 09:28:41 A2D58DB0C1C9C0BBCF10F59855D460BD 39936 ----a-w- C:\Windows\Sysnative\iernonce.dll2014-03-13 09:28:40 D12B64D097BF978D52720593D492674D 67072 ----a-w- C:\Windows\Sysnative\iesetup.dll2014-03-13 09:28:40 C8F4FB5B401942E6E25D3D2360B47C86 53760 ----a-w- C:\Windows\Sysnative\jsproxy.dll2014-03-13 09:28:36 E230D5CD7249CF451A9B345A1353C59A 2706432 ----a-w- C:\Windows\Sysnative\mshtml.tlb2014-03-13 09:27:55 2AFD6F0E07EDE3E7B31C3EE2DA6C403C 19751936 ----a-w- C:\Windows\Sysnative\shell32.dll2014-03-13 09:27:13 220FC13B64A483A8B0ED2E3758CFAA56 595968 ----a-w- C:\Windows\Sysnative\qedit.dll2014-03-13 09:27:10 D27626A720F5A62CC163B82596E96DE9 1628160 ----a-w- C:\Windows\Sysnative\WindowsCodecs.dll====== C:\Windows\Sysnative\drivers =====2014-03-25 14:44:51 CD51E1D0D638F1E07A6EDC98CD7F5DDA 91352 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys2014-03-13 09:30:04 CEBD9CDAADA11FAECCA82E4C06BCDD8E 248240 ----a-w- C:\Windows\Sysnative\drivers\WdFilter.sys2014-03-13 09:30:04 07D19A55CD27B330534D2DDEA60D5FC6 35856 ----a-w- C:\Windows\Sysnative\drivers\WdBoot.sys====== C:\Windows\Tasks ======2014-03-26 09:23:56 94B0A177AAEBB11444F7CA096927FB92 3130 ----a-w- C:\Windows\Sysnative\Tasks\{5638B9E7-A3B6-4481-BE5C-6DFCEB5ED30E}====== C:\Windows\Temp ============= C:\Program Files =====2014-03-22 14:45:23 -------- d-----w- C:\Program Files\Enigma Software Group======= C:\PROGRA~2 =====2014-03-24 09:13:17 -------- d-----w- C:\PROGRA~2\Mozilla Maintenance Service2014-03-22 14:44:30 -------- d-----w- C:\PROGRA~2\COMMON~1\Wise Installation Wizard2014-03-01 12:49:25 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype2014-02-27 20:25:17 -------- d-----w- C:\PROGRA~2\VideoLAN======= C: =====2014-03-22 14:45:55 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat====== C:\Users\John\AppData\Roaming ======2014-03-24 21:33:10 -------- d-----w- C:\Users\Public\AppData\Local\temp2014-03-24 21:33:10 -------- d-----w- C:\Users\John\AppData\Local\temp2014-03-24 21:33:10 -------- d-----w- C:\Users\Default\AppData\Local\temp2014-03-24 21:33:10 -------- d-----w- C:\Users\Default User\AppData\Local\temp2014-03-24 20:32:55 45A5F456D034239FA3FEE9808FBB1B9D 30 ----a-w- C:\Users\John\AppData\Roaming\mbam.context.scan2014-03-24 09:13:25 -------- d-----w- C:\Users\John\AppData\Roaming\Mozilla2014-03-24 09:13:25 -------- d-----w- C:\Users\John\AppData\Local\Mozilla2014-03-01 12:49:39 -------- d-----w- C:\Users\John\AppData\Local\Skype2014-03-01 12:01:36 -------- d-----w- C:\Users\John\AppData\Local\Windows Live2014-02-27 20:35:50 -------- d-----w- C:\Users\John\AppData\Roaming\vlc====== C:\Users\John ======2014-03-25 14:44:19 99D69C3E87FE1556B76886F778480E2D 12589848 ----a-w- C:\Users\John\Downloads\mbar-1.07.0.1009(1).exe2014-03-25 09:52:07 DF06DC5837316EA78746E3F790A950ED 1950720 ----a-w- C:\Users\John\Downloads\AdwCleaner.exe2014-03-25 07:43:22 6655936E40C43120145A11547734F01F 2157056 ----a-w- C:\Users\John\Downloads\FRST64.exe2014-03-24 21:33:10 -------- d-----w- C:\Users\Public\AppData2014-03-24 20:56:17 99D69C3E87FE1556B76886F778480E2D 12589848 ----a-w- C:\Users\John\Downloads\mbar-1.07.0.1009.exe2014-03-24 09:32:06 B55D431B5EEC32FF6E7B7111DABD5711 4134240 ----a-w- C:\Users\John\Downloads\tdsskillertest.exe2014-03-24 09:13:17 -------- d-----w- C:\ProgramData\Mozilla2014-03-24 08:57:08 -------- d-----w- C:\Windows\serviceprofiles\Localservice\winhttp2014-03-24 08:34:06 519A940A2CDAADE35F1EC164CB81DD82 1038974 ----a-w- C:\Users\John\Downloads\JRT.exe2014-03-24 07:51:59 C8F069A68D57DA55102D58CFE24C0D72 4765152 ----a-w- C:\Users\John\Downloads\ccsetup411.exe2014-03-22 21:45:09 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro2014-03-22 21:43:42 6F4788FFB65599DB10D7B527A9619B3A 10820032 ----a-w- C:\Users\John\Downloads\HitmanPro_x64.exe2014-03-22 21:42:28 283CCAEB29C5B49D28EE3B0A2256223A 9988304 ----a-w- C:\Users\John\Downloads\HitmanPro.exe2014-03-22 17:15:01 -------- d-----w- C:\ProgramData\GridinSoft2014-03-01 12:49:26 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype2014-02-27 20:25:51 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN====== C: exe-files ==2014-03-25 12:14:27 6E0105823B4FE91632C9DA8314418417 655536 ----a-w- C:\Program Files (x86)\InstallShield Installation Information\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}\setup.exe2014-03-24 09:13:17 AEE4E9CC59CDEB55B1ECB0E596E796BE 119408 ----a-w- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe2014-03-24 09:13:17 13EFFCD1B16F980CE675DAB4350BEF11 106212 ----a-w- C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe2014-03-22 21:45:09 6F4788FFB65599DB10D7B527A9619B3A 10820032 ----a-w- C:\Program Files\HitmanPro\HitmanPro.exe=== C: other files ==2014-03-25 14:44:51 CD51E1D0D638F1E07A6EDC98CD7F5DDA 91352 ----a-w- C:\Windows\System32\Drivers\mbamchameleon.sys2014-03-22 14:45:55 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\autoexec.bat2014-03-19 21:27:58 A69947307E331E8E37F34AC40E0146F7 108 ----a-w- C:\Program Files (x86)\Trusteer\Rapport\global.zip2014-03-19 21:27:40 EBA3D20E285D7461C2177AD2E64DA7EF 282712 ----a-w- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys2014-03-19 21:27:40 E36D2CEC679CEDC1A298C36BCDAF8E23 397848 ----a-w- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys2014-03-19 21:27:40 7252FEA79A5EE99C6F7A432090978852 316312 ----a-w- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportKE64.sys2014-03-19 21:27:40 6F8512C8B25445860A07B5103394FB3D 273592 ----a-w- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportHades64.sys==== Startup Registry Enabled ======================[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"EPLTarget\P0000000000000000"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIME.EXE /EPT EPLTarget\P0000000000000000 /M XP-202 203 206 Series"[HKEY_USERS\S-1-5-21-1935344830-3333155245-2583117102-1001\Software\Microsoft\Windows\CurrentVersion\Run]"Steam"="C:\Program Files (x86)\Steam\Steam.exe -silent""EPLTarget\P0000000000000001"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIME.EXE /EPT EPLTarget\P0000000000000001 /M XP-202 203 206 Series""Sony PC Companion"="C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe /Background""Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]"EPLTarget\P0000000000000000"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIME.EXE /EPT EPLTarget\P0000000000000000 /M XP-202 203 206 Series"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe""HP CoolSense"="C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey""Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe""F-Secure Hoster (44515)"="C:\Program Files (x86)\TalkTalk\Security\fshoster32.exe -app -hosterid:1""F-Secure Manager"="C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Common\FSM32.EXE /splash""EEventManager"="C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe""SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe""HP Quick Launch"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe"[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"Steam"="C:\Program Files (x86)\Steam\Steam.exe -silent""EPLTarget\P0000000000000001"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIME.EXE /EPT EPLTarget\P0000000000000001 /M XP-202 203 206 Series""Sony PC Companion"="C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe /Background""Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"==== Startup Registry Enabled x64 ======================[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="C:\Windows\system32\igfxtray.exe""HotKeysCmds"="C:\Windows\system32\hkcmd.exe""Persistence"="C:\Windows\system32\igfxpers.exe""FAHConsole"="C:\Program Files\File Association Helper\FAHConsole.exe""CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon""CanonSolutionMenu"="C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon""SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe""SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update"==== Startup Folders ======================2013-01-16 19:03:04 1999 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk==== Task Scheduler Jobs ======================C:\Windows\tasks\Adobe Flash Player Updater.job --a-------- [undetermined Task]C:\Windows\tasks\HPCeeScheduleForJohn.job --a-------- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [13/09/2010 21:15]==== Other Scheduled Tasks ======================"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]"C:\Windows\SysNative\tasks\HPCeeScheduleForJohn" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]"C:\Windows\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe]"C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe"]"C:\Windows\SysNative\tasks\Synaptics TouchPad Enhancements" [\Program Files\Synaptics\SynTP\SynTPEnh.exe]"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]"C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe]"C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe]==== Firefox Extensions ======================AppDir: C:\Program Files (x86)\Mozilla Firefox- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}==== Firefox Plugins ======================Profilepath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\vjg0qiq9.default-139565556704595812430959AE88CDD0301AB3A71913B - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll - Shockwave Flash0E8B2D0D9E3415A91EF259CE1112C579 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll - Shockwave for Director / Shockwave for DirectorF3B0E300AFC94E1A775A2D935A7D384F - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll - Shockwave for Director / Shockwave for Director==== Chrome Look ======================HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensionsmkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx[]==== Set IE to Default ======================Old Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://g.uk.msn.com/HPNOT13/2"New Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://g.uk.msn.com/HPNOT13/2"==== All HKCU SearchScopes ======================HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS"{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"{D944BB61-2E34-4DBF-A683-47E505C587DC} eBay Url="http://rover.ebay.com/rover/1/710-29550-11896-25/4"==== Deleting Registry Keys ======================HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk deleted successfully==== HijackThis Entries ======================O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dllO2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dllO3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dllO4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"O4 - HKLM\..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkeyO4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [F-Secure Hoster (44515)] "C:\Program Files (x86)\TalkTalk\Security\fshoster32.exe" -app -hosterid:1O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Common\FSM32.EXE" /splashO4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exeO4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silentO4 - HKCU\..\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIME.EXE /EPT "EPLTarget\P0000000000000001" /M "XP-202 203 206 Series"O4 - HKCU\..\Run: [sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /BackgroundO4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunO4 - HKUS\S-1-5-18\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIME.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-202 203 206 Series" (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIME.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-202 203 206 Series" (User 'Default user')O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXEO9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exeO9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exeO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLLO18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllO23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exeO23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exeO23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing)O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: F-Secure Dll Hoster (fshoster) - F-Secure Corporation - C:\Program Files (x86)\TalkTalk\Security\fshoster32.exeO23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Common\FSMA32.EXEO23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files (x86)\TalkTalk\Security\apps\CCF_Reputation\fsorsp.exeO23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exeO23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeO23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exeO23 - Service: @oem87.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exeO23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exeO23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exeO23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exeO23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeO23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeO23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exeO23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exeO23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exeO23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exeO23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exeO23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeO23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) Link to post Share on other sites More sharing options...
captainslow Posted March 26, 2014 Author ID:808424 Share Posted March 26, 2014 ==== Sysinternals Autoruns Log ======================C:\Users\John\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Protection Status C:\Program Files\windows sidebar\gadgets\F-Secure.Gadget See your computer's protection status. This requires supported security software. F-secure Corporation C:\Program Files\windows sidebar\gadgets\F-Secure.Gadget\Gadget.xml 18/10/2012 16:43HKLM\System\CurrentControlSet\Services ABBYY.Licensing.FineReader.Sprint.9.0 "C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe" -service This service is required for the operation of the ABBYY FineReader 9.0 Express Edition licensing mechanism. ABBYY 1.0.0.375 c:\program files (x86)\common files\abbyy\finereadersprint\9.00\licensing\networklicenseserver.exe 14/05/2009 14:07 AdobeARMservice "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" Adobe Acrobat Updater keeps your Adobe software up to date. Adobe Systems Incorporated 1.701.3.3014 c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe 21/11/2013 16:55 AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes. Adobe Systems Incorporated 12.0.0.77 c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe 03/03/2014 21:44 Bonjour Service "C:\Program Files\Bonjour\mDNSResponder.exe" Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence. Apple Inc. 3.0.0.10 c:\program files\bonjour\mdnsresponder.exe 31/08/2011 05:52 cphs %SystemRoot%\SysWow64\IntelCpHeciSvc.exe Intel® Content Protection HECI Service - enables communication with the Content Protection FW Intel Corporation 1.0.1.14 c:\windows\syswow64\intelcphecisvc.exe 22/12/2011 06:45 EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe eEBAPI Core Process module SEIKO EPSON CORPORATION 2.3.4.0 c:\program files (x86)\common files\epson\ebapi\eebsvc.exe 19/12/2006 12:53 EpsonScanSvc C:\Windows\system32\EscSvc64.exe Epson Scanner Service (64bit) Seiko Epson Corporation 1.0.2.1 c:\windows\system32\escsvc64.exe 12/12/2011 02:27 fshoster "C:\Program Files (x86)\TalkTalk\Security\fshoster32.exe" -hosterid:0 F-Secure Dll Hoster Service F-Secure Corporation 1.4.35127.0 c:\program files (x86)\talktalk\security\fshoster32.exe 01/10/2012 10:23 FSMA "C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Common\FSMA32.EXE" F-Secure Management Agent F-Secure Corporation 8.30.43098.0 c:\program files (x86)\talktalk\security\apps\computersecurity\common\fsma32.exe 28/09/2012 12:09 FSORSPClient "C:\Program Files (x86)\TalkTalk\Security\apps\CCF_Reputation\fsorsp.exe" F-Secure ORSP Service F-Secure Corporation 1.1.25.2280 c:\program files (x86)\talktalk\security\apps\ccf_reputation\fsorsp.exe 05/06/2013 18:49 GamesAppService "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" WT Games App Services WildTangent, Inc. 4.0.4918.0 c:\program files (x86)\wildtangent games\app\gamesappservice.exe 04/10/2010 22:15 HP Support Assistant Service "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" HP Support Assistant Service Hewlett-Packard Company 7.0.39.14 c:\program files (x86)\hewlett-packard\hp support framework\hpsa_service.exe 27/09/2012 11:55 hpqwmiex "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe" HP Software Framework WMI Service Hewlett-Packard Company 4.6.10.1 c:\program files (x86)\hewlett-packard\shared\hpqwmiex.exe 06/09/2012 15:18 hpsrv %SystemRoot%\system32\Hpservice.exe HpService Hewlett-Packard Company 4.2.9.1 c:\windows\system32\hpservice.exe 24/09/2012 15:32 HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe HP Quick Launch WMI Service Hewlett-Packard Development Company, L.P. 3.0.1.0 c:\program files (x86)\hewlett-packard\hp quick launch\hpwmisvc.exe 07/09/2012 06:51 IconMan_R "C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe" Realtek Card Reader Patch Tool. Realsil Microelectronics Inc. 1.5.0.0 c:\program files (x86)\realtek\realtek pcie card reader\riconman.exe 13/07/2012 09:02 Intel® Capability Licensing Service Interface "C:\Program Files\Intel\iCLS Client\HeciServer.exe" Version: 1.24.388.1 Intel® Corporation 1.24.388.1 c:\program files\intel\icls client\heciserver.exe 20/04/2012 12:16 Intel® ME Service C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe Intel© Manageability Engine Service (Intel© ME Service) Intel Corporation 8.1.0.1256 c:\program files (x86)\intel\intel® management engine components\fwservice\intelmefwservice.exe 27/06/2012 19:39 jhi_service C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe Intel® Dynamic Application Loader Host Interface Service - Allows applications to access the local Intel ® DAL Intel Corporation 8.1.0.1252 c:\program files (x86)\intel\intel® management engine components\dal\jhi_service.exe 25/06/2012 17:43 LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe Allows applications to access the local Intel® Management and Security Application using its locally-available selected network interfaces. Intel Corporation 8.1.0.1252 c:\program files (x86)\intel\intel® management engine components\lms\lms.exe 25/06/2012 17:36 MBAMScheduler "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" Malwarebytes Anti-Malware scheduler Malwarebytes Corporation 1.70.0.0 c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe 28/02/2013 20:38 MBAMService "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" Malwarebytes Anti-Malware service Malwarebytes Corporation 1.70.0.0 c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe 28/02/2013 20:38 MozillaMaintenance "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled. Mozilla Foundation 28.0.0.5186 c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe 15/03/2014 06:21 PnkBstrA C:\Windows\system32\PnkBstrA.exe PunkBuster Service Component [v1034] http://www.evenbalance.com c:\windows\syswow64\pnkbstra.exe 17/11/2010 05:25 RapportMgmtService "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe" Trusteer Endpoint Protection Central Management and Monitoring Service Trusteer Ltd. 3.5.1304.61 c:\program files (x86)\trusteer\rapport\bin\rapportmgmtservice.exe 19/03/2014 19:03 SkypeUpdate "C:\Program Files (x86)\Skype\Updater\Updater.exe" Enables the detection, download and installation of updates for Skype. Skype Technologies 6.8.1.61523 c:\program files (x86)\skype\updater\updater.exe 23/10/2013 08:12 Sony PC Companion "C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe" Provides support for Sony PC Companion Core and Services. Avanquest Software 1.0.0.0 c:\program files (x86)\sony\sony pc companion\pccservice.exe 11/01/2012 16:34 STacSV C:\Program Files\IDT\WDM\STacSV64.exe Manages audio jack configurations. IDT, Inc. 1.0.6417.0 c:\program files\idt\wdm\stacsv64.exe 21/07/2012 13:48 Steam Client Service "C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService Steam Client Service monitors and updates Steam content Valve Corporation 2.13.4.49 c:\program files (x86)\common files\steam\steamservice.exe 25/02/2014 21:44 UNS "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" Intel® Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel® Management and Security Application Device. Intel Corporation 8.1.0.1252 c:\program files (x86)\intel\intel® management engine components\uns\uns.exe 25/06/2012 17:38HKLM\System\CurrentControlSet\Services 3ware System32\drivers\3ware.sys LSI 3ware SCSI Storport Driver LSI 5.1.0.47 c:\windows\system32\drivers\3ware.sys 08/03/2012 20:33 Accelerometer \SystemRoot\system32\DRIVERS\Accelerometer.sys HP Accelerometer Hewlett-Packard Company 4.2.9.1 c:\windows\system32\drivers\accelerometer.sys 24/09/2012 15:31 adp94xx System32\drivers\adp94xx.sys Adaptec Windows SAS/SATA Storport Driver Adaptec, Inc. 1.6.6.4 c:\windows\system32\drivers\adp94xx.sys 05/12/2008 23:54 adpahci System32\drivers\adpahci.sys Adaptec Windows SATA Storport Driver Adaptec, Inc. 1.6.6.1 c:\windows\system32\drivers\adpahci.sys 01/05/2007 17:30 adpu320 System32\drivers\adpu320.sys Adaptec StorPort Ultra320 SCSI Driver (X64) Adaptec, Inc. 7.2.0.0 c:\windows\system32\drivers\adpu320.sys 28/02/2007 00:04 amdkmdag \SystemRoot\system32\DRIVERS\atikmdag.sys ATI Radeon Kernel Mode Driver Advanced Micro Devices, Inc. 8.1.1.1248 c:\windows\system32\drivers\atikmdag.sys 18/06/2012 21:21 amdkmdap \SystemRoot\system32\DRIVERS\atikmpag.sys AMD multi-vendor Miniport Driver Advanced Micro Devices, Inc. 8.14.1.6264 c:\windows\system32\drivers\atikmpag.sys 18/06/2012 20:41 amdsata System32\drivers\amdsata.sys AHCI 1.2 Device Driver Advanced Micro Devices 1.1.4.6 c:\windows\system32\drivers\amdsata.sys 11/06/2012 22:19 amdsbs System32\drivers\amdsbs.sys AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform AMD Technologies Inc. 3.7.1540.30 c:\windows\system32\drivers\amdsbs.sys 21/02/2012 18:15 amdxata System32\drivers\amdxata.sys Storage Filter Driver Advanced Micro Devices 1.1.4.6 c:\windows\system32\drivers\amdxata.sys 11/06/2012 22:36 arc System32\drivers\arc.sys Adaptec RAID Storport Driver PMC-Sierra, Inc. 5.2.0.18702 c:\windows\system32\drivers\arc.sys 19/03/2012 17:49 arcsas System32\drivers\arcsas.sys Adaptec SAS RAID WS03 Driver PMC-Sierra, Inc. 5.2.0.18702 c:\windows\system32\drivers\arcsas.sys 19/03/2012 17:51 b06bdrv System32\drivers\bxvbda.sys Broadcom NetXtreme II GigE VBD Broadcom Corporation 7.0.1.36 c:\windows\system32\drivers\bxvbda.sys 23/07/2012 23:30 catchme \??\C:\ComboFix\catchme.sys File not found: C:\ComboFix\catchme.sys dg_ssudbus \SystemRoot\system32\DRIVERS\ssudbus.sys SAMSUNG USB Composite Device Driver (MSS Ver.3) DEVGURU Co., LTD.(www.devguru.co.kr) 2.9.510.0 c:\windows\system32\drivers\ssudbus.sys 23/05/2013 06:33 ebdrv System32\drivers\evbda.sys Broadcom NetXtreme II 10 GigE VBD Broadcom Corporation 7.0.35.95 c:\windows\system32\drivers\evbda.sys 24/07/2012 12:22 esgiguard \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found: C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys F-Secure Gatekeeper \??\C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys F-Secure Gatekeeper F-Secure Corporation 10.80.29.22 c:\program files (x86)\talktalk\security\apps\computersecurity\anti-virus\minifilter\fsgk.sys 27/01/2014 13:38 F-Secure HIPS \??\C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\HIPS\drivers\fshs.sys F-Secure HIPS Driver F-Secure Corporation 5.0.436.0 c:\program files (x86)\talktalk\security\apps\computersecurity\hips\drivers\fshs.sys 15/01/2014 11:05 fsbts system32\Drivers\fsbts.sys fsbts F-Secure Corporation 2.0.18200.23 c:\windows\system32\drivers\fsbts.sys 14/05/2012 11:03 fsni \??\C:\Program Files (x86)\TalkTalk\Security\apps\CCF_Scanning\fsni64.sys F-Secure Network Interceptor Driver, 64bit F-Secure Corporation 1.23.124.0 c:\program files (x86)\talktalk\security\apps\ccf_scanning\fsni64.sys 25/04/2013 02:11 fsvista \??\C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys F-Secure Vista Support Driver F-Secure Corporation 7.70.14120.0 c:\program files (x86)\talktalk\security\apps\computersecurity\anti-virus\minifilter\fsvista.sys 18/03/2008 06:37 hpdskflt system32\DRIVERS\hpdskflt.sys HP Disk Filter - SATA/RAID Hewlett-Packard Company 4.2.9.1 c:\windows\system32\drivers\hpdskflt.sys 24/09/2012 15:31 HpSAMD System32\drivers\HpSAMD.sys Smart Array SAS/SATA Controller Media Driver Hewlett-Packard Company 7.0.12.0 c:\windows\system32\drivers\hpsamd.sys 30/05/2012 22:24 iaStorA System32\drivers\iaStorA.sys Intel Rapid Storage Technology driver - x64 Intel Corporation 11.5.2.1001 c:\windows\system32\drivers\iastora.sys 31/07/2012 18:21 iaStorV System32\drivers\iaStorV.sys Intel Matrix Storage Manager driver - x64 Intel Corporation 8.6.2.1019 c:\windows\system32\drivers\iastorv.sys 11/04/2011 18:48 igfx \SystemRoot\system32\DRIVERS\igdkmd64.sys Intel Graphics Kernel Mode Driver Intel Corporation 9.17.10.2828 c:\windows\system32\drivers\igdkmd64.sys 31/07/2012 22:05 iirsp System32\drivers\iirsp.sys Intel/ICP Raid Storport Driver Intel Corp./ICP vortex GmbH 5.4.22.0 c:\windows\system32\drivers\iirsp.sys 13/12/2005 21:47 IntcDAud \SystemRoot\system32\DRIVERS\IntcDAud.sys Intel® Display Audio Driver Intel® Corporation 6.14.0.3097 c:\windows\system32\drivers\intcdaud.sys 19/06/2012 14:40 LSI_SAS System32\drivers\lsi_sas.sys LSI Fusion-MPT SAS Driver (StorPort) LSI Corporation 1.34.2.6 c:\windows\system32\drivers\lsi_sas.sys 11/05/2012 19:40 LSI_SAS2 System32\drivers\lsi_sas2.sys LSI SAS Gen2 Driver (StorPort) LSI Corporation 2.0.55.84 c:\windows\system32\drivers\lsi_sas2.sys 12/03/2012 20:28 LSI_SCSI System32\drivers\lsi_scsi.sys LSI Fusion-MPT SCSI Driver (StorPort) LSI Corporation 1.34.2.5 c:\windows\system32\drivers\lsi_scsi.sys 21/02/2012 23:59 LSI_SSS System32\drivers\lsi_sss.sys LSI SSS PCIe/Flash Driver (StorPort) LSI Corporation 2.10.55.81 c:\windows\system32\drivers\lsi_sss.sys 22/02/2012 00:00 MBAMProtector \??\C:\Windows\system32\drivers\mbam.sys Malwarebytes Anti-Malware Malwarebytes Corporation 1.60.2.0 c:\windows\system32\drivers\mbam.sys 28/02/2013 20:33 megasas System32\drivers\megasas.sys MEGASAS RAID Controller Driver for Windows LSI Corporation 6.2.8313.0 c:\windows\system32\drivers\megasas.sys 03/04/2012 19:45 MegaSR System32\drivers\MegaSR.sys LSI MegaRAID Software RAID Driver LSI Corporation, Inc. 14.6.1007.2012 c:\windows\system32\drivers\megasr.sys 24/02/2012 18:22 MEIx64 \SystemRoot\System32\drivers\HECIx64.sys Intel® Management Engine Interface Intel Corporation 8.1.0.1263 c:\windows\system32\drivers\hecix64.sys 02/07/2012 22:14 mvumis System32\drivers\mvumis.sys Marvell Flash Controller Driver Marvell Semiconductor, Inc. 1.0.5.7 c:\windows\system32\drivers\mvumis.sys 20/03/2012 07:43 netr28x \SystemRoot\system32\DRIVERS\netr28x.sys Ralink 802.11 Wireless Adapter Driver Ralink Technology, Corp. 5.0.25.0 c:\windows\system32\drivers\netr28x.sys 13/04/2013 02:22 nfrd960 System32\drivers\nfrd960.sys IBM ServeRAID Controller Driver IBM Corporation 7.10.0.0 c:\windows\system32\drivers\nfrd960.sys 06/06/2006 21:11 nvraid System32\drivers\nvraid.sys NVIDIA© nForce RAID Driver NVIDIA Corporation 10.6.0.22 c:\windows\system32\drivers\nvraid.sys 13/09/2011 00:01 nvstor System32\drivers\nvstor.sys NVIDIA© nForce Sata Performance Driver NVIDIA Corporation 10.6.0.22 c:\windows\system32\drivers\nvstor.sys 12/09/2011 23:53 pfc system32\drivers\pfc.sys File not found: system32\drivers\pfc.sys RapportCerberus_59849 \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\rapportcerberus64_59849.sys 21/09/2013 21:47 RapportEI64 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys RapportEI64 Trusteer Ltd. 13.5.1304.61 c:\program files (x86)\trusteer\rapport\bin\x64\rapportei64.sys 19/03/2014 19:24 RapportHades64 System32\Drivers\RapportHades64.sys RapportHades64 Trusteer Ltd. 13.5.1304.61 c:\windows\system32\drivers\rapporthades64.sys 19/03/2014 19:24 RapportKE64 System32\Drivers\RapportKE64.sys RapportKE Trusteer Ltd. 13.5.1304.61 c:\windows\system32\drivers\rapportke64.sys 19/03/2014 19:24 RapportPG64 \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys RapportPG64 Trusteer Ltd. 13.5.1304.61 c:\program files (x86)\trusteer\rapport\bin\x64\rapportpg64.sys 19/03/2014 19:25 RSP2STOR \SystemRoot\system32\DRIVERS\RtsP2Stor.sys Realtek Pcie CardReader Driver for 2K/XP/Vista/Win7/Win8 Realtek Semiconductor Corp. 6.2.8400.29029 c:\windows\system32\drivers\rtsp2stor.sys 03/07/2012 06:00 RTL8168 \SystemRoot\system32\DRIVERS\Rt630x64.sys Realtek 8101E/8168/8169 NDIS 6.30 64-bit Driver Realtek 8.3.730.2012 c:\windows\system32\drivers\rt630x64.sys 30/07/2012 16:03 secdrv secdrv Macrovision SECURITY Driver Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. 4.3.86.0 c:\windows\system32\drivers\secdrv.sys 13/09/2006 13:18 SiSRaid2 System32\drivers\SiSRaid2.sys SiS RAID Stor Miniport Driver Silicon Integrated Systems Corp. 5.1.1039.2600 c:\windows\system32\drivers\sisraid2.sys 24/09/2008 18:28 SiSRaid4 System32\drivers\sisraid4.sys SiS AHCI Stor-Miniport Driver Silicon Integrated Systems 5.1.1039.3600 c:\windows\system32\drivers\sisraid4.sys 01/10/2008 21:56 SmbDrv \SystemRoot\System32\drivers\Smb_driver_AMDASF.sys Synaptics SMBus Driver Synaptics Incorporated 16.2.10.12 c:\windows\system32\drivers\smb_driver_amdasf.sys 24/08/2012 23:21 SmbDrvI \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys Synaptics SMBus Driver Synaptics Incorporated 16.2.10.12 c:\windows\system32\drivers\smb_driver_intel.sys 24/08/2012 23:22 ssudmdm \SystemRoot\system32\DRIVERS\ssudmdm.sys @oem20.inf,%ssud.Service.Desc%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) DEVGURU Co., LTD.(www.devguru.co.kr) 2.9.510.0 c:\windows\system32\drivers\ssudmdm.sys 23/05/2013 06:33 stexstor System32\drivers\stexstor.sys Promise SuperTrak EX Series Driver for Windows x64 Promise Technology, Inc. 5.1.0.9 c:\windows\system32\drivers\stexstor.sys 19/11/2011 00:27 STHDA \SystemRoot\system32\DRIVERS\stwrt64.sys IDT PC Audio IDT, Inc. 6.10.6417.0 c:\windows\system32\drivers\stwrt64.sys 21/07/2012 13:36 SynTP \SystemRoot\system32\DRIVERS\SynTP.sys Synaptics Touchpad Driver Synaptics Incorporated 16.2.10.12 c:\windows\system32\drivers\syntp.sys 24/08/2012 23:20 viaide System32\drivers\viaide.sys VIA Generic PCI IDE Bus Driver VIA Technologies, Inc. 6.0.6000.170 c:\windows\system32\drivers\viaide.sys 26/07/2012 02:29 vsmraid System32\drivers\vsmraid.sys VIA RAID DRIVER FOR AMD-X86-64 VIA Technologies Inc.,Ltd 7.0.8140.6290 c:\windows\system32\drivers\vsmraid.sys 31/01/2012 19:55 VSTXRAID System32\drivers\vstxraid.sys VIA StorX RAID Controller Driver VIA Corporation 8.0.8220.8080 c:\windows\system32\drivers\vstxraid.sys 26/03/2012 17:42 WirelessButtonDriver \SystemRoot\System32\drivers\WirelessButtonDriver64.sys HP Wireless Button Driver Hewlett-Packard Development Company, L.P. 1.0.6.1 c:\windows\system32\drivers\wirelessbuttondriver64.sys 30/08/2012 03:11HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify igfxcui igfxdev.dll igfxdev Module Intel Corporation 8.15.10.2828 c:\windows\system32\igfxdev.dll 31/07/2012 21:14HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors Canon BJ Language Monitor MP250 series CNMLM9W.DLL IJ Language Monitor CANON INC. 0.3.0.1 c:\windows\system32\cnmlm9w.dll 04/02/2010 04:23 EPSON XP-202 203 206 Series 64MonitorBE E_ILMIME.DLL EPSON Bi-directional Monitor AMD64 SEIKO EPSON CORPORATION 3.3.0.0 c:\windows\system32\e_ilmime.dll 19/04/2011 04:13 EpsonNet Print Port enppmon.dll EpsonNet Print Component SEIKO EPSON CORPORATION 2.6.0.6 c:\windows\system32\enppmon.dll 12/11/2012 06:15 HP Universal Port Monitor hpbprtmon.dll Port Monitor Server DLL Hewlett-Packard 0.3.1282.3554 c:\windows\system32\hpbprtmon.dll 24/07/2012 18:54HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries mdnsNSP C:\Program Files (x86)\Bonjour\mdnsNSP.dll Bonjour Namespace Provider Apple Inc. 3.0.0.10 c:\program files (x86)\bonjour\mdnsnsp.dll 31/08/2011 05:44HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64 mdnsNSP C:\Program Files\Bonjour\mdnsNSP.dll Bonjour Namespace Provider Apple Inc. 3.0.0.10 c:\program files\bonjour\mdnsnsp.dll 31/08/2011 05:53HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls _Wow64cpu Wow64cpu.dll File not found: C:\Windows\syswow64\Wow64cpu.dll _Wow64win Wow64win.dll File not found: C:\Windows\syswow64\Wow64win.dll _Wow64 Wow64.dll File not found: C:\Windows\syswow64\Wow64.dll HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run IgfxTray C:\Windows\system32\igfxtray.exe igfxTray Module Intel Corporation 8.15.10.2828 c:\windows\system32\igfxtray.exe 31/07/2012 21:15 HotKeysCmds C:\Windows\system32\hkcmd.exe hkcmd Module Intel Corporation 8.15.10.2828 c:\windows\system32\hkcmd.exe 31/07/2012 21:14 Persistence C:\Windows\system32\igfxpers.exe persistence Module Intel Corporation 8.15.10.2828 c:\windows\system32\igfxpers.exe 31/07/2012 21:14 SysTrayApp C:\Program Files\IDT\WDM\sttray64.exe IDT PC Audio IDT, Inc. 1.0.6417.0 c:\program files\idt\wdm\sttray64.exe 21/07/2012 13:49 SynTPEnh %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe Synaptics TouchPad Enhancements Synaptics Incorporated 16.2.10.12 c:\program files\synaptics\syntp\syntpenh.exe 25/08/2012 00:02 FAHConsole C:\Program Files\File Association Helper\FAHConsole.exe File Association Helper WinZip Computing International, LLC 1.1.6.53763 c:\program files\file association helper\fahconsole.exe 26/09/2013 07:40 CanonMyPrinter C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon Canon My Printer CANON INC. 2.1.2.0 c:\program files\canon\myprinter\bjmyprt.exe 19/10/2009 05:59 CanonSolutionMenu C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon CNSLMAIN CANON INC. 1.4.3.0 c:\program files (x86)\canon\solutionmenu\cnslmain.exe 03/09/2009 12:37HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run RemoteControl10 "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" PowerDVD RC Service CyberLink Corp. 7.0.2314.0 c:\program files (x86)\cyberlink\powerdvd10\pdvd10serv.exe 28/03/2012 10:22 HP CoolSense C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey HP CoolSense Hewlett-Packard Development Company, L.P. 2.1.0.51 c:\program files (x86)\hewlett-packard\hp coolsense\coolsense.exe 05/11/2012 08:13 Adobe ARM "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" Adobe Reader and Acrobat Manager Adobe Systems Incorporated 1.701.3.3014 c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe 21/11/2013 16:56 F-Secure Hoster (44515) "C:\Program Files (x86)\TalkTalk\Security\fshoster32.exe" -app -hosterid:1 F-Secure Host Process F-Secure Corporation 1.4.35127.0 c:\program files (x86)\talktalk\security\fshoster32.exe 01/10/2012 10:23 F-Secure Manager "C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Common\FSM32.EXE" /splash F-Secure Settings and Statistics F-Secure Corporation 8.30.43098.0 c:\program files (x86)\talktalk\security\apps\computersecurity\common\fsm32.exe 28/09/2012 12:07 EEventManager "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" EEventManager Application SEIKO EPSON CORPORATION 3.0.0.1 c:\program files (x86)\epson software\event manager\eeventmanager.exe 31/10/2011 05:23 SunJavaUpdateSched "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" Java Update Scheduler Oracle Corporation 2.1.9.8 c:\program files (x86)\common files\java\java update\jusched.exe 02/07/2013 16:16 HP Quick Launch C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe HP Message Service Hewlett-Packard Development Company, L.P. 3.0.6.0 c:\program files (x86)\hewlett-packard\hp quick launch\hpmsgsvc.exe 07/09/2012 09:31HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce NCPluginUpdater "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update NCPluginUpdater Hewlett-Packard 1.0.0.0 c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\ncpluginupdater.exe 22/10/2013 02:52HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components Adobe Reader User Settings "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings Acrobat Install On Demand Adobe Systems, Inc. 11.0.4.63 c:\program files (x86)\adobe\reader 11.0\esl\aiodlite.dll 05/09/2013 12:29HKCU\Software\Microsoft\Windows\CurrentVersion\Run Steam "C:\Program Files (x86)\Steam\Steam.exe" -silent Steam Client Bootstrapper Valve Corporation 2.13.4.49 c:\program files (x86)\steam\steam.exe 25/02/2014 21:45 EPLTarget\P0000000000000001 C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIME.EXE /EPT "EPLTarget\P0000000000000001" /M "XP-202 203 206 Series" EPSON Status Monitor 3 SEIKO EPSON CORPORATION 7.0.3.0 c:\windows\system32\spool\drivers\x64\3\e_iatiime.exe 29/02/2012 07:26 Sony PC Companion "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background Sony PC Companion Sony 2.1.0.0 c:\program files (x86)\sony\sony pc companion\pccompanion.exe 11/10/2013 13:35 Skype "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun Skype Skype Technologies S.A. 6.14.0.104 c:\program files (x86)\skype\phone\skype.exe 10/02/2014 17:37Task Scheduler \Adobe Flash Player Updater "C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe" Adobe© Flash© Player Update Service 12.0 r0 Adobe Systems Incorporated 12.0.0.77 c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe 03/03/2014 21:44 \CCleanerSkipUAC "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0) CCleaner Piriform Ltd 4.11.0.4619 c:\program files\ccleaner\ccleaner.exe 19/02/2014 14:42 \HPCeeScheduleForJohn "C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe" HPCeeScheduleForJohn (null) HP Ceement Hewlett-Packard 6.0.1.7 c:\program files (x86)\hewlett-packard\hp ceement\hpcee.exe 14/09/2010 05:11 \MirageAgent "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe" YouCam Mirage CyberLink 1.0.0.526 c:\program files (x86)\cyberlink\youcam\ycmmirage.exe 26/05/2010 02:59 \Norton WSC Integration "C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe" /taskschd File not found: C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe \Synaptics TouchPad Enhancements "\Program Files\Synaptics\SynTP\SynTPEnh.exe" Synaptics TouchPad Enhancements Synaptics Incorporated 16.2.10.12 c:\program files\synaptics\syntp\syntpenh.exe 25/08/2012 00:02 \Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe" /taskrestart HP Support Assistant Hewlett-Packard Company 7.0.39.15 c:\program files (x86)\hewlett-packard\hp support framework\hpsf.exe 27/09/2012 13:40 \Hewlett-Packard\HP Support Assistant\PC Health Analysis "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe" /L Analysis HP Support Assistant Hewlett-Packard Company 7.0.39.15 c:\program files (x86)\hewlett-packard\hp support framework\hpsf.exe 27/09/2012 13:40 \Hewlett-Packard\HP Support Assistant\Update Check "C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe" /s /p 1 HPSFUpdater Hewlett-Packard Company 7.3.0.10 c:\programdata\hewlett-packard\hp support framework\resources\updater7\hpsfupdater.exe 12/12/2013 22:17 \Hewlett-Packard\HP Support Assistant\WarrantyChecker "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe" HPWarrantyChecker Hewlett-Packard 3.4.2.2 c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe 10/02/2014 22:23 \Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe" /DeviceScanR6 HPWarrantyChecker Hewlett-Packard 3.4.2.2 c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe 10/02/2014 22:23 \Microsoft\Windows\NetTrace\GatherNetworkInfo "%windir%\system32\gatherNetworkInfo.vbs" c:\windows\system32\gathernetworkinfo.vbs 02/06/2012 14:31 \Norton Internet Security\Norton Error Analyzer "C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe" /analyze File not found: C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe \Norton Internet Security\Norton Error Processor "C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe" /submit File not found: C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Canon Easy-WebPrint EX BHO HKCR\CLSID\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9} Easy-WebPrint EX CANON INC. 1.3.5.0 c:\program files (x86)\canon\easy-webprint ex\ewpexbho.dll 14/06/2012 02:32 HP Network Check Helper HKCR\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} HP Network Check IE Plug-in Hewlett-Packard 7.3.1.0 c:\program files (x86)\hewlett-packard\hp support framework\resources\hpnetworkcheck\hpnetworkcheckplugin.dll 28/08/2013 08:28HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects Canon Easy-WebPrint EX BHO HKCR\CLSID\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9} Easy-WebPrint EX CANON INC. 1.3.5.0 c:\program files (x86)\canon\easy-webprint ex\ewpexbho.dll 14/06/2012 02:32 HP Network Check Helper HKCR\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} HP Network Check IE Plug-in Hewlett-Packard 7.3.1.0 c:\program files (x86)\hewlett-packard\hp support framework\resources\hpnetworkcheck\hpnetworkcheckplugin.dll 28/08/2013 08:28HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers FileAssociationHelper HKCR\CLSID\{D5CF14A2-B3CA-49DC-8E3E-0BB233B26D09} File Association Helper WinZip Computing International, LLC 1.1.6.53763 c:\program files\file association helper\fahdll.dll 26/09/2013 07:40 F-Prot Shell Extension HKCR\CLSID\{23814B80-52A2-11d0-BC1A-004095606CB9} FSAV Shell Extension Dll F-Secure Corporation 8.80.15180.0 c:\program files (x86)\talktalk\security\apps\computersecurity\common\fpshx.dll 08/10/2012 08:24HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers FSAV Shell Extension HKCR\CLSID\{23814B80-52A2-11d0-BC1A-004095606CB9} FSAV Shell Extension Dll F-Secure Corporation 8.80.15180.0 c:\program files (x86)\talktalk\security\apps\computersecurity\common\fpshx.dll 08/10/2012 08:24HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers MBAMShlExt HKCR\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} Malwarebytes Anti-Malware Malwarebytes Corporation 1.70.0.0 c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll 14/12/2012 20:52HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers F-Prot Shell Extension HKCR\CLSID\{23814B80-52A2-11D0-BC1A-004095606CB9} FSAV Shell Extension Dll F-Secure Corporation 8.80.15180.0 c:\program files (x86)\talktalk\security\apps\computersecurity\common\fpshx.dll 08/10/2012 08:24HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers igfxcui HKCR\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} igfxpph Module Intel Corporation 8.15.10.2828 c:\windows\system32\igfxpph.dll 31/07/2012 21:14HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers PDF Shell Extension HKCR\CLSID\{F9DB5320-233E-11D1-9F84-707F02C10627} PDF Shell Extension Adobe Systems, Inc. 11.0.3.37 c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll 11/05/2013 09:34HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers MBAMShlExt HKCR\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3} Malwarebytes Anti-Malware Malwarebytes Corporation 1.70.0.0 c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll 14/12/2012 20:52 F-Prot Shell Extension HKCR\CLSID\{23814B80-52A2-11d0-BC1A-004095606CB9} FSAV Shell Extension Dll F-Secure Corporation 8.80.15180.0 c:\program files (x86)\talktalk\security\apps\computersecurity\common\fpshx.dll 08/10/2012 08:24HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers FSAV Shell Extension HKCR\CLSID\{23814B80-52A2-11d0-BC1A-004095606CB9} FSAV Shell Extension Dll F-Secure Corporation 8.80.15180.0 c:\program files (x86)\talktalk\security\apps\computersecurity\common\fpshx.dll 08/10/2012 08:24HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar Canon Easy-WebPrint EX HKCR\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} Easy-WebPrint EX CANON INC. 1.3.5.0 c:\program files (x86)\canon\easy-webprint ex\ewpexhlp.dll 14/06/2012 02:31HKLM\Software\Microsoft\Internet Explorer\Extensions HP Network Check C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe NCLauncherFromIE Hewlett-Packard 7.0.0.0 c:\program files (x86)\hewlett-packard\hp support framework\resources\hpnetworkcheck\nclauncherfromie.exe 09/07/2012 22:46HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions HP Network Check C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe NCLauncherFromIE Hewlett-Packard 7.0.0.0 c:\program files (x86)\hewlett-packard\hp support framework\resources\hpnetworkcheck\nclauncherfromie.exe 09/07/2012 22:46HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 msacm.l3acm C:\Windows\System32\l3codeca.acm MPEG Layer-3 Audio Codec for MSACM Fraunhofer Institut Integrierte Schaltungen IIS 1.9.0.401 c:\windows\system32\l3codeca.acm 26/07/2012 02:13HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32 msacm.l3acm C:\Windows\SysWOW64\l3codeca.acm MPEG Layer-3 Audio Codec for MSACM Fraunhofer Institut Integrierte Schaltungen IIS 1.9.0.401 c:\windows\syswow64\l3codeca.acm 26/07/2012 02:19 vidc.cvid iccvid.dll Cinepak© Codec Radius Inc. 1.10.0.12 c:\windows\syswow64\iccvid.dll 26/07/2012 02:19HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance CyberLink Audio Wizard HKCR\CLSID\{1986FDCF-F657-4866-A83C-998B943A6321} CyberLink Audio Wizard Filter CyberLink Corp. 1.0.0.4414 c:\program files (x86)\cyberlink\powerdvd10\audiofilter\claudwizard.ax 14/08/2009 13:26 CyberLink Line21 Decoder (PDVD10) HKCR\CLSID\{24C79DBF-961B-4DF9-8440-3BEE8C76F1E1} CyberLink Line21 Decoder Filter CyberLink Corp. 4.0.0.10324 c:\program files (x86)\cyberlink\powerdvd10\videofilter\clline21.ax 24/07/2009 02:21 CyberLink DVD Navigator (PDVD10) HKCR\CLSID\{2AF76B80-2BDA-4731-932D-3FCFA9276B11} CyberLink DVD Navigation Filter CyberLink Corp. 8.1.4208.0 c:\program files (x86)\cyberlink\powerdvd10\navfilter\clnavx.ax 08/06/2012 08:59 CyberLink AudioCD Filter (PDVD10) HKCR\CLSID\{2D6F8EBB-80A6-4CF1-8C86-F2A8932DED3F} CyberLink AudioCD Filter CyberLink Corp. 5.0.0.7823 c:\program files (x86)\cyberlink\powerdvd10\audiofilter\claudiocd.ax 23/06/2009 14:00 Audition Null Audio HKCR\CLSID\{2EEB323F-1389-48B5-8D33-3CA84B6C1861} Adobe© AuditionT SCSI CD Interface Adobe Systems©, Incorporated 1.5.0.0 c:\program files (x86)\adobe\audition 1.5\videodump.ax 04/05/2004 21:26 CyberLink Matroska Splitter(PDVD10) HKCR\CLSID\{35F0AE98-673B-465F-A4D6-9F18A01F2454} CyberLink Matroska Splitter CyberLink Corp. 1.0.0.1902 c:\program files (x86)\cyberlink\powerdvd10\navfilter\clmkvsplter.ax 02/07/2010 09:20 CyberLink TimeStretch Filter (PDVD10) HKCR\CLSID\{36F74DF0-12FF-4881-8A55-E7CE4D12688E} CLAuTS.ax CyberLink Corp. 2.0.0.3404 c:\program files (x86)\cyberlink\powerdvd10\audiofilter\clauts.ax 04/10/2010 03:39 CyberLink RealMedia Splitter(PDVD10) HKCR\CLSID\{38A6AC0C-4B7C-4922-8ADC-D22C55B86666} CyberLink RealMedia Splitter CyberLink Corp. 1.0.0.1706 c:\program files (x86)\cyberlink\powerdvd10\navfilter\clrmsplitter.ax 06/05/2010 09:42 CyberLink MPEG Splitter HKCR\CLSID\{4A55271F-A2C7-4EE5-BDCE-154FEB954E1C} CyberLink MPEG Splitter CyberLink Corp. 3.4.0.3408 c:\program files (x86)\cyberlink\powerdvd10\navfilter\clsplter.ax 08/10/2010 08:23 CyberLink Audio Decoder (PDVD10) HKCR\CLSID\{501099E1-5C05-4ED3-B0CB-371F97F5412C} CyberLink Audio Decoder Filter CyberLink Corp. 9.0.0.1722 c:\program files (x86)\cyberlink\powerdvd10\audiofilter\claud.ax 22/05/2012 08:03 CyberLink Video/SP Decoder (PDVD10) HKCR\CLSID\{516F1EFA-42F4-436E-801C-B752EB9343EB} CyberLink Video/SP Filter CyberLink Corp. 8.4.0.2505 c:\program files (x86)\cyberlink\powerdvd10\videofilter\clvsd.ax 05/01/2011 11:11 CyberLink HD/BD Mixer (PDVD10) HKCR\CLSID\{5193BE4B-0FAF-4E3E-A7F8-5CB7140D7B7E} CLHBMixer 2.0.0.5211 c:\program files (x86)\cyberlink\powerdvd10\audiofilter\clhbmixer.ax 11/04/2012 10:03 CyberLink Audio Effect (PDVD10) HKCR\CLSID\{5EFC04B3-68C0-4BFF-8BD4-61037272D70D} CyberLink Audio Effect Filter CyberLink Corporation 6.0.0.7225 c:\program files (x86)\cyberlink\powerdvd10\audiofilter\claudfx.ax 25/12/2009 08:54 CyberLink Digest Filter (PDVD10) HKCR\CLSID\{7A4A08EA-409C-4618-AE4A-FC7584FDCB7A} DigestFilter Dynamic Link Library 1.0.0.4028 c:\program files (x86)\cyberlink\powerdvd10\digestfilter.dll 28/04/2010 12:54 Cyberlink SubTitle Importor (PDVD10) HKCR\CLSID\{8BF03152-F394-4C94-A2EB-44D6B80C9E91} CLSubTitle.ax CyberLink Corp. 2.0.0.1823 c:\program files (x86)\cyberlink\powerdvd10\videofilter\clsubtitle.ax 23/06/2011 07:22 CyberLink HAM Decoder HKCR\CLSID\{A93F76CF-4B73-4B67-89ED-7E0AF90BBFED} CyberLink Video Decoder Filter CyberLink Corp. 1.0.8390.4214 c:\program files (x86)\cyberlink\powerdvd10\videofilter\clcvd.ax 14/06/2012 07:37 CyberLink Tzan Filter (PDVD10) HKCR\CLSID\{B5F41335-A18B-4362-A406-F09E43658116} CyberLink Tzan Filter CyberLink Corp. 3.5.0.4515 c:\program files (x86)\cyberlink\powerdvd10\videofilter\cltzan.ax 15/09/2011 06:04 CyberLink RealVideo Decoder(PDVD10) HKCR\CLSID\{C548BB6C-0E62-4A25-AE4E-DE41856BC682} CyberLink RealMedia Video Decoder CyberLink Corp. 1.0.0.1225 c:\program files (x86)\cyberlink\powerdvd10\videofilter\clrmvd.ax 25/12/2009 03:42 Cyberlink SubTitle Importor 2.0 (PDVD10) HKCR\CLSID\{C88A3744-DE30-4316-BAFB-269C8A25856C} CLSubTitle.ax CyberLink Corp. 2.0.0.1823 c:\program files (x86)\cyberlink\powerdvd10\videofilter\clsubtitle.ax 23/06/2011 07:22 CyberLink Video Decoder (PDVD10) HKCR\CLSID\{D00E73D7-06F5-44F9-8BE4-B7DB191E9E7E} CyberLink Video Decoder Filter CyberLink Corp. 1.0.8390.4214 c:\program files (x86)\cyberlink\powerdvd10\videofilter\clcvd.ax 14/06/2012 07:37 Audition VideoDump HKCR\CLSID\{D88B0736-3DBF-44BF-92FF-2F3A9231C7FF} Adobe© AuditionT SCSI CD Interface Adobe Systems©, Incorporated 1.5.0.0 c:\program files (x86)\adobe\audition 1.5\videodump.ax 04/05/2004 21:26 CyberLink MPEG-4 Splitter (PDVD10) HKCR\CLSID\{DB17C0D7-EA02-4CC0-94A3-C8E07B1510F9} CyberLink MPEG-4 Splitter CyberLink Corp. 1.1.0.2906 c:\program files (x86)\cyberlink\powerdvd10\navfilter\clm4splt.ax 06/05/2010 10:39 CyberLink RealAudio Decoder(PDVD10) HKCR\CLSID\{DB5D8193-CB8D-4C72-98A5-1C147E075EDF} CyberLink RealMedia Audio Decoder CyberLink Corp. 1.0.0.1225 c:\program files (x86)\cyberlink\powerdvd10\audiofilter\clrmaud.ax 25/12/2009 03:44 CyberLink FLV Splitter(PDVD10) HKCR\CLSID\{ECA099DE-D413-4500-B401-6C4FF1EB9580} CyberLink FLV Splitter CyberLink Corp. 1.0.0.3327 c:\program files (x86)\cyberlink\powerdvd10\navfilter\clflvsplitter.ax 27/09/2011 07:30 CyberLink Audio Watermark Detector HKCR\CLSID\{F0219FAD-541A-4FCD-9E8E-22E4C14CA8BA} Audio Watermark Detector CyberLink 1.0.0.516 c:\program files (x86)\cyberlink\powerdvd10\audiofilter\clawmdetector.ax 16/05/2012 02:01 Cyberlink Demuxer 2.0 HKCR\CLSID\{F07E981B-0EC4-4665-A671-C24955D11A38} CLDemuxer2 Cyberlink 2.0.6.2518 c:\program files (x86)\cyberlink\powerdvd10\navfilter\cldemuxer2.ax 18/01/2011 12:29==== Empty IE Cache ======================C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UVGLI7RT will be deleted at reboot==== Empty FireFox Cache ======================C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\vjg0qiq9.default-1395655567045\Cache emptied successfully==== Empty Chrome Cache ======================No Chrome User Data found==== Empty All Flash Cache ======================Flash Cache Emptied Successfully==== Empty All Java Cache ======================Java Cache cleared successfully==== C:\zoek_backup content ======================C:\zoek_backup (files=27 folders=2 327679 bytes)==== Empty Temp Folders ======================C:\Users\Default\AppData\Local\temp emptied successfullyC:\Users\Default User\AppData\Local\temp emptied successfullyC:\Users\John\AppData\Local\temp will be emptied at rebootC:\Users\Public\AppData\Local\temp emptied successfullyC:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at rebootC:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfullyC:\Windows\Temp will be emptied at reboot==== After Reboot ========================== Empty Temp Folders ======================C:\Windows\Temp successfully emptiedC:\Users\John\AppData\Local\Temp successfully emptied==== Empty Recycle Bin ======================C:\$RECYCLE.BIN successfully emptied==== Deleting Files / Folders ======================"C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UVGLI7RT" not found"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted==== EOF on 26/03/2014 at 9:50:04.49 ====================== Link to post Share on other sites More sharing options...
kevinf80 Posted March 26, 2014 ID:808608 Share Posted March 26, 2014 What is the current status, any remaining issues or concerns? Link to post Share on other sites More sharing options...
captainslow Posted March 26, 2014 Author ID:808640 Share Posted March 26, 2014 Hi,Im afraid the popup is still there, and also my rapport software shows that trying to access my bank page takes me to an unknown ip address....i imagine the 2 are linked in terms of an infection, although im not sure? Usually the popup occurs on the same website, a well known premier league football site with millions of users, and it has never had popups before. But it has occurred on other standard sites too in the last week. What do you think? Link to post Share on other sites More sharing options...
kevinf80 Posted March 26, 2014 ID:808799 Share Posted March 26, 2014 Please download RogueKiller from here: http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe'>http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe <- 32 bit versionhttp://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe'>http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe <- 64 bit version Make sure to get the correct version for your system. Quit all running programs Please disconnect any USB or external drives from the computer before you run this scan! For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe Wait until Prescan has finished... The following EULA will appear, please select accept Ensure MBR scan, Check faked and AntiRootkit are checked Select Scan When the scan completes select Report, copy and paste that to your reply. The log should be found in RKreport[?].txt on your Desktop Exit/Close RogueKiller Kevin Link to post Share on other sites More sharing options...
captainslow Posted March 26, 2014 Author ID:808816 Share Posted March 26, 2014 Hi,I have only clicked 'report', not delete/fix. Is that fine?Here is the report. ThanksRogueKiller V8.8.14 _x64_ [Mar 26 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.comOperating System : Windows 8 (6.2.9200 ) 64 bits versionStarted in : Normal modeUser : John [Admin rights]Mode : Scan -- Date : 03/26/2014 23:35:33| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 4 ¤¤¤[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND¤¤¤ Scheduled tasks : 0 ¤¤¤¤¤¤ Startup Entries : 0 ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Browser Addons : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤[Address] EAT @explorer.exe (FS_Init) : fspmapi_64.dll -> HOOKED (c:\program files (x86)\talktalk\security\apps\computersecurity\hips\fshook64.dll @ 0x62D51E30)[Address] EAT @explorer.exe (AssocCreate) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF43B20)[Address] EAT @explorer.exe (AssocGetPerceivedType) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF44940)[Address] EAT @explorer.exe (AssocIsDangerous) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5CFBC)[Address] EAT @explorer.exe (AssocQueryKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF4A870)[Address] EAT @explorer.exe (AssocQueryKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF43A20)[Address] EAT @explorer.exe (AssocQueryStringA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5E60C)[Address] EAT @explorer.exe (AssocQueryStringByKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5E440)[Address] EAT @explorer.exe (AssocQueryStringByKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF441A0)[Address] EAT @explorer.exe (AssocQueryStringW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF49CC0)[Address] EAT @explorer.exe (ChrCmpIA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A03C)[Address] EAT @explorer.exe (ChrCmpIW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A02C)[Address] EAT @explorer.exe (ColorAdjustLuma) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5F7A8)[Address] EAT @explorer.exe (ColorHLSToRGB) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF4BFF0)[Address] EAT @explorer.exe (ColorRGBToHLS) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF4BF30)[Address] EAT @explorer.exe (ConnectToConnectionPoint) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF442B0)[Address] EAT @explorer.exe (DelayLoadFailureHook) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5F8F0)[Address] EAT @explorer.exe (DllGetClassObject) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF6D448)[Address] EAT @explorer.exe (DllGetVersion) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF55AE0)[Address] EAT @explorer.exe (GUIDFromStringW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF4F786)[Address] EAT @explorer.exe (GetAcceptLanguagesA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF597D0)[Address] EAT @explorer.exe (GetAcceptLanguagesW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF45A40)[Address] EAT @explorer.exe (GetMenuPosFromID) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF45A60)[Address] EAT @explorer.exe (HashData) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF597C0)[Address] EAT @explorer.exe (IStream_Copy) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF4A1A0)[Address] EAT @explorer.exe (IStream_Read) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF42B80)[Address] EAT @explorer.exe (IStream_ReadPidl) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF49980)[Address] EAT @explorer.exe (IStream_ReadStr) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF41120)[Address] EAT @explorer.exe (IStream_Reset) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF46340)[Address] EAT @explorer.exe (IStream_Size) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF4A180)[Address] EAT @explorer.exe (IStream_Write) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF46320)[Address] EAT @explorer.exe (IStream_WritePidl) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF6F194)[Address] EAT @explorer.exe (IStream_WriteStr) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF46350)[Address] EAT @explorer.exe (IUnknown_AtomicRelease) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A09C)[Address] EAT @explorer.exe (IUnknown_Exec) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF45B80)[Address] EAT @explorer.exe (IUnknown_GetSite) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF460B0)[Address] EAT @explorer.exe (IUnknown_GetWindow) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF42D20)[Address] EAT @explorer.exe (IUnknown_QueryService) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF43300)[Address] EAT @explorer.exe (IUnknown_QueryStatus) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF6BBA8)[Address] EAT @explorer.exe (IUnknown_Set) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF41130)[Address] EAT @explorer.exe (IUnknown_SetSite) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF43310)[Address] EAT @explorer.exe (IntlStrEqWorkerA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59E3C)[Address] EAT @explorer.exe (IntlStrEqWorkerW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59E2C)[Address] EAT @explorer.exe (IsCharSpaceA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59A80)[Address] EAT @explorer.exe (IsCharSpaceW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF41140)[Address] EAT @explorer.exe (IsInternetESCEnabled) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF597B0)[Address] EAT @explorer.exe (IsOS) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF42B60)[Address] EAT @explorer.exe (MLFreeLibrary) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF69EF4)[Address] EAT @explorer.exe (MLLoadLibraryA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF69F48)[Address] EAT @explorer.exe (MLLoadLibraryW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF69FA8)[Address] EAT @explorer.exe (ParseURLA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF597A0)[Address] EAT @explorer.exe (ParseURLW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF4C250)[Address] EAT @explorer.exe (PathAddBackslashA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59B2C)[Address] EAT @explorer.exe (PathAddBackslashW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF43C00)[Address] EAT @explorer.exe (PathAddExtensionA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59CCC)[Address] EAT @explorer.exe (PathAddExtensionW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59CBC)[Address] EAT @explorer.exe (PathAppendA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59CAC)[Address] EAT @explorer.exe (PathAppendW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF45A10)[Address] EAT @explorer.exe (PathBuildRootA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A05C)[Address] EAT @explorer.exe (PathBuildRootW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A06C)[Address] EAT @explorer.exe (PathCanonicalizeA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59C9C)[Address] EAT @explorer.exe (PathCanonicalizeW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF42CF0)[Address] EAT @explorer.exe (PathCombineA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59B5C)[Address] EAT @explorer.exe (PathCombineW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF43C10)[Address] EAT @explorer.exe (PathCommonPrefixA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59DAC)[Address] EAT @explorer.exe (PathCommonPrefixW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59D9C)[Address] EAT @explorer.exe (PathCompactPathA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5AF90)[Address] EAT @explorer.exe (PathCompactPathExA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5AD80)[Address] EAT @explorer.exe (PathCompactPathExW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF46530)[Address] EAT @explorer.exe (PathCompactPathW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5EB08)[Address] EAT @explorer.exe (PathCreateFromUrlA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59790)[Address] EAT @explorer.exe (PathCreateFromUrlAlloc) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59780)[Address] EAT @explorer.exe (PathCreateFromUrlW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF436E0)[Address] EAT @explorer.exe (PathFileExistsA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59C0C)[Address] EAT @explorer.exe (PathFileExistsAndAttributesW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF45930)[Address] EAT @explorer.exe (PathFileExistsW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF43690)[Address] EAT @explorer.exe (PathFindExtensionA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59C3C)[Address] EAT @explorer.exe (PathFindExtensionW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF410C0)[Address] EAT @explorer.exe (PathFindFileNameA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59BFC)[Address] EAT @explorer.exe (PathFindFileNameW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF41090)[Address] EAT @explorer.exe (PathFindNextComponentA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59AE0)[Address] EAT @explorer.exe (PathFindNextComponentW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF4A210)[Address] EAT @explorer.exe (PathFindOnPathA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5B610)[Address] EAT @explorer.exe (PathFindOnPathW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF49170)[Address] EAT @explorer.exe (PathFindSuffixArrayA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5B534)[Address] EAT @explorer.exe (PathFindSuffixArrayW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF453D0)[Address] EAT @explorer.exe (PathGetArgsA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5962C)[Address] EAT @explorer.exe (PathGetArgsW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF4C880)[Address] EAT @explorer.exe (PathGetCharTypeA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59648)[Address] EAT @explorer.exe (PathGetCharTypeW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF46480)[Address] EAT @explorer.exe (PathGetDriveNumberA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59D5C)[Address] EAT @explorer.exe (PathGetDriveNumberW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF41050)[Address] EAT @explorer.exe (PathIsContentTypeA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5ABAC)[Address] EAT @explorer.exe (PathIsContentTypeW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF4A2C0)[Address] EAT @explorer.exe (PathIsDirectoryA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5B404)[Address] EAT @explorer.exe (PathIsDirectoryEmptyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5B334)[Address] EAT @explorer.exe (PathIsDirectoryEmptyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5EE78)[Address] EAT @explorer.exe (PathIsDirectoryW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF454D0)[Address] EAT @explorer.exe (PathIsFileSpecA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59D6C)[Address] EAT @explorer.exe (PathIsFileSpecW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF46200)[Address] EAT @explorer.exe (PathIsLFNFileSpecA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59CFC)[Address] EAT @explorer.exe (PathIsLFNFileSpecW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59CEC)[Address] EAT @explorer.exe (PathIsNetworkPathA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A07C)[Address] EAT @explorer.exe (PathIsNetworkPathW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF429A0)[Address] EAT @explorer.exe (PathIsPrefixA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59D8C)[Address] EAT @explorer.exe (PathIsPrefixW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59D7C)[Address] EAT @explorer.exe (PathIsRelativeA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59D4C)[Address] EAT @explorer.exe (PathIsRelativeW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF43680)[Address] EAT @explorer.exe (PathIsRootA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59C8C)[Address] EAT @explorer.exe (PathIsRootW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF42CE0)[Address] EAT @explorer.exe (PathIsSameRootA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59D1C)[Address] EAT @explorer.exe (PathIsSameRootW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59D0C)[Address] EAT @explorer.exe (PathIsSystemFolderA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A834)[Address] EAT @explorer.exe (PathIsSystemFolderW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5E948)[Address] EAT @explorer.exe (PathIsUNCA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59B3C)[Address] EAT @explorer.exe (PathIsUNCServerA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59C1C)[Address] EAT @explorer.exe (PathIsUNCServerShareA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59C2C)[Address] EAT @explorer.exe (PathIsUNCServerShareW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF45E60)[Address] EAT @explorer.exe (PathIsUNCServerW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF45E70)[Address] EAT @explorer.exe (PathIsUNCW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF41040)[Address] EAT @explorer.exe (PathIsURLA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59770)[Address] EAT @explorer.exe (PathIsURLW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF436C0)[Address] EAT @explorer.exe (PathMakePrettyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5BCB0)[Address] EAT @explorer.exe (PathMakePrettyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF49FC0)[Address] EAT @explorer.exe (PathMakeSystemFolderA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A8C0)[Address] EAT @explorer.exe (PathMakeSystemFolderW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF41270)[Address] EAT @explorer.exe (PathMatchSpecA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59BAC)[Address] EAT @explorer.exe (PathMatchSpecExA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59B8C)[Address] EAT @explorer.exe (PathMatchSpecExW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59B7C)[Address] EAT @explorer.exe (PathMatchSpecW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59B9C)[Address] EAT @explorer.exe (PathParseIconLocationA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59BEC)[Address] EAT @explorer.exe (PathParseIconLocationW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF45E20)[Address] EAT @explorer.exe (PathQuoteSpacesA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59BCC)[Address] EAT @explorer.exe (PathQuoteSpacesW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF42D00)[Address] EAT @explorer.exe (PathRelativePathToA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59B14)[Address] EAT @explorer.exe (PathRelativePathToW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59AF4)[Address] EAT @explorer.exe (PathRemoveArgsA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5BC74)[Address] EAT @explorer.exe (PathRemoveArgsW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF46450)[Address] EAT @explorer.exe (PathRemoveBackslashA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59CDC)[Address] EAT @explorer.exe (PathRemoveBackslashW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF43730)[Address] EAT @explorer.exe (PathRemoveBlanksA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59BBC)[Address] EAT @explorer.exe (PathRemoveBlanksW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF43BD0)[Address] EAT @explorer.exe (PathRemoveExtensionA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59C7C)[Address] EAT @explorer.exe (PathRemoveExtensionW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF45E30)[Address] EAT @explorer.exe (PathRemoveFileSpecA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59B4C)[Address] EAT @explorer.exe (PathRemoveFileSpecW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF44040)[Address] EAT @explorer.exe (PathRenameExtensionA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59C6C)[Address] EAT @explorer.exe (PathRenameExtensionW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59C5C)[Address] EAT @explorer.exe (PathSearchAndQualifyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5961C)[Address] EAT @explorer.exe (PathSearchAndQualifyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF42E00)[Address] EAT @explorer.exe (PathSetDlgItemPathA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5AC50)[Address] EAT @explorer.exe (PathSetDlgItemPathW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5E9D0)[Address] EAT @explorer.exe (PathSkipRootA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59D2C)[Address] EAT @explorer.exe (PathSkipRootW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF45A20)[Address] EAT @explorer.exe (PathStripPathA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59D3C)[Address] EAT @explorer.exe (PathStripPathW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF46220)[Address] EAT @explorer.exe (PathStripToRootA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59C4C)[Address] EAT @explorer.exe (PathStripToRootW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF45E50)[Address] EAT @explorer.exe (PathUnExpandEnvStringsA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59B6C)[Address] EAT @explorer.exe (PathUnExpandEnvStringsW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF42DF0)[Address] EAT @explorer.exe (PathUndecorateA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A75C)[Address] EAT @explorer.exe (PathUndecorateW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF464D0)[Address] EAT @explorer.exe (PathUnmakeSystemFolderA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A86C)[Address] EAT @explorer.exe (PathUnmakeSystemFolderW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5E984)[Address] EAT @explorer.exe (PathUnquoteSpacesA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59BDC)[Address] EAT @explorer.exe (PathUnquoteSpacesW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF43BE0)[Address] EAT @explorer.exe (QISearch) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF41010)[Address] EAT @explorer.exe (SHAllocShared) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF429D0)[Address] EAT @explorer.exe (SHAnsiToAnsi) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A310)[Address] EAT @explorer.exe (SHAnsiToUnicode) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A320)[Address] EAT @explorer.exe (SHAutoComplete) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF4BE10)[Address] EAT @explorer.exe (SHCopyKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A2F0)[Address] EAT @explorer.exe (SHCopyKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF4A070)[Address] EAT @explorer.exe (SHCreateMemStream) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF432B0)[Address] EAT @explorer.exe (SHCreateShellPalette) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF42890)[Address] EAT @explorer.exe (SHCreateStreamOnFileA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A0DC)[Address] EAT @explorer.exe (SHCreateStreamOnFileEx) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF46070)[Address] EAT @explorer.exe (SHCreateStreamOnFileW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF464A0)[Address] EAT @explorer.exe (SHCreateStreamWrapper) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF4F792)[Address] EAT @explorer.exe (SHCreateThread) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF45E80)[Address] EAT @explorer.exe (SHCreateThreadRef) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF45B30)[Address] EAT @explorer.exe (SHCreateThreadWithHandle) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF46400)[Address] EAT @explorer.exe (SHDeleteEmptyKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A0FC)[Address] EAT @explorer.exe (SHDeleteEmptyKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A0EC)[Address] EAT @explorer.exe (SHDeleteKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A2E0)[Address] EAT @explorer.exe (SHDeleteKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF42C60)[Address] EAT @explorer.exe (SHDeleteOrphanKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF6EFB8)[Address] EAT @explorer.exe (SHDeleteOrphanKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF6EF48)[Address] EAT @explorer.exe (SHDeleteValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A10C)[Address] EAT @explorer.exe (SHDeleteValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF42CA0)[Address] EAT @explorer.exe (SHEnumKeyExA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A290)[Address] EAT @explorer.exe (SHEnumKeyExW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A280)[Address] EAT @explorer.exe (SHEnumValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A250)[Address] EAT @explorer.exe (SHEnumValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF4A1D0)[Address] EAT @explorer.exe (SHFormatDateTimeA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5F004)[Address] EAT @explorer.exe (SHFormatDateTimeW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5F070)[Address] EAT @explorer.exe (SHFreeShared) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF429E0)[Address] EAT @explorer.exe (SHGetInverseCMAP) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF60830)[Address] EAT @explorer.exe (SHGetThreadRef) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF49140)[Address] EAT @explorer.exe (SHGetValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF443C0)[Address] EAT @explorer.exe (SHGetValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF42B20)[Address] EAT @explorer.exe (SHGetViewStatePropertyBag) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF46FA0)[Address] EAT @explorer.exe (SHIsChildOrSelf) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF43510)[Address] EAT @explorer.exe (SHIsLowMemoryMachine) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF6BC3C)[Address] EAT @explorer.exe (SHLoadIndirectString) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF43340)[Address] EAT @explorer.exe (SHLockShared) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF6F838)[Address] EAT @explorer.exe (SHMessageBoxCheckA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF6ADD4)[Address] EAT @explorer.exe (SHMessageBoxCheckW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF6AF00)[Address] EAT @explorer.exe (SHOpenRegStream2A) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A0AC)[Address] EAT @explorer.exe (SHOpenRegStream2W) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF443F0)[Address] EAT @explorer.exe (SHOpenRegStreamA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A0CC)[Address] EAT @explorer.exe (SHOpenRegStreamW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A0BC)[Address] EAT @explorer.exe (SHPackDispParamsV) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF47DB0)[Address] EAT @explorer.exe (SHPropertyBag_ReadStrAlloc) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF71598)[Address] EAT @explorer.exe (SHPropertyBag_WriteBSTR) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF71498)[Address] EAT @explorer.exe (SHQueryInfoKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A230)[Address] EAT @explorer.exe (SHQueryInfoKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A210)[Address] EAT @explorer.exe (SHQueryValueExA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A120)[Address] EAT @explorer.exe (SHQueryValueExW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF463A0)[Address] EAT @explorer.exe (SHRegCloseUSKey) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59A70)[Address] EAT @explorer.exe (SHRegCreateUSKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59A58)[Address] EAT @explorer.exe (SHRegCreateUSKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF42640)[Address] EAT @explorer.exe (SHRegDeleteEmptyUSKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59A44)[Address] EAT @explorer.exe (SHRegDeleteEmptyUSKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59A34)[Address] EAT @explorer.exe (SHRegDeleteUSValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59A24)[Address] EAT @explorer.exe (SHRegDeleteUSValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59A14)[Address] EAT @explorer.exe (SHRegDuplicateHKey) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A1F0)[Address] EAT @explorer.exe (SHRegEnumUSKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF599FC)[Address] EAT @explorer.exe (SHRegEnumUSKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF599DC)[Address] EAT @explorer.exe (SHRegEnumUSValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59998)[Address] EAT @explorer.exe (SHRegEnumUSValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF42590)[Address] EAT @explorer.exe (SHRegGetBoolUSValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59984)[Address] EAT @explorer.exe (SHRegGetBoolUSValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF4C220)[Address] EAT @explorer.exe (SHRegGetBoolValueFromHKCUHKLM) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF46330)[Address] EAT @explorer.exe (SHRegGetIntW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A1E0)[Address] EAT @explorer.exe (SHRegGetPathA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A1C0)[Address] EAT @explorer.exe (SHRegGetPathW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF4A240)[Address] EAT @explorer.exe (SHRegGetUSValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59948)[Address] EAT @explorer.exe (SHRegGetUSValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF4A280)[Address] EAT @explorer.exe (SHRegGetValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A2A4)[Address] EAT @explorer.exe (SHRegGetValueFromHKCUHKLM) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF46EBC)[Address] EAT @explorer.exe (SHRegGetValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF421B0)[Address] EAT @explorer.exe (SHRegOpenUSKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59928)[Address] EAT @explorer.exe (SHRegOpenUSKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59908)[Address] EAT @explorer.exe (SHRegQueryInfoUSKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF598E0)[Address] EAT @explorer.exe (SHRegQueryInfoUSKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF42610)[Address] EAT @explorer.exe (SHRegQueryUSValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF598A0)[Address] EAT @explorer.exe (SHRegQueryUSValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59860)[Address] EAT @explorer.exe (SHRegSetPathA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A1A0)[Address] EAT @explorer.exe (SHRegSetPathW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A180)[Address] EAT @explorer.exe (SHRegSetUSValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59838)[Address] EAT @explorer.exe (SHRegSetUSValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59810)[Address] EAT @explorer.exe (SHRegWriteUSValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF597E4)[Address] EAT @explorer.exe (SHRegWriteUSValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF425E0)[Address] EAT @explorer.exe (SHRegisterValidateTemplate) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF758E0)[Address] EAT @explorer.exe (SHReleaseThreadRef) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A08C)[Address] EAT @explorer.exe (SHRunIndirectRegClientCommand) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5C95C)[Address] EAT @explorer.exe (SHSendMessageBroadcastA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF6A27C)[Address] EAT @explorer.exe (SHSendMessageBroadcastW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF42CC0)[Address] EAT @explorer.exe (SHSetThreadRef) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF45B10)[Address] EAT @explorer.exe (SHSetValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A14C)[Address] EAT @explorer.exe (SHSetValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF463D0)[Address] EAT @explorer.exe (SHSkipJunction) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF42E20)[Address] EAT @explorer.exe (SHStrDupA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF4A260)[Address] EAT @explorer.exe (SHStrDupW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF41070)[Address] EAT @explorer.exe (SHStripMneumonicA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF6A900)[Address] EAT @explorer.exe (SHStripMneumonicW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF42DB0)[Address] EAT @explorer.exe (SHUnicodeToAnsi) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF432E0)[Address] EAT @explorer.exe (SHUnicodeToAnsiCP) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF4F7B9)[Address] EAT @explorer.exe (SHUnicodeToUnicode) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A300)[Address] EAT @explorer.exe (SHUnlockShared) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF6F818)[Address] EAT @explorer.exe (ShellMessageBoxA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5C604)[Address] EAT @explorer.exe (ShellMessageBoxW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5F54C)[Address] EAT @explorer.exe (StrCSpnA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59EEC)[Address] EAT @explorer.exe (StrCSpnIA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59EDC)[Address] EAT @explorer.exe (StrCSpnIW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59ECC)[Address] EAT @explorer.exe (StrCSpnW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF45A30)[Address] EAT @explorer.exe (StrCatBuffA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59FDC)[Address] EAT @explorer.exe (StrCatBuffW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59FEC)[Address] EAT @explorer.exe (StrCatChainW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59DCC)[Address] EAT @explorer.exe (StrCatW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5FCF8)[Address] EAT @explorer.exe (StrChrA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59FCC)[Address] EAT @explorer.exe (StrChrIA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59F9C)[Address] EAT @explorer.exe (StrChrIW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF410E0)[Address] EAT @explorer.exe (StrChrNIW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59F8C)[Address] EAT @explorer.exe (StrChrNW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59FBC)[Address] EAT @explorer.exe (StrChrW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF41080)[Address] EAT @explorer.exe (StrCmpCA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59DEC)[Address] EAT @explorer.exe (StrCmpCW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF42C90)[Address] EAT @explorer.exe (StrCmpICA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF41100)[Address] EAT @explorer.exe (StrCmpICW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF410F0)[Address] EAT @explorer.exe (StrCmpIW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF43650)[Address] EAT @explorer.exe (StrCmpLogicalW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59DDC)[Address] EAT @explorer.exe (StrCmpNA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59EBC)[Address] EAT @explorer.exe (StrCmpNCA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59E0C)[Address] EAT @explorer.exe (StrCmpNCW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59DFC)[Address] EAT @explorer.exe (StrCmpNIA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59EAC)[Address] EAT @explorer.exe (StrCmpNICA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF460A0)[Address] EAT @explorer.exe (StrCmpNICW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF42B70)[Address] EAT @explorer.exe (StrCmpNIW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF43670)[Address] EAT @explorer.exe (StrCmpNW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF43770)[Address] EAT @explorer.exe (StrCmpW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF410B0)[Address] EAT @explorer.exe (StrCpyNW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59FFC)[Address] EAT @explorer.exe (StrCpyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5FD38)[Address] EAT @explorer.exe (StrDupA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59E4C)[Address] EAT @explorer.exe (StrDupW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF42B50)[Address] EAT @explorer.exe (StrFormatByteSize64A) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5FC00)[Address] EAT @explorer.exe (StrFormatByteSizeA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5FBF4)[Address] EAT @explorer.exe (StrFormatByteSizeEx) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF432D0)[Address] EAT @explorer.exe (StrFormatByteSizeW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5FC60)[Address] EAT @explorer.exe (StrFormatKBSizeA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5FB74)[Address] EAT @explorer.exe (StrFormatKBSizeW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5FBE0)[Address] EAT @explorer.exe (StrFromTimeIntervalA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF68AC8)[Address] EAT @explorer.exe (StrFromTimeIntervalW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF68A44)[Address] EAT @explorer.exe (StrIsIntlEqualA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59E3C)[Address] EAT @explorer.exe (StrIsIntlEqualW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59E2C)[Address] EAT @explorer.exe (StrNCatA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5FCB8)[Address] EAT @explorer.exe (StrNCatW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5FC74)[Address] EAT @explorer.exe (StrPBrkA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59F5C)[Address] EAT @explorer.exe (StrPBrkW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF461E0)[Address] EAT @explorer.exe (StrRChrA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59FAC)[Address] EAT @explorer.exe (StrRChrIA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59F7C)[Address] EAT @explorer.exe (StrRChrIW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59F6C)[Address] EAT @explorer.exe (StrRChrW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF46210)[Address] EAT @explorer.exe (StrRStrIA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59E9C)[Address] EAT @explorer.exe (StrRStrIW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59E8C)[Address] EAT @explorer.exe (StrRetToBSTR) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF460D0)[Address] EAT @explorer.exe (StrRetToBufA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5F9E8)[Address] EAT @explorer.exe (StrRetToBufW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF41110)[Address] EAT @explorer.exe (StrRetToStrA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5FA98)[Address] EAT @explorer.exe (StrRetToStrW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF43330)[Address] EAT @explorer.exe (StrSpnA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59F0C)[Address] EAT @explorer.exe (StrSpnW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59EFC)[Address] EAT @explorer.exe (StrStrA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59E7C)[Address] EAT @explorer.exe (StrStrIA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF46490)[Address] EAT @explorer.exe (StrStrIW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF410D0)[Address] EAT @explorer.exe (StrStrNIW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59E5C)[Address] EAT @explorer.exe (StrStrNW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59E6C)[Address] EAT @explorer.exe (StrStrW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF43660)[Address] EAT @explorer.exe (StrToInt64ExA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59F2C)[Address] EAT @explorer.exe (StrToInt64ExW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59F3C)[Address] EAT @explorer.exe (StrToIntA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59F4C)[Address] EAT @explorer.exe (StrToIntExA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59F1C)[Address] EAT @explorer.exe (StrToIntExW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF461F0)[Address] EAT @explorer.exe (StrToIntW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF410A0)[Address] EAT @explorer.exe (StrTrimA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59E1C)[Address] EAT @explorer.exe (StrTrimW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF43320)[Address] EAT @explorer.exe (UrlApplySchemeA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59760)[Address] EAT @explorer.exe (UrlApplySchemeW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59750)[Address] EAT @explorer.exe (UrlCanonicalizeA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59740)[Address] EAT @explorer.exe (UrlCanonicalizeW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF436B0)[Address] EAT @explorer.exe (UrlCombineA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59728)[Address] EAT @explorer.exe (UrlCombineW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF43750)[Address] EAT @explorer.exe (UrlCompareA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59714)[Address] EAT @explorer.exe (UrlCompareW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59704)[Address] EAT @explorer.exe (UrlCreateFromPathA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF596F4)[Address] EAT @explorer.exe (UrlCreateFromPathW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF43BF0)[Address] EAT @explorer.exe (UrlEscapeA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF596E4)[Address] EAT @explorer.exe (UrlEscapeW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF43720)[Address] EAT @explorer.exe (UrlFixupW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF596D4)[Address] EAT @explorer.exe (UrlGetLocationA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF596C4)[Address] EAT @explorer.exe (UrlGetLocationW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF596B4)[Address] EAT @explorer.exe (UrlGetPartA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5969C)[Address] EAT @explorer.exe (UrlGetPartW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF43700)[Address] EAT @explorer.exe (UrlHashA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59688)[Address] EAT @explorer.exe (UrlHashW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59678)[Address] EAT @explorer.exe (UrlIsA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59668)[Address] EAT @explorer.exe (UrlIsNoHistoryA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF595EC)[Address] EAT @explorer.exe (UrlIsNoHistoryW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF41150)[Address] EAT @explorer.exe (UrlIsOpaqueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5960C)[Address] EAT @explorer.exe (UrlIsOpaqueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF595FC)[Address] EAT @explorer.exe (UrlIsW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF436A0)[Address] EAT @explorer.exe (UrlUnescapeA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59658)[Address] EAT @explorer.exe (UrlUnescapeW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF436D0)[Address] EAT @explorer.exe (WhichPlatform) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF6A6D0)[Address] EAT @explorer.exe (wnsprintfA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF693AC)[Address] EAT @explorer.exe (wnsprintfW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF69318)[Address] EAT @explorer.exe (wvnsprintfA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF693F8)[Address] EAT @explorer.exe (wvnsprintfW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF69368)¤¤¤ External Hives: ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts127.0.0.1 localhost¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS541010A9E680 +++++--- User ---[MBR] 8e4e14f27291f4ddccf5ca7da0716fb1[bSP] 7a953ccb260afb33417e633f79ea4ff4 : Empty MBR CodePartition table:0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 953869 MBUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[0]_S_03262014_233533.txt >> Link to post Share on other sites More sharing options...
kevinf80 Posted March 26, 2014 ID:808824 Share Posted March 26, 2014 Yes not deleting fixing is good, nothing conclusive in that log. Run the following please se what this one shows.. Please download the latest version of TDSSKiller from here: http://support.kaspersky.com/downloads/utils/tdsskiller.exe and save it to your Desktop. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. Put a checkmark beside loaded modules. A reboot will be needed to apply the changes. Do it. TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs. Then click on Change parameters in TDSSKiller. Check all boxes then click OK. Click the Start Scan button. The scan will be quick. If a suspicious object is detected, the default action will be Skip, click on Continue. If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options. Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed. A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. Kevin.. Link to post Share on other sites More sharing options...
captainslow Posted March 27, 2014 Author ID:808838 Share Posted March 27, 2014 Ive downloaded and run it. The link above didnt work, just FYI, but i found it on the developer site.Secondly, it crashed first time through the scan. When i reran the scan, the comp didnt need to reboot to load the modules - i guess thats ok.Here is the scan (will post in 2/3 messages as is too long for 1). There was nothing to cure or delete.....Thanks00:08:49.0223 0x0b00 TDSS rootkit removing tool 3.0.0.26 Mar 24 2014 07:28:4300:08:49.0223 0x0b00 UEFI system00:08:53.0364 0x0b00 ============================================================00:08:53.0364 0x0b00 Current date / time: 2014/03/27 00:08:53.036400:08:53.0364 0x0b00 SystemInfo:00:08:53.0364 0x0b00 00:08:53.0364 0x0b00 OS Version: 6.2.9200 ServicePack: 0.000:08:53.0364 0x0b00 Product type: Workstation00:08:53.0364 0x0b00 ComputerName: LAPTOP00:08:53.0364 0x0b00 UserName: John00:08:53.0364 0x0b00 Windows directory: C:\Windows00:08:53.0364 0x0b00 System windows directory: C:\Windows00:08:53.0364 0x0b00 Running under WOW6400:08:53.0364 0x0b00 Processor architecture: Intel x6400:08:53.0364 0x0b00 Number of processors: 400:08:53.0364 0x0b00 Page size: 0x100000:08:53.0364 0x0b00 Boot type: Normal boot00:08:53.0364 0x0b00 ============================================================00:08:53.0364 0x0b00 BG loaded00:08:53.0520 0x0b00 System UUID: {B35504A9-EFD1-EED1-FE98-FC59203DD966}00:08:53.0864 0x0b00 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004000:08:53.0864 0x0b00 ============================================================00:08:53.0864 0x0b00 \Device\Harddisk0\DR0:00:08:53.0864 0x0b00 GPT partitions:00:08:53.0864 0x0b00 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {14A2EC7A-314A-4BDA-86AD-FBEC98E9628A}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xC800000:08:53.0864 0x0b00 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {BF254A3E-4074-44CA-878B-891710BCF732}, Name: EFI system partition, StartLBA 0xC8800, BlocksNum 0x8200000:08:53.0864 0x0b00 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {A2EC2995-D31F-4F2D-93F2-D1D7E090A3E7}, Name: Microsoft reserved partition, StartLBA 0x14A800, BlocksNum 0x4000000:08:53.0864 0x0b00 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {464FC413-FEF9-44B9-8848-6250AED889E7}, Name: Basic data partition, StartLBA 0x18A800, BlocksNum 0x71D4580000:08:53.0864 0x0b00 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {99E3B03F-0EB2-4E73-AE3C-54EF59C5DCFA}, Name: Basic data partition, StartLBA 0x71ED0000, BlocksNum 0x283680000:08:53.0864 0x0b00 MBR partitions:00:08:53.0864 0x0b00 ============================================================00:08:53.0911 0x0b00 C: <-> \Device\Harddisk0\DR0\Partition400:08:53.0957 0x0b00 D: <-> \Device\Harddisk0\DR0\Partition500:08:53.0957 0x0b00 ============================================================00:08:53.0957 0x0b00 Initialize success00:08:53.0957 0x0b00 ============================================================00:09:26.0147 0x04a0 ============================================================00:09:26.0147 0x04a0 Scan started00:09:26.0147 0x04a0 Mode: Manual; SigCheck; TDLFS;00:09:26.0147 0x04a0 ============================================================00:09:26.0147 0x04a0 KSN ping started00:09:28.0444 0x04a0 KSN ping finished: true00:09:29.0553 0x04a0 ================ Scan system memory ========================00:09:29.0553 0x04a0 System memory - ok00:09:29.0553 0x04a0 ================ Scan services =============================00:09:29.0662 0x04a0 [ E890C46E4754F0DF51BAFCC8D2E07498, E620D03030F3B65442E0A5CB8B59016A6E8DB3BCA52741977B8897B34438E902 ] 1394ohci C:\Windows\System32\drivers\1394ohci.sys00:09:29.0772 0x04a0 1394ohci - ok00:09:29.0787 0x04a0 [ 4F18D4C7EA14F11A7211F60D553C03DB, 09AB6D2D8E9B7B6D6A97708551C0E4B34538947A15EA2A69C11764D7BC0BB7F6 ] 3ware C:\Windows\system32\drivers\3ware.sys00:09:29.0803 0x04a0 3ware - ok00:09:29.0928 0x04a0 [ B33CF4DE909A5B30F526D82053A63C8E, ABF5BB962C038E545C18B96E686E072D780C907096C7BB341297AF31D3703ABD ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe00:09:30.0100 0x04a0 ABBYY.Licensing.FineReader.Sprint.9.0 - ok00:09:30.0131 0x04a0 [ 899B7E724BF19F17978B6A37B864A277, F7D166DC5F7642D4B834B1E0D956929BA94F3E4D402989FC1A681A08FA1F86B6 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys00:09:30.0147 0x04a0 Accelerometer - ok00:09:30.0225 0x04a0 [ 975AABEB243B800C23626D6B652C5A9C, FB02336F26AF10BA2A0D1B97C33CB1D78BB90CA51EF008A613A0274779798FAD ] ACPI C:\Windows\system32\drivers\ACPI.sys00:09:30.0287 0x04a0 ACPI - ok00:09:30.0319 0x04a0 [ DC968C37822117E576B933F34A2D130C, 4C94E00ADC242296D7CBBFC7346D5F9AE5FE1B0C616ECA3BDE10A7B34FD2040B ] acpiex C:\Windows\system32\Drivers\acpiex.sys00:09:30.0366 0x04a0 acpiex - ok00:09:30.0381 0x04a0 [ 0CA9F7C3A78227C21A0A7854E245CFB2, D54147C9C1EE2F0098B863B0852E027DB89D6FA67F6B7FD54F609D9715A11442 ] acpipagr C:\Windows\System32\drivers\acpipagr.sys00:09:30.0397 0x04a0 acpipagr - ok00:09:30.0412 0x04a0 [ 8EB8DA03B142D3DD1EB9ED8107A76C43, 24B9B24F9A5BDF3AAD13C4EE0638497D9CA4A100096C6EAE403E0215EA89C439 ] AcpiPmi C:\Windows\System32\drivers\acpipmi.sys00:09:30.0428 0x04a0 AcpiPmi - ok00:09:30.0444 0x04a0 [ CBCE725C5D86ABA7D2604E22951AA9B8, DE0440F0E943F057EBCD01DB4B1E12DBC241FBF03C42021306D322AB88FF8F21 ] acpitime C:\Windows\System32\drivers\acpitime.sys00:09:30.0459 0x04a0 acpitime - ok00:09:30.0506 0x04a0 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe00:09:30.0553 0x04a0 AdobeARMservice - ok00:09:30.0631 0x04a0 [ 9D96B0D5855FD1B98023B3EEC9F06786, E4C79233158BE8AA4E9C6DD71585E5D2703A5156531EB3D692D7D81BC443E844 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe00:09:30.0694 0x04a0 AdobeFlashPlayerUpdateSvc - ok00:09:30.0725 0x04a0 [ 93C6388592B99925C1D1576E465BC80F, 4C48BE5471DA4788357D71E90DFEA20FE320C7AAE1F4C55AFBE2E46FEA5CF8FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys00:09:30.0819 0x04a0 adp94xx - ok00:09:30.0850 0x04a0 [ D27763E0247292654E7F7D16444C7C72, 0314C713D31E2B34F215B52F804F014D876E6ED92DC656CC3E27920CCD36CF0E ] adpahci C:\Windows\system32\drivers\adpahci.sys00:09:30.0928 0x04a0 adpahci - ok00:09:30.0959 0x04a0 [ 67B90070FF48F794AF19F9FCF0080D75, 5D0D352606D58D2CA0814F38EF7B1774C030BE44353DF5910CBFAAF4FDE64ED6 ] adpu320 C:\Windows\system32\drivers\adpu320.sys00:09:30.0991 0x04a0 adpu320 - ok00:09:31.0037 0x04a0 [ 974AE60BF5B90E31412D93596C968E5B, 092B59C2B67C4618E7B1800615D1DF7199482F60D0D27BD91763F7F8D7FC883F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll00:09:31.0069 0x04a0 AeLookupSvc - ok00:09:31.0100 0x04a0 [ 7C0E0EDF18D6CC565D7BFBB451709FA5, 47C21CD9D87B5C1B5EB14F6166B5E3349B1A6F10501E63CCED8D52A9FE22765D ] AFD C:\Windows\system32\drivers\afd.sys00:09:31.0247 0x04a0 AFD - ok00:09:31.0274 0x04a0 [ 01590377A5AB19E792528C628A2A68F9, F3A4B6CA4E8D4436E44E36D7F7EEF3DC861D1EE50D41F4273226C4ED95674B84 ] agp440 C:\Windows\system32\drivers\agp440.sys00:09:31.0321 0x04a0 agp440 - ok00:09:31.0336 0x04a0 [ D1BE8E6E5B3AF23A4393AF1BF867977A, B3AE97D35A9304198715D76F6C3F0545AA176FDEBA6C2055782558B11DFA14EB ] ALG C:\Windows\System32\alg.exe00:09:31.0368 0x04a0 ALG - ok00:09:31.0383 0x04a0 [ 025E8C755BE293E50854D26D1BBE5133, 4373639689306A3D8FE0F862072711BAD5DBAA45E105CD3129586439A90EE070 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll00:09:31.0414 0x04a0 AllUserInstallAgent - ok00:09:31.0430 0x04a0 [ 5A81054B824004B1ECC04F0034A1CDF9, 73A1986A4B346C425157216EBF16CC90EFFC642EDF6109E6364CF0552E3388FD ] AmdK8 C:\Windows\System32\drivers\amdk8.sys00:09:31.0461 0x04a0 AmdK8 - ok00:09:31.0774 0x04a0 [ 8DC532B5BF820E48194C6AFC8862FCBC, AA8040A2EC9004FBED4B94166B2DD5A4F5BC835EBADD6199651C856A695AA3E1 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys00:09:32.0399 0x04a0 amdkmdag - ok00:09:32.0446 0x04a0 [ AA48FEABA50C2DED9C485DFDBA044E40, AE52933B85494F51E4F1524489BEAC4C16F80D09BC8974D97F792D94EAD2A231 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys00:09:32.0524 0x04a0 amdkmdap - ok00:09:32.0555 0x04a0 [ B849D453E644FAB9BC8EF6DC8CA9C4C6, B803CDA478D3385937C44CBB05A0E65ABACEFEBA682975787C44E2904FB89D2D ] AmdPPM C:\Windows\System32\drivers\amdppm.sys00:09:32.0602 0x04a0 AmdPPM - ok00:09:32.0633 0x04a0 [ 35A0EB5AECB0FA3C41A2FB514A562304, 737783ABF348288471AC7051D4DC6CB336D686C94EC7B8938DCA74AFE9BECB1C ] amdsata C:\Windows\system32\drivers\amdsata.sys00:09:32.0665 0x04a0 amdsata - ok00:09:32.0680 0x04a0 [ 00452671904F5EE94B50BF0219C97164, 99F9B86D3DB3E10B014120A63CD43CBAAB22C8E38851090ABE37D89ABD61F7B6 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys00:09:32.0711 0x04a0 amdsbs - ok00:09:32.0743 0x04a0 [ EA3FFE53E92E59C87E3ECA9BEB20D9B7, DC0B8B798720F5F75F8AFD3383CF69194282AEEE84DCACB97382F4C86E1D3E49 ] amdxata C:\Windows\system32\drivers\amdxata.sys00:09:32.0758 0x04a0 amdxata - ok00:09:32.0821 0x04a0 [ 823F34D1DEF120A657BB7529ABF4461F, C56D6614F6B3DA13DF7F6AC6B70ACA39D1DB146F7324CF96029CA038C3063DB3 ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll00:09:32.0852 0x04a0 AppHostSvc - ok00:09:32.0899 0x04a0 [ 83B3682CE922FB0F415734B26D9D6233, 9102E8B410BB1AE426770896B6AB584D1F02830337FBB2DEC182F3F19832F35F ] AppID C:\Windows\system32\drivers\appid.sys00:09:32.0946 0x04a0 AppID - ok00:09:32.0977 0x04a0 [ CE2BEAD7F31816FF0AC490D048C969F9, 7D24C5A9E8F7C21CC6D8BF2CA29A8B79DDE7EEDE2F37D36B9071ECE1CF61371F ] AppIDSvc C:\Windows\System32\appidsvc.dll00:09:33.0008 0x04a0 AppIDSvc - ok00:09:33.0040 0x04a0 [ 4F750B7EFCB6520AE01E01D082D7D476, AD2A67D727A1D4DD0BBACC6B4BB432FA9A14D50D8BA292B95A4747CEC9F85728 ] Appinfo C:\Windows\System32\appinfo.dll00:09:33.0055 0x04a0 Appinfo - ok00:09:33.0102 0x04a0 [ E933401B392387F4BE34DE8BAF1722A7, 57CC6DE31E2C82D2B12509F0A5EC9EC70DD2EF6A1F31A66ADF62DC6AE0A67323 ] arc C:\Windows\system32\drivers\arc.sys00:09:33.0118 0x04a0 arc - ok00:09:33.0149 0x04a0 [ 07CA323EF2E8247A568AB0F3662AD644, 1224B41193F0E9B164732BA5BF707A13427C82C1D8C3EDC2AAE5C5C75454B9F6 ] arcsas C:\Windows\system32\drivers\arcsas.sys00:09:33.0165 0x04a0 arcsas - ok00:09:33.0227 0x04a0 [ 108FB6DDB69E537A2EA53F425363FAE5, B12A9F5338D39805E08A44A335FF7AA77F2266F535A2F5C8412CC746C75E5B1D ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe00:09:33.0274 0x04a0 aspnet_state - ok00:09:33.0290 0x04a0 [ 74DBAEC35366C4EE7670428808715A6A, 3B3A7A81CD8038C4750560B94A9247C4409410780B312BA71EDF2E393DCA7474 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys00:09:33.0321 0x04a0 AsyncMac - ok00:09:33.0336 0x04a0 [ A721FF570C2387E383BDDEA9632863C9, 45DD7787F44A2C742560FEB03AB66910C2F0002D95BB02C55EEDE973AA92AD24 ] atapi C:\Windows\system32\drivers\atapi.sys00:09:33.0352 0x04a0 atapi - ok00:09:33.0399 0x04a0 [ BCD7A47EF587DC00DD61D12D9C2D1E44, 95BC9AC8BA8A86DB5C7A6317002BD9872F193B401A0C58DF252DCF3D4A7541E2 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll00:09:33.0446 0x04a0 AudioEndpointBuilder - ok00:09:33.0493 0x04a0 [ 599B3F685A263A114FFAF3BE29C49C75, 579E9561BA8537888E061E303F3F89E2E6F8B8DED74369C3767DB10B35CD45E8 ] Audiosrv C:\Windows\System32\Audiosrv.dll00:09:33.0649 0x04a0 Audiosrv - ok00:09:33.0680 0x04a0 [ 89491EF71D5EA011127832C588002853, 05620E4235956D8446FB9604F930738C8AA97E3A74C907E37F7CC08B8EDA0461 ] AxInstSV C:\Windows\System32\AxInstSV.dll00:09:33.0711 0x04a0 AxInstSV - ok00:09:33.0758 0x04a0 [ 87AB5BB072A3F128541D5B815F82FFDD, 186AF33D3DE90638C3E165CAC3DA17295E8A80CDB523F9BE4AF7D38CA6954905 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys00:09:33.0883 0x04a0 b06bdrv - ok00:09:33.0899 0x04a0 [ 81703BC5D68DEDBB086C2368FBE7B334, CFD4A55C8045C482F8D410514F3211AEFA00097AB395F5A04BFE983ED6254F6B ] BasicDisplay C:\Windows\System32\drivers\BasicDisplay.sys00:09:33.0930 0x04a0 BasicDisplay - ok00:09:33.0930 0x04a0 [ 5EC68164E14D25675C98BBB5F09E8606, 1D7EDB21C87039FC5F39F46460AD852BC4EC6B179B1C205D189DD3C397343435 ] BasicRender C:\Windows\System32\drivers\BasicRender.sys00:09:33.0946 0x04a0 BasicRender - ok00:09:33.0993 0x04a0 [ 89143A7BA7850F5C7E61B43BB44B6418, 00BB781DF87D4FF1BAFD318AFE237296B4F5925023BA4486405EC0A384C88D8F ] BDESVC C:\Windows\System32\bdesvc.dll00:09:34.0024 0x04a0 BDESVC - ok00:09:34.0040 0x04a0 [ 9E7AEA59776D904607985AFFE7E5E183, C3DB745A9F4DA7CB9628A7913DD52B2444B14FEB9D588FF6558CF52CEB8955EB ] Beep C:\Windows\system32\drivers\Beep.sys00:09:34.0086 0x04a0 Beep - ok00:09:34.0165 0x04a0 [ 53AA55632B94622F2DC3695E86EF9363, 9B5BB8EDA48A37AE97BCD42D83B25A6D10AA6231EABE745DCCE6D60E19094A6F ] BFE C:\Windows\System32\bfe.dll00:09:34.0243 0x04a0 BFE - ok00:09:34.0321 0x04a0 [ D598C44A7072D3108D8D8102EC5E07F7, D7472E9BAAB7B6E1D30F4E153412E2A16EE5C08DE2BF8BFF4D65089825226FE0 ] BITS C:\Windows\system32\qmgr.dll00:09:34.0415 0x04a0 BITS - ok00:09:34.0477 0x04a0 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe00:09:34.0618 0x04a0 Bonjour Service - ok00:09:34.0633 0x04a0 [ B17AC10B47C7FCB44D22A1F06415840E, 990D6F629D93F4F913D218ACE5187A26DCB762BAFB2BB279CCE8CAF2755D85A5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys00:09:34.0649 0x04a0 bowser - ok00:09:34.0696 0x04a0 [ 038FA1B55531E7020DB705B42FCCE373, 023E87E3204D64890D6FEA78E762E5BC5BD0A59325EBC264834727779EEEDBC5 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll00:09:34.0727 0x04a0 BrokerInfrastructure - ok00:09:34.0743 0x04a0 [ 310068BDA80B1D55C36580FD8A873FAF, A75412FF1F483461F526E9A359DCEECA5E683441514464D5ED82D1A9740D583E ] Browser C:\Windows\System32\browser.dll00:09:34.0774 0x04a0 Browser - ok00:09:34.0821 0x04a0 [ 6695200F455E251F0BCC9CE4D0978D59, 4DB2F967E449581A9330EF43E794B45B93581564B20C5B991FC1EC665A640D69 ] BthAvrcpTg C:\Windows\System32\drivers\BthAvrcpTg.sys00:09:34.0837 0x04a0 BthAvrcpTg - ok00:09:34.0868 0x04a0 [ 616EB8748C988AEE98D93DA141C3D3B4, 15A055B0496BDB29CBCF6EEBF112D4BA1C7A2FF39124728830D0FD1FD7A404CB ] BthHFEnum C:\Windows\System32\drivers\bthhfenum.sys00:09:34.0899 0x04a0 BthHFEnum - ok00:09:34.0930 0x04a0 [ DCB4EBD928A6FB368BE6CAE522412DE1, 9E1345F29467054689B9F48B5CCB567760D36610A4EA9AF41B829EAD60347269 ] bthhfhid C:\Windows\System32\drivers\BthHFHid.sys00:09:34.0962 0x04a0 bthhfhid - ok00:09:34.0977 0x04a0 [ 033916CE8784A848B9A3D686B7F66D97, B4D0514D59646CF6B70D4FA488CF95C38EA38CC5C509329CC8753E897C640AFA ] BTHMODEM C:\Windows\System32\drivers\bthmodem.sys00:09:35.0008 0x04a0 BTHMODEM - ok00:09:35.0040 0x04a0 [ A4387C3D271959313E2577DB7BE8BA7A, C71474802102102EBE04DF036EEB2F5FB3380BE288E3842F19F234EFAE977D70 ] bthserv C:\Windows\system32\bthserv.dll00:09:35.0055 0x04a0 bthserv - ok00:09:35.0212 0x04a0 [ 33E9F08F675EF94633C8EF8A7C4EADF3, E1556CF27F7FB3B03EE63F3464F5EE92E7B09E67C5D8AA4A9346FEEBD716A152 ] c2cpnrsvc C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe00:09:35.0508 0x04a0 c2cpnrsvc - ok00:09:35.0508 0x04a0 catchme - ok00:09:35.0555 0x04a0 [ 990B1BABE6E81FB18E65A87EBEFB1772, 1820D4AC57E1D4B7FB5AA89C277B16910ED73712878D2B43FE542CE16DFE16C3 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys00:09:35.0571 0x04a0 cdfs - ok00:09:35.0587 0x04a0 [ 339BFF85D788268752DA8C9644B188EE, C2279F1A39AED39865A5027D2FD087F8E82F3ED8C94BA4D922855B98E792AFC5 ] cdrom C:\Windows\System32\drivers\cdrom.sys00:09:35.0602 0x04a0 cdrom - ok00:09:35.0633 0x04a0 [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] CertPropSvc C:\Windows\System32\certprop.dll00:09:35.0665 0x04a0 CertPropSvc - ok00:09:35.0696 0x04a0 [ F64B7D1A37CC1D5F421D5359EEC81E2E, 2B4879DD32B2C20B94847755E22B1BCBE2B567B3989C57A9BA2DD783307EFFDB ] circlass C:\Windows\System32\drivers\circlass.sys00:09:35.0712 0x04a0 circlass - ok00:09:35.0758 0x04a0 [ 9905168708DB68849B879B5548F68AB3, B7A495E57B9398704988DC472126CBC5B8D76761A34F51732FBF6CC88E3AB79A ] CLFS C:\Windows\system32\drivers\CLFS.sys00:09:35.0821 0x04a0 CLFS - ok00:09:35.0821 0x04a0 [ 2DC8538A2260647484A6C921CA837313, 094059DD66B0C50A1CAE288F920107B0B6AD1AA5758284E35B92C131EDEA30EA ] CmBatt C:\Windows\System32\drivers\CmBatt.sys00:09:35.0852 0x04a0 CmBatt - ok00:09:35.0899 0x04a0 [ E708BFF0473EC6B271EA46B65B16CA56, 2B4C661F7C5A4395CA4204122A1C3C8AA766B56C3D01CD8BAAFA18F71FC7B591 ] CNG C:\Windows\system32\Drivers\cng.sys00:09:35.0977 0x04a0 CNG - ok00:09:35.0993 0x04a0 [ 0E5B1E9E7122EDAAF1F6CE047965CA92, 803E585B92D1E2E5B6BF67BE511E88DC2629A12407C3E30F7AEFB544D390A9B8 ] CompositeBus C:\Windows\System32\drivers\CompositeBus.sys00:09:36.0008 0x04a0 CompositeBus - ok00:09:36.0024 0x04a0 COMSysApp - ok00:09:36.0024 0x04a0 [ D9CB0782AF819548072AA45B70F8B22D, 04796F39ABB88759A534DE3D0C51F684BF2A8DE1F4028B657CCFDBDD39A6618C ] condrv C:\Windows\system32\drivers\condrv.sys00:09:36.0040 0x04a0 condrv - ok00:09:36.0118 0x04a0 [ DA8066CFED07DEBECB8DC08A55946ACE, 094AF4E198AACCB22F8FEA1DF0D7D8A4626BE3D2C3AE5310C47281998B84AB12 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe00:09:36.0212 0x04a0 cphs - ok00:09:36.0243 0x04a0 [ 5CE2742F063731EC10C1B2EE386A2C08, 309919BDDD4649AFB95A99DCF8AFC3BAE10F9BC1E2819C0794CFD0F80682C223 ] CryptSvc C:\Windows\system32\cryptsvc.dll00:09:36.0274 0x04a0 CryptSvc - ok00:09:36.0305 0x04a0 [ FAEF4C245BE832DB41B15DAAC336AFB7, 1F8C98AB0DF4327FCB01FE0356025488E19B48A45FFFA50576B49A8587FAC42B ] dam C:\Windows\system32\drivers\dam.sys00:09:36.0337 0x04a0 dam - ok00:09:36.0430 0x04a0 [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] DcomLaunch C:\Windows\system32\rpcss.dll00:09:36.0508 0x04a0 DcomLaunch - ok00:09:36.0540 0x04a0 [ C8650D1F61149AA546BDBC99172EBBC1, D9592ED1B6F23B6EC76A0B93635B6E38702311B0A6982F0F9DEC37FCDAF1288B ] defragsvc C:\Windows\System32\defragsvc.dll00:09:36.0665 0x04a0 defragsvc - ok00:09:36.0696 0x04a0 [ 5EAEF67AE2AF4D2DC664B649DB7B2E16, ADAC7FD6AC12B50F4998C5EB0BD770DD4B80A94C4CC1B9376AD77648E48D012D ] DeviceAssociationService C:\Windows\system32\das.dll00:09:36.0759 0x04a0 DeviceAssociationService - ok00:09:36.0790 0x04a0 [ 799BE46D45D486704CE0F37CA5385262, BB78DEE83B9DB613B1C083D55FAA458BE3E394AED80EB91B599185A7272F33B3 ] DeviceInstall C:\Windows\system32\umpnpmgr.dll00:09:36.0821 0x04a0 DeviceInstall - ok00:09:36.0852 0x04a0 [ 09D9EB9E7898F8E6561473A20CC808B9, 0F511593D36084843E5138AF6D55FE08D77803968AE12A236A02368DB364347E ] Dfsc C:\Windows\system32\Drivers\dfsc.sys00:09:36.0884 0x04a0 Dfsc - ok00:09:36.0915 0x04a0 [ 0B3F6C8F93C5C25977EA5A8B2E656357, 1B1C8DA8592D2B892382E062017E60BF02B1B6642822039F21446DF01FAFDEE1 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys00:09:36.0946 0x04a0 dg_ssudbus - ok00:09:36.0977 0x04a0 [ 9E0E72222264745ADEB0E5AC680B0ED6, 576AFC8741695396A3B8E9DBDD3703E9D70370437D09D162262E47A140D101B4 ] Dhcp C:\Windows\system32\dhcpcore.dll00:09:37.0009 0x04a0 Dhcp - ok00:09:37.0040 0x04a0 [ 3C736FAE17BA6F91BA37594AAB139CD0, 34304A194105B19E7ADD80108DC85C3B7AA9E942C84A7EF93C475CE1D9AE4615 ] discache C:\Windows\system32\drivers\discache.sys00:09:37.0055 0x04a0 discache - ok00:09:37.0087 0x04a0 [ AE3786294CC246A5403783E1B86A0168, 29A7B4B490CBB16DAEF5D67D0A58A2577CF3FEE8F889484DB867F6913D9D2A28 ] disk C:\Windows\system32\drivers\disk.sys00:09:37.0118 0x04a0 disk - ok00:09:37.0134 0x04a0 [ 82A7C72593793FE1EADA7A305BD1567A, 75F432E4C75AE9EFF553BD860B3B250853BDDA85C17DBD9B7242D74593506A86 ] dmvsc C:\Windows\System32\drivers\dmvsc.sys00:09:37.0149 0x04a0 dmvsc - ok00:09:37.0180 0x04a0 [ 066B9710B36AB550E01EEFCA52155968, DCA9F3F4856A6866D3F5A2EEE34E96A83F40198DB0B5AC6381A7568DE1F56FAB ] Dnscache C:\Windows\System32\dnsrslvr.dll00:09:37.0227 0x04a0 Dnscache - ok00:09:37.0259 0x04a0 [ 9949AD2ABA168A618D46C799D6CC898C, DFAC86A0AEE83C9EFE1BEE9EC15C8CAF1D619D55AF3ACC3986057A5AC985D06A ] dot3svc C:\Windows\System32\dot3svc.dll00:09:37.0290 0x04a0 dot3svc - ok00:09:37.0305 0x04a0 [ 109FC3F80BF4F4DC5A071058074F13C1, F30736F45BA1811D59E9CB1C172D8D1EA9F5A7D36DCFFBFC9E7E02448C1CF851 ] DPS C:\Windows\system32\dps.dll00:09:37.0337 0x04a0 DPS - ok00:09:37.0368 0x04a0 [ 9C7C183F937951AE17C5B8B3259CF3FF, 8ED607139F15D08B4835ACF864421BA4C08C88FE90B9AAF707F5D8514D7731B1 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys00:09:37.0415 0x04a0 drmkaud - ok00:09:37.0462 0x04a0 [ F87F4AAAF6664906248D11D5E579A53B, F283932F68ED93891EEF00C18724359AB7057E922A3CDC8BC6F33F84D2B0BEE5 ] DsmSvc C:\Windows\System32\DeviceSetupManager.dll00:09:37.0493 0x04a0 DsmSvc - ok00:09:37.0571 0x04a0 [ E6AF4DF1817953D73C519B17CF849756, 26A90EB368A3F572086F223ABED87B8FC6F998AE401C9E52BEB5EE76AB052702 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys00:09:37.0649 0x04a0 DXGKrnl - ok00:09:37.0680 0x04a0 [ 58BA473DD88F5FC1932282BA683AA03E, B8A4407D3006D91BE88F9C5389AC1CACC73BEBF6F66433A1E5EB8E58E8836C12 ] Eaphost C:\Windows\System32\eapsvc.dll00:09:37.0712 0x04a0 Eaphost - ok00:09:37.0837 0x04a0 [ 5AB97B3282D7D6114949D1EB5C8598E4, FB9449CC1CDC12C12AA0469BB6ACC770CB011250EDFD86E9600E754610608EFD ] ebdrv C:\Windows\system32\drivers\evbda.sys00:09:38.0055 0x04a0 ebdrv - ok00:09:38.0134 0x04a0 [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] EFS C:\Windows\System32\lsass.exe00:09:38.0180 0x04a0 EFS - ok00:09:38.0196 0x04a0 [ 66D60BD9A4C05616ABECA2A901475098, 8111550DB03FFD72F1822F47B16F075DA92874B64F19342D7CF60B0EE648AFEF ] EhStorClass C:\Windows\system32\drivers\EhStorClass.sys00:09:38.0212 0x04a0 EhStorClass - ok00:09:38.0243 0x04a0 [ A61D0F543024E458C0FE32352E1978E2, BDE6BC140300EAF790F16466C28897CE0BD7D94DCED13FDE20AA4AACA0F6A4FD ] EhStorTcgDrv C:\Windows\system32\drivers\EhStorTcgDrv.sys00:09:38.0274 0x04a0 EhStorTcgDrv - ok00:09:38.0352 0x04a0 [ ABDD5AD016AFFD34AD40E944CE94BF59, 61089124CD8FEA31142CD4D3C47224A6310B9BE7B7FA974956D9EDDAD4381503 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe00:09:38.0399 0x04a0 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic ( 1 )00:09:40.0774 0x04a0 Detect skipped due to KSN trusted00:09:40.0774 0x04a0 EpsonBidirectionalService - ok00:09:40.0821 0x04a0 [ 20ECD0A490A121CB34F553FAD1DBBD39, 17C9DA33E78FBC7582B0AA53C611929B80FBBE1343B84A179D515B51C964D218 ] EpsonScanSvc C:\Windows\system32\EscSvc64.exe00:09:40.0852 0x04a0 EpsonScanSvc - ok00:09:40.0868 0x04a0 [ D790D058D67582DB9C84C2D33695FE6B, A5763D7F6D191EA4B290B3E92D842AC36FD46DF598472E70B46E45D8CCD2F912 ] ErrDev C:\Windows\System32\drivers\errdev.sys00:09:40.0899 0x04a0 ErrDev - ok00:09:40.0946 0x04a0 esgiguard - ok00:09:41.0009 0x04a0 [ F9E01C2D9F8BC049E04CF5DC24A5F638, CB6CCB59C77D4A59DDA846608AABEF1DFEC24C8422712AB8D59E27C13D731D2E ] EventSystem C:\Windows\system32\es.dll00:09:41.0102 0x04a0 EventSystem - ok00:09:41.0134 0x04a0 [ 7A4D6FEB8C52B3FE855E4DCDF9107E03, 6B0146A4C9AD32DCDC2DEE8E8C5A29F687665458486449E0D37B151ED63B8ADC ] exfat C:\Windows\system32\drivers\exfat.sys00:09:41.0196 0x04a0 exfat - ok00:09:41.0306 0x04a0 [ 085CA7DA099678506A862AFCE927C229, A6C53F6ECF4B39FFEC6744142E586F08C7402BD562FAFCA9B50AA4CEED4148A3 ] F-Secure Gatekeeper C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys00:09:41.0337 0x04a0 F-Secure Gatekeeper - ok00:09:41.0384 0x04a0 [ A71D66253EC610626AE80C7DBC0EC15E, 892C2661818B8D2ECFC6CBFD977B0DDD05D55EB9A2C73E07B745AEB448B9EC12 ] F-Secure HIPS C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\HIPS\drivers\fshs.sys00:09:41.0415 0x04a0 F-Secure HIPS - ok00:09:41.0431 0x04a0 [ 60996602A7111FD2D086E803F33E4282, E62A91C90F8542990BEA4E6A5D9DD3D070F4EB23B4C13414C5DA2B0219509749 ] fastfat C:\Windows\system32\drivers\fastfat.sys00:09:41.0462 0x04a0 fastfat - ok00:09:41.0524 0x04a0 [ F0E7F8382ED5E138B0DFA4CB5058BCFE, 6247C7B75F975F5AB080FFB9881EF58A6F360219F7AF2DE871F38E80CAF3B62C ] Fax C:\Windows\system32\fxssvc.exe00:09:41.0665 0x04a0 Fax - ok00:09:41.0696 0x04a0 [ 73B2D11DF0B6E03A0CB0323218ACB3E4, BA9256919BAA2E0760F6A658B557FDC389ACE8F9820D1A41FD995FC5613F5AA6 ] fdc C:\Windows\System32\drivers\fdc.sys00:09:41.0712 0x04a0 fdc - ok00:09:41.0743 0x04a0 [ 0828E3E7BD77C89149EAD3232BFD38DB, A6A296647A4EDBFF59124E3A9C0AB48759AA1738615ACFA5A454FF6BD3C31BA2 ] fdPHost C:\Windows\system32\fdPHost.dll00:09:41.0759 0x04a0 fdPHost - ok00:09:41.0774 0x04a0 [ 872506AAB591E8908DF4461475AF92DF, 772F2D08CB95775E438822B9EA005CBA92ED4071ADAB2C0101156A7D037D4704 ] FDResPub C:\Windows\system32\fdrespub.dll00:09:41.0821 0x04a0 FDResPub - ok00:09:41.0853 0x04a0 [ 0588950D93A426F97C7AAADB1A9B0458, ABCB3619BD58CAC438FC032495AE45A7B6FFDD4BD33C1B3D1BC7F9F13FCB727A ] fhsvc C:\Windows\system32\fhsvc.dll00:09:41.0899 0x04a0 fhsvc - ok00:09:41.0899 0x04a0 [ 88A9EBACD1058ABB237A6B4E96E7F397, 263D25D33B679EB01D97763701347C31B2F72E28CE2C7EC8013EA77756D98BE1 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys00:09:41.0931 0x04a0 FileInfo - ok00:09:41.0946 0x04a0 [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02, 1D7BFB00D74A28AC13ECBA1E0036D50EE79266AC02CEDB2632466BF9DD46F211 ] Filetrace C:\Windows\system32\drivers\filetrace.sys00:09:41.0962 0x04a0 Filetrace - ok00:09:41.0993 0x04a0 [ B1D4C168FF7B8579E3745888658FFB1D, 1A5C13E902A0C788A8B995ADD2FBC3303005911C0AA3F3F4497D3016AA0EF583 ] flpydisk C:\Windows\System32\drivers\flpydisk.sys00:09:42.0009 0x04a0 flpydisk - ok00:09:42.0040 0x04a0 [ B33EC133AE4E6C1881D2302D93D2467D, 77E3A16257EA3698B3FCD947D004144E8D1EEE48EF5C82DF49B1B9B2B3C61DB2 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys00:09:42.0103 0x04a0 FltMgr - ok00:09:42.0165 0x04a0 [ 0BCDC0FF11B984162B0CF0FF6E9E0146, D44A3CECBA36B7A64854E244FA6B5E65047896BF9983D20B431410FBBA36697A ] FontCache C:\Windows\system32\FntCache.dll00:09:42.0353 0x04a0 FontCache - ok00:09:42.0415 0x04a0 [ 0B56259F5611787222A04A8F254E51D4, F77AEC0ACBFAF9154E32223B84B613229DACCD953AEBC3E96C27570F9AB10FD0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe00:09:42.0462 0x04a0 FontCache3.0.0.0 - ok00:09:42.0493 0x04a0 [ F59F2C574AA5D84477EB89F87C938F16, 0F3905D56440F9216911F7338061CFB8BEF243DDF9DC1E5D57254874EBBFA629 ] fsbts C:\Windows\system32\Drivers\fsbts.sys00:09:42.0540 0x04a0 fsbts - ok00:09:42.0556 0x04a0 [ A5F7873A39E4E9FAAAE59B7E9E36B705, 32036109F5A50E9F3BEF97C5B28AE8179B3A5E22517868A83CADE4671FF90DEC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys00:09:42.0587 0x04a0 FsDepends - ok00:09:42.0618 0x04a0 [ 10881D41226100F44DF3BF66F5EA75C6, A2B3B46A085D10F30A2D82186C51BCBC006390EB66E6ECF4B26293FF6506B2A9 ] fshoster C:\Program Files (x86)\TalkTalk\Security\fshoster32.exe00:09:42.0649 0x04a0 fshoster - ok00:09:42.0696 0x04a0 [ 11CA1330E16D1772E868A86FBFD8A0AD, 337D5FF88C27BDA70A1364CACEADF8E5A26A240C1258550ECE62EEB0F72B0B7E ] FSMA C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Common\FSMA32.EXE00:09:42.0759 0x04a0 FSMA - ok00:09:42.0806 0x04a0 [ 4C19B29A6C8736B011AEABB4CEF74862, 0F7455A086976D884672A551B83AEB54EC09F51A4E9419F5EBCDEDA485697707 ] fsni C:\Program Files (x86)\TalkTalk\Security\apps\CCF_Scanning\fsni64.sys00:09:42.0837 0x04a0 fsni - ok00:09:42.0884 0x04a0 [ 45303CDBC1FD8F8D371E726BF126F771, AEBAD185AD6DA8648900C840DE64C2D83E94515EC0E08586C52BF64C8C2E4B6F ] FSORSPClient C:\Program Files (x86)\TalkTalk\Security\apps\CCF_Reputation\fsorsp.exe00:09:42.0931 0x04a0 FSORSPClient - ok00:09:42.0931 0x04a0 [ 339E52896B03045FC2A738F9997FA38D, A5EDCF14BBA63DC1F855E799E671AD210734A462D41154B44551D525272DB502 ] fsvista C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys00:09:42.0962 0x04a0 fsvista - ok00:09:42.0978 0x04a0 [ A6DD7D491F587F4BC13FB972977DC8E8, B86F97F17F6F443EC16DEF67CCA4EF78AFE56078D2877838A982FECB19557C87 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys00:09:42.0993 0x04a0 Fs_Rec - ok00:09:43.0040 0x04a0 [ C1646A95EAC515F60CDB2A7A8A013C1E, F559B83C02B17265EDE95DD497C1A94E402F07EC251FC47449F789907AFFED14 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys00:09:43.0103 0x04a0 fvevol - ok00:09:43.0134 0x04a0 [ A969D92973DFA895E7776B4BFE36DBB2, 7528E6983ECC59291A7A386E4E459B19D1593ABDDFFD276E2F01B0EA21693E20 ] FxPPM C:\Windows\System32\drivers\fxppm.sys00:09:43.0181 0x04a0 FxPPM - ok00:09:43.0196 0x04a0 [ 52BC441E07A827EBAB70CDC7EAEDB28D, 8DECBD8E12EA52039742599CFBBF0D3B6610B57EF8D9DAEEEA33D202A478D286 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys00:09:43.0212 0x04a0 gagp30kx - ok00:09:43.0274 0x04a0 [ C403C5DB49A0F9AAF4F2128EDC0106D8, 3C6948B63278022D8182F773C5FA15784514F76C1546118DDBADBA322B962D12 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe00:09:43.0321 0x04a0 GamesAppService - ok00:09:43.0337 0x04a0 [ 721F8EEF5E9747F32670DEFF7FB92541, E0A8EF70753E260C2C7D93D316B5EF9589DB086FDF829BDA2958C6A09CE471A6 ] gencounter C:\Windows\System32\drivers\vmgencounter.sys00:09:43.0353 0x04a0 gencounter - ok00:09:43.0368 0x04a0 [ FC2B8B06BDBD3B6457F5A3DA9AD2410E, 4BF196E1CAC94E9265EBEB68F41C3E29F0C709ECFF9420B5B1C9C82680D5D6A8 ] GPIOClx0101 C:\Windows\system32\Drivers\msgpioclx.sys00:09:43.0399 0x04a0 GPIOClx0101 - ok00:09:43.0462 0x04a0 [ 5358678C6370F2ADC5291849F6503262, 841633D7A936C3889690C67E189BAD4C6B294C196FFFE5B564FCECDFE46A9E52 ] gpsvc C:\Windows\System32\gpsvc.dll00:09:43.0603 0x04a0 gpsvc - ok00:09:43.0634 0x04a0 [ 630555943E5A3FE21010CE91EC7FC84F, 20D7247A4363EE9E851501D89A466564ADCAEC304DE42280E4E09AD8499436A9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys00:09:43.0712 0x04a0 HdAudAddService - ok00:09:43.0743 0x04a0 [ 7D87B5B6C7188D553E11B59DC7F0B111, FC633DB71E1D72E8AD8F89BBB54324CC6ED17F5594EF55DD0BDB58EE1F601FF5 ] HDAudBus C:\Windows\System32\drivers\HDAudBus.sys00:09:43.0774 0x04a0 HDAudBus - ok00:09:43.0806 0x04a0 [ 3F76BBA53D65E85A7F53E7A71082082C, D1E18815BB19CD11007C4A66162C76F55D4FE6B09B34ED45969C7ECC29D394AD ] HidBatt C:\Windows\System32\drivers\HidBatt.sys00:09:43.0821 0x04a0 HidBatt - ok00:09:43.0853 0x04a0 [ 085F150D002B7F0153D3C06DDF33A143, 41847FD02608ECFE3A6B4B38CBDE8416B0EF17491868511FD704B0BCC280338E ] HidBth C:\Windows\System32\drivers\hidbth.sys00:09:43.0884 0x04a0 HidBth - ok00:09:43.0915 0x04a0 [ CC4A07E51D89575CAB6F4EB590D87CD4, DFB4EAF0923EF9FF6C42EDD1EA5E4025F243C9BE2D03D5423FE8A897DC01D657 ] hidi2c C:\Windows\System32\drivers\hidi2c.sys00:09:43.0946 0x04a0 hidi2c - ok00:09:43.0978 0x04a0 [ DC96F7DACB777CDEAEF9958A50BFDA06, 7CE79F32D5EE65C0178CFF56523825D3EE01095B2CE8C67634A6604A821A9086 ] HidIr C:\Windows\System32\drivers\hidir.sys00:09:44.0009 0x04a0 HidIr - ok00:09:44.0025 0x04a0 [ FAC37D7B3D6354A5A5E19A45B50B4008, 2962B552A1DA545DFDEF0886582E82596FE8A3A19AAF989B025AFDA84D16D4EC ] hidserv C:\Windows\System32\hidserv.dll00:09:44.0056 0x04a0 hidserv - ok00:09:44.0071 0x04a0 [ 012C354B4AB48E9A7A657DF39E3A2073, B15D0089CE509FF1CF73DFE095425C1C99FC3971622DCAAD9CAEB989A12A4FDB ] HidUsb C:\Windows\System32\drivers\hidusb.sys00:09:44.0087 0x04a0 HidUsb - ok00:09:44.0118 0x04a0 [ 43F884B61A24377567CD0FEB35236334, B3BA36B527C8D6D83DE2FBCD8D503B87FD2611BF15B07A7BC138DC8BAE6A50C1 ] hkmsvc C:\Windows\system32\kmsvc.dll00:09:44.0150 0x04a0 hkmsvc - ok00:09:44.0181 0x04a0 [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF, E6967F3F465C6E903221BC0FCBAE7D05FD18C0BF110D929335F5935364B3C1BC ] HomeGroupListener C:\Windows\system32\ListSvc.dll00:09:44.0212 0x04a0 HomeGroupListener - ok00:09:44.0259 0x04a0 [ E0D9F6FE18FA7F53ADD29AF719CE2B7E, B965DCC72625188F3B896CB447B7696F22687266EAFC5AA270E2AD53DD9F324D ] HomeGroupProvider C:\Windows\system32\provsvc.dll00:09:44.0321 0x04a0 HomeGroupProvider - ok00:09:44.0384 0x04a0 [ BB1FC298BE53AAB1E110F6E786BD8AC5, C2DA2C3CE96D5F8B50013063B5EF7BED7478636896C709A7AF34855B2E69B9F1 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe00:09:44.0415 0x04a0 HP Support Assistant Service - detected UnsignedFile.Multi.Generic ( 1 )00:09:46.0806 0x04a0 Detect skipped due to KSN trusted00:09:46.0806 0x04a0 HP Support Assistant Service - ok00:09:46.0915 0x04a0 [ D104FF402FC3DDB686E6DEF00334DB26, 6CCE56587C02ECE474C6BF959C4A6F752A1FF0B718FBE8EE4FD9755313A207C1 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys00:09:46.0947 0x04a0 hpdskflt - ok00:09:47.0009 0x04a0 [ 514455F6586473791C5C6B25BA4E1BAB, 0C2CAE8F35241F1B936C502AAB7C9303C643D898BAB1D060FCA1E6B3A7D9FDB9 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe00:09:47.0228 0x04a0 hpqwmiex - ok00:09:47.0275 0x04a0 [ 64DB7A8D97CA53DCCF93D0A1E08342CF, 02CAB7F28D3830C482683425C60044239C6F1562556688A274CA2C237C846E76 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys00:09:47.0306 0x04a0 HpSAMD - ok00:09:47.0337 0x04a0 [ 55FFCBB036D7BE4BCA6FA1421203A27F, 5BB865FC631390F59AF5F2452D4D2DA47E34A49E194C8010E942F5A2013F3895 ] hpsrv C:\Windows\system32\Hpservice.exe00:09:47.0353 0x04a0 hpsrv - ok00:09:47.0400 0x04a0 [ 3C5B2067338E4EFDADE94E4A72728F23, 72E21FA1E660F9405A5E39B0F89AB21C60F20BAC13247567EF7139AC130F1897 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe00:09:47.0431 0x04a0 HPWMISVC - ok00:09:47.0478 0x04a0 [ F4A91D985EB9D1D2717D538F3424603C, 454AD2FF3A7963B9835AEF300F6672F92D0CCF59593BA2CCC83F0EC1446BB659 ] HTTP C:\Windows\system32\drivers\HTTP.sys00:09:47.0618 0x04a0 HTTP - ok00:09:47.0650 0x04a0 [ 2A98301068801700906C06649860FE94, 664394A52326289DCA0828B0041A105653F4FEF3E3DCCC3787AAE0F6FDC73A14 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys00:09:47.0665 0x04a0 hwpolicy - ok00:09:47.0697 0x04a0 [ DC76901D82097C9E297F20C287CB9A27, 01A412D0D8A65050BE4250A7C4B9F98A4C43FD891827761E0C830369A5F9F09C ] hyperkbd C:\Windows\System32\drivers\hyperkbd.sys00:09:47.0728 0x04a0 hyperkbd - ok00:09:47.0743 0x04a0 [ 716413AB3CA12DE0A7222D28C1C9352C, B82B586BD9DBD70DDA19A02504E8CB00DA53677703AB848B53387601C5BAD3D3 ] HyperVideo C:\Windows\system32\DRIVERS\HyperVideo.sys00:09:47.0759 0x04a0 HyperVideo - ok00:09:47.0775 0x04a0 [ C9E9CBF73AFFBFE3E801EFB516787BA3, 1A850D614BDA6AA4195CC657702BC6242BA51B90131717743182AA160F65E72C ] i8042prt C:\Windows\System32\drivers\i8042prt.sys00:09:47.0790 0x04a0 i8042prt - ok00:09:47.0822 0x04a0 [ 050F2539E14F9D5E90A4B61738EC29BD, 0E65468B9F452FA7DB6DF2C1B2B2E9439C79031E27054FBDBDFE28A9F98721D7 ] iaStorA C:\Windows\system32\drivers\iaStorA.sys00:09:47.0978 0x04a0 iaStorA - ok00:09:48.0009 0x04a0 [ 5E394EBD26FD68AA9300332C46BEDD62, 56A5DA7CE08C07B519E55D0A46AA9D10B640349808EFE02B3278267B75B5F603 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys00:09:48.0103 0x04a0 iaStorV - ok00:09:48.0197 0x04a0 [ ABEFA4BD23329FD9BD47496BF2E58774, 9689D4C6380735EE1CC7F480696CDDC229E0FA511942AC813314D353584D82DD ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe00:09:48.0353 0x04a0 IconMan_R - detected UnsignedFile.Multi.Generic ( 1 )00:09:50.0697 0x04a0 Detect skipped due to KSN trusted00:09:50.0697 0x04a0 IconMan_R - ok00:09:50.0978 0x04a0 [ 11A31FC2481BFE69B0507ED8C80215F4, 8A1E90611F749E8F04B6D86E835E981CAC16D0841305CADB19E58682DA006698 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys00:09:51.0259 0x04a0 igfx - ok00:09:51.0306 0x04a0 [ 24847A06B84339FEEDE5CABF3D27D320, 7727B1DAD0D4A1D474FBBEFCEBDF36A1F07D1AA300869AE57A24ED91BF84B6B4 ] iirsp C:\Windows\system32\drivers\iirsp.sys00:09:51.0337 0x04a0 iirsp - ok00:09:51.0447 0x04a0 [ E455C83E029121270BED73CDAC381F37, 433D525C19DBF26FAC28853C606C872D973104842B0EF1B2BF2EAC85457E2953 ] IKEEXT C:\Windows\System32\ikeext.dll00:09:51.0619 0x04a0 IKEEXT - ok00:09:51.0650 0x04a0 [ F5495B38BFB9149925F54F65AB40EFBF, 7CBB72C41E2343DACBFB967A39CA04788561EDECB289C41BC2D6A06B80882AC4 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys00:09:51.0712 0x04a0 IntcDAud - ok00:09:51.0822 0x04a0 [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC, F791EE101EEF8B9F48102B6C63A89B78F7C0041C750C4F4C0D16D54B583B7B5C ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe00:09:51.0994 0x04a0 Intel® Capability Licensing Service Interface - ok00:09:52.0041 0x04a0 [ 30E9FAC23E2537D82F2836CB81AEE186, 03E5072D43ECED70EF004D2E6E654B4CCCE059825CC3C641C0534E4C0BC0C7E8 ] Intel® ME Service C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe00:09:52.0072 0x04a0 Intel® ME Service - ok00:09:52.0087 0x04a0 [ 4F37726CF764CA18A8A84F85EF3A7F24, 6212B23917526E127CE641A11A58DA93651FFE70829C4079FE465DBDC81CF470 ] intelide C:\Windows\system32\drivers\intelide.sys00:09:52.0103 0x04a0 intelide - ok00:09:52.0150 0x04a0 [ E15CDF68DD73423F15D4AC404793AF0D, E2D0136AF68D1A73EB3A63C83284B4661222CB0A4AFACCF276CB57CBD4850287 ] intelppm C:\Windows\System32\drivers\intelppm.sys00:09:52.0181 0x04a0 intelppm - ok00:09:52.0212 0x04a0 [ 8FCA66234A0933D796BB780B7953BAB9, 7DD677F5EE09A8D7A75C9E475B5E6B3DCA49D1E846C7D160B839D7029B1C5B6D ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys00:09:52.0244 0x04a0 IpFilterDriver - ok00:09:52.0275 0x04a0 [ C217B8D2E58C57A319B16125C3D4B69C, 905BB858E1782BD08FF080A4A604CE662440A15601B178FBD30269C306C04CCF ] iphlpsvc C:\Windows\System32\iphlpsvc.dll00:09:52.0369 0x04a0 iphlpsvc - ok00:09:52.0416 0x04a0 [ 6E98A046A12AA113F8898AA5D612BD6E, 28816CC1F03F2BFBF099C087C0BB6949E959F44C888DD2D0528FF7ED5D665ECF ] IPMIDRV C:\Windows\System32\drivers\IPMIDrv.sys00:09:52.0447 0x04a0 IPMIDRV - ok00:09:52.0478 0x04a0 [ 3969B9C218DD3FAA9F4ED2FFC3651C02, 93447F124CC55FB17055126432194153E1BB8F0FD95A47608494B6834A5F7089 ] IPNAT C:\Windows\system32\drivers\ipnat.sys00:09:52.0509 0x04a0 IPNAT - ok00:09:52.0525 0x04a0 [ 25CD7C4BB2863FFC2B0B311F0AEBF77C, 4099BAA2DB4ADB93B878D71E241B7D9EB7E0EE7ED0FE2450CCB9E4718B3726EB ] IRENUM C:\Windows\system32\drivers\irenum.sys00:09:52.0556 0x04a0 IRENUM - ok00:09:52.0572 0x04a0 [ D940C5BB9DC92E588533C19ABCC3D2C2, D1442854CEDE86F2C187A35851E74C873D34B772C60BC118FA1577F79C03364D ] isapnp C:\Windows\system32\drivers\isapnp.sys00:09:52.0587 0x04a0 isapnp - ok00:09:52.0634 0x04a0 [ 69C8BF0BC2B0EA10F130F4D3104DC2EF, 8FFF92828C3DC20F0F42C42E58A03B59A4E0187963F728DC618C9595FB2D0239 ] iScsiPrt C:\Windows\System32\drivers\msiscsi.sys00:09:52.0681 0x04a0 iScsiPrt - ok00:09:52.0728 0x04a0 [ 3C4002D339491AF73D663FFC7F6E5ECB, 0B53047989BDB781572253BC3AA757912FE54366870C1955E687972CE210C285 ] jhi_service C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe00:09:52.0775 0x04a0 jhi_service - ok00:09:52.0791 0x04a0 [ 8FBD94B69D6423E20ABCD59D86368B21, 218EF992095E365EC917413749856A64D55D8129D77098E24D670843233377F4 ] kbdclass C:\Windows\System32\drivers\kbdclass.sys00:09:52.0822 0x04a0 kbdclass - ok00:09:52.0837 0x04a0 [ E88C932ABDF8185A62C8F2FC7B051FB6, 67F9AF58237A11F0BF3D15AA5B32E5CE66B7AA039B999D938F7F6E63DCEA7A6E ] kbdhid C:\Windows\System32\drivers\kbdhid.sys00:09:52.0869 0x04a0 kbdhid - ok00:09:52.0869 0x04a0 [ FB6C185092E18011EF49989425C2AA87, 043524409E0A764201DD221C48B7DEEA0D161945EB37D4B88313BAB2299949DF ] kdnic C:\Windows\system32\DRIVERS\kdnic.sys00:09:52.0884 0x04a0 kdnic - ok00:09:52.0916 0x04a0 [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] KeyIso C:\Windows\system32\lsass.exe00:09:52.0931 0x04a0 KeyIso - ok00:09:52.0978 0x04a0 [ DFA480F6DED551464F3A5B959F437800, C07AB6F28A09FCBE11EECAD03B06CEAE1016EC24031FCA0C092639E90FBA84CF ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys00:09:53.0009 0x04a0 KSecDD - ok00:09:53.0056 0x04a0 [ 127FB0AAD232BAAD2C9BBACD374F4FC5, 3BC56F6B4374062C96149D69ACE053DF81A278F0361599F5A2F3DB1F76F0AD68 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys00:09:53.0072 0x04a0 KSecPkg - ok00:09:53.0103 0x04a0 [ 81492FEEBF2F26455B00EE8DBAE8A1B0, E33AA2DFB2D3BB30B02CDADA2EC290F86329DA3198327A653F39A843D86390B9 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys00:09:53.0134 0x04a0 ksthunk - ok00:09:53.0181 0x04a0 [ 5825DBACEDC3812B5CF8D40B997BF210, 1C2997BCC707C1029B21876E093038CE3BBF6E6694B4CCF7EEDD47172ED9A541 ] KtmRm C:\Windows\system32\msdtckrm.dll00:09:53.0244 0x04a0 KtmRm - ok00:09:53.0306 0x04a0 [ 256EE31588257E8A555DBFAA13F1908E, B6817F632EDEA483E35BF26846DCDD4E95E860620959179B2A5D8AD7EEDDB126 ] LanmanServer C:\Windows\System32\srvsvc.dll00:09:53.0369 0x04a0 LanmanServer - ok00:09:53.0400 0x04a0 [ 16650912BE5A94B40E0B3B4C39652B56, 908C2C9367AE0AC9AECB5D91514BB33ACD746D99F19C1A8DD6A9550E9CAD9E00 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll00:09:53.0431 0x04a0 LanmanWorkstation - ok00:09:53.0463 0x04a0 [ CEEFD29FC551F289810B0B9381B321DC, 900F206B487B2190D9363F28AA4BA0CD7DCFE1D005BE05A48AF74B1B81194691 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys00:09:53.0478 0x04a0 lltdio - ok00:09:53.0509 0x04a0 [ BCF53485E0A94722CDE3C4A93CD8EB8C, D24E1066EB102245A89A5D17D608DB9DF6B71C99F1C77E070B95EFD17D268141 ] lltdsvc C:\Windows\System32\lltdsvc.dll00:09:53.0541 0x04a0 lltdsvc - ok00:09:53.0572 0x04a0 [ 5A2F7F1CBC2E631A497DAD16164E06D2, 35274FC6C386380B01B5E8F467E71A2C4E2FB2AD701554F9B1A9B036B0340142 ] lmhosts C:\Windows\System32\lmhsvc.dll00:09:53.0588 0x04a0 lmhosts - ok00:09:53.0634 0x04a0 [ 4269D44BB47A6DA5D80B11F4C8536458, 7A8FFC8F851DD9E5C43986BE0888831CB71D188138DF3CF7F787DADDA70915B0 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe00:09:53.0728 0x04a0 LMS - ok00:09:53.0744 0x04a0 [ 022CDD12161B063D7852B1075BF3FFF2, E21267243AF2FC208D27E67827B1264A762C99AECEDB7AD2C48A04F421A6B2F0 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys00:09:53.0759 0x04a0 LSI_SAS - ok00:09:53.0822 0x04a0 [ 07AD59D669B996F29F91817F0ECFA34F, 026F332F862D142BFFC9D169CCD17A35BFB6B301EEC72AA13E16369B3520919C ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys00:09:53.0853 0x04a0 LSI_SAS2 - ok00:09:53.0853 0x04a0 [ 216FB796AA4E252ACCE93B1BCB80B5EC, 5B1E49B5F7B9C7A778198D27F8EE500FE35DC32D40B22A3D6ED67560BEB04212 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys00:09:53.0884 0x04a0 LSI_SCSI - ok00:09:53.0884 0x04a0 [ 5E80530AF37102488EE980B4A92AF99F, 364E18EAD9AC22F8A306B24C6C43E58224F6BE2744EFEAA2484696B8D9880851 ] LSI_SSS C:\Windows\system32\drivers\lsi_sss.sys00:09:53.0900 0x04a0 LSI_SSS - ok00:09:53.0947 0x04a0 [ A57BA284F5996FFD32DCDBC41A4657DB, 2106B83873A824BC83EF42FAC9DD9A0F741209535A84AE65EA8E786519920043 ] LSM C:\Windows\System32\lsm.dll00:09:54.0025 0x04a0 LSM - ok00:09:54.0041 0x04a0 [ 2BDC5D711FA61307CE6190D47C956368, 6BCDC6CBB9783F1ABE8957BDA94AF977DFB2A310BB6D19085EFC8609C97FD180 ] luafv C:\Windows\system32\drivers\luafv.sys00:09:54.0072 0x04a0 luafv - ok00:09:54.0103 0x04a0 [ 0BB97D43299910CBFBA59C461B99B910, 27C22D9D9EE8A410D7396960DA93E9E260D4DCDD38DCE06E85E45C5E24C067DE ] MBAMProtector C:\Windows\system32\drivers\mbam.sys00:09:54.0150 0x04a0 MBAMProtector - ok00:09:54.0181 0x04a0 [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe00:09:54.0291 0x04a0 MBAMScheduler - ok00:09:54.0322 0x04a0 [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe00:09:54.0463 0x04a0 MBAMService - ok00:09:54.0541 0x04a0 [ E416E967E3FB6FB1E9AE12B9C7DAB526, 4849AE6B628D349F64D26CDD638B34E598E7C839335961C6AE39B305765106A3 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe00:09:54.0572 0x04a0 MDM - detected UnsignedFile.Multi.Generic ( 1 )00:09:56.0947 0x04a0 Detect skipped due to KSN trusted00:09:56.0947 0x04a0 MDM - ok00:09:56.0994 0x04a0 [ 9B0D829C3BE4E7472DB9DD2B79908E3C, ACED5806FFF39E84007B5A3DCB16315329DC53007F46B1BEEDC391CC659F7DD3 ] megasas C:\Windows\system32\drivers\megasas.sys00:09:57.0041 0x04a0 megasas - ok00:09:57.0056 0x04a0 [ ECC3F54C7AFC318271C4F0B4606D8DB0, FD1ACB18B8C912C7A57DABCD5460800DD0721A82E09C8D79C47B3392D61CBEA6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys00:09:57.0119 0x04a0 MegaSR - ok00:09:57.0135 0x04a0 [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64 C:\Windows\System32\drivers\HECIx64.sys00:09:57.0181 0x04a0 MEIx64 - ok00:09:57.0213 0x04a0 [ EEE908BE7143FCA48CF0CB87214E2AB8, 4F9BD299F559DD36DBD93489CFAA753F236FBB70946E034D2E2260059AE20962 ] MMCSS C:\Windows\system32\mmcss.dll00:09:57.0228 0x04a0 MMCSS - ok00:09:57.0260 0x04a0 [ 780098AD5DA8A4822E2563984C85EF7B, 29312970774E944B5ED388316CF3D350DCABF721F9695737B0AC56BE878B0446 ] Modem C:\Windows\system32\drivers\modem.sys00:09:57.0291 0x04a0 Modem - ok00:09:57.0322 0x04a0 [ EA8EAD3F5B762F889CC7F3966625B48B, B701A42E5E08B7BC6601560446146803182E5DC631AB73E9408F19CB6432F121 ] monitor C:\Windows\System32\drivers\monitor.sys00:09:57.0338 0x04a0 monitor - ok00:09:57.0353 0x04a0 [ 618446B98C79776654340CE27C73485E, EFE7169FDD545933B5949DA2D09266971C0C3E6894E7BD8AFE29E41567C72B16 ] mouclass C:\Windows\System32\drivers\mouclass.sys00:09:57.0369 0x04a0 mouclass - ok00:09:57.0385 0x04a0 [ C0ADEBED913295803B579ED288936CBB, 58F71541166D1DA07C18FBD27458D55E3F8AD7291CB7496B3A2F01372A5B0CAE ] mouhid C:\Windows\System32\drivers\mouhid.sys00:09:57.0416 0x04a0 mouhid - ok00:09:57.0416 0x04a0 [ 89D263DBF08119CE16273991C120D6DD, 9771EDAD266F0E234E71DFB6792F396710E051F2ADCA5CDADEBBD2790D0E6054 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys00:09:57.0431 0x04a0 mountmgr - ok00:09:57.0510 0x04a0 [ AEE4E9CC59CDEB55B1ECB0E596E796BE, 674F6F38D86D238AFD6223E03A862F8B43DD8499FBC2D4B7A04E510EC5EACF3B ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe00:09:57.0556 0x04a0 MozillaMaintenance - ok00:09:57.0588 0x04a0 [ 4CCBBD4944777CA100B9A6C2F149A46F, 7FC172FAF8266BFBBBBAD94FD67EA3C1872F5927DC3900A9A54DB2DFE34E7415 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys00:09:57.0603 0x04a0 mpsdrv - ok00:09:57.0650 0x04a0 [ 9DE3341BD4E14BC5FADFCAD3019F2D0D, 37E0531EADABC6D4BCC496826651D4D14CF0D10156FF13C11BDE466084B44FF4 ] MpsSvc C:\Windows\system32\mpssvc.dll00:09:57.0775 0x04a0 MpsSvc - ok00:09:57.0791 0x04a0 [ 3D70147F55F1EC84EB9139ED7FFE48BC, 12429C2FDDDA13815F0E18F9009011AA5360955759A23A38175543F480CB92EF ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys00:09:57.0822 0x04a0 MRxDAV - ok00:09:57.0885 0x04a0 [ 93179D48066918323628CB016D8C94DC, FE110BF7A10EDD1DF7F6B933D373FCA51F37413282EBC4187E7C9B1965186BCC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys00:09:57.0947 0x04a0 mrxsmb - ok00:09:57.0963 0x04a0 [ 06D5F2FA3C61E8EA91648EA8E9F99FD3, C665B7896501D42C73955F4EAF4FA3C6B2C9286957D6023C235AFBF9BFB761C6 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys00:09:57.0994 0x04a0 mrxsmb10 - ok00:09:58.0041 0x04a0 [ 5C7DD2E5759FFCCD2C7341C1B90F2B26, 9822FA53E6067C0E39B7A3A3F1E88719D5D8B055D86FF894F0475B158289EA45 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys00:09:58.0057 0x04a0 mrxsmb20 - ok00:09:58.0088 0x04a0 [ 98487487D6B3797CA927E9D7B030AE13, 05840AF0DD2E3CB596DA768DBD0728B52210EC05B55AB5921E697AD8956938DD ] MsBridge C:\Windows\system32\DRIVERS\bridge.sys00:09:58.0119 0x04a0 MsBridge - ok00:09:58.0150 0x04a0 [ 4A07458EB4F17573BD39F22029A991C1, 74D7A1882EA4D19B8F090C2813489E5D3F759BF4AF2D88AE852EC6510C405B5E ] MSDTC C:\Windows\System32\msdtc.exe00:09:58.0166 0x04a0 MSDTC - ok00:09:58.0197 0x04a0 [ 3886F1F2A4D2900ABAA7E4486BEEE6A2, ECCA22985838A914EDC866C491DEB64B9FF5110EFA9BEE541F634AC5EC3081F9 ] Msfs C:\Windows\system32\drivers\Msfs.sys00:09:58.0213 0x04a0 Msfs - ok00:09:58.0244 0x04a0 [ C32A7A39B960A42BA9D4FBE47213CA03, 4DA48587138972DA5E95AEDBBBE73BA8CCADC8172C6654427ABEAC8047B27E95 ] msgpiowin32 C:\Windows\System32\drivers\msgpiowin32.sys00:09:58.0260 0x04a0 msgpiowin32 - ok00:09:58.0275 0x04a0 [ D3857A767B91A061B408CCAB02DA4F40, A4D780772086AD8717EE6DC2B6189F796939FB5E5AA08FD9D1984101998FBECF ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys00:09:58.0291 0x04a0 mshidkmdf - ok00:09:58.0307 0x04a0 [ 839B48910FB1E887635C48F3EC11A05E, F8CFD99911500CC1B6A90C8E2A1697BD5A6E5776A62A62FE5B342FE204C936B1 ] mshidumdf C:\Windows\System32\drivers\mshidumdf.sys00:09:58.0322 0x04a0 mshidumdf - ok00:09:58.0322 0x04a0 [ 55C0DB741E3AB7463242B185B1C2997C, D2E2A5B48A64EA0EC2A6566C08E65A38D11CEA64BCA7B57793BA0D009E4D974A ] msisadrv C:\Windows\system32\drivers\msisadrv.sys00:09:58.0353 0x04a0 msisadrv - ok00:09:58.0385 0x04a0 [ 216C6B035A4BA5560E1255BD8E5BB89F, A14E038604B9A5506DB145A4D9F51E2751AC825240D2744924F39C332B5DE00B ] MSiSCSI C:\Windows\system32\iscsiexe.dll00:09:58.0416 0x04a0 MSiSCSI - ok00:09:58.0416 0x04a0 msiserver - ok00:09:58.0447 0x04a0 [ 509809566E49F4411055864EA8D437CD, 70F37BF9C759E8BCA1C6AC8FB9805950925E1C648ED37E8561A0F7A407DFDC28 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys00:09:58.0463 0x04a0 MSKSSRV - ok00:09:58.0478 0x04a0 [ 63145201D6458E4958E572E7D6FC2604, EDD4A8A3BBE94B983554B1117734E66A2647B867269C5F0567C47EDE6F3FACCB ] MsLldp C:\Windows\system32\DRIVERS\mslldp.sys00:09:58.0494 0x04a0 MsLldp - ok00:09:58.0510 0x04a0 [ 99D526E803DB6D7FF290FD98B6204641, 4AFAA3B1186621AEAD19E12D3DBE104DD8FCD5C106F9EC3ADA4AD1BC7093E61F ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys00:09:58.0525 0x04a0 MSPCLOCK - ok00:09:58.0525 0x04a0 [ 06FA77C3E2A491ADCD704C5E73006269, 465A7EE5387E6C11398A554F73437278F5BF110356E7F49F315905C1F2459278 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys00:09:58.0557 0x04a0 MSPQM - ok00:09:58.0572 0x04a0 [ E134EC4DE11CF78CB01432D180710D84, BB111F97AEEFDCA5866B157E9957599CD7A4952B5BCCA0B0BCA9EDFCD17E61FE ] MsRPC C:\Windows\system32\drivers\MsRPC.sys00:09:58.0635 0x04a0 MsRPC - ok00:09:58.0650 0x04a0 [ B5AECF12F09DEE97C9FCAA5BA016CE1E, F5305C4CE6C93A3A3481BD13BE0C23FE26571E11029ACFFE75FB78913681FCFC ] mssmbios C:\Windows\System32\drivers\mssmbios.sys00:09:58.0682 0x04a0 mssmbios - ok00:09:58.0713 0x04a0 [ 72D66A05E0F99F2528F6C6204FD22AA1, B14D433BC5795F1DC4C672302285E665DC012693E75574F60664AAD8874DE562 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys00:09:58.0728 0x04a0 MSTEE - ok00:09:58.0760 0x04a0 [ 8AAAE399FC255FA105D4158CBA289001, 2F55C02605B4A3406B289FF9D46C76260B9138E3DE96AFAEA0E0522E5A2A746C ] MTConfig C:\Windows\System32\drivers\MTConfig.sys00:09:58.0775 0x04a0 MTConfig - ok00:09:58.0775 0x04a0 [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A, 00D33A4AB3E7C5F65F59C63F8E2FD27EF38D5484595F785D5632E9414E29352C ] Mup C:\Windows\system32\Drivers\mup.sys00:09:58.0791 0x04a0 Mup - ok00:09:58.0807 0x04a0 [ 3A1E095277BBD406CEA8EA6B76950664, 47838F307A6354E77C19A7B1F3F3E22726EF60403B611F358AD6FFE81D7214E7 ] mvumis C:\Windows\system32\drivers\mvumis.sys00:09:58.0853 0x04a0 mvumis - ok00:09:58.0885 0x04a0 [ 4B18840511D720BA118D3017E8165875, 724458A69269A5AE57E8DAB74FF3C198A79B6F7A9602BF38A70B4A40543ED167 ] napagent C:\Windows\system32\qagentRT.dll00:09:58.0963 0x04a0 napagent - ok00:09:58.0978 0x04a0 [ 43D7388A90A4C6EA346A4D6FF0377479, DFDCFA448B49C8A577056070AF516F08CD2E452706A3CF9173195ABA4256F35D ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys00:09:59.0041 0x04a0 NativeWifiP - ok00:09:59.0072 0x04a0 [ 6A0C3996DA7DAE6D6939676D786EEEC4, 6E8A4C6234FD3040BC889E92016A4D5AC7BCAF5059521E50C733966163A546A0 ] NcaSvc C:\Windows\System32\ncasvc.dll00:09:59.0088 0x04a0 NcaSvc - ok00:09:59.0119 0x04a0 [ C982FE4CC91DECE2259F494FCEB4030F, 4C285407E6F9FBBA92180F4063AEFB736ED142D802F0151002F0CC20AB7BB4E5 ] NcdAutoSetup C:\Windows\System32\NcdAutoSetup.dll00:09:59.0150 0x04a0 NcdAutoSetup - ok00:09:59.0213 0x04a0 [ A10E176F3B2BF83EDE7B5C4658C93B66, 42F2FAEB4A29BBC6727D7E159D3E7E2E66D33785E5C98496EEB44D281601A23E ] NDIS C:\Windows\system32\drivers\ndis.sys00:09:59.0400 0x04a0 NDIS - ok00:09:59.0432 0x04a0 [ 39C8A1D9D46F5E83A016BCAB72455284, 80DBED610E0818C2C7122FBC5BC8C15BCE981538AE48DC48F464A86389AF3F68 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys00:09:59.0447 0x04a0 NdisCap - ok00:09:59.0463 0x04a0 [ 762941932B7E4C588E48A577BA9D6440, 71FA1870E398CB848D8294FEF6C60E0499CAB9A16EC3F487564C41072590E4F3 ] NdisImPlatform C:\Windows\system32\DRIVERS\NdisImPlatform.sys00:09:59.0494 0x04a0 NdisImPlatform - ok00:09:59.0541 0x04a0 [ 7A6F8A6D0E01432EBA294EF29CDD0FA7, D902AE15194A9F8A2198914FC76184FE7E2B589747275952A04A52853128FDB8 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys00:09:59.0557 0x04a0 NdisTapi - ok00:09:59.0572 0x04a0 [ 79AB68BB3FFF974AD4F41FA559F4EC67, 1745EC6520B48E325C56D98A1F4DB9CE135FE3E097B3D66E6598791132CAD7BD ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys00:09:59.0603 0x04a0 Ndisuio - ok00:09:59.0603 0x04a0 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys00:09:59.0635 0x04a0 NdisWan - ok00:09:59.0635 0x04a0 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] NDISWANLEGACY C:\Windows\system32\DRIVERS\ndiswan.sys00:09:59.0666 0x04a0 NDISWANLEGACY - ok00:09:59.0697 0x04a0 [ 3730942D7DB2F8BB5F84542B7FF6F650, 89C9D7D7305205BDB304CE6DA7D1A57EDE86A9D77429698802A39D75EB78CAAB ] NDProxy C:\Windows\system32\drivers\NDProxy.sys00:09:59.0713 0x04a0 NDProxy - ok00:09:59.0713 0x04a0 [ D3F60A4345FCA9C1BE68AD7D0D6DE770, 214AF09F4B021C2F8655FBC8AC8C801E89CD9115CDE690FAEBDA69D63D660EDD ] Ndu C:\Windows\system32\drivers\Ndu.sys00:09:59.0744 0x04a0 Ndu - ok00:09:59.0744 0x04a0 [ 7C203A76394F9AE68F69EEE5F9612C4A, 2222654915913BDC9367A2075714906A10CF22C047A7494CD59CB71834ED1B62 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys00:09:59.0775 0x04a0 NetBIOS - ok00:09:59.0791 0x04a0 [ 7CEC25C682D319D484630B3952C31A11, 025C46B367E0570E9E3F9DF1564C3E47B1524E9E9A180BBDF0E9C684838F5E42 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys00:09:59.0853 0x04a0 NetBT - ok00:09:59.0869 0x04a0 [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] Netlogon C:\Windows\system32\lsass.exe00:09:59.0900 0x04a0 Netlogon - ok00:09:59.0916 0x04a0 [ 89519D29CBEC2121CA65CC29C4D345E0, F3BA7BCAFEC8DD8B29837458D1B2B1DEE748AEAAAE0575FD3AAE65CFC72A04CD ] Netman C:\Windows\System32\netman.dll00:09:59.0947 0x04a0 Netman - ok00:09:59.0994 0x04a0 [ 79FA9393C67EBBF92A56923592CF7A7C, A8AB8A6346B97B68810CC632F425085BE9E63ACAED0F119A7BFD03F2DA4AA5F6 ] netprofm C:\Windows\System32\netprofmsvc.dll00:10:00.0057 0x04a0 netprofm - ok00:10:00.0166 0x04a0 [ 080417AC9E51B2B29656EC26B62E87F1, F85B0F301396913427CA410AEA302119BBDC625AFDB560D9B7A08E9E622AEB8E ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys00:10:00.0338 0x04a0 netr28x - ok00:10:00.0385 0x04a0 [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe00:10:00.0416 0x04a0 NetTcpPortSharing - ok00:10:00.0447 0x04a0 [ 12DD2800E4EEA37DC9AE256AD62423B4, 34740469EEA8740CBACD881CB232C9ABB9AB180DE5F45336BC6DBE154259F29B ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys00:10:00.0463 0x04a0 nfrd960 - ok00:10:00.0525 0x04a0 [ 80ABCD4C2DE9FD832477303AE0CA3BE5, 98F3958E650CEB1006D92980503E1B176D2CA55D2A6742C1C27CDE829D137DA9 ] NlaSvc C:\Windows\System32\nlasvc.dll00:10:00.0604 0x04a0 NlaSvc - ok00:10:00.0635 0x04a0 [ 17E19A742FB30C002F8B43575451DBE1, 59D226A4A5B5281C399BE96C694915E38EEAF335D31F346B0C65D8F469D7C9C3 ] Npfs C:\Windows\system32\drivers\Npfs.sys00:10:00.0682 0x04a0 Npfs - ok00:10:00.0682 0x04a0 [ 8ED299C30792544264E558BEA79F0947, 8A03FDA9AADB79ECBCBCDC988B7D8CF0672689C9DF673A2ECFE0D2D88A9C6A6B ] npsvctrig C:\Windows\System32\drivers\npsvctrig.sys00:10:00.0713 0x04a0 npsvctrig - ok00:10:00.0744 0x04a0 [ 832B5FDF0B5577713FD7F2465FCD0ACE, 4A551CDBACED47DD781EC59F8B59A13D66EFD85DCF636BCFCBACFE5972A78E93 ] nsi C:\Windows\system32\nsisvc.dll00:10:00.0760 0x04a0 nsi - ok00:10:00.0760 0x04a0 [ 689B3B1E95C70ABF7AFF29F9406EF1E0, 8B62D8AE53E1B3218158FADC0075682AB06D18998CF5DE82C920A9CD91C0652F ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys00:10:00.0791 0x04a0 nsiproxy - ok00:10:00.0900 0x04a0 [ 76929F4A69E425911A63B407E26C2589, 17896DB6EDEF2637D159432DB61E8B5FA2F4F54B5F50BCD6215827C321ED2C2A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys00:10:01.0119 0x04a0 Ntfs - ok00:10:01.0135 0x04a0 [ 4163ADE07DB51843AE31F65B94F5398D, 4349E7EF1EE1E71E1F436BA42F5B58871D82B987D513BA2D6E1CEB8A21BD1B20 ] Null C:\Windows\system32\drivers\Null.sys00:10:01.0166 0x04a0 Null - ok00:10:01.0182 0x04a0 [ D6D34118263412D3AAA8348A9572B7F2, 66106A25BC5A4CA7697A23ED67CEDB5C0BF678EA70FD967A405D2DF76F4CA3A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys00:10:01.0213 0x04a0 nvraid - ok00:10:01.0213 0x04a0 [ 27AFC428D1D32ABD04A86763A4EDDEA9, 0920866013A8C8CFEE00E6AECDD41736F5501C49837E2D785998734F087F6B98 ] nvstor C:\Windows\system32\drivers\nvstor.sys00:10:01.0244 0x04a0 nvstor - ok00:10:01.0260 0x04a0 [ 051CFB5107BAAE510419BDC41F8C4036, 9990906F17A3886EF301D2AA6556263B52A1C0554C6BD18331AF44ECECAEE4B5 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys00:10:01.0275 0x04a0 nv_agp - ok00:10:01.0307 0x04a0 [ AB76700D764A342D7475FB8F47CAB18C, ECDF705D3E69EF6E7044C98A462A7281D0E7D0D85769C0815555D934B0B69C8D ] p2pimsvc C:\Windows\system32\pnrpsvc.dll00:10:01.0338 0x04a0 p2pimsvc - ok00:10:01.0369 0x04a0 [ 4319FD931DCD796435ECB5DB4A04FBA5, 20185B2F359EEC202B37019A4E4F5B914ADCF78B97AF0CBD91EECED2259FC6DE ] p2psvc C:\Windows\system32\p2psvc.dll00:10:01.0432 0x04a0 p2psvc - ok00:10:01.0463 0x04a0 [ 4563DAF8C6A740AD7F501E219BD10766, 7A1212DDAE2D66A9C2041262796904E36036CDC4C5B75C2F66B8DF9D89F7C25D ] Parport C:\Windows\System32\drivers\parport.sys00:10:01.0510 0x04a0 Parport - ok00:10:01.0541 0x04a0 [ D6ACCF9F2EEEEA711C14EFD976E573F3, 60D2A81832A8D24F91C3EF134440D5026354917F59462BACBCE7A01D84767D91 ] partmgr C:\Windows\system32\drivers\partmgr.sys00:10:01.0557 0x04a0 partmgr - ok00:10:01.0588 0x04a0 [ 4811D9EC53649105A5A8BEA661B0F936, C77907E03D0561500FCFEAFAC323E9679E66297329901A0CA2BD7E919419A8E8 ] PcaSvc C:\Windows\System32\pcasvc.dll00:10:01.0682 0x04a0 PcaSvc - ok00:10:01.0697 0x04a0 [ 4A003E8F718C1E6A2050CA98CD53E3E2, BCC3BE1EC3FA4967353371D85094D096940A7B5944A6FFCA31E8FBE83D92CC6C ] pci C:\Windows\system32\drivers\pci.sys00:10:01.0744 0x04a0 pci - ok00:10:01.0760 0x04a0 [ F9908D274D458220F91E89B54D78D837, 1E89ABFA6B375383E0297CEE5AF66E37F90E16DD21ABA5C91777A86CDF013B4D ] pciide C:\Windows\system32\drivers\pciide.sys00:10:01.0807 0x04a0 pciide - ok00:10:01.0838 0x04a0 [ 84D19CB6102627932DCB5DFDF89FE269, 2F9C47E076645B35877D9ACA77968EFFCDA8794D76265CD9A4AAA239C4B33C5F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys00:10:01.0885 0x04a0 pcmcia - ok00:10:01.0900 0x04a0 [ CEBBAD5391C2644560C55628A40BFD27, 8AAA6EBD8D89FC91AECCCF1452F53C5650A1A17027FF4E64D224371404CE4C8B ] pcw C:\Windows\system32\drivers\pcw.sys00:10:01.0916 0x04a0 pcw - ok00:10:01.0947 0x04a0 [ 0698DEDEAD6A00AD0D468C687D830FBF, B9DCA1A61F2EF80DB26380F390F2E9A17114D33129D61CF465B949B6A7916CAA ] pdc C:\Windows\system32\drivers\pdc.sys00:10:01.0979 0x04a0 pdc - ok00:10:02.0041 0x04a0 [ 61FE70659CD43E07F94DA4DC31DEC493, 3739B6670B440173FD81DE3D47B0B90FAF296802AD4F57C05BF5CF191BF16022 ] PEAUTH C:\Windows\system32\drivers\peauth.sys00:10:02.0119 0x04a0 PEAUTH - ok00:10:02.0182 0x04a0 [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A, 459CF99D5243C4ACAA38C7B426ADC52F1044C759D06A925D475DF6213AEB85CD ] PerfHost C:\Windows\SysWow64\perfhost.exe00:10:02.0229 0x04a0 PerfHost - ok00:10:02.0244 0x04a0 pfc - ok00:10:02.0275 0x04a0 [ 6E84BFF58F7643499277F29DFA2F8C8D, 401CCF137F35D9690C7B56B2BFEDB2DB72709EBE38626D787904B67640EF6F14 ] pla C:\Windows\system32\pla.dll00:10:02.0369 0x04a0 pla - ok00:10:02.0400 0x04a0 [ 799BE46D45D486704CE0F37CA5385262, BB78DEE83B9DB613B1C083D55FAA458BE3E394AED80EB91B599185A7272F33B3 ] PlugPlay C:\Windows\system32\umpnpmgr.dll00:10:02.0447 0x04a0 PlugPlay - ok00:10:02.0447 0x04a0 PnkBstrA - ok00:10:02.0463 0x04a0 [ 8E2414E818C26C4A9C70CB2B8567F04F, A16B22AE143BA070C562FBE5DEF32F7E228F50B302B66E46B46C44C0F50A4461 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll00:10:02.0494 0x04a0 PNRPAutoReg - ok00:10:02.0525 0x04a0 [ AB76700D764A342D7475FB8F47CAB18C, ECDF705D3E69EF6E7044C98A462A7281D0E7D0D85769C0815555D934B0B69C8D ] PNRPsvc C:\Windows\system32\pnrpsvc.dll00:10:02.0557 0x04a0 PNRPsvc - ok00:10:02.0604 0x04a0 [ 0108C8E5176D590F242701EF5A62CC26, 3A72F5D4402663B7445F6B3C55F01E83A619B6192F7D3CC2DE3C57F9F50D5A2D ] PolicyAgent C:\Windows\System32\ipsecsvc.dll00:10:02.0713 0x04a0 PolicyAgent - ok00:10:02.0744 0x04a0 [ F1E067F56373F11EA4B785CAE823740A, 69BD30E64DA17595FF29C9C9FF9AD4F2F4BE29B688FBAC9DABB2FA9D13A47FF0 ] Power C:\Windows\system32\umpo.dll00:10:02.0791 0x04a0 Power - ok00:10:02.0822 0x04a0 [ 362D47E5B4D67270DE4B8606036F4ADD, 716E229C68D91AEA5B5629F60133D5CBDC0C95ABA54D9DC6264E923CAF4DC6C0 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys00:10:02.0838 0x04a0 PptpMiniport - ok00:10:02.0963 0x04a0 [ C2D3B3D0060619D5E03E696BD56FF59F, 155954F16B6F9B51BA16F43F1AE6F977B1EC4DE77862C6F6C722293189BE0DD2 ] PrintNotify C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll00:10:03.0135 0x04a0 PrintNotify - ok00:10:03.0166 0x04a0 [ DD979EB6A7212F60E4AFBE96EDC7AE6D, BC681D64C5B8F08FD4613D71111853FCD5B05E4BD127D2C6258BAED7627105BE ] Processor C:\Windows\System32\drivers\processr.sys00:10:03.0197 0x04a0 Processor - ok00:10:03.0229 0x04a0 [ 429E8502AD2227CF88F8840FC5BD590D, A186DA46C083580ACEDE9C7E3156865034302CD803140EEEC8E1DE16DA4BC99B ] ProfSvc C:\Windows\system32\profsvc.dll00:10:03.0276 0x04a0 ProfSvc - ok00:10:03.0307 0x04a0 [ EB8034147D4820CD31BFCB11A2A652DF, B10B5E16B7A05D2DB2D5D1945B6146DE15EEDE2C778772A59F104706B5145E46 ] Psched C:\Windows\system32\DRIVERS\pacer.sys00:10:03.0338 0x04a0 Psched - ok00:10:03.0369 0x04a0 [ 0AFBF333B6F87A2F598EAB379AF100B8, D11F3A4D7E4463B62E2DBDE5FC61425B1FDFB07DD1A19BC001D479CA1F554510 ] QWAVE C:\Windows\system32\qwave.dll00:10:03.0416 0x04a0 QWAVE - ok00:10:03.0447 0x04a0 [ 13D47BB0CCA2FC51BD15F8E85C6A078E, EA832A9511007C9E8599C3066E1FA66BE869E8A27886D9A9AC590BD4DFBD1A15 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys Link to post Share on other sites More sharing options...
captainslow Posted March 27, 2014 Author ID:808843 Share Posted March 27, 2014 10:03.0463 0x04a0 QWAVEdrv - ok00:10:03.0619 0x04a0 [ 000D82CC258E2D341605A6F350C4D1E6, 59EC5BA95D8B9EC739BC7D0BBE0E244CA2AE2DF01A8B65BFF7741DFBE38C2940 ] RapportCerberus_59849 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys00:10:03.0744 0x04a0 RapportCerberus_59849 - ok00:10:03.0838 0x04a0 [ EBA3D20E285D7461C2177AD2E64DA7EF, C24D0CBB030F632325C77CAD2982BB9E1B2A259FEA6EAF261F988547CFBBA2EC ] RapportEI64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys00:10:03.0901 0x04a0 RapportEI64 - ok00:10:03.0932 0x04a0 [ 6F8512C8B25445860A07B5103394FB3D, 228DE7AFD20AAF58CE9F0BFDE6CF0422048D137B0398094D05CF042A37552893 ] RapportHades64 C:\Windows\system32\Drivers\RapportHades64.sys00:10:03.0979 0x04a0 RapportHades64 - ok00:10:03.0994 0x04a0 [ 7252FEA79A5EE99C6F7A432090978852, D9BCA7CC4FFE615335D224155BB3F9D4EFE45F985EE8FD1474C5CC70476C3C58 ] RapportKE64 C:\Windows\system32\Drivers\RapportKE64.sys00:10:04.0057 0x04a0 RapportKE64 - ok00:10:04.0135 0x04a0 [ E0A588F701D3F89592B59C4B37037F52, 8A1CCC2485EEE45120090BD0EF5B865E5E085A5CF1DA3069AEE9300A99E1EFD0 ] RapportMgmtService C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe00:10:04.0713 0x04a0 RapportMgmtService - ok00:10:04.0744 0x04a0 [ E36D2CEC679CEDC1A298C36BCDAF8E23, B6F01940963C89B70732D89E59F3020D2EE60246CC0CB1B73CC4C13288B634C3 ] RapportPG64 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys00:10:04.0822 0x04a0 RapportPG64 - ok00:10:04.0838 0x04a0 [ 873C60F8178100557740A832FCE10B5F, 400EF60CB2C98E2AFE122AF3D01CCE56A1548AF865345EE2194AB74DBCBF4C48 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys00:10:04.0869 0x04a0 RasAcd - ok00:10:04.0901 0x04a0 [ 69B93F623B130976243ECA3D84CC99CA, F27617E651EADFAEE479619AAB01CDAA98111BA63E204D5C44A1256732CB0100 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys00:10:04.0947 0x04a0 RasAgileVpn - ok00:10:04.0979 0x04a0 [ 005F6E54C4A2DA4EBF68FB0392CE8BB0, 2F3C90A04964D4D906238BD557D90F7AC05DF86FE9729C4378B39431F54DDAE3 ] RasAuto C:\Windows\System32\rasauto.dll00:10:05.0026 0x04a0 RasAuto - ok00:10:05.0057 0x04a0 [ A14D625C5AEE5FFE0F47D1A1D419FAAE, 1229B81C23340AD5B436B1FD227876EB41715CE6BD270BA367F18879D26B8F04 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys00:10:05.0088 0x04a0 Rasl2tp - ok00:10:05.0104 0x04a0 [ C923C785A2DE0B396AD6D13ACAFF2DE9, 4F950DA776FBABEC7D546983D6F3018733F61268A4BF95C01D4836AD000BD073 ] RasMan C:\Windows\System32\rasmans.dll00:10:05.0166 0x04a0 RasMan - ok00:10:05.0198 0x04a0 [ 00695B9C2DB6111064499C529E90C042, 3CD4DF4D8001C2BBF52EEEB1F0D587209878BEAC339D268892477AD840D490F1 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys00:10:05.0229 0x04a0 RasPppoe - ok00:10:05.0229 0x04a0 [ A7F24D8CD1956B0A1FDCB86CC5114DE4, 30489D235362DF62B105378597168B13F4BAC74A8EDDBDA25237E3C017B69FEE ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys00:10:05.0260 0x04a0 RasSstp - ok00:10:05.0307 0x04a0 [ CA03D642ACE58E1BA54E4B383F91CD69, 39BB942603801CF11FBEA28E24F8C8D1EF2AF615D1FABF951683A015D6A6EF37 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys00:10:05.0385 0x04a0 rdbss - ok00:10:05.0401 0x04a0 [ CA7DF5EC95D8DE0DD24BE7FF97369F68, 153E6F716CA935DBCACB8FF1BB8DE5F5551CE3D18878225470E45893CA69BDB8 ] rdpbus C:\Windows\System32\drivers\rdpbus.sys00:10:05.0432 0x04a0 rdpbus - ok00:10:05.0463 0x04a0 [ B2A3AD74FF2E2FFA73AF2567108231B3, DF8CEA6215F75C634D56F6B8AE11ECCEEB5F8CBC091AC3D6D9F7DE214B00A439 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys00:10:05.0510 0x04a0 RDPDR - ok00:10:05.0541 0x04a0 [ 57F4787E4602A3FCA719C0A33137C6DA, D03AE59A184EB5D126F8EAB9D36EE406ABB8B9ED834F2D2496DDB1349FF56F89 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys00:10:05.0573 0x04a0 RdpVideoMiniport - ok00:10:05.0604 0x04a0 [ B3CB0721E81E30419CE7D837EF4EA151, EC9410818661BF77E4A19694E3A3030E1D983B36F49C72E27F92A1424E0729C2 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys00:10:05.0666 0x04a0 RDPWD - ok00:10:05.0682 0x04a0 [ 62C1F8A0685FE07E998AA296C4F697C4, C636AB2D0F139003A6AD7A12E9DC13EE4485A62F30DA59AF842FF02FE07442EE ] rdyboost C:\Windows\system32\drivers\rdyboost.sys00:10:05.0713 0x04a0 rdyboost - ok00:10:05.0744 0x04a0 [ 3663CCF243EE0C04E9F6F91ED1737273, 31D06445996F99A7F6B32004D1BA63A21C61DE125373F860BA9A9DE5278E8293 ] RemoteAccess C:\Windows\System32\mprdim.dll00:10:05.0791 0x04a0 RemoteAccess - ok00:10:05.0823 0x04a0 [ E80DD61E52EDFFF9DA1ED7260A68855B, 97909F42AE35E28B8F98C01A1D8BAD80A949CDCA0C88FB4ACF0A655DC7C10E45 ] RemoteRegistry C:\Windows\system32\regsvc.dll00:10:05.0854 0x04a0 RemoteRegistry - ok00:10:05.0885 0x04a0 [ 73F2E030B5C24E4E41401B5F0D59E6FD, FAA8B5E3159684E0836900C6EAF63857B445F7F180169B56D5790F097EDAA38B ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll00:10:05.0901 0x04a0 RpcEptMapper - ok00:10:05.0932 0x04a0 [ 10B21284B3D964AB3DC45490E57D422E, 12D5E3A7785F21C99C5EAD14A88EB7A86A058E26C091991339356D99D196CC13 ] RpcLocator C:\Windows\system32\locator.exe00:10:05.0963 0x04a0 RpcLocator - ok00:10:05.0994 0x04a0 [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] RpcSs C:\Windows\system32\rpcss.dll00:10:06.0073 0x04a0 RpcSs - ok00:10:06.0088 0x04a0 [ D38250F459BF60D6F4B69B79DCD948CC, E68C864C1A4C9352EA939062F28789ADE9F0672E8CB3F3909D2891786C76F06F ] RSP2STOR C:\Windows\system32\DRIVERS\RtsP2Stor.sys00:10:06.0119 0x04a0 RSP2STOR - ok00:10:06.0151 0x04a0 [ E04E770DD198B9399640717145E79EBF, 2F9BECB7E4B0A522C6370FD39CFD7DFD3FB5D0A779AECCED2EE855629FA3C952 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys00:10:06.0182 0x04a0 rspndr - ok00:10:06.0229 0x04a0 [ 34DA0D14F5C3F1883A331AFB975AB434, BB5D580C1DCAE59CC1DB75C411A5A4DDF435931469E7EBFF5DFDADBFE07ADEBF ] RTL8168 C:\Windows\system32\DRIVERS\Rt630x64.sys00:10:06.0385 0x04a0 RTL8168 - ok00:10:06.0401 0x04a0 [ 752EC7DCD2F96871A3857EEE6AFE965A, 1D0640966B9147A06ED0E733711773E6B4AB8AC6D962D5B369ECB04170D18AD8 ] s3cap C:\Windows\System32\drivers\vms3cap.sys00:10:06.0448 0x04a0 s3cap - ok00:10:06.0479 0x04a0 [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] SamSs C:\Windows\system32\lsass.exe00:10:06.0526 0x04a0 SamSs - ok00:10:06.0541 0x04a0 [ 9C7B28CE0D136DB226E24DB3BC817F92, E9DE55D6432ADD08EC75F99F2B5D2BD1F553F4EE55991B1767B1578351EE0BF2 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys00:10:06.0557 0x04a0 sbp2port - ok00:10:06.0619 0x04a0 [ 14316954FCE79C9DE5A0AFF9D42C83AA, B60FB1FAC0299F9560761411711E86EDFA2F8D27B58230E2E4BB37736FAB2287 ] SCardSvr C:\Windows\System32\SCardSvr.dll00:10:06.0666 0x04a0 SCardSvr - ok00:10:06.0698 0x04a0 [ 5D7733A12756B267FCA021672B26BC9E, 01CE5B5F49914B9E099BD909A66296F3A40644AE47BA1D5EBFFB30CD33C70A4A ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys00:10:06.0729 0x04a0 scfilter - ok00:10:06.0838 0x04a0 [ ED40ED9A65F3E79A8C43DD50C5FDADBF, 2323BFAB1BC3D661A376650B7AC14C7780C92BA575DA048F3C7611CDB3F7F04A ] Schedule C:\Windows\system32\schedsvc.dll00:10:07.0026 0x04a0 Schedule - ok00:10:07.0057 0x04a0 [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] SCPolicySvc C:\Windows\System32\certprop.dll00:10:07.0088 0x04a0 SCPolicySvc - ok00:10:07.0135 0x04a0 [ F58B030A0664385C707B8C1C63682041, E46AADAA2CD687B9A4B564DC5B002493C8480542588E660BC3DF89EAF9DB0427 ] sdbus C:\Windows\System32\drivers\sdbus.sys00:10:07.0166 0x04a0 sdbus - ok00:10:07.0213 0x04a0 [ 92968277ED491E4B3DDA361E3952361E, 71C50853BB2126A34C7CD014EE44D4B8B39F589E2E8E8E8F4C982E07498E3899 ] SDRSVC C:\Windows\System32\SDRSVC.dll00:10:07.0244 0x04a0 SDRSVC - ok00:10:07.0291 0x04a0 [ BB107AA9980B0DA4E19A3A90C3BD4460, BCB4CF0FFF1FD57302557B68044A88C8EEAAE57C2FEAE8EAD1F410F960298B6D ] sdstor C:\Windows\System32\drivers\sdstor.sys00:10:07.0323 0x04a0 sdstor - ok00:10:07.0354 0x04a0 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys00:10:07.0401 0x04a0 secdrv - ok00:10:07.0432 0x04a0 [ CD282626738B6BC92B6E7CD0AAE95B63, 1A56567C781786C85C63E24E79186EE5C82D3EB2679061B21BA0571A3A6CB7F5 ] seclogon C:\Windows\system32\seclogon.dll00:10:07.0463 0x04a0 seclogon - ok00:10:07.0479 0x04a0 [ 9C51620998F0763039DFA6BF68E475ED, 9E496ADE7CE9A446BE8A2C2FC61B462D966778A94A4C147AABBD25C4821C2BCE ] SENS C:\Windows\system32\sens.dll00:10:07.0510 0x04a0 SENS - ok00:10:07.0541 0x04a0 [ 0D50B4B860DAB65241628D04CD33ACAE, 2AA897C3F9ED076AB9244A32745D18489B076F3ED28A35B868C472131C5B5B46 ] SensrSvc C:\Windows\system32\sensrsvc.dll00:10:07.0573 0x04a0 SensrSvc - ok00:10:07.0588 0x04a0 [ 87C46B239A7EEF30FDFDD5E9BD46130C, F36FB5B20AC58FBD31F7E636059D2D865B751E178E51A03B94ABE0BBD1AB1EC9 ] SerCx C:\Windows\system32\drivers\SerCx.sys00:10:07.0604 0x04a0 SerCx - ok00:10:07.0620 0x04a0 [ 7A1F9347C85FD55E39B8A76B3A25C5AD, 03AF3B23285278A38F4CBEAB7FD326A48FA1EC7F8D044C059CE5403C6D225639 ] Serenum C:\Windows\System32\drivers\serenum.sys00:10:07.0666 0x04a0 Serenum - ok00:10:07.0682 0x04a0 [ F640A0A218BBF857F1D04A15D7D939F6, 948C13886281FE7947E10FB7B34D5CCFE512FB632F1132B6062AC85149F79950 ] Serial C:\Windows\System32\drivers\serial.sys00:10:07.0713 0x04a0 Serial - ok00:10:07.0713 0x04a0 [ F1A5F56B2620B862CC28FF96A0A6DAAB, E5367212B2CADF3820D657CFC27CD961547E28DAB950C68E1380CF97FB68F3F4 ] sermouse C:\Windows\System32\drivers\sermouse.sys00:10:07.0760 0x04a0 sermouse - ok00:10:07.0791 0x04a0 [ CB60A60340788C8D6DE2A269D28086AB, 2D8948E59BB9B00E16D20E425F80E7B862957DBAC9A4D1484E5191FAF333B60D ] SessionEnv C:\Windows\system32\sessenv.dll00:10:07.0807 0x04a0 SessionEnv - ok00:10:07.0823 0x04a0 [ 7EE65419B29302C795714FF8073969A1, E28D89A5423E3A5062030EB2418E9435DD5D8B9D16570046E782D3FCFDA2E79A ] sfloppy C:\Windows\System32\drivers\sfloppy.sys00:10:07.0854 0x04a0 sfloppy - ok00:10:07.0885 0x04a0 [ 090AE16F79C8EAD04E6031F863DA85F3, 3F27BE46DF602B53940414A6E9FEB23B36CFFB8E9A7F41440C3315B8E27D0029 ] SharedAccess C:\Windows\System32\ipnathlp.dll00:10:07.0963 0x04a0 SharedAccess - ok00:10:08.0041 0x04a0 [ A77F3ABE13FCC698511E5DEC7ACEBD5F, 78A43FDA9F770FD8BA107605DB44BC71D8B89D7E75560DA783AA6356C1873C15 ] ShellHWDetection C:\Windows\System32\shsvcs.dll00:10:08.0151 0x04a0 ShellHWDetection - ok00:10:08.0182 0x04a0 [ 2560721D6F16D5B611C36A3A9D28C1B2, 15C30404902654ABA5DB5367FC5BD31343B12A3FC22B4BC5A26B09016447B5ED ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys00:10:08.0307 0x04a0 SiSRaid2 - ok00:10:08.0323 0x04a0 [ 3AA8FDE1DBF65BB8B88B053529554A0D, 8060D946344D043D336F4735363C23C37C91A6DB3F81E575C267B2EC2BECB0EC ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys00:10:08.0416 0x04a0 SiSRaid4 - ok00:10:08.0463 0x04a0 [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe00:10:08.0541 0x04a0 SkypeUpdate - ok00:10:08.0557 0x04a0 [ AF5CC3F9B88F140D78FC967ABF0F4EC7, 7CE3AB7B0A36635CF00E35E84C14B8661FAF794ABCFA61AE45A0E5E8EA996A3B ] SmbDrv C:\Windows\System32\drivers\Smb_driver_AMDASF.sys00:10:08.0588 0x04a0 SmbDrv - ok00:10:08.0620 0x04a0 [ 19555D03CB179BED8B8AAA239A36BDA4, 7B975821D52ABE077496B3CFC010B33D478CD2C36E6A74D8F72D2BF582B8C84A ] SmbDrvI C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys00:10:08.0635 0x04a0 SmbDrvI - ok00:10:08.0666 0x04a0 [ E660156A4588A84305CB772FD2C0DB21, 9492EB6578D4A689945E1FC2440EFA77D461049CDB2D00A645969A71B7DA68E1 ] SNMPTRAP C:\Windows\System32\snmptrap.exe00:10:08.0682 0x04a0 SNMPTRAP - ok00:10:08.0776 0x04a0 [ 3A4F2C0BB87A0895ABEBA341AA1E341B, 4DADEEF3C5D181502D6F4A00FBBF3B001FA626E49569FB330D7AE2955CC7DE08 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe00:10:08.0807 0x04a0 Sony PC Companion - ok00:10:08.0838 0x04a0 [ 9110193D93960E38B8692E4519C75D72, 789381B4CCC056EE431E78E2339AC9802264A1CE4B378DDA9769649664C9A7A0 ] spaceport C:\Windows\system32\drivers\spaceport.sys00:10:08.0932 0x04a0 spaceport - ok00:10:08.0963 0x04a0 [ 3D8679C8DF52EB26EB7583A4E0A29202, DCD9B69299275857712AB200C014AE820C8A9F7E53C4A335A84518FBE4BB56BB ] SpbCx C:\Windows\system32\drivers\SpbCx.sys00:10:09.0010 0x04a0 SpbCx - ok00:10:09.0073 0x04a0 [ 3F215BF2D4D8D6756298B25B579772C2, 744192D1635E5D296BFD399E870B70592202CEAF95C31C2D2B226A868D33A3FD ] Spooler C:\Windows\System32\spoolsv.exe00:10:09.0213 0x04a0 Spooler - ok00:10:09.0573 0x04a0 [ 061A977C920FBE4BF71FF47C966DDDCA, 746516396B72E4ADB05D978C819CD45FE44EE194756F6DA50121D755439CA590 ] sppsvc C:\Windows\system32\sppsvc.exe00:10:09.0870 0x04a0 sppsvc - ok00:10:09.0963 0x04a0 [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6, 61EEB1349489CB85204F1B4E398BE24EDC01FB914120C9DD0487F8EE1EDA055E ] srv C:\Windows\system32\DRIVERS\srv.sys00:10:10.0057 0x04a0 srv - ok00:10:10.0135 0x04a0 [ 56218A571ECF8D55E0CDFF8DF2546CF1, 44B34722108EDDC8757A0B7C939A854457BB7EBC92A83C4284DFFAECFC2E3619 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys00:10:10.0276 0x04a0 srv2 - ok00:10:10.0323 0x04a0 [ 14FC338B80CFF7E04215133B568D15C4, 1F437BE0EC887097F0C3409D4198A20981FC325FDF915532AB85070D337DEF2B ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys00:10:10.0370 0x04a0 srvnet - ok00:10:10.0385 0x04a0 [ 7A20882D76D4A78240A5AC9F2C2EBA21, ACA05211EE542999A118BBD2CD051038A7DC8C40C4B8971DC6514BA90E90EC61 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll00:10:10.0432 0x04a0 SSDPSRV - ok00:10:10.0432 0x04a0 [ D233B16999A8E626F6004BD7814C57EC, 5BBFE5DDF1269617ABD1BDBED85A79D99BB52EA29C2BB3A8F4A1827BFAA1A747 ] SstpSvc C:\Windows\system32\sstpsvc.dll00:10:10.0448 0x04a0 SstpSvc - ok00:10:10.0479 0x04a0 [ EA8F41484CCC5BA6A1455C2AD3D1BE3C, B206AA8F4BA7C1E15561B4F2011FA483C5401B0300914F747804A116CCE972BF ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys00:10:10.0510 0x04a0 ssudmdm - ok00:10:10.0635 0x04a0 [ F452B51D895D894BF5487057E11D44CF, 4B4F54646B1069EA27D4A4F17CB85A66FF7B36A6087F3D07F12221B29DFBF8F2 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe00:10:10.0760 0x04a0 STacSV - detected UnsignedFile.Multi.Generic ( 1 )00:10:13.0135 0x04a0 Detect skipped due to KSN trusted00:10:13.0135 0x04a0 STacSV - ok00:10:13.0245 0x04a0 [ 2F3B5A3567FFB343D8867C3D34C687F1, D01971412506746B2EA1CBB0ACF9472889ABBC23318C1332BEC9C8256011183E ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe00:10:13.0464 0x04a0 Steam Client Service - ok00:10:13.0479 0x04a0 [ 4E85355B94CFCB67C135F6521A4895A7, AC4FC65C1E62A54B3834E7FE0A2B1ECC48A2AA563AE5BD508326EE68FFFBBEEE ] stexstor C:\Windows\system32\drivers\stexstor.sys00:10:13.0510 0x04a0 stexstor - ok00:10:13.0542 0x04a0 [ B05AEC4014FFDC1793B5CCB6D9BD28D1, ED9CC2B5954BDB12868357703B451D8A086FC9DDA0A8F0EA486E3834B0854EE6 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys00:10:13.0667 0x04a0 STHDA - ok00:10:13.0714 0x04a0 [ BAC8A721736AECC55A4F71523AEAB65F, B52E1303B13A961A5FC190829E55B6F28ACA409A6EEF44B358D1D210558FE1D8 ] stisvc C:\Windows\System32\wiaservc.dll00:10:13.0792 0x04a0 stisvc - ok00:10:13.0807 0x04a0 [ B240874B2CA0CD02E8CD11E140B14C57, 0FDBEE3DB644175A30065CAF020F375703ADC45A33221788C010F3111707FC25 ] storahci C:\Windows\system32\drivers\storahci.sys00:10:13.0839 0x04a0 storahci - ok00:10:13.0854 0x04a0 [ F74DBC95A57B1EE866D3732EB5F79BE2, E4FE9D5CD0A385ACB60D5D5E8D969F26C3A6BC0C08FF0838DBE9CA106229C8DE ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys00:10:13.0885 0x04a0 storflt - ok00:10:13.0901 0x04a0 [ 5337E138B49ED1F44CCBA4073BC35C20, 2B296973215E3865A56C46DC3D27F1460D96BC321558CE7A911B05B0E7BF397F ] StorSvc C:\Windows\system32\storsvc.dll00:10:13.0932 0x04a0 StorSvc - ok00:10:13.0948 0x04a0 [ 543CD3CC0E05B8D8815E0D4F040B6F59, 4B57C9534E94A0A67FC82DBD4FAECACA180BEC281FB477550A37C0A04777E09E ] storvsc C:\Windows\system32\drivers\storvsc.sys00:10:13.0964 0x04a0 storvsc - ok00:10:13.0995 0x04a0 [ 8BC1C1ED6EF9C985A3FAA6A72F41679A, 82CC77030D23013572B4A64A64B6156789F253BF56268B790093CE3D345410A0 ] svsvc C:\Windows\system32\svsvc.dll00:10:14.0026 0x04a0 svsvc - ok00:10:14.0042 0x04a0 [ 4AFD66AAE74FFB5986BC240744DC5FC9, 0C9347614E3FD3B4D3B29FA4A5DA23FF6EE4CD9A1FFC378B855B8DE61B2876CF ] swenum C:\Windows\System32\drivers\swenum.sys00:10:14.0073 0x04a0 swenum - ok00:10:14.0104 0x04a0 [ 502F9488540051F3E6C39889ECFA76BB, 22ABD681BE4CF8A1F484C6363C1334B1EF7A6C074D837B0121DE1896887B84C6 ] swprv C:\Windows\System32\swprv.dll00:10:14.0214 0x04a0 swprv - ok00:10:14.0245 0x04a0 [ 3F45C3FE208CA5E68832B65C597A35A6, EACE9AAFC01C2BA52F4DA129AEF7BFA3CF7F10146E4F4330CD344BFC39DC959C ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys00:10:14.0323 0x04a0 SynTP - ok00:10:14.0370 0x04a0 [ A06CB9269D29EE3D0F3F5630ABB660B8, 519A01FC7D9414B26CCBC23E7FB1CEAF1C91CD173B4F4A4025F8316B7460C584 ] SysMain C:\Windows\system32\sysmain.dll00:10:14.0589 0x04a0 SysMain - ok00:10:14.0636 0x04a0 [ 6FB88606C4A71E1BFAF97D63A676C673, D72F93A482E989ACA50F9647B7AD699A4656AEAACF377BB2B8CEBB094B748852 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll00:10:14.0667 0x04a0 SystemEventsBroker - ok00:10:14.0698 0x04a0 [ A6C06C45C44AD06C70AF8899AEC15BDC, AC2CCCDBA6B94BA85A6D41B47343193D175786D4ECF71AE9C7766ADD63A1273F ] TabletInputService C:\Windows\System32\TabSvc.dll00:10:14.0745 0x04a0 TabletInputService - ok00:10:14.0761 0x04a0 [ 88B7721AB551C4325036B25A34A2BF7B, 2817CC6294542524EC373A674535F913440736BEBE81233CA91D5ECD93620B02 ] TapiSrv C:\Windows\System32\tapisrv.dll00:10:14.0792 0x04a0 TapiSrv - ok00:10:15.0057 0x04a0 [ DD4249F03598043DED6FA540EB14898A, 7015BD1A692F75D54B0F96E5EDC5C4DF41B0C831E85D0F6EF0AFBEFCA2F6DA83 ] Tcpip C:\Windows\system32\drivers\tcpip.sys00:10:15.0386 0x04a0 Tcpip - ok00:10:15.0464 0x04a0 [ DD4249F03598043DED6FA540EB14898A, 7015BD1A692F75D54B0F96E5EDC5C4DF41B0C831E85D0F6EF0AFBEFCA2F6DA83 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys00:10:15.0698 0x04a0 TCPIP6 - ok00:10:15.0714 0x04a0 [ 8F2A13A5DF99D72FDDE87F502A66F989, 2228C62ACDB4CBBFDD2BE705E604E0B9A8AEA7146F65F2D8B9B2A2FB49ACFAE1 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys00:10:15.0792 0x04a0 tcpipreg - ok00:10:15.0807 0x04a0 [ 73DC722CE5DF26D7638CE2446F2655C7, 9B8E6F6DEA5E0C2AEAC24A31897D2E73F86EF44F1C25FEF82D2C860353793817 ] tdx C:\Windows\system32\DRIVERS\tdx.sys00:10:15.0839 0x04a0 tdx - ok00:10:15.0854 0x04a0 [ F7C8AB5D8AFFAA318D6A21093D139BF4, 0A35052EF7DC8615783A23897358D8C579BE694363615C9563FF629E7B719991 ] terminpt C:\Windows\System32\drivers\terminpt.sys00:10:15.0886 0x04a0 terminpt - ok00:10:15.0917 0x04a0 [ 541EE228D0DEF392F7B2DFD885DD021B, 594D6538FA4DB5EF4D130007D7C29051EC2EDCA39EBB119695B58E9CBB0EB728 ] TermService C:\Windows\System32\termsrv.dll00:10:15.0995 0x04a0 TermService - ok00:10:16.0042 0x04a0 [ 519A6F672FFF56B7D8EE8C730CEC8ECD, 2B36F10C0AE16A261DC0887B1050808BA1F0568F3879E4ABC3D370F08C3FADB7 ] Themes C:\Windows\system32\themeservice.dll00:10:16.0073 0x04a0 Themes - ok00:10:16.0104 0x04a0 [ EEE908BE7143FCA48CF0CB87214E2AB8, 4F9BD299F559DD36DBD93489CFAA753F236FBB70946E034D2E2260059AE20962 ] THREADORDER C:\Windows\system32\mmcss.dll00:10:16.0120 0x04a0 THREADORDER - ok00:10:16.0182 0x04a0 [ 4515B9E4140F04FB3907692DF89FCA87, F68EC56524BDA877646E987BE7414C1D622BD9FF05A5AEADCA39030FDC2B0115 ] TimeBroker C:\Windows\System32\TimeBrokerServer.dll00:10:16.0245 0x04a0 TimeBroker - ok00:10:16.0276 0x04a0 [ E94F7A7B48C7638D1F3F8089344C97B7, 276CDE59614D563A52529BCC4BFC726E5F5BE131C9C4142558A644D79328C810 ] TPM C:\Windows\system32\drivers\tpm.sys00:10:16.0323 0x04a0 TPM - ok00:10:16.0339 0x04a0 [ 8C8CF3041B27E7657ADD0EE17F6DBFCA, A6846478B9E7B0A509E5A28C6C7B66ED39F0247F9AFF01E3C3CADC0DBEF3CA00 ] TrkWks C:\Windows\System32\trkwks.dll00:10:16.0354 0x04a0 TrkWks - ok00:10:16.0401 0x04a0 [ 8ABBB5CE0C62E0A6D28F32F44B7F865C, 4C78FE2A4A25A758D5191C4EDB2A6FE691FF82E7C16C0F146DC96DAD87D4F64E ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe00:10:16.0448 0x04a0 TrustedInstaller - ok00:10:16.0479 0x04a0 [ 4E7C5FB10A50435523DE0CAA37DE2BD3, D6206DF61950F2541FB754E57C4D9EF9FA0CC1EDD6F6FA4E45F02B47958493F7 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys00:10:16.0511 0x04a0 TsUsbFlt - ok00:10:16.0526 0x04a0 [ 16D684A820872EE54F6370703AC0B513, 795E20484358424CE9FA766937DD99413025A8AF967D03490392E8E02A382D0B ] TsUsbGD C:\Windows\System32\drivers\TsUsbGD.sys00:10:16.0557 0x04a0 TsUsbGD - ok00:10:16.0573 0x04a0 [ 78C9EE193AC2B4CBDBC48B620314D740, 41523E47D321BFF5778F5E453545B928C0A469C3BBA51578E74D6721D7DF9273 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys00:10:16.0589 0x04a0 tunnel - ok00:10:16.0604 0x04a0 [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A, AA7DA2207C0236F47859A4791F9D7301E7ADB50A59D831DC859ECC7CA70D3E1D ] uagp35 C:\Windows\system32\drivers\uagp35.sys00:10:16.0620 0x04a0 uagp35 - ok00:10:16.0651 0x04a0 [ 6FD6D03B7752C78712E5CFF29A305026, F09C5188AAFCF4C77B05BA1E604F9912782A9F1371F72F959288EBC2725407ED ] UASPStor C:\Windows\System32\drivers\uaspstor.sys00:10:16.0682 0x04a0 UASPStor - ok00:10:16.0729 0x04a0 [ 061BA3EE0D2BE17944990544008CF190, C9236D368EC2281B545E8C008BC2801F21A9716ED3D4DAEDB0751A5008346E81 ] UCX01000 C:\Windows\System32\drivers\ucx01000.sys00:10:16.0761 0x04a0 UCX01000 - ok00:10:16.0792 0x04a0 [ 25C50F4EDF70D0A831E0566BD181CCF2, F2F9E86FB5617C16077D2073EC0AA747F76F1EB5148BA110347A84F3C3569F83 ] udfs C:\Windows\system32\DRIVERS\udfs.sys00:10:16.0886 0x04a0 udfs - ok00:10:16.0901 0x04a0 [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D, 16DE6E0894C356A58AF12BEC2FE9B188F147DD4B16CB2414DE600CE4127F929D ] UI0Detect C:\Windows\system32\UI0Detect.exe00:10:16.0979 0x04a0 UI0Detect - ok00:10:17.0011 0x04a0 [ 07FEBCDF24FABA0D47B635D85A0FFB7A, 452C04B14681EBCE8B1B25B75A1B7CC978722B7DDE54D624E17841B14ACCF65D ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys00:10:17.0026 0x04a0 uliagpkx - ok00:10:17.0042 0x04a0 [ 02CEB3FE6152668A7BA420B93B664860, 613F27540FD1EFE2442E326F507DACD5A25691C8481937022B7E1104F3E6E9E2 ] umbus C:\Windows\System32\drivers\umbus.sys00:10:17.0058 0x04a0 umbus - ok00:10:17.0089 0x04a0 [ 991EE6B5FC41EAEF99C8AF5B92F2CA09, 30AAD7D18FF5962CEC7180359D148EED5A1BF193DDB2B34508897FC3EBA692C3 ] UmPass C:\Windows\System32\drivers\umpass.sys00:10:17.0104 0x04a0 UmPass - ok00:10:17.0136 0x04a0 [ 43FEFB040A0CC30F795FBF544169594D, F2A730C0F7C883321C378D4564120A40428D7F8E393F02C8D6A08934795A35C7 ] UmRdpService C:\Windows\System32\umrdp.dll00:10:17.0183 0x04a0 UmRdpService - ok00:10:17.0308 0x04a0 [ DBE2E6388379D5CC78099650541E9566, 1914BC929F109A49FB18ED31F239A9813A010B0A3914BC8CD0D6A94A67A072D7 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe00:10:17.0401 0x04a0 UNS - ok00:10:17.0433 0x04a0 [ 14D22C411854AA2560AFC94CD2D5E61F, BB376734733671C02319E6DB1800D41212694446FD65465498C92D4ECBFE7458 ] upnphost C:\Windows\System32\upnphost.dll00:10:17.0558 0x04a0 upnphost - ok00:10:17.0589 0x04a0 [ C976C4306F9AE133D6BBD47FDFC3BF92, 820413D92D6A89055A7F26523BF5CC4B668610C4A06E8B0D163FBF929B1DFA9A ] usbccgp C:\Windows\System32\drivers\usbccgp.sys00:10:17.0620 0x04a0 usbccgp - ok00:10:17.0651 0x04a0 [ 427B6DB8C05A5A977E8C3525370A2595, C67222CA9123AE12D953995326B3B582C146CEA89594B7209DB0B1F628A0118D ] usbcir C:\Windows\System32\drivers\usbcir.sys00:10:17.0729 0x04a0 usbcir - ok00:10:17.0776 0x04a0 [ B24FDEB1B18496F1B463782235AA3AF1, 3F5036F36987C8007D03DAFC3EC30615515BE96D9A1DF879BCD4EB0E66CD50B1 ] usbehci C:\Windows\System32\drivers\usbehci.sys00:10:17.0839 0x04a0 usbehci - ok00:10:17.0901 0x04a0 [ F8C2A832DF9403F5EA8080CBDBDA95FB, 50E9455465672BC13EB945BEC132D2F30BA2EB25C68928D2B4C256F2DB292A83 ] usbhub C:\Windows\System32\drivers\usbhub.sys00:10:18.0011 0x04a0 usbhub - ok00:10:18.0042 0x04a0 [ E5F7328B1D29BCE791862CD3C0DD382A, E520D75CA6E4EDB06F576D97FB6B7CFD46A3EF3A3AC881537DE3BB8C862FE8C3 ] USBHUB3 C:\Windows\System32\drivers\UsbHub3.sys00:10:18.0136 0x04a0 USBHUB3 - ok00:10:18.0151 0x04a0 [ 325F6179009B5A7F6118951A5BA422AB, 756CB2893530485E8C3ACFF5A40F4C6EB446E72B2296E8772058E407A5E066DE ] usbohci C:\Windows\System32\drivers\usbohci.sys00:10:18.0245 0x04a0 usbohci - ok00:10:18.0276 0x04a0 [ 9FDBA6982582A6F2354144980F641E7B, 054A65412CB22C5BE970FD3A266E140110D869B614B9F9894628D553CE82C991 ] usbprint C:\Windows\System32\drivers\usbprint.sys00:10:18.0323 0x04a0 usbprint - ok00:10:18.0354 0x04a0 [ AD91D1BBE5D3CF4501887DC1C09384FD, ED9E27CD1D52401087427EC20E389FBE2497193483C2E53E8DE5D70DACF5D928 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys00:10:18.0386 0x04a0 usbscan - ok00:10:18.0417 0x04a0 [ BFC7FE4AAEB61317A921871B4085EF4B, CBC3FBAEAD6C82A437CC87A97007EF807C64053AB8FA5C3233C2A0CF6FC8D019 ] USBSTOR C:\Windows\System32\drivers\USBSTOR.SYS00:10:18.0479 0x04a0 USBSTOR - ok00:10:18.0495 0x04a0 [ 1ABF657259DB57F7E5558E4DF1357C0C, 34EAF5DEA3293CFA96BA81B036305FD90ABAE05B9CB73D4F54FB236448C1978C ] usbuhci C:\Windows\System32\drivers\usbuhci.sys00:10:18.0526 0x04a0 usbuhci - ok00:10:18.0573 0x04a0 [ 9EF7C01D3ACCBC243B5CB1A95865B2FF, 367A7640B4992E68EB3E1BBD78D3014742F4CC4056750E389048C653251DAD33 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys00:10:18.0604 0x04a0 usbvideo - ok00:10:18.0667 0x04a0 [ 8DC398D7B8E02C929A2096E74A170970, 87B3CE84D05F50C33935B28F0AFF1CB15DAA4530768BA1FB25C311609CD4B0A5 ] USBXHCI C:\Windows\System32\drivers\USBXHCI.SYS00:10:18.0729 0x04a0 USBXHCI - ok00:10:18.0745 0x04a0 [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] VaultSvc C:\Windows\system32\lsass.exe00:10:18.0776 0x04a0 VaultSvc - ok00:10:18.0792 0x04a0 [ BACECBFF9C97F7627A60B0E0F1FE7EE8, DC82F767D066B93A48A090DC7146EBCCDC54B43C6CD9DF29A160E09E3A531DC8 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys00:10:18.0808 0x04a0 vdrvroot - ok00:10:18.0854 0x04a0 [ 1B4488988E5E7512E6C5CD1255E9E973, B82C26E767A8895CFFD76C11D07D5C945C38E1BD32CC27D20A6C0FA7F6064FC5 ] vds C:\Windows\System32\vds.exe00:10:18.0980 0x04a0 vds - ok00:10:19.0011 0x04a0 [ 74FA2D4368DE6F6CE14393EDF1F342BE, C5CE4164B2C3D583A7FB8687ADEADCDB08D36A5AB1965E5FC6949AEED15881C8 ] VerifierExt C:\Windows\system32\drivers\VerifierExt.sys00:10:19.0042 0x04a0 VerifierExt - ok00:10:19.0073 0x04a0 [ 500BE6B2E49883720D0AE8BB859ED7A3, 4606B02A3E8123510676E554635EB5ECF9DC5F2B83928710C8563787C52CC102 ] vhdmp C:\Windows\System32\drivers\vhdmp.sys00:10:19.0198 0x04a0 vhdmp - ok00:10:19.0230 0x04a0 [ F5B4A14B00E89250C50982AC762DDD1D, 581CD97DD42E74A82F06BFB827DFC82618B4A8667ACA7E93C628BB0D056CE8F0 ] viaide C:\Windows\system32\drivers\viaide.sys00:10:19.0276 0x04a0 viaide - ok00:10:19.0292 0x04a0 [ 78DB50F7329F6D1311658DABFFFC8BE0, 8CB0C831608033C4BC1D2DA7FAA7D429333A3654E76A989F7AF85BFC5F086BE9 ] vmbus C:\Windows\system32\drivers\vmbus.sys00:10:19.0339 0x04a0 vmbus - ok00:10:19.0355 0x04a0 [ ECFEE2F2BA3932C7880D1A8F67D68F91, 57DCD55A518A9FBDEF72B511C643B1062C3F7BD339F4B0FC19E9D84C615B968D ] VMBusHID C:\Windows\System32\drivers\VMBusHID.sys00:10:19.0401 0x04a0 VMBusHID - ok00:10:19.0464 0x04a0 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicheartbeat C:\Windows\System32\ICSvc.dll00:10:19.0542 0x04a0 vmicheartbeat - ok00:10:19.0558 0x04a0 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmickvpexchange C:\Windows\System32\ICSvc.dll00:10:19.0573 0x04a0 vmickvpexchange - ok00:10:19.0589 0x04a0 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicrdv C:\Windows\System32\ICSvc.dll00:10:19.0620 0x04a0 vmicrdv - ok00:10:19.0620 0x04a0 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicshutdown C:\Windows\System32\ICSvc.dll00:10:19.0651 0x04a0 vmicshutdown - ok00:10:19.0651 0x04a0 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmictimesync C:\Windows\System32\ICSvc.dll00:10:19.0683 0x04a0 vmictimesync - ok00:10:19.0698 0x04a0 [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicvss C:\Windows\System32\ICSvc.dll00:10:19.0730 0x04a0 vmicvss - ok00:10:19.0761 0x04a0 [ CB60FAAED8B49B812EBBF77EB87D9B18, ADA7C68D4C4981555ED48981E8B7ACBEEF5C39F902EB98782FC3DFF495FE0C33 ] volmgr C:\Windows\system32\drivers\volmgr.sys00:10:19.0792 0x04a0 volmgr - ok00:10:19.0792 0x04a0 [ A74101DA9809251BCD0E5A26BAE0F824, 15A3A7CC31A13C5882812C344D0937A8A4503D12DB07B9F7F2A8191B739CDBF7 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys00:10:19.0855 0x04a0 volmgrx - ok00:10:19.0886 0x04a0 [ 78A5BBA3819FFFC62FFEC3E2220D102D, A95797B97D576374C2CDA8A09E6C51A89BADE428AAA89D5093579C85062E5874 ] volsnap C:\Windows\system32\drivers\volsnap.sys00:10:19.0964 0x04a0 volsnap - ok00:10:19.0995 0x04a0 [ A8DA1C1B52ECEA3726DEBED4FF1B700D, 75C024EC3858DF24FB82FE105BDD1E37900D53EFE9D72F42CDDFFD0742525586 ] vpci C:\Windows\System32\drivers\vpci.sys00:10:20.0042 0x04a0 vpci - ok00:10:20.0058 0x04a0 [ 38A60CD9C009C55C6D3B5586F8E6A353, 7F7E2AE39F1A0A5245650911E310E0948BC22A18262A16FA76B44A042D66312D ] vsmraid C:\Windows\system32\drivers\vsmraid.sys00:10:20.0089 0x04a0 vsmraid - ok00:10:20.0261 0x04a0 [ D0C69E44BC1E1D4AD290FD84104623D8, 4C86760EA4BD2A64FFD42D89284EC3E5048CB2F0F6F3B80D017B41C0D2456A90 ] VSS C:\Windows\system32\vssvc.exe00:10:20.0417 0x04a0 VSS - ok00:10:20.0448 0x04a0 [ A0F6FE0FC2F647C22BBFD6BD4249DBCC, AC2F3C70EDCA0AFBB2606267DFE6D3E8E7B0772140153BAD6B0A9EDE6A1D2F29 ] VSTXRAID C:\Windows\system32\drivers\vstxraid.sys00:10:20.0542 0x04a0 VSTXRAID - ok00:10:20.0558 0x04a0 [ 62460A45435A26A334907E3F2EA45611, FEF86E05117CC0AAB8211CA1542776EB620BD4699BD590D91F16621ED35B9824 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys00:10:20.0589 0x04a0 vwifibus - ok00:10:20.0605 0x04a0 [ 095E943D27025E4D588AF0A72CC2318F, 3CE406A202F93EF8C4BC7317621A672670D734C69166393CA7256D5E5E667041 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys00:10:20.0651 0x04a0 vwififlt - ok00:10:20.0667 0x04a0 [ 73FA1A41A97A5C34ADC03B3577FF1A86, CBA4BC0DA837C163587BBB4BF2AC1549C72440307C984D3CDF8995023718136C ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys00:10:20.0683 0x04a0 vwifimp - ok00:10:20.0730 0x04a0 [ F690B6EEAA94576727B24376D7ED3601, A61EE96024C8FC4058481DFB1E7F0AD746565368672FA3B6BA8F9E23D0F47E4C ] W32Time C:\Windows\system32\w32time.dll00:10:20.0808 0x04a0 W32Time - ok00:10:20.0839 0x04a0 [ 6B806E893714019969E2B50D7EF6A4D9, 38FE2B01082DC4C2A0C11A292016A727F48C3DF1293DC3A0216B2254A452263F ] WacomPen C:\Windows\System32\drivers\wacompen.sys00:10:20.0901 0x04a0 WacomPen - ok00:10:20.0933 0x04a0 [ 61F6972FF9AC9A8D0B4D62076DC30051, 5A028036461534CA53CB2D6C1D720783D408A9F17FD77AB1ECDD75FBAD9F2381 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys00:10:20.0964 0x04a0 Wanarp - ok00:10:20.0964 0x04a0 [ 61F6972FF9AC9A8D0B4D62076DC30051, 5A028036461534CA53CB2D6C1D720783D408A9F17FD77AB1ECDD75FBAD9F2381 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys00:10:20.0995 0x04a0 Wanarpv6 - ok00:10:21.0105 0x04a0 [ 901CC968412F8155B08D7ABE0171166A, D05A8E3D4D159546394E902C618D0583FE497B51C8F1C86D8E3B9E046819DD53 ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll00:10:21.0198 0x04a0 WAS - ok00:10:21.0292 0x04a0 [ 42DF22F8C448E7CD219F6D63743505E2, 063F4280C7BD20CE1360436B76A17DFE17FF611F75337A47373D098CC6C263BF ] wbengine C:\Windows\system32\wbengine.exe00:10:21.0448 0x04a0 wbengine - ok00:10:21.0480 0x04a0 [ 31D37B2F6069C631EF0557D322924812, 6E18A1060F3C8F4BF220E286C44327866A8F9109E74928AA2D8C2DA9C452038B ] WbioSrvc C:\Windows\System32\wbiosrvc.dll00:10:21.0542 0x04a0 WbioSrvc - ok00:10:21.0573 0x04a0 [ AF1349386D4C6786EF4E34FACEF15042, 6B33778409BC54C1955B92508ADDEBAFD629141961B71C94A91DC4CFE8391A13 ] Wcmsvc C:\Windows\System32\wcmsvc.dll00:10:21.0636 0x04a0 Wcmsvc - ok00:10:21.0667 0x04a0 [ 5B5FEAB51172F5513C2CF7B39CFA6A01, 4FDAC5168E00D44781C6F5D98ECD4977A12663C5CE6FFDFF9DBC89A28D6212D8 ] wcncsvc C:\Windows\System32\wcncsvc.dll00:10:21.0745 0x04a0 wcncsvc - ok00:10:21.0761 0x04a0 [ E19556D414332E2BEBA1F368229006B4, AB3454EC85D7B6E62D44C4510C1547AE7F736558588E54B0E265F7B3A5810E15 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll00:10:21.0792 0x04a0 WcsPlugInService - ok00:10:21.0823 0x04a0 [ B3A4D918DAB90505B6BC7B70632913CB, ECC19DCD7902C29D0682C70B9546CF8B82477A32147EE30EB6750D8499605B46 ] Wd C:\Windows\system32\drivers\wd.sys00:10:21.0839 0x04a0 Wd - ok00:10:21.0870 0x04a0 [ 07D19A55CD27B330534D2DDEA60D5FC6, 9C9441EA6943481838F61FD929F88FE25DC60BB8513A2C01CB4712918A883E3F ] WdBoot C:\Windows\system32\drivers\WdBoot.sys00:10:21.0886 0x04a0 WdBoot - ok00:10:21.0948 0x04a0 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys00:10:22.0073 0x04a0 Wdf01000 - ok00:10:22.0120 0x04a0 [ CEBD9CDAADA11FAECCA82E4C06BCDD8E, 6D6E4BF0EB97004F9C07327923C9BD2B451FDDA567FAF39556595302EE5A1A54 ] WdFilter C:\Windows\system32\drivers\WdFilter.sys00:10:22.0167 0x04a0 WdFilter - ok00:10:22.0198 0x04a0 [ 240FC332484572227CD1DF82407F33E5, 5210549EC519DD3BCA6BBC995F01E1E3E0988580797E4BD1433F429E0CB30412 ] WdiServiceHost C:\Windows\system32\wdi.dll00:10:22.0245 0x04a0 WdiServiceHost - ok00:10:22.0245 0x04a0 [ 240FC332484572227CD1DF82407F33E5, 5210549EC519DD3BCA6BBC995F01E1E3E0988580797E4BD1433F429E0CB30412 ] WdiSystemHost C:\Windows\system32\wdi.dll00:10:22.0277 0x04a0 WdiSystemHost - ok00:10:22.0323 0x04a0 [ 9B1384CE8E681D2D77BB3524B8E86311, BDEF9D0A79A7C26A88088A306F91632F300E587736CDD2C64717EC54DD6E89FF ] WebClient C:\Windows\System32\webclnt.dll00:10:22.0370 0x04a0 WebClient - ok00:10:22.0402 0x04a0 [ 35FD720943D4FCD75C3275BF062FF140, 9D8345E6DE1AE23F93AD0B52D27D1CCFD69EF7EE50654F92CA999BEC4570A773 ] Wecsvc C:\Windows\system32\wecsvc.dll00:10:22.0448 0x04a0 Wecsvc - ok00:10:22.0480 0x04a0 [ 4D2612E3C462B68F499D840B1133263E, 4DDAEB4480AEC31A8184838588E0D3DFA31CE6D2FA6E906926860C75F52DC7B7 ] wercplsupport C:\Windows\System32\wercplsupport.dll00:10:22.0542 0x04a0 wercplsupport - ok00:10:22.0589 0x04a0 [ 5F70EBFC1F75B487DE79501E3CCBDB54, 2FCA57BF60A43B03BB42FBF22BBFC19AD2266FBBD818494AD114125E6E433321 ] WerSvc C:\Windows\System32\WerSvc.dll00:10:22.0636 0x04a0 WerSvc - ok00:10:22.0683 0x04a0 [ 44BB9C31E6242C4BD1CE7C2B440C2533, E603BB001028918B687818E930340008C752679B133037367A8A8E41DA559FFE ] WFPLWFS C:\Windows\system32\DRIVERS\wfplwfs.sys00:10:22.0730 0x04a0 WFPLWFS - ok00:10:22.0745 0x04a0 [ 60E0C220593DA4F7C289CB909D2DBAE0, 057CA7727F748600CC155043081AB9E3244763CF4913F317D13226A515F6FDB6 ] WiaRpc C:\Windows\System32\wiarpc.dll00:10:22.0777 0x04a0 WiaRpc - ok00:10:22.0792 0x04a0 [ A3C7624A42A3447EF5EDD1ED37FE4E60, BD8BDF0A571873FA8277878AF7AED11196CFF1B4DF1EA6BA13BD4887D7B63B94 ] WIMMount C:\Windows\system32\drivers\wimmount.sys00:10:22.0823 0x04a0 WIMMount - ok00:10:22.0839 0x04a0 WinDefend - ok00:10:22.0964 0x04a0 [ 7911470B6018059A880469A63B65700A, 4B6131491A028FBCA54AC261112D183EFD42E98160545C8E8DFBDA01C87B3FB5 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll00:10:23.0120 0x04a0 WinHttpAutoProxySvc - ok00:10:23.0167 0x04a0 [ 3D6B518B71C75C8FA4115A33615C107A, ED7A266013D29D3B1A462464735C3632BEA121D1B32553907AEAA0B00595C3DF ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll00:10:23.0245 0x04a0 Winmgmt - ok00:10:23.0480 0x04a0 [ 8E212A627F33F6FC3B5F3BB47212F66E, 9BBFE26ABFA14F346FE3711D13D959523EEA23608A33C16F3D750D66CA511911 ] WinRM C:\Windows\system32\WsmSvc.dll00:10:23.0761 0x04a0 WinRM - ok00:10:23.0777 0x04a0 [ BB20956C424531003F7FA6CD36F11D5D, 2C55F1C7553A527A7C4C34E730BE943269AE23928731C64D3DC945E07AE1771E ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys00:10:23.0823 0x04a0 WinUsb - ok00:10:23.0870 0x04a0 [ 4F2A80D65AE6F845776E2F06AE6782ED, 2455537C048115435D9EDE4B18F9F54C43912076AEF36BDEFEC35AF2140B8B2E ] WirelessButtonDriver C:\Windows\System32\drivers\WirelessButtonDriver64.sys00:10:23.0902 0x04a0 WirelessButtonDriver - ok00:10:23.0995 0x04a0 [ 6351724B8FA0255C2DBD970297F00B93, A02F274479F9F32E30C75A5BD991B008B3CCB47D380D5870563EF918DAC5730E ] WlanSvc C:\Windows\System32\wlansvc.dll00:10:24.0074 0x04a0 WlanSvc - ok00:10:24.0152 0x04a0 [ B330CE47FB74A6BE9A3FFFF4B3F64D9B, B76226808406D8B38DE2D3A8CCE633BB507022C8BAAA6C3DAD34204CC6CE1284 ] wlidsvc C:\Windows\system32\wlidsvc.dll00:10:24.0339 0x04a0 wlidsvc - ok00:10:24.0370 0x04a0 [ E2A596CACFC6504306CDB7B593B90084, DF89CF57249553CE922C841F18B99A213185FA1099C053B9BB8C0F6E5BC3FEC0 ] WmiAcpi C:\Windows\System32\drivers\wmiacpi.sys00:10:24.0402 0x04a0 WmiAcpi - ok00:10:24.0449 0x04a0 [ D113499052C5E541906B727779F0F959, 05FB51086C0A0CE3812A7E6098C5A454ECCFE8553669CFA715153564F2226DB0 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe00:10:24.0495 0x04a0 wmiApSrv - ok Link to post Share on other sites More sharing options...
captainslow Posted March 27, 2014 Author ID:808845 Share Posted March 27, 2014 10:24.0527 0x04a0 WMPNetworkSvc - ok00:10:24.0542 0x04a0 [ C6FF953D5D6F2EAE3B8883474D5076B3, 001CBB7FBC30209C892869258E5ABD3F0932886E156ECB10DCA599F6D32648BE ] wpcfltr C:\Windows\system32\DRIVERS\wpcfltr.sys00:10:24.0574 0x04a0 wpcfltr - ok00:10:24.0605 0x04a0 [ A6ED163169876BFD2437E872FE2F1509, C13E8676800EEEF690F51C4DEA660B36C8734AE2CCAAC48054E10D74B98949B8 ] WPCSvc C:\Windows\System32\wpcsvc.dll00:10:24.0652 0x04a0 WPCSvc - ok00:10:24.0683 0x04a0 [ 3013658A4D327854BEEC4A08D9655194, C4CF5AA6A47CC55E7037B0BFE20AE0A6442ADDC5DEB89D6861C98C61851FA821 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll00:10:24.0714 0x04a0 WPDBusEnum - ok00:10:24.0730 0x04a0 [ 0346CAFC181C91C6E2330332EB332ED6, D46F44C339399CAAE13CD71C53A169E95065208E07E5420DE00A4509D6CB056F ] WpdUpFltr C:\Windows\system32\drivers\WpdUpFltr.sys00:10:24.0777 0x04a0 WpdUpFltr - ok00:10:24.0808 0x04a0 [ BC8B5CB336E63BB25EAD1CE8EDD34B81, A42759956EDCCC6D0688240AA4F833FB9CA132D42D2D901CDCBB24DCE1788C1D ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys00:10:24.0902 0x04a0 ws2ifsl - ok00:10:24.0933 0x04a0 [ 012CFE7F0F95266F554EE3B91EE2128A, 866312F6BF7369BE686F1BA9F01311C99E95E268C6E63BE37C841F54F5AA0DB8 ] wscsvc C:\Windows\system32\wscsvc.dll00:10:24.0980 0x04a0 wscsvc - ok00:10:25.0011 0x04a0 [ 74EFDA0526862C3D8D01A776182798EA, 7C9AD6118CB344C63B60A8BA5FA8C85ADED30933821ABD1427857E826EFC2952 ] WSDPrintDevice C:\Windows\System32\drivers\WSDPrint.sys00:10:25.0074 0x04a0 WSDPrintDevice - ok00:10:25.0089 0x04a0 [ FA07DF46070F0826139709EF4D31FB71, 8F46A55D5C4336536E7974C9CEAFED55E7E9E9BF133D2AD0F6A55174F70B2F03 ] WSDScan C:\Windows\System32\drivers\WSDScan.sys00:10:25.0136 0x04a0 WSDScan - ok00:10:25.0152 0x04a0 WSearch - ok00:10:25.0292 0x04a0 [ D4D04839F3DFAF09D94BAB1016F7A297, 944A41D251F522EE87189C1D01CF7EEE2C70BF4353BA4005C44F03DB485F843F ] WSService C:\Windows\System32\WSService.dll00:10:25.0449 0x04a0 WSService - ok00:10:25.0839 0x04a0 [ 311E5E1976E0BD9110A88B93158055D5, F1AA738D6AD74C33785EEFE1FBE8A869AAB62417B7D079389293AB1209A849C1 ] wuauserv C:\Windows\system32\wuaueng.dll00:10:26.0214 0x04a0 wuauserv - ok00:10:26.0246 0x04a0 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys00:10:26.0277 0x04a0 WudfPf - ok00:10:26.0308 0x04a0 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\System32\drivers\WUDFRd.sys00:10:26.0355 0x04a0 WUDFRd - ok00:10:26.0355 0x04a0 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFSensorLP C:\Windows\system32\DRIVERS\WUDFRd.sys00:10:26.0386 0x04a0 WUDFSensorLP - ok00:10:26.0417 0x04a0 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll00:10:26.0464 0x04a0 wudfsvc - ok00:10:26.0496 0x04a0 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFWpdFs C:\Windows\system32\DRIVERS\WUDFRd.sys00:10:26.0527 0x04a0 WUDFWpdFs - ok00:10:26.0542 0x04a0 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFWpdMtp C:\Windows\system32\DRIVERS\WUDFRd.sys00:10:26.0589 0x04a0 WUDFWpdMtp - ok00:10:26.0652 0x04a0 [ 6D9E07436B6646EC8F7EFFD39B6BA288, 82C1CEA93ECEF17D221AD0F87C5BD96F3FD8143841C16BD9608BD4D58D90B8E0 ] WwanSvc C:\Windows\System32\wwansvc.dll00:10:26.0730 0x04a0 WwanSvc - ok00:10:26.0746 0x04a0 ================ Scan global ===============================00:10:26.0792 0x04a0 [ DDC1AFBF9DDF880CE9BD3896114D8DED, E2406231EA4D2689A5EDFA9BD1A1BC064359D8D23B37F113A18B5EAE3E2D4050 ] C:\Windows\system32\basesrv.dll00:10:26.0839 0x04a0 [ E9343076AE704D20BB0D01F3AF3EFFEF, FF2CE4146945976F9480690505CECD3C7C719BAF0F633E6192C8272C75EF295D ] C:\Windows\system32\winsrv.dll00:10:26.0886 0x04a0 [ BD7C6949984D19AAA609896B675E7357, 5B46538B27BC70F5A3805AA63F6AACDC780C7168468FB535F2D35CF26B9DEE06 ] C:\Windows\system32\sxssrv.dll00:10:26.0980 0x04a0 [ 8F226143046435C75C033B0C52E90FFE, 54FA316485B57D7B8104FE621F5F40DEC35E3D57C3DF46B5F7EACF57445FE7CA ] C:\Windows\system32\services.exe00:10:26.0996 0x04a0 [ Global ] - ok00:10:26.0996 0x04a0 ================ Scan MBR ==================================00:10:26.0996 0x04a0 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR000:10:28.0277 0x04a0 \Device\Harddisk0\DR0 - ok00:10:28.0277 0x04a0 ================ Scan VBR ==================================00:10:28.0292 0x04a0 [ E107C461E61970F7F80FE2FAB9D2776F ] \Device\Harddisk0\DR0\Partition100:10:28.0386 0x04a0 \Device\Harddisk0\DR0\Partition1 - ok00:10:28.0417 0x04a0 [ F41DBC41C27B567FF305116D233588FC ] \Device\Harddisk0\DR0\Partition200:10:28.0480 0x04a0 \Device\Harddisk0\DR0\Partition2 - ok00:10:28.0511 0x04a0 [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition300:10:28.0511 0x04a0 \Device\Harddisk0\DR0\Partition3 - ok00:10:28.0543 0x04a0 [ 64355BED7BAC0428493FF34BFD82477E ] \Device\Harddisk0\DR0\Partition400:10:28.0668 0x04a0 \Device\Harddisk0\DR0\Partition4 - ok00:10:28.0714 0x04a0 [ 083DF7149AB6B929054E39D0EF5862AB ] \Device\Harddisk0\DR0\Partition500:10:28.0808 0x04a0 \Device\Harddisk0\DR0\Partition5 - ok00:10:28.0808 0x04a0 ================ Scan active images ========================00:10:28.0824 0x04a0 [ 07C872F13ACC81A5F10DEC6CF37BF9A8, F017F30879F4231C13A5E3DBE8072BA7D0C84F6596667E5335C155A1C5B628DD ] C:\Windows\System32\Drivers\crashdmp.sys00:10:28.0824 0x04a0 C:\Windows\System32\Drivers\crashdmp.sys - ok00:10:28.0824 0x04a0 [ AAF40EB125BED7271F05289873EC4EDB, 4FD912F0BEFD5A16270686BF56BDD8F12A9CAB5E3636E2A3860815B1CA6DD8B3 ] C:\Windows\System32\Drivers\Diskdump.sys00:10:28.0824 0x04a0 C:\Windows\System32\Drivers\Diskdump.sys - ok00:10:28.0824 0x04a0 [ 050F2539E14F9D5E90A4B61738EC29BD, 0E65468B9F452FA7DB6DF2C1B2B2E9439C79031E27054FBDBDFE28A9F98721D7 ] C:\Windows\System32\Drivers\iaStorA.sys00:10:28.0824 0x04a0 C:\Windows\System32\Drivers\iaStorA.sys - ok00:10:28.0839 0x04a0 [ CB9EAD11F3312C77CE9B7F29B59C3A39, E71B768CD85068A5D22697BC1670EBE70885740AC347F52E604CFA8C481995D0 ] C:\Windows\System32\Drivers\dumpfve.sys00:10:28.0839 0x04a0 C:\Windows\System32\Drivers\dumpfve.sys - ok00:10:28.0839 0x04a0 [ 339BFF85D788268752DA8C9644B188EE, C2279F1A39AED39865A5027D2FD087F8E82F3ED8C94BA4D922855B98E792AFC5 ] C:\Windows\System32\Drivers\cdrom.sys00:10:28.0839 0x04a0 C:\Windows\System32\Drivers\cdrom.sys - ok00:10:28.0839 0x04a0 [ E36D2CEC679CEDC1A298C36BCDAF8E23, B6F01940963C89B70732D89E59F3020D2EE60246CC0CB1B73CC4C13288B634C3 ] C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys00:10:28.0839 0x04a0 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys - ok00:10:28.0855 0x04a0 [ 000D82CC258E2D341605A6F350C4D1E6, 59EC5BA95D8B9EC739BC7D0BBE0E244CA2AE2DF01A8B65BFF7741DFBE38C2940 ] C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys00:10:28.0855 0x04a0 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys - ok00:10:28.0855 0x04a0 [ 5EC68164E14D25675C98BBB5F09E8606, 1D7EDB21C87039FC5F39F46460AD852BC4EC6B179B1C205D189DD3C397343435 ] C:\Windows\System32\Drivers\BasicRender.sys00:10:28.0855 0x04a0 C:\Windows\System32\Drivers\BasicRender.sys - ok00:10:28.0855 0x04a0 [ 9E7AEA59776D904607985AFFE7E5E183, C3DB745A9F4DA7CB9628A7913DD52B2444B14FEB9D588FF6558CF52CEB8955EB ] C:\Windows\System32\Drivers\beep.sys00:10:28.0855 0x04a0 C:\Windows\System32\Drivers\beep.sys - ok00:10:28.0855 0x04a0 [ 4163ADE07DB51843AE31F65B94F5398D, 4349E7EF1EE1E71E1F436BA42F5B58871D82B987D513BA2D6E1CEB8A21BD1B20 ] C:\Windows\System32\Drivers\null.sys00:10:28.0855 0x04a0 C:\Windows\System32\Drivers\null.sys - ok00:10:28.0855 0x04a0 [ E6AF4DF1817953D73C519B17CF849756, 26A90EB368A3F572086F223ABED87B8FC6F998AE401C9E52BEB5EE76AB052702 ] C:\Windows\System32\Drivers\dxgkrnl.sys00:10:28.0855 0x04a0 C:\Windows\System32\Drivers\dxgkrnl.sys - ok00:10:28.0871 0x04a0 [ B9FF5E13079ADB858ED5C0B1E4CAB225, 56D58A7622618B53E8384AD4A2D62370E0E4368E35BFAD344B2C37FF9ACAE9EE ] C:\Windows\System32\Drivers\watchdog.sys00:10:28.0871 0x04a0 C:\Windows\System32\Drivers\watchdog.sys - ok00:10:28.0871 0x04a0 [ 28619B6E5A37F71AE1145643949CFA60, 3F987B3932733067D8752C3E204718CC17199EDCE2D0AB792B5AEF23F8A44131 ] C:\Windows\System32\Drivers\dxgmms1.sys00:10:28.0871 0x04a0 C:\Windows\System32\Drivers\dxgmms1.sys - ok00:10:28.0871 0x04a0 [ 81703BC5D68DEDBB086C2368FBE7B334, CFD4A55C8045C482F8D410514F3211AEFA00097AB395F5A04BFE983ED6254F6B ] C:\Windows\System32\Drivers\BasicDisplay.sys00:10:28.0871 0x04a0 C:\Windows\System32\Drivers\BasicDisplay.sys - ok00:10:28.0871 0x04a0 [ 3886F1F2A4D2900ABAA7E4486BEEE6A2, ECCA22985838A914EDC866C491DEB64B9FF5110EFA9BEE541F634AC5EC3081F9 ] C:\Windows\System32\Drivers\msfs.sys00:10:28.0871 0x04a0 C:\Windows\System32\Drivers\msfs.sys - ok00:10:28.0871 0x04a0 [ 17E19A742FB30C002F8B43575451DBE1, 59D226A4A5B5281C399BE96C694915E38EEAF335D31F346B0C65D8F469D7C9C3 ] C:\Windows\System32\Drivers\npfs.sys00:10:28.0871 0x04a0 C:\Windows\System32\Drivers\npfs.sys - ok00:10:28.0886 0x04a0 [ 749AFA28C01233E93F59BD31B2B088B1, 38D4E4DAFE79F28F67CAED64243689CCD9C9D79E4E9B8D76F6F0C8D36EFA13C7 ] C:\Windows\System32\Drivers\tdi.sys00:10:28.0886 0x04a0 C:\Windows\System32\Drivers\tdi.sys - ok00:10:28.0886 0x04a0 [ 73DC722CE5DF26D7638CE2446F2655C7, 9B8E6F6DEA5E0C2AEAC24A31897D2E73F86EF44F1C25FEF82D2C860353793817 ] C:\Windows\System32\Drivers\tdx.sys00:10:28.0886 0x04a0 C:\Windows\System32\Drivers\tdx.sys - ok00:10:28.0886 0x04a0 [ BC8B5CB336E63BB25EAD1CE8EDD34B81, A42759956EDCCC6D0688240AA4F833FB9CA132D42D2D901CDCBB24DCE1788C1D ] C:\Windows\System32\Drivers\ws2ifsl.sys00:10:28.0886 0x04a0 C:\Windows\System32\Drivers\ws2ifsl.sys - ok00:10:28.0886 0x04a0 [ 7CEC25C682D319D484630B3952C31A11, 025C46B367E0570E9E3F9DF1564C3E47B1524E9E9A180BBDF0E9C684838F5E42 ] C:\Windows\System32\Drivers\netbt.sys00:10:28.0886 0x04a0 C:\Windows\System32\Drivers\netbt.sys - ok00:10:28.0886 0x04a0 [ 7C0E0EDF18D6CC565D7BFBB451709FA5, 47C21CD9D87B5C1B5EB14F6166B5E3349B1A6F10501E63CCED8D52A9FE22765D ] C:\Windows\System32\Drivers\afd.sys00:10:28.0886 0x04a0 C:\Windows\System32\Drivers\afd.sys - ok00:10:28.0886 0x04a0 [ EB8034147D4820CD31BFCB11A2A652DF, B10B5E16B7A05D2DB2D5D1945B6146DE15EEDE2C778772A59F104706B5145E46 ] C:\Windows\System32\Drivers\pacer.sys00:10:28.0886 0x04a0 C:\Windows\System32\Drivers\pacer.sys - ok00:10:28.0902 0x04a0 [ 7C203A76394F9AE68F69EEE5F9612C4A, 2222654915913BDC9367A2075714906A10CF22C047A7494CD59CB71834ED1B62 ] C:\Windows\System32\Drivers\netbios.sys00:10:28.0902 0x04a0 C:\Windows\System32\Drivers\netbios.sys - ok00:10:28.0902 0x04a0 [ 095E943D27025E4D588AF0A72CC2318F, 3CE406A202F93EF8C4BC7317621A672670D734C69166393CA7256D5E5E667041 ] C:\Windows\System32\Drivers\vwififlt.sys00:10:28.0902 0x04a0 C:\Windows\System32\Drivers\vwififlt.sys - ok00:10:28.0902 0x04a0 [ CA03D642ACE58E1BA54E4B383F91CD69, 39BB942603801CF11FBEA28E24F8C8D1EF2AF615D1FABF951683A015D6A6EF37 ] C:\Windows\System32\Drivers\rdbss.sys00:10:28.0902 0x04a0 C:\Windows\System32\Drivers\rdbss.sys - ok00:10:28.0902 0x04a0 [ 61F6972FF9AC9A8D0B4D62076DC30051, 5A028036461534CA53CB2D6C1D720783D408A9F17FD77AB1ECDD75FBAD9F2381 ] C:\Windows\System32\Drivers\wanarp.sys00:10:28.0902 0x04a0 C:\Windows\System32\Drivers\wanarp.sys - ok00:10:28.0902 0x04a0 [ EBA3D20E285D7461C2177AD2E64DA7EF, C24D0CBB030F632325C77CAD2982BB9E1B2A259FEA6EAF261F988547CFBBA2EC ] C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys00:10:28.0902 0x04a0 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys - ok00:10:28.0902 0x04a0 [ B5AECF12F09DEE97C9FCAA5BA016CE1E, F5305C4CE6C93A3A3481BD13BE0C23FE26571E11029ACFFE75FB78913681FCFC ] C:\Windows\System32\Drivers\mssmbios.sys00:10:28.0902 0x04a0 C:\Windows\System32\Drivers\mssmbios.sys - ok00:10:28.0918 0x04a0 [ 8ED299C30792544264E558BEA79F0947, 8A03FDA9AADB79ECBCBCDC988B7D8CF0672689C9DF673A2ECFE0D2D88A9C6A6B ] C:\Windows\System32\Drivers\npsvctrig.sys00:10:28.0918 0x04a0 C:\Windows\System32\Drivers\npsvctrig.sys - ok00:10:28.0918 0x04a0 [ 689B3B1E95C70ABF7AFF29F9406EF1E0, 8B62D8AE53E1B3218158FADC0075682AB06D18998CF5DE82C920A9CD91C0652F ] C:\Windows\System32\Drivers\nsiproxy.sys00:10:28.0918 0x04a0 C:\Windows\System32\Drivers\nsiproxy.sys - ok00:10:28.0918 0x04a0 [ 339E52896B03045FC2A738F9997FA38D, A5EDCF14BBA63DC1F855E799E671AD210734A462D41154B44551D525272DB502 ] C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys00:10:28.0918 0x04a0 C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys - ok00:10:28.0918 0x04a0 [ A71D66253EC610626AE80C7DBC0EC15E, 892C2661818B8D2ECFC6CBFD977B0DDD05D55EB9A2C73E07B745AEB448B9EC12 ] C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\HIPS\drivers\fshs.sys00:10:28.0918 0x04a0 C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\HIPS\drivers\fshs.sys - ok00:10:28.0918 0x04a0 [ 09D9EB9E7898F8E6561473A20CC808B9, 0F511593D36084843E5138AF6D55FE08D77803968AE12A236A02368DB364347E ] C:\Windows\System32\Drivers\dfsc.sys00:10:28.0918 0x04a0 C:\Windows\System32\Drivers\dfsc.sys - ok00:10:28.0933 0x04a0 [ 3C736FAE17BA6F91BA37594AAB139CD0, 34304A194105B19E7ADD80108DC85C3B7AA9E942C84A7EF93C475CE1D9AE4615 ] C:\Windows\System32\Drivers\discache.sys00:10:28.0933 0x04a0 C:\Windows\System32\Drivers\discache.sys - ok00:10:28.0933 0x04a0 [ FAEF4C245BE832DB41B15DAAC336AFB7, 1F8C98AB0DF4327FCB01FE0356025488E19B48A45FFFA50576B49A8587FAC42B ] C:\Windows\System32\Drivers\dam.sys00:10:28.0933 0x04a0 C:\Windows\System32\Drivers\dam.sys - ok00:10:28.0933 0x04a0 [ 7A6F8A6D0E01432EBA294EF29CDD0FA7, D902AE15194A9F8A2198914FC76184FE7E2B589747275952A04A52853128FDB8 ] C:\Windows\System32\Drivers\ndistapi.sys00:10:28.0933 0x04a0 C:\Windows\System32\Drivers\ndistapi.sys - ok00:10:28.0933 0x04a0 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] C:\Windows\System32\Drivers\ndiswan.sys00:10:28.0933 0x04a0 C:\Windows\System32\Drivers\ndiswan.sys - ok00:10:28.0933 0x04a0 [ 69B93F623B130976243ECA3D84CC99CA, F27617E651EADFAEE479619AAB01CDAA98111BA63E204D5C44A1256732CB0100 ] C:\Windows\System32\Drivers\agilevpn.sys00:10:28.0933 0x04a0 C:\Windows\System32\Drivers\agilevpn.sys - ok00:10:28.0933 0x04a0 [ 0E5B1E9E7122EDAAF1F6CE047965CA92, 803E585B92D1E2E5B6BF67BE511E88DC2629A12407C3E30F7AEFB544D390A9B8 ] C:\Windows\System32\Drivers\CompositeBus.sys00:10:28.0933 0x04a0 C:\Windows\System32\Drivers\CompositeBus.sys - ok00:10:28.0949 0x04a0 [ A7F24D8CD1956B0A1FDCB86CC5114DE4, 30489D235362DF62B105378597168B13F4BAC74A8EDDBDA25237E3C017B69FEE ] C:\Windows\System32\Drivers\rassstp.sys00:10:28.0949 0x04a0 C:\Windows\System32\Drivers\rassstp.sys - ok00:10:28.0949 0x04a0 [ 78C9EE193AC2B4CBDBC48B620314D740, 41523E47D321BFF5778F5E453545B928C0A469C3BBA51578E74D6721D7DF9273 ] C:\Windows\System32\Drivers\tunnel.sys00:10:28.0949 0x04a0 C:\Windows\System32\Drivers\tunnel.sys - ok00:10:28.0949 0x04a0 [ 08F850FEBDBDE7C89017B6B0CA0D1CD2, 04B671CF2F269A12B996633E83B397F2924EBBAC425919D74E2BBC3013A238B5 ] C:\Windows\System32\smss.exe00:10:28.0949 0x04a0 C:\Windows\System32\smss.exe - ok00:10:28.0949 0x04a0 [ FB6C185092E18011EF49989425C2AA87, 043524409E0A764201DD221C48B7DEEA0D161945EB37D4B88313BAB2299949DF ] C:\Windows\System32\Drivers\kdnic.sys00:10:28.0949 0x04a0 C:\Windows\System32\Drivers\kdnic.sys - ok00:10:28.0949 0x04a0 [ 02CEB3FE6152668A7BA420B93B664860, 613F27540FD1EFE2442E326F507DACD5A25691C8481937022B7E1104F3E6E9E2 ] C:\Windows\System32\Drivers\umbus.sys00:10:28.0949 0x04a0 C:\Windows\System32\Drivers\umbus.sys - ok00:10:28.0949 0x04a0 [ A05BA2FE3B3FFE1920F383E3E321D9A2, 4AF9852622346852FC078501D49C84702D3285A059FA16F61A548A2978851ED3 ] C:\Windows\System32\ntdll.dll00:10:28.0949 0x04a0 C:\Windows\System32\ntdll.dll - ok00:10:28.0964 0x04a0 [ E47235E8DF26CA48DA189ACFD756329C, C1E8D7B2C9C434376359172B10D5162A54E937DA359FB41E76F84C68DEDE9473 ] C:\Windows\System32\autochk.exe00:10:28.0964 0x04a0 C:\Windows\System32\autochk.exe - ok00:10:28.0964 0x04a0 [ 04F5D7396FE6414150FEEDB60FDAC670, 502871E61CE2B5A84FF9A58E33348C9CDDF5CD68E27582C3F8332C6619E2AE03 ] C:\Windows\System32\Drivers\battc.sys00:10:28.0964 0x04a0 C:\Windows\System32\Drivers\battc.sys - ok00:10:28.0964 0x04a0 [ 2DC8538A2260647484A6C921CA837313, 094059DD66B0C50A1CAE288F920107B0B6AD1AA5758284E35B92C131EDEA30EA ] C:\Windows\System32\Drivers\CmBatt.sys00:10:28.0964 0x04a0 C:\Windows\System32\Drivers\CmBatt.sys - ok00:10:28.0964 0x04a0 [ 11A31FC2481BFE69B0507ED8C80215F4, 8A1E90611F749E8F04B6D86E835E981CAC16D0841305CADB19E58682DA006698 ] C:\Windows\System32\Drivers\igdkmd64.sys00:10:28.0964 0x04a0 C:\Windows\System32\Drivers\igdkmd64.sys - ok00:10:28.0964 0x04a0 [ 60996602A7111FD2D086E803F33E4282, E62A91C90F8542990BEA4E6A5D9DD3D070F4EB23B4C13414C5DA2B0219509749 ] C:\Windows\System32\Drivers\fastfat.sys00:10:28.0964 0x04a0 C:\Windows\System32\Drivers\fastfat.sys - ok00:10:28.0964 0x04a0 [ 061BA3EE0D2BE17944990544008CF190, C9236D368EC2281B545E8C008BC2801F21A9716ED3D4DAEDB0751A5008346E81 ] C:\Windows\System32\Drivers\UCX01000.SYS00:10:28.0964 0x04a0 C:\Windows\System32\Drivers\UCX01000.SYS - ok00:10:28.0980 0x04a0 [ 8DC398D7B8E02C929A2096E74A170970, 87B3CE84D05F50C33935B28F0AFF1CB15DAA4530768BA1FB25C311609CD4B0A5 ] C:\Windows\System32\Drivers\USBXHCI.SYS00:10:28.0980 0x04a0 C:\Windows\System32\Drivers\USBXHCI.SYS - ok00:10:28.0980 0x04a0 [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] C:\Windows\System32\Drivers\HECIx64.sys00:10:28.0980 0x04a0 C:\Windows\System32\Drivers\HECIx64.sys - ok00:10:28.0980 0x04a0 [ B24FDEB1B18496F1B463782235AA3AF1, 3F5036F36987C8007D03DAFC3EC30615515BE96D9A1DF879BCD4EB0E66CD50B1 ] C:\Windows\System32\Drivers\usbehci.sys00:10:28.0980 0x04a0 C:\Windows\System32\Drivers\usbehci.sys - ok00:10:28.0980 0x04a0 [ 7CB7E04259F323D051A10515B8863564, 30A506AAAE4999C2C171C3FB3DCE46EF9CAB4B94A59B3EB70AB650EE7A1028D2 ] C:\Windows\System32\Drivers\usbport.sys00:10:28.0980 0x04a0 C:\Windows\System32\Drivers\usbport.sys - ok00:10:28.0980 0x04a0 [ 7D87B5B6C7188D553E11B59DC7F0B111, FC633DB71E1D72E8AD8F89BBB54324CC6ED17F5594EF55DD0BDB58EE1F601FF5 ] C:\Windows\System32\Drivers\hdaudbus.sys00:10:28.0980 0x04a0 C:\Windows\System32\Drivers\hdaudbus.sys - ok00:10:28.0980 0x04a0 [ 080417AC9E51B2B29656EC26B62E87F1, F85B0F301396913427CA410AEA302119BBDC625AFDB560D9B7A08E9E622AEB8E ] C:\Windows\System32\Drivers\netr28x.sys00:10:28.0980 0x04a0 C:\Windows\System32\Drivers\netr28x.sys - ok00:10:28.0996 0x04a0 [ 62460A45435A26A334907E3F2EA45611, FEF86E05117CC0AAB8211CA1542776EB620BD4699BD590D91F16621ED35B9824 ] C:\Windows\System32\Drivers\vwifibus.sys00:10:28.0996 0x04a0 C:\Windows\System32\Drivers\vwifibus.sys - ok00:10:28.0996 0x04a0 [ 34DA0D14F5C3F1883A331AFB975AB434, BB5D580C1DCAE59CC1DB75C411A5A4DDF435931469E7EBFF5DFDADBFE07ADEBF ] C:\Windows\System32\Drivers\Rt630x64.sys00:10:28.0996 0x04a0 C:\Windows\System32\Drivers\Rt630x64.sys - ok00:10:28.0996 0x04a0 [ D38250F459BF60D6F4B69B79DCD948CC, E68C864C1A4C9352EA939062F28789ADE9F0672E8CB3F3909D2891786C76F06F ] C:\Windows\System32\Drivers\RtsP2Stor.sys00:10:28.0996 0x04a0 C:\Windows\System32\Drivers\RtsP2Stor.sys - ok00:10:28.0996 0x04a0 [ C9E9CBF73AFFBFE3E801EFB516787BA3, 1A850D614BDA6AA4195CC657702BC6242BA51B90131717743182AA160F65E72C ] C:\Windows\System32\Drivers\i8042prt.sys00:10:28.0996 0x04a0 C:\Windows\System32\Drivers\i8042prt.sys - ok00:10:28.0996 0x04a0 [ 3F45C3FE208CA5E68832B65C597A35A6, EACE9AAFC01C2BA52F4DA129AEF7BFA3CF7F10146E4F4330CD344BFC39DC959C ] C:\Windows\System32\Drivers\SynTP.sys00:10:28.0996 0x04a0 C:\Windows\System32\Drivers\SynTP.sys - ok00:10:29.0011 0x04a0 [ 9F83642C3709D1A4DD49EEE9F48F839D, 65C795FFB5F399D575FDD44D90087429FA99CC04AD469D8805C3C11DD59C1887 ] C:\Windows\System32\Drivers\usbd.sys00:10:29.0011 0x04a0 C:\Windows\System32\Drivers\usbd.sys - ok00:10:29.0011 0x04a0 [ 8FBD94B69D6423E20ABCD59D86368B21, 218EF992095E365EC917413749856A64D55D8129D77098E24D670843233377F4 ] C:\Windows\System32\Drivers\kbdclass.sys00:10:29.0011 0x04a0 C:\Windows\System32\Drivers\kbdclass.sys - ok00:10:29.0011 0x04a0 [ 618446B98C79776654340CE27C73485E, EFE7169FDD545933B5949DA2D09266971C0C3E6894E7BD8AFE29E41567C72B16 ] C:\Windows\System32\Drivers\mouclass.sys00:10:29.0011 0x04a0 C:\Windows\System32\Drivers\mouclass.sys - ok00:10:29.0011 0x04a0 [ 19555D03CB179BED8B8AAA239A36BDA4, 7B975821D52ABE077496B3CFC010B33D478CD2C36E6A74D8F72D2BF582B8C84A ] C:\Windows\System32\Drivers\Smb_driver_Intel.sys00:10:29.0011 0x04a0 C:\Windows\System32\Drivers\Smb_driver_Intel.sys - ok00:10:29.0011 0x04a0 [ 899B7E724BF19F17978B6A37B864A277, F7D166DC5F7642D4B834B1E0D956929BA94F3E4D402989FC1A681A08FA1F86B6 ] C:\Windows\System32\Drivers\Accelerometer.sys00:10:29.0011 0x04a0 C:\Windows\System32\Drivers\Accelerometer.sys - ok00:10:29.0011 0x04a0 [ 961A45CC15514178E511BBF1384CE0B8, 3DD66CB079B797736CE0B55579EC4E6B770E4DBC4C117AB9D45C3902FD1D444D ] C:\Windows\System32\Drivers\hidclass.sys00:10:29.0011 0x04a0 C:\Windows\System32\Drivers\hidclass.sys - ok00:10:29.0027 0x04a0 [ 346DEF1A9DB0B4133CE0FA38AAF565C0, 5C7190EF5F8C14AD165CB2FEC1261BEF861427F2F4758A48516AD3CFAE3A1DDC ] C:\Windows\System32\Drivers\hidparse.sys00:10:29.0027 0x04a0 C:\Windows\System32\Drivers\hidparse.sys - ok00:10:29.0027 0x04a0 [ E15CDF68DD73423F15D4AC404793AF0D, E2D0136AF68D1A73EB3A63C83284B4661222CB0A4AFACCF276CB57CBD4850287 ] C:\Windows\System32\Drivers\intelppm.sys00:10:29.0027 0x04a0 C:\Windows\System32\Drivers\intelppm.sys - ok00:10:29.0027 0x04a0 [ 362D47E5B4D67270DE4B8606036F4ADD, 716E229C68D91AEA5B5629F60133D5CBDC0C95ABA54D9DC6264E923CAF4DC6C0 ] C:\Windows\System32\Drivers\raspptp.sys00:10:29.0027 0x04a0 C:\Windows\System32\Drivers\raspptp.sys - ok00:10:29.0027 0x04a0 [ 4F2A80D65AE6F845776E2F06AE6782ED, 2455537C048115435D9EDE4B18F9F54C43912076AEF36BDEFEC35AF2140B8B2E ] C:\Windows\System32\Drivers\WirelessButtonDriver64.sys00:10:29.0027 0x04a0 C:\Windows\System32\Drivers\WirelessButtonDriver64.sys - ok00:10:29.0027 0x04a0 [ E2A596CACFC6504306CDB7B593B90084, DF89CF57249553CE922C841F18B99A213185FA1099C053B9BB8C0F6E5BC3FEC0 ] C:\Windows\System32\Drivers\wmiacpi.sys00:10:29.0027 0x04a0 C:\Windows\System32\Drivers\wmiacpi.sys - ok00:10:29.0043 0x04a0 [ A14D625C5AEE5FFE0F47D1A1D419FAAE, 1229B81C23340AD5B436B1FD227876EB41715CE6BD270BA367F18879D26B8F04 ] C:\Windows\System32\Drivers\rasl2tp.sys00:10:29.0043 0x04a0 C:\Windows\System32\Drivers\rasl2tp.sys - ok00:10:29.0043 0x04a0 [ 00695B9C2DB6111064499C529E90C042, 3CD4DF4D8001C2BBF52EEEB1F0D587209878BEAC339D268892477AD840D490F1 ] C:\Windows\System32\Drivers\raspppoe.sys00:10:29.0043 0x04a0 C:\Windows\System32\Drivers\raspppoe.sys - ok00:10:29.0043 0x04a0 [ 36C27EA76685391BC5CAA1FA25E29FBF, 413FFEA5D9E1CBA24E5B0DA62B59FA39AE31787762057AFF8AFD2B59C8EBFB08 ] C:\Windows\System32\Drivers\ks.sys00:10:29.0043 0x04a0 C:\Windows\System32\Drivers\ks.sys - ok00:10:29.0043 0x04a0 [ 3730942D7DB2F8BB5F84542B7FF6F650, 89C9D7D7305205BDB304CE6DA7D1A57EDE86A9D77429698802A39D75EB78CAAB ] C:\Windows\System32\Drivers\ndproxy.sys00:10:29.0043 0x04a0 C:\Windows\System32\Drivers\ndproxy.sys - ok00:10:29.0043 0x04a0 [ CA7DF5EC95D8DE0DD24BE7FF97369F68, 153E6F716CA935DBCACB8FF1BB8DE5F5551CE3D18878225470E45893CA69BDB8 ] C:\Windows\System32\Drivers\rdpbus.sys00:10:29.0043 0x04a0 C:\Windows\System32\Drivers\rdpbus.sys - ok00:10:29.0043 0x04a0 [ 4AFD66AAE74FFB5986BC240744DC5FC9, 0C9347614E3FD3B4D3B29FA4A5DA23FF6EE4CD9A1FFC378B855B8DE61B2876CF ] C:\Windows\System32\Drivers\swenum.sys00:10:29.0043 0x04a0 C:\Windows\System32\Drivers\swenum.sys - ok00:10:29.0058 0x04a0 [ F8C2A832DF9403F5EA8080CBDBDA95FB, 50E9455465672BC13EB945BEC132D2F30BA2EB25C68928D2B4C256F2DB292A83 ] C:\Windows\System32\Drivers\usbhub.sys00:10:29.0058 0x04a0 C:\Windows\System32\Drivers\usbhub.sys - ok00:10:29.0058 0x04a0 [ 2E3EDE81672653E0C759F0A1135F704F, DD670B8F3997D5C9B36968CD1E1EDCD5292E3EA553C2EAFCA8A0D5F88964D7A6 ] C:\Windows\System32\clbcatq.dll00:10:29.0058 0x04a0 C:\Windows\System32\clbcatq.dll - ok00:10:29.0058 0x04a0 [ 7653DB77F0DB2A50392F015321E42E37, C53F7A8C36CDEFF0322A74EEE203490E7F821BEDAC68A9A416B2EAC9A3EA314B ] C:\Windows\System32\setupapi.dll00:10:29.0058 0x04a0 C:\Windows\System32\setupapi.dll - ok00:10:29.0058 0x04a0 [ F85D33830D2655FB2916667579D45725, 71E81E2EFC09A845BA1F5A2EC0B50EF71601ADD8EBA8C6FB9554D0D6A44DADF9 ] C:\Windows\System32\msctf.dll00:10:29.0058 0x04a0 C:\Windows\System32\msctf.dll - ok00:10:29.0058 0x04a0 [ 7D3FD710460FC0155C0F6A877AE46A48, 7A8A86DC18F0163AF9C04E09B6B9A2CFB5298A4E77A18B2184EFA858E4F93F88 ] C:\Windows\System32\urlmon.dll00:10:29.0058 0x04a0 C:\Windows\System32\urlmon.dll - ok00:10:29.0058 0x04a0 [ CC81790E0A18535853C33BABBFF15D56, 03D086F691038A1291EF4F517C36B231AC6002A08ABD3C8258E430C6F1F289E8 ] C:\Windows\System32\lpk.dll00:10:29.0058 0x04a0 C:\Windows\System32\lpk.dll - ok00:10:29.0074 0x04a0 [ 2299D30B0C3F41687127DDAC5B3CAC32, FCE9322707F415144D4DF5417142CE475AB0360C16B8B2930AC12BE4781275B0 ] C:\Windows\System32\gdi32.dll00:10:29.0074 0x04a0 C:\Windows\System32\gdi32.dll - ok00:10:29.0074 0x04a0 [ 2AE813F005223E5B39E0C4D7B8314732, 3F24D78F2F0B61B9ED24A06D6792CF7732E3A17B94A8F71ACB29D04A8918113F ] C:\Windows\System32\wow64win.dll00:10:29.0074 0x04a0 C:\Windows\System32\wow64win.dll - ok00:10:29.0074 0x04a0 [ 8D06EB11925D312D276C672CF5E8EE9C, 44032C8E573A326CAE5A2037035DFC41E5BAC5E324282A3D4826A5C554216A8B ] C:\Windows\System32\iertutil.dll00:10:29.0074 0x04a0 C:\Windows\System32\iertutil.dll - ok00:10:29.0074 0x04a0 [ 2AFD6F0E07EDE3E7B31C3EE2DA6C403C, F5C8E8AA5559AF4E7BA4EAF9CE2381C80A9E316808D672EF5DFAA9AB5A7FFC79 ] C:\Windows\System32\shell32.dll00:10:29.0074 0x04a0 C:\Windows\System32\shell32.dll - ok00:10:29.0074 0x04a0 [ DA66D6D4A0B77D57F5CF449B1231010F, 4F590109EC31F8761FDFD5C4149165B36B2A93C423F577FEF85B221DE8CE47C2 ] C:\Windows\System32\imm32.dll00:10:29.0074 0x04a0 C:\Windows\System32\imm32.dll - ok00:10:29.0074 0x04a0 [ AECED95ACFDCF96757EDD8D0CFFE34B8, A76487C0572BC588BA0B87A15B1341674EA54C55AE95565086927007FF1EDFB6 ] C:\Windows\System32\msvcrt.dll00:10:29.0074 0x04a0 C:\Windows\System32\msvcrt.dll - ok00:10:29.0089 0x04a0 [ 75CB0458521FFA420E4230A931E4517B, 319B06970F31528A81C86BD965BE901D602158CA9822F6EAE7C3A51BE68EAD2E ] C:\Windows\System32\normaliz.dll00:10:29.0089 0x04a0 C:\Windows\System32\normaliz.dll - ok00:10:29.0089 0x04a0 [ 6BDCC68E85A386414E4E028DEB768350, 3D8BE9951B23EB3724D2DBA58138484CA0D42296F6E7668463CA049982FF67C9 ] C:\Windows\System32\rpcrt4.dll00:10:29.0089 0x04a0 C:\Windows\System32\rpcrt4.dll - ok00:10:29.0089 0x04a0 [ BB1B37C53D09CA41E2A55DD9D6C1B32E, 7620EC9436EF154FE66368385EBA4C6335AC3ECF4F7E7F72356C60E3614BA4F0 ] C:\Windows\System32\oleaut32.dll00:10:29.0089 0x04a0 C:\Windows\System32\oleaut32.dll - ok00:10:29.0089 0x04a0 [ 544A2EB9629532C6C8D4FE7DB9181FA4, FC3780AC14ED98AF194E4EC09346EEB03C8673DDAD59AFBFDEACD23395552727 ] C:\Windows\System32\imagehlp.dll00:10:29.0089 0x04a0 C:\Windows\System32\imagehlp.dll - ok00:10:29.0089 0x04a0 [ 79EDF01FA13D886F8E1B655D542011FB, 52453D60D76720668CEEC9C103C0EFBD09173EDC4F0BFF5F76DD65223EA4F1BD ] C:\Windows\System32\wininet.dll00:10:29.0089 0x04a0 C:\Windows\System32\wininet.dll - ok00:10:29.0089 0x04a0 [ 1D2731630A5437C54217CDE1C4830F81, 153E04E449A05B902CF956F0C48490C7279158757C484550AD725DEB45998620 ] C:\Windows\System32\ole32.dll00:10:29.0105 0x04a0 C:\Windows\System32\ole32.dll - ok00:10:29.0105 0x04a0 [ 0341C9184C252000D1AD396C71CFD860, 910155B34763EDA22EC7D63625B4177B00F8B3AA2F68B807E26B10BCB0540547 ] C:\Windows\System32\combase.dll00:10:29.0105 0x04a0 C:\Windows\System32\combase.dll - ok00:10:29.0105 0x04a0 [ 2E5B349ACDA36C20612795754DB93312, 323A623FEF29F20E364528B58CF5C188B550F2CD38E9ED64B34071C74B9BC391 ] C:\Windows\System32\ws2_32.dll00:10:29.0105 0x04a0 C:\Windows\System32\ws2_32.dll - ok00:10:29.0105 0x04a0 [ 8542BEA78795403D705A21B83ABD589F, 73FBD20662212323CBE6EB091994E89BFF86538C073EBA7C9C1AC321EF25B888 ] C:\Windows\System32\GdiPlus.dll00:10:29.0105 0x04a0 C:\Windows\System32\GdiPlus.dll - ok00:10:29.0105 0x04a0 [ B74C50954E234506548CBBF3933AF391, 50A1C0704069AAD9E7158689C521442CE8F29F47F247A6E3FCBCBB107E665ADA ] C:\Windows\System32\wow64.dll00:10:29.0105 0x04a0 C:\Windows\System32\wow64.dll - ok00:10:29.0105 0x04a0 [ 6B3F1596000CB33F73E14B6F7D5CFF82, 4DA1A14B39413F19D507B8371C99F9265E3FC17DC7F0842057B254C9D5ADD69D ] C:\Windows\System32\difxapi.dll00:10:29.0105 0x04a0 C:\Windows\System32\difxapi.dll - ok00:10:29.0105 0x04a0 [ 85B5B3797315F714A62AC986FFB2B17E, DF6590235BA33AFF42F7153646DA70C600EC607C1E01BBB58C468A54E0E795EF ] C:\Windows\System32\sechost.dll00:10:29.0105 0x04a0 C:\Windows\System32\sechost.dll - ok00:10:29.0121 0x04a0 [ 3A30E09AAA2BB060D39C8FA5E20D4FA3, F172A0F7194D73AD4A11A4B1C12459385C64F334E471C25E3471B8B57EED6E5C ] C:\Windows\System32\advapi32.dll00:10:29.0121 0x04a0 C:\Windows\System32\advapi32.dll - ok00:10:29.0121 0x04a0 [ 46501A8D9CF0383A104120810E1BABA6, 8062AB1FC35F61448D08E26919FD7DA3F91D807C912E41321918F24C4ADBBA1D ] C:\Windows\System32\shlwapi.dll00:10:29.0121 0x04a0 C:\Windows\System32\shlwapi.dll - ok00:10:29.0121 0x04a0 [ A99AD14F26BDA7D7F27F76BC91B7EED7, 98491CFA2524A9650367BEF87814A58B198F467335C6AB7A446004A9D0320EC6 ] C:\Windows\System32\user32.dll00:10:29.0121 0x04a0 C:\Windows\System32\user32.dll - ok00:10:29.0121 0x04a0 [ E5F7328B1D29BCE791862CD3C0DD382A, E520D75CA6E4EDB06F576D97FB6B7CFD46A3EF3A3AC881537DE3BB8C862FE8C3 ] C:\Windows\System32\Drivers\USBHUB3.SYS00:10:29.0121 0x04a0 C:\Windows\System32\Drivers\US
Recommended Posts